Hi. I run Windows 2000. For the past week I have had a problem shutting down my system. I get the box that says end program-rundll32.exe. It starts it's countdown where I can hit any button and end now or let the countdown go and it will do it on it's own. If I hit any key, the system shuts down. If I don't, I get a message that the program is not responding, and the system does not shut down. I can't think of anything I did that would have changed anything. I don't know how to correct this. Can anyone help? Thanks Anne
acuozzo 0 Newbie Poster
TallCool1 81 Practically a Posting Shark Team Colleague
Hi. I run Windows 2000. For the past week I have had a problem shutting down my system. I get the box that says end program-rundll32.exe. It starts it's countdown where I can hit any button and end now or let the countdown go and it will do it on it's own. If I hit any key, the system shuts down. If I don't, I get a message that the program is not responding, and the system does not shut down. I can't think of anything I did that would have changed anything.
Under Windows 2000/XP, rundll32.exe is supposed to run-and-release, that is, it loads the DLL it's called to load--then terminates. If it continues to run, it usually indicates some sort of malware. See the article in my signature for information on spyware/adware tools such as HijackThis, Ad-aware, Spybot - Search & Destroy, and CWShredder--with tips on using them.
acuozzo 0 Newbie Poster
Thank you. I was able to correct my problem. Your other links are extremely helpful also. Anne Cuozzo
dbgvwwz 0 Newbie Poster
Pardon me for being extremely thick, but how exactly did you solve your problem? I have been experiencing this problem for some time now and would be grateful for some pure and simple instructive advice. :confused:
acuozzo 0 Newbie Poster
Pardon me for being extremely thick, but how exactly did you solve your problem? I have been experiencing this problem for some time now and would be grateful for some pure and simple instructive advice. :confused:
Hi, you're not bring thick. I tried finding the answer on Microsoft, but gave up as usual. I always get better information from www.blkviper.com. The answers are easy to understand and carry out. Unfortunately, I could not find this answer on his web site either. I gave up and emailed my brother who teaches Microsoft. He gave me the following web links:
www.spychecker.com/program/hijackthis.html
www.daniweb.com/techtalkforums/thread4466.html
Basically, something was installed on your system such as malware. Spychecker is very good. I also use Ad-Aware, and Spybot-Search and Destroy. These 2 programs you can find at www.pcworld.com, and they are freeware. Also download ZoneAlarm from there also, it's a good firewall. I also got in the habit of running Panda software checking. This is also free at www.Pandasoftware.com/activescan.com
I run these everytime I'm on line because I've been hit too many times to count and I got very tired of reinstalling everything I had. Hope this helps. Anne
dbgvwwz 0 Newbie Poster
Thank you. I have taken your advice and rectified my problem.You made it so much clearer for me than trying to follow a bunch of jargon.
Duncan
talonnet30 0 Newbie Poster
not sure if i am doing this right , if not sorry, i am newbi .
all of a sudden my computer started acting up, i am detecting no virises or registry problems that i am aware of tho., when i am in yahoo mail, and try to see what some one sent me if it links out to say a greeting card, my screen freezes, i can still select my yahoo messenger, and get all my start button options, and even select other windows that are open just that one freezes up, when i shut down or reboot my puter it kinda hangs on rundll32.exe and i have to select the button to force it to shut down, any one know anything about thies problems??? i have win 2000 perfesional, i also ran hijackthis andhere is what i have, i just don't know what to remove.
