Options
Please help! Rundll using 99% of my CPU =(
Hi folks. Generally I've been able to handle most of the viruses/whatnot that I bump into, but this one is maddening.
Basically, my computer acts normally until I try to uninstall something. When I select uninstall (either via add/remove programs, or through the uninstall option that come with games), nothing happens and suddenly everything slows to a crawl.
At that point, rundll32.exe has just started up in my task manager, and is then using up 99% of my CPU =(.
On top of that, I fired up CommView and noticed that there is alot of information being sent to me from various unknown sources. They're all coming through port 55049. Here are some examples of the hostnames
c-71-233-145-61.hsd1.ma.comcast.net
cpe-67-9-167-31.austin.res.rr.com
a88-114-34-244.elisa-laajakaista.fi
Then, there is a bunch of information being sent OUT of my computer via http to these locations:
red.as-us.falkag.net
69-44-123-39.wcg.net
eqvaadvip4.doubleclick.net
www.myaffiliateprogram.com
www.globalspec.com
Whatever this bug is that I have, it's quite nasty =\. Oddly, rundll32 doesn't seem to need to be running for all this garbage to be coming and going out of my connection
I've tried various basic things- using ad aware, using spybot search and destroy, using registry booster to clear out junk, searching my directories for suspicious stuff. etc. And none of it has helped.
Here is my highjackthis log, followed by the DLL list for rundll32.exe, followed by the modules that it seems to be running.
Thank you very much in advance to anyone who might be able to help. I'm going out of town in a few days for work, and it would be a huge relief if I could sort this out before then.
Logfile of HijackThis v1.99.1
Scan saved at 12:07:39 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
G:\WINDOWS\system32\ctfmon.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\system32\msiexec.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\HIGHJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ViewMgr] G:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] G:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVMixerTray] "G:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "G:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [nTrayFw] G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] G:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] G:\PROGRA~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [EA Core] G:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] G:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - https://dlmanager.akamaitools.com.edgesuite...vex-2.0.3.3.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39EAE483-0AF9-40EA-BC3A-ABBAA4FDBC3E}: NameServer = 192.168.0.1
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
Process list saved on 12:42:57 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
[pid] [full path to filename] [file version] [company name]
708 G:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
812 G:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
872 G:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
884 G:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
1040 G:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1192 G:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1876 G:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
272 G:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
444 G:\Program Files\iTunes\iTunesHelper.exe 6.0.4.2 Apple Computer, Inc.
592 G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe 5.0.60.5 Sun Microsystems, Inc.
1340 G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 7.10.3077.0 Microsoft Corporation
1600 G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 6.14.10.5168 ATI Technologies, Inc.
1556 G:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation
232 G:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
536 G:\Program Files\iPod\bin\iPodService.exe 6.0.4.2 Apple Computer, Inc.
2336 G:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
2324 G:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation
764 G:\Program Files\HIGHJACKTHIS\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.
3420 G:\WINDOWS\system32\rundll32.exe 5.1.2600.2180 Microsoft Corporation
DLLs loaded by process G:\WINDOWS\system32\rundll32.exe:
[full path to filename] [file version] [company name]
G:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\GDI32.dll 5.1.2600.2770 Microsoft Corporation
G:\WINDOWS\system32\USER32.dll 5.1.2600.2622 Microsoft Corporation
G:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\ole32.dll 5.1.2600.2726 Microsoft Corporation
G:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\SHELL32.dll 6.0.2900.2763 Microsoft Corporation
G:\WINDOWS\system32\SHLWAPI.dll 6.0.2900.2753 Microsoft Corporation
G:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\UxTheme.dll 6.0.2900.2180 Microsoft Corporation
G:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0.2900.2180 Microsoft Corporation
G:\WINDOWS\system32\comctl32.dll 5.82.2900.2180 Microsoft Corporation
G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll 11.50.0.-21567 Macrovision Corporation
G:\WINDOWS\system32\MSCTF.dll 5.1.2600.2180 Microsoft Corporation
Image Name PID Modules
rundll32.exe 940 ntdll.dll, kernel32.dll, msvcrt.dll,
GDI32.dll, USER32.dll, IMAGEHLP.dll,
ShimEng.dll, AcGenral.DLL, ADVAPI32.dll,
RPCRT4.dll, WINMM.dll, ole32.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, LPK.DLL, USP10.dll,
comctl32.dll, comctl32.dll, Ctor.dll,
msctfime.ime
Basically, my computer acts normally until I try to uninstall something. When I select uninstall (either via add/remove programs, or through the uninstall option that come with games), nothing happens and suddenly everything slows to a crawl.
At that point, rundll32.exe has just started up in my task manager, and is then using up 99% of my CPU =(.
On top of that, I fired up CommView and noticed that there is alot of information being sent to me from various unknown sources. They're all coming through port 55049. Here are some examples of the hostnames
c-71-233-145-61.hsd1.ma.comcast.net
cpe-67-9-167-31.austin.res.rr.com
a88-114-34-244.elisa-laajakaista.fi
Then, there is a bunch of information being sent OUT of my computer via http to these locations:
red.as-us.falkag.net
69-44-123-39.wcg.net
eqvaadvip4.doubleclick.net
www.myaffiliateprogram.com
www.globalspec.com
Whatever this bug is that I have, it's quite nasty =\. Oddly, rundll32 doesn't seem to need to be running for all this garbage to be coming and going out of my connection
I've tried various basic things- using ad aware, using spybot search and destroy, using registry booster to clear out junk, searching my directories for suspicious stuff. etc. And none of it has helped.
