|
| ||
| Rundll32 Problem hey everyone! Well i seem to have a problem with my Rundll32 that noone else has addressed on tha net that I can find!!! Let me quickly explain... For months now, when I'm on the net, several times in say, 5 hours, my internet suddenly freezes and goes slowly, and the music I'm playing in Winamp jumps and skips....so naturally I press Ctrl+Alt+Delete, and then for months I've been "end task"ing the Rundll32.exe in the list of processes. I know that rundll32 is supposed to run and is a window's (I have Window's XP) process, but it shouldn't be freezing my internet and computer... So any ideas what might be wrong with it? See, I dont know much about rundll or rundll32 at all, or what it does etc. So I'm not sure if its a virus or not! Oh I almost forgot to mention...occasionally, about once every 2 hours, a pop-up add will come up on my screen (strangely enough relating to the topic i may be searching for in Yahoo! :-| ) and there is no way of closing it until I again, close the Rundll32 in the Task Manager, which at that time is usually using about 11,000 K of memory usage... So that's why I think I have a virus in my rundll32. Any light anyone could shed on my problem would be greatly appreciated! Thankyou!!! |
| ||
| Re: Rundll32 Problem Download & instal Adaware SE from here & update it before scanning. In settings under 'scanning,' have it set to 'scan within archives,' 'scan active processes,' 'scan registry,' 'deepscan registry' 'scan my IE Favourites for banned URL's,' 'scan my host's file.' In 'tweaks' under 'scanning engine' set it to 'unload recognised processes during scanning.' Also in 'tweaks' under 'cleaning engine' set it to 'Always try to unload Modules before deletion' & 'let Windows remove files in use at next reboot.' Select 'activate in-depth scan' before starting scan. When the scan is finished select 'next.' Remove what it finds by placing a check in the box to the left of the object. Reboot Download & instal Spybot S&D 1.3 from here. Update it before scanning. After the scan is complete, have spybot fix everything marked RED. On the page that first opens when you start Spybot there is an option to immunise, you should do this. In the immunise section there is also a link to download Spywareblaster. This program will prevent the install of bad activex controls that it has knowledge of. Download that & you can keep it updated by selecting the same link that you use to download it. Reboot Download HijackThis from here & unzip it into it's own, permanent folder, (Not a temporary folder or the desktop (in a folder on the desktop is fine) & not directly on your hard drive). If you prefer an executable file, then download from here. If you have anything disabled in MsConfig, please re-enable it/them. Start HJT & with all browser windows closed, press the scan button. When the scan is finished the scan button will change to save. Save the log to a text file, copy the entire contents of the text file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system. |
| ||
| Re: Rundll32 Problem Thanks so much for the things you told me to do! Here's my Hijack this file.... Logfile of HijackThis v1.98.2 Scan saved at 5:35:52 PM, on 6/10/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\Program Files\DownloadWare Engine\DWE.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\DOWNLO~2\alp2plib.exe C:\WINDOWS\System32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Sarah Adams\Desktop\hijack\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll O3 - Toolbar: Dupe Cash - {F31B77C6-0D4D-1515-FA0A-4E1B185E8515} - C:\PROGRA~1\MEDIAM~1\fast eq.dll (file missing) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ASTART] C:\WINDOWS\ASTART O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Configuration Loader] sysinfo.exe O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe O4 - HKLM\..\Run: [DownloadWare Engine] "C:\Program Files\DownloadWare Engine\DWE.EXE" /H O4 - HKLM\..\Run: [WebInstall2] C:\Documents and Settings\Sarah Adams\WebInstall.exe /R O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe O4 - HKLM\..\Run: [SQInstaller] C:\Documents and Settings\Sarah Adams\igetnet_3845_3645.exeSQInstaller.exe O4 - HKLM\..\Run: [FlagMove] C:\PROGRA~1\closephonewipe\FLAWTIME.exe O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\Adstartup.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\RunServices: [Configuration Loader] sysinfo.exe O4 - Startup: Update Grokster.lnk = ? O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Image Transfer.lnk = ? O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\td.exe O9 - Extra 'Tools' menuitem: MaxSpeed - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\td.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...=1070696353703 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07804e24...p/RdxIE601.cab O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tool...bar/lexico.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD537E-20E5-4E9F-B9F7-1E2FF9071651}: NameServer = 203.194.56.150 203.194.27.57 |