Logfile of HijackThis v1.97.7
Scan saved at 9:59:36 AM, on 8/13/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINNT\System32\cisvc.exe
c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
c:\program files\comcast\security manager\app\PRISM.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\xizytr.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\temp\msbb.exe
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\WINNT\system32\eiz.exe
C:\WINNT\System32\WScript.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINNT\System32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Talon1\Local Settings\Temporary Internet Files\Content.IE5\LHCPHG0M\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.34.242.8:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 24.34.242.8;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=c:\program files\comcast\security manager\app\SecurityManager.exe
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem219.dll
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {68FF352B-B46F-0A99-865A-15550BA1296B} - C:\WINNT\system32\rnssdpu.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C5941EE5-6DFA-11D8-86B0-0002441A9695} - C:\WINNT\3_0_1browserhelper3.dll
O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Security Manager Popup Blocker - {53829F91-1B06-4DB9-B13E-812A986169F9} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~3\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [opraij] C:\WINNT\system32\xizytr.exe
O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Security Manager] C:\Program Files\Comcast\Security Manager\app\SecurityManager.exe
O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [msbb] c:\temp\msbb.exe
O4 - HKLM\..\Run: [jedcf] C:\WINNT\jedcf.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Gxvicefb] C:\WINNT\system32\eiz.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O4 - Global Startup: Search.vbs
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZP
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O16 - DPF: 3 Point Showdown by pogo - http://threepoint01.pogo.com/applet/threepoint/threepoint-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://temp39.pogo.com/applet/slots/alibaba-ob-assets.cab
O16 - DPF: Animal Ark by pogo - http://play48.pogo.com/applet/animal/animal-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://vbjack.pogo.com/applet/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Chess by pogo - http://chess.pogo.com/applet/chess/chess-ob-assets.cab
O16 - DPF: Command and Conquer Comanche by pogo - http://ccstrike.pogo.com/applet/ccstrike/ccstrike-ob-assets.cab
O16 - DPF: ConferenceRoom Java Client - http://chat.webmaster.com/java/cr.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.8.2.19/cribbage/cribbage-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://domino.pogo.com/applet/domino/domino-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://doublebonus.pogo.com/applet/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.com/applet/bingo/bingoe-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game2.pogo.com/applet/superbingo/superbingo-ob-assets.cab
O16 - DPF: Greenback Bayou by pogo - http://greenback.pogo.com/applet/greenback/greenback-ob-assets.cab
O16 - DPF: Heavy Cannon by pogo - http://play06.pogo.com/applet/heavycannon/heavycannon-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://pool26.pogo.com/applet/pool2/pool-ob-assets.cab
O16 - DPF: Highland Golf by pogo - http://golf01.pogo.com/applet/golf/golf-ob-assets.cab
O16 - DPF: Its Outta Here 2 by pogo - http://itsout.pogo.com/applet/itsoutofhere/itsoutofhere-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet/gin/gin-ob-assets.cab
O16 - DPF: Keno by pogo - http://keno.pogo.com/applet/keno/keno-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://mahjong2.pogo.com/applet-5.8.1.28/mahjong/mahjong-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo.com/applet-5.8.4.18/flinger/flinger-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-5.8.2.19/popfu/popfu-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://temp30.pogo.com/applet/poppit/poppit-ob-assets.cab
O16 - DPF: Quick Shot by pogo - http://quickshot01.pogo.com/applet/quickshot/quickshot-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.pogo.com/applet/squelchies/squelchies-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweet02.pogo.com/applet/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo.com/applet-5.8.2.19/holdem/holdem-ob-assets.cab
O16 - DPF: Top Down Baseball by pogo - http://topdown02.pogo.com/applet/topdown/topdown-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://peaks.pogo.com/applet/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.com/applet/jumbee/jumbee-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://turbo01.pogo.com/applet/turbo21/turbo21-ob-assets.cab
O16 - DPF: Vert Skater by pogo - http://vertskater.pogo.com/applet/vertskater/vertskater-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://whackdown2.pogo.com/applet/whackdown/whackdown-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://klondike.pogo.com/applet-5.8.2.19/worldclass/worldclass-ob-assets.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=d5ce257857a083868c1f4672b0407c8b9379fe5496c0e7d74dd5b79e931ad6d6d9b0f3669e53e51b8fba848fa8088c3fc64cb0edfedca287d6c4c1b056f368:c05c8ac2b23f939ff11a0351cafa03db
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://63.236.66.10/em/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_41.cab
O16 - DPF: {4063B398-3FC7-433E-B23B-0460CE7EDC27} (MaxisMakinMagicTeleX Control) - http://thesims.ea.com/teleport/makinmagic/MaxisMakinMagicTeleX.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/26144036f7192e0a2519/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {7EB15626-CB8E-4174-8A72-C055B12B4310} (CQD2Loader Object) - http://smartdownloader.com/installer.dll
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50029/QDow_AS2.cab
O16 - DPF: {88D8E8B7-A33B-4417-A385-8373484D43ED} (InstallHelper Class) - http://survey.prod.there.com/qualsurvey/ThereInstallHelper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {924C1588-90C3-4910-B6CA-D57A1C0418FE} (YbUploadFavsCtl Class) - http://download.yahoo.com/dl/bookmarks/ybconvfav030408.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - http://static.flingstone.com/cab/2000XP/ClickYesToContinue/bridge-c15.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37851.1686805556
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.flipside.com/cab/WONWebLauncherControl.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.com/exchange/lots/teleport/MaxisSimCity4LotTeleX.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play01.pogo.com/game/deluxe/zuma/popcaploader_v5.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?306
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
can any one help me????? please???
jcourt 0 Newbie Poster
I'm having, i think, i similar problem with the rundll32.exe. when i look at my task manager and look at the processes it says that this process is using up 99 of my CPU. my CPU is being used a 100%! i can't run anything efficiently.
i've ran spybot-s&d and ad-aware numerous times but it won't get rid of it.
can anyone tell me what i need to do?
DMR 152 Wombat At Large Team Colleague
not sure if i am doing this right , if not sorry, i am newbi ...
can any one help me????? please???
Actually, you need to start a new thread in our Security forum and post your log there; Security is the only forum where HijackThis logs should be posted.
You should do that as soon as possible- your log file indicates that you've got a lot of problems, but our security experts can help out.
DMR 152 Wombat At Large Team Colleague
I'm having, i think, i similar problem with the rundll32.exe. when i look at my task manager and look at the processes it says that this process is using up 99 of my CPU. my CPU is being used a 100%! i can't run anything efficiently.
i've ran spybot-s&d and ad-aware numerous times but it won't get rid of it.
can anyone tell me what i need to do?
Hi jcourt- you need to start your own thread and post your question there. We ask that members not post their questions in a thread that has been started by another member; it takes the focus of the thread away from that member's problem.
romsourcing 0 Newbie Poster
Have you checked your system for viruses/trojans or for MsBlaster exploit?
It could help. ;)
Regards,
Claudiu
xminji 0 Newbie Poster
Logfile of HijackThis v1.98.2
Scan saved at 오후 6:25:27, on 2004-09-02
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\eM\Bay Reader\Shwicon2k.exe
C:\Program Files\Common Files\slmss\slmss.exe
C:\WINDOWS\mwsvm.exe
C:\windows\temp\KNDJsdGF.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\notepad.exe
C:\aim\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\xminji\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll
R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)
R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC} - C:\Program Files\scbar\v1\scbar.dll
O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\WINDOWS\System32\mskceo.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll
O2 - BHO: CDnsRepObj Object - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msglji.gif
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: DivX4ka Class - {1B26AAD2-B28C-41B2-BC2A-1CB2ABEF0363} - C:\WINDOWS\System32\divxb4ka.dll
O2 - BHO: WebBho Class - {22941A26-7033-432C-94C7-6371DE343822} - C:\Program Files\scbar\v1\scbar.dll
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif
O2 - BHO: (no name) - {2F6325B1-D599-4081-B320-D9CFFD864243} - C:\WINDOWS\System32\deyvenum.dll (file missing)
O2 - BHO: CBundleObj Object - {447160CD-ECF5-4EA2-8A8A-1F70CA363F85} - C:\WINDOWS\System32\msibkd.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: zSearch Bar - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program Files\zSearch\zSearch.dll (file missing)
O2 - BHO: CUrlCliObj Object - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll
O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msedah.dll
O2 - BHO: CSearchHelpIEExtension Object - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\xminji\Local Settings\Temp\yLj.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] javaw -cp "C:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "C:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [zgzonkz] C:\WINDOWS\zgzonkz.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load
O4 - HKLM\..\Run: [inmzmr] C:\WINDOWS\inmzmr.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SearchEnhancement] "C:\Program Files\scbar\v1\scbar.exe" /U
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [KNDJsdGF] C:\windows\temp\KNDJsdGF.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\minjida\LOCALS~1\Temp\bundle.exe
O4 - HKLM\..\Run: [QIVDNX] C:\WINDOWS\QIVDNX.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [bkp] C:\WINDOWS\bkp.exe
O4 - HKLM\..\Run: [iiukvcxib] C:\WINDOWS\System32\twugck.exe
O4 - HKLM\..\Run: [ryrebcz] C:\WINDOWS\ryrebcz.exe
O4 - HKLM\..\Run: [qtkxsnsf] C:\WINDOWS\qtkxsnsf.exe
O4 - HKLM\..\Run: [bgxgx] C:\WINDOWS\bgxgx.exe
O4 - HKLM\..\Run: [uvkzqjmv] C:\WINDOWS\uvkzqjmv.exe
O4 - HKLM\..\Run: [vodulgz] C:\WINDOWS\vodulgz.exe
O4 - HKLM\..\Run: [kpot] C:\WINDOWS\kpot.exe
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe" "C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [gnupgb] C:\WINDOWS\gnupgb.exe
O4 - HKLM\..\Run: [nstsjwt] C:\WINDOWS\nstsjwt.exe
O4 - HKLM\..\Run: [knah] C:\WINDOWS\knah.exe
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [erslsfqh] C:\WINDOWS\erslsfqh.exe
O4 - HKLM\..\Run: [ktidmx] C:\WINDOWS\ktidmx.exe
O4 - HKLM\..\Run: [taxct] C:\WINDOWS\taxct.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [ifclir] C:\WINDOWS\ifclir.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [aXPf] C:\documents and settings\xminji\local settings\temp\aXPf.exe
O4 - HKLM\..\Run: [바닥터] "C:\Program Files\vidr\vidoctor.exe" -auto
O4 - HKLM\..\Run: [BurnQuick Queue] C:\Program Files\BurnQuick\BQTray.exe
O4 - HKLM\..\Run: [zOBmmm] c:\documents and settings\xminji\local settings\temp\zOBmmm.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SayclubTachy] C:\Program files\NeoWiz\Tachy\tachy.exe
O4 - HKCU\..\Run: [AIM] C:\aim\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\aim\aim.exe
O9 - Extra button: Downloads - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\dial-kazemule8-uk\index.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} (IELoaderCtl Class) - http://install.global-netcom.de/ieloader.cab
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} - http://www.addictivetechnologies.net/DM0/cab/emCraft1.cab
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.h-desk-soft.com/xvsy_offer/HDeskSetup_A.exe
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install036.exe
O16 - DPF: {14ED0DC5-BC85-446A-87D4-657EAB3534C3} (Nshort Control) - http://www.gunghapclub.com/gunghapclub.cab
O16 - DPF: {1CFB641E-B295-4E2B-9720-B7E96A7871A8} (AtCtrl Control) - http://www.gcord.com/active/AtCtrl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {41F31718-2B9D-4F76-85E2-DD11BBA99F8D} - http://install.spywarelabs.com/DistID/2501031120/BundleOuter2501031120.EXE
O16 - DPF: {4E5315D6-D50D-42AC-B38F-E3568E73C1CE} (hiportal Control) - http://boardr.sayclub.com/files/fx/blob1/sayclub/as-/xl-/iv-/asxlive/b3/37./TorangInstall.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/27878a41f06890f8e301/netzip/RdxIE601_ko.cab
O16 - DPF: {5888E710-0C1D-4CC8-BCBF-3971B959BB5C} (DM_activex_installer Control) - http://www.damoim.net/_lib/axau.cab
O16 - DPF: {59E5069A-B67B-40D7-978B-942EC6E47527} (AVRenderOCX Control) - http://avpad.ohmylove.co.kr/res/AVRender.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_11.CAB
O16 - DPF: {6EB5B540-1E74-4D91-A7F0-5B758D333702} (nCaseInstaller Class) - http://bis.180solutions.com/activexinstallers/Installer/nCaseInstaller.cab
O16 - DPF: {72ED8878-6E16-4EA1-BDD6-3B21EF676E45} (CVTrace Control) - http://www.seevideo.co.kr/pub/cvideox/trace/cvtrace.cab
O16 - DPF: {8AE03B06-5BDA-44AA-B4AD-72BB01597451} (DaumQLauncher Control) - http://appupdate.popfolder.co.kr/download/DaumQ/DaumQAx.cab
O16 - DPF: {8DE79080-8535-4F7B-A2A0-5492A89EC18E} (EinsAoD Class) - http://jukeon.dl.sayclub.co.kr/jukeon/p3ed.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab8/dmcc2.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {AD3E9CE9-B602-4585-B9C1-B14B37F4F7D1} (ClientControl Class) - http://chat.damoim.net/_lib/ActiveX/DMChat.CAB
O16 - DPF: {AE3F74F8-DD6C-4EA3-817F-99CD0F0EF478} (BBLauncher Class) - http://www.buddybuddy.co.kr/cab/bblauncher.cab
O16 - DPF: {C553F632-DC31-46B9-BA51-4E8E6C4FA1DB} - http://jukeon.dl.sayclub.co.kr/jukeon/RNJUKEON.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {D68E9D4E-B2D0-467C-985E-D0D341E554D6} (Vidrinst Control) - http://family.vidr.net/activex/vidrinst.cab
O16 - DPF: {DDB3CA41-B472-4EC4-BE10-90B470D06295} (Nexapi2 Control) - http://www.buddybuddy.co.kr/cab/bbmmgr.cab
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} - http://www.whenusearch.com/WUInstSECS.cab
O16 - DPF: {ED1DE51C-2677-450A-8BC1-764218137696} (Install Class) - http://www.damoim.net/_lib/DMAU.cab
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/en/SysWebTelecom.cab
O18 - Filter: text/html - {CC905FF6-B553-496C-9DFA-CFF65ADCD0FC} - C:\WINDOWS\System32\msdhmd.dll
HELP ME. PLZ :sad:
Catweazle 140 Grandad Team Colleague
xminji, please don't 'pigyback' new questions onto someone else's. Your problem is NOT simply a 'rundll' problem. By the looks of that log you have just about every silly thing available from the internet installed onto your system, inluding a fair bit of stuff which you've allowed in yourself and probably not even noticed on the way past ;)
Go to our Security section please, read this topic:
http://www.daniweb.com/techtalkforums/thread5690.html
and follow all the instructions there to remove spyware from your system. If you have remaining problems, create a topic about them in there. Your problem is spyware, and the fact that you don't adequately protect your system from 'net nasties'.
jsingh 0 Newbie Poster
I'm having, i think, i similar problem with the rundll32.exe. when i look at my task manager and look at the processes it says that this process is using up 99 of my CPU. my CPU is being used a 100%! i can't run anything efficiently.
i've ran spybot-s&d and ad-aware numerous times but it won't get rid of it.
can anyone tell me what i need to do?
Hey jcourt, i am having the EXACT same problem. have you found a cure to this problem? if you have please do let me know i will greatly appreciate it, thanks.
- jai
pasokon2004 0 Newbie Poster
Have you checked your system for viruses/trojans or for MsBlaster exploit?
It could help. ;)Regards,
Claudiu
Can someone please help me look over this log and see if it's ok to delete everything? Thank you in advance!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\javaae32.exe
C:\WINDOWS\system32\wincm32.exe
C:\WINDOWS\system32\theqbft.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\family\LOCALS~1\Temp\hijackthis[1].zip 一時ディレクトリ 1\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {90BA9555-264A-4FB1-7251-DD5A22605A95} - C:\WINDOWS\ntgh32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [wincm32.exe] C:\WINDOWS\system32\wincm32.exe
O4 - HKLM\..\Run: [ktdowl] C:\WINDOWS\system32\theqbft.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: リサー - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ページ翻訳 - {D1A62E01-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_pagetran.htm
O9 - Extra 'Tools' menuitem: The翻訳_ページ翻訳 - {D1A62E01-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_pagetran.htm
O9 - Extra button: (no name) - {D1A62E07-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\ttp_showdic.htm
O9 - Extra 'Tools' menuitem: The翻訳_辞書照 - {D1A62E07-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: (no name) - {D1A62E08-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_seltran.htm
O9 - Extra 'Tools' menuitem: The翻訳_範囲指定翻訳 - {D1A62E08-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_seltran.htm
O9 - Extra button: (no name) - {D1A62E0A-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_setdlg.htm
O9 - Extra 'Tools' menuitem: The翻訳_翻訳設定 - {D1A62E0A-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_setdlg.htm
O9 - Extra button: 辞書ー - {D1A62E0C-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\IeTbandTate.dll
O9 - Extra button: 翻訳ー - {D1A62E0E-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\IeTbandYoko.dll
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
bfmoser 0 Newbie Poster
Under Windows 2000/XP, rundll32.exe is supposed to run-and-release, that is, it loads the DLL it's called to load--then terminates. If it continues to run, it usually indicates some sort of malware. See the article in my signature for information on spyware/adware tools such as HijackThis, Ad-aware, Spybot - Search & Destroy, and CWShredder--with tips on using them.
Hey,
I'm new to this forum and was hoping someone could help me out. I'm suddenly getting an error message "Windows cannot find rundll32.exe" when I try to open certain files. Can anyone give me some idea of why this happened and how I could fix it? I would appreciate it.
Thanks a lot,
Ben in Holland
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.