Here is my highjackthis log, followed by the DLL list for rundll32.exe, followed by the modules that it seems to be running.
Thank you very much in advance to anyone who might be able to help. I'm going out of town in a few days for work, and it would be a huge relief if I could sort this out before then.
Logfile of HijackThis v1.99.1
Scan saved at 12:07:39 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\QuickTime\qttask.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
G:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
G:\WINDOWS\system32\ctfmon.exe
G:\WINDOWS\System32\svchost.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\system32\msiexec.exe
G:\WINDOWS\system32\wuauclt.exe
G:\Program Files\HIGHJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Zone Labs Client] "G:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ViewMgr] G:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] G:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PHIME2002ASync] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] G:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVMixerTray] "G:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "G:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [nTrayFw] G:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NeroFilterCheck] G:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] G:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] G:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [DAEMON Tools] "G:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ATIPTA] "G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] G:\PROGRA~1\Ahead\NEROPH~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "G:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [EA Core] G:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] G:\Program Files\AIM\aim.exe -cnetwait.odl
O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - https://dlmanager.akamaitools.com.edgesuite...vex-2.0.3.3.cab
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{39EAE483-0AF9-40EA-BC3A-ABBAA4FDBC3E}: NameServer = 192.168.0.1
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe
Process list saved on 12:42:57 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
[pid] [full path to filename] [file version] [company name]
708 G:\WINDOWS\System32\smss.exe 5.1.2600.2180 Microsoft Corporation
812 G:\WINDOWS\system32\winlogon.exe 5.1.2600.2180 Microsoft Corporation
872 G:\WINDOWS\system32\services.exe 5.1.2600.2180 Microsoft Corporation
884 G:\WINDOWS\system32\lsass.exe 5.1.2600.2180 Microsoft Corporation
1040 G:\WINDOWS\system32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1192 G:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
1876 G:\WINDOWS\system32\spoolsv.exe 5.1.2600.2696 Microsoft Corporation
272 G:\WINDOWS\Explorer.EXE 6.0.2900.2180 Microsoft Corporation
444 G:\Program Files\iTunes\iTunesHelper.exe 6.0.4.2 Apple Computer, Inc.
592 G:\Program Files\Java\jre1.5.0_06\bin\jusched.exe 5.0.60.5 Sun Microsystems, Inc.
1340 G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe 7.10.3077.0 Microsoft Corporation
1600 G:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe 6.14.10.5168 ATI Technologies, Inc.
1556 G:\WINDOWS\system32\ctfmon.exe 5.1.2600.2180 Microsoft Corporation
232 G:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
536 G:\Program Files\iPod\bin\iPodService.exe 6.0.4.2 Apple Computer, Inc.
2336 G:\WINDOWS\System32\svchost.exe 5.1.2600.2180 Microsoft Corporation
2324 G:\Program Files\Internet Explorer\iexplore.exe 6.0.2900.2180 Microsoft Corporation
764 G:\Program Files\HIGHJACKTHIS\HijackThis.exe 1.99.0.1 Soeperman Enterprises Ltd.
3420 G:\WINDOWS\system32\rundll32.exe 5.1.2600.2180 Microsoft Corporation
DLLs loaded by process G:\WINDOWS\system32\rundll32.exe:
[full path to filename] [file version] [company name]
G:\WINDOWS\system32\ntdll.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\kernel32.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\msvcrt.dll 7.0.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\GDI32.dll 5.1.2600.2770 Microsoft Corporation
G:\WINDOWS\system32\USER32.dll 5.1.2600.2622 Microsoft Corporation
G:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\ShimEng.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\RPCRT4.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\WINMM.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\ole32.dll 5.1.2600.2726 Microsoft Corporation
G:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\MSACM32.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\VERSION.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\SHELL32.dll 6.0.2900.2763 Microsoft Corporation
G:\WINDOWS\system32\SHLWAPI.dll 6.0.2900.2753 Microsoft Corporation
G:\WINDOWS\system32\USERENV.dll 5.1.2600.2180 Microsoft Corporation
G:\WINDOWS\system32\UxTheme.dll 6.0.2900.2180 Microsoft Corporation
G:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 6.0.2900.2180 Microsoft Corporation
G:\WINDOWS\system32\comctl32.dll 5.82.2900.2180 Microsoft Corporation
G:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll 11.50.0.-21567 Macrovision Corporation
G:\WINDOWS\system32\MSCTF.dll 5.1.2600.2180 Microsoft Corporation
Image Name PID Modules
rundll32.exe 940 ntdll.dll, kernel32.dll, msvcrt.dll,
GDI32.dll, USER32.dll, IMAGEHLP.dll,
ShimEng.dll, AcGenral.DLL, ADVAPI32.dll,
RPCRT4.dll, WINMM.dll, ole32.dll,
OLEAUT32.dll, MSACM32.dll, VERSION.dll,
SHELL32.dll, SHLWAPI.dll, USERENV.dll,
UxTheme.dll, IMM32.DLL, LPK.DLL, USP10.dll,
comctl32.dll, comctl32.dll, Ctor.dll,
msctfime.ime
0
Comments
Update it, run a ocmplete system scan ,apply all actions, save a lo gfile post that here.
thank you for the reply. at this point since it was of utter importance that i have my comp fuctioning properly for work, i went ahead and did a fresh install of windows and reformatted my HD. i posted this problem on more than half a dozen help websites, and no one had any clue how to fix it. i tried pretty much every program, including ewido, all to no avail.
i thought i had closed all my threads, but mustve missed this one. thanks for offering assistance, but case is closed i guess
thanks again
paul