| ||
| Re: Rundll32 Problem A little bit of work for you now :). Go into add\remove programs & uninstall: WebHancer & whilst there uninstall 'Window Search', 'Window Searching', 'Lop.com', 'LOP SEARCH', 'Browser Enhancer', or 'Ultimate Browser Enhancer' if listed. You may be given a code to insert, do so and reboot when done. If not listed there, run this uninstaller: http://members.rogers.com/rjmac/new_uninstall.exe Also uninstall Messenger Plus. You can reinstall it but do not install the 3rd party sponsor, LOP. Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked': R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://allaboutsearching.com/searchbar.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allaboutsearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file) O3 - Toolbar: Dupe Cash - {F31B77C6-0D4D-1515-FA0A-4E1B185E8515} - C:\PROGRA~1\MEDIAM~1\fast eq.dll (file missing) O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe" O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe O4 - HKLM\..\Run: [DownloadWare Engine] "C:\Program Files\DownloadWare Engine\DWE.EXE" /H O4 - HKLM\..\Run: [WebInstall2] C:\Documents and Settings\Sarah Adams\WebInstall.exe /R O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe O4 - HKLM\..\Run: [SQInstaller] C:\Documents and Settings\Sarah Adams\igetnet_3845_3645.exeSQInstaller.exe O4 - HKLM\..\Run: [FlagMove] C:\PROGRA~1\closephonewipe\FLAWTIME.exe O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\Adstartup.exe O4 - HKLM\..\RunServices: [Configuration Loader] sysinfo.exe O4 - Startup: Update Grokster.lnk = ? O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07804e2...ip/RdxIE601.cab -Netster Reboot into safe mode following the instructions here & navigate to & delete the following if found: C:\PROGRA~1\MEDIAM~1-folder C:\Program Files\Window Active-folder C:\Program Files\webHancer\Programs-folder C:\Program Files\Common Files\Dpi-folder C:\Program Files\DownloadWare Engine-folder C:\WINDOWS\system32\pcs-folder C:\PROGRA~1\closephonewipe-folder C:\Program Files\AdDestroyer-folder C:\Program Files\VBouncer-folder C:\Documents and Settings\Sarah Adams\WebInstall.exe-file C:\Documents and Settings\Sarah Adams\igetnet_3845_3645.exeSQInstaller.exe-file C:\WINDOWS\System32\Adstartup.exe-file sysinfo.exe-file--do a system search for this one. Clear out your Temporary internet files and other temp files. Go to Start > Settings > Control Panel >Internet Options. Under the General tab click the Delete temporary internet files, delete all Offline content as well. Clear out Cookies. Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete. Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.) This one too if Win2K or XP. C:\Documents and Settings\username\Local Settings\Temp\ In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here. Empty the Recycle Bin. Reboot normally after doing the above, rescan with hijackthis making certain that all instances of Internet Explorer are closed, then post that log here please. Go here to TrendMicro for an on-line scan & set it to autoclean for you. Try this scan at Panda as well. BTW. Are you?? How is Qld? |
| ||
| Re: Rundll32 Problem My HJT LOG! :o Logfile of HijackThis v1.98.2 Scan saved at 5:55:23 PM, on 7/10/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ASTART.exe C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\Documents and Settings\Sarah Adams\Desktop\hijack\hijackthis\HijackThis.exe C:\WINDOWS\System32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ASTART] C:\WINDOWS\ASTART O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [Configuration Loader] sysinfo.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Image Transfer.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\td.exe O9 - Extra 'Tools' menuitem: MaxSpeed - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\td.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...=1070696353703 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab I hope its lookin better! Quote:
|
| ||
| Re: Rundll32 Problem Quote:
Did quite a good job there. Dould you not find the sysinfo.exe file? As it is still showing in your log. Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked': R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32\sb.htm O4 - HKLM\..\Run: [Configuration Loader] sysinfo.exe Go here to TrendMicro for an on-line scan & set it to autoclean for you. Try this scan at Panda as well. |
| ||
| Re: Rundll32 Problem Hiii agaiN!!!!!!!! heres my hopefully last log file for you! lol Logfile of HijackThis v1.98.2 Scan saved at 4:57:40 PM, on 8/10/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\cidaemon.exe C:\Program Files\Winamp\Winamp.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Sarah Adams\Desktop\hijack\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ASTART] C:\WINDOWS\ASTART O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Image Transfer.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\td.exe O9 - Extra 'Tools' menuitem: MaxSpeed - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\td.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTS...=1070696353703 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD537E-20E5-4E9F-B9F7-1E2FF9071651}: NameServer = 203.194.56.150 203.194.27.57 Lol and oooh i get ur question now! *Duh!* Yeah ummm my real name's Sarah, lol so thats one reason for the sassy, and I do think I am quite sassy lol :lol: :) And when u said East Coast I thought "I'm not on the east coast!" but hey, wait a minute..i forgot my east from west..lol..so yeah! :rolleyes: where are you from? Thanks soooo much for fixing my computer, I'm so grateful!!!!!1 :cry: :mrgreen: |
| ||
| Re: Rundll32 Problem Me is way over the other side just south of Perth :). Spent about 10 years in Tassie though. Just have hijackthis fix this one O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MT...T=1070696353703 and you should be right :). It should be almost warm enough to go outside now, yes? :mrgreen: |
| ||
| Re: Rundll32 Problem Hiii! Oh cool your near Perth! Great to see a fellow Aussie! :lol: Did you like Tassie for ur 10 years here? WEll i guess you must have if u stayed for 10 years! ;) Me, ima born-and -bred Tasmanian...no two heads tho for me! :( lol.. And the weather here is B-E-A-UTIFUL!!!!!! :p hehehe... summer is sooo close! Nothing better than an Aussie summer right? :cheesy: THankyou SOOOO MUCH for helping fix up my computer :o , I owe you alot, thankyou!!!!!!! :cheesy: :cheesy: |
| ||
| Re: Rundll32 Problem AHHHHHHHHHHHHHHHHHHHH!!!!!!! NOT AGAIN!!!!!!! Ok ok im SO sorry for havin to do this again! but now theres some program called "trumpet1.exe" running in my "System" (in task manager) and its running at 13,000 K and there was also a different program which ran before for a minute before I closed it... :evil: lol... AND if thats not bad enough.. I was just clicking on Desktop --> Properties -->Desktop --> Browsed and when i go to select the destination, it freezes..so naturally task manager is entered, and Rundll32 is STILL there :mad: its back again! grrr :twisted: And for some strange reason, in my Recycle Bin is something called "WINDOWS" and when i went to delete it it said it couldnt be deleted, so now its just sitting there..but I cant actually see anything in the Bin when I open it!!!! Maybe my Hijack This could help? I hope so!! Logfile of HijackThis v1.98.2 Scan saved at 6:23:05 PM, on 12/10/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\cisvc.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe C:\WINDOWS\System32\cidaemon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\trumpet1.exe C:\Program Files\Winamp\Winamp.exe C:\Documents and Settings\Sarah Adams\Desktop\hijack\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ASTART] C:\WINDOWS\ASTART O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Video Process] MSlti64.exe O4 - HKLM\..\Run: [Microsoft not Update] trumpet1.exe O4 - HKLM\..\RunServices: [Video Process] MSlti64.exe O4 - HKLM\..\RunServices: [Microsoft not Update] trumpet1.exe O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe O4 - Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Image Transfer.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: (no name) - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\td.exe O9 - Extra 'Tools' menuitem: MaxSpeed - {1A00C40B-DA85-4aa3-A67F-582D9347EECD} - C:\WINDOWS\System32\td.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4AFD537E-20E5-4E9F-B9F7-1E2FF9071651}: NameServer = 203.194.56.150 203.194.27.57 I know you mightn't be able to help, and I'm sorry for putting my stupid computer troubles onto you, im just realllyyy frustrated atm! lol Thanks again... :o |
| All times are GMT -4. The time now is 1:58 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC