Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works


  • This topic is locked This topic is locked




  • Member
  • PipPip
  • 33 posts
This problem started a week ago. Whenever I'm was the computer, every now and then my computer goes to 100% CPU usage and then slows down for 15 to 30 mins and then speeds up again. Apparently 5 rundll32.exe pop up instantaneously, and winlogon.exe and lsass.exe start to take up most of the cpu usage.

now the situation worsened..
I can't log onto normal mode because it takes too long to get through. More than half an hour would go by, and it still wouldnt go through since CPU usage has been at 100% the entire time. I cant go on "safemode with networking" cause it does the samething. The only thing that does work is safemode without networking. I'm on my second computer right now. And I'm sending the log using a floppy disk.

here's what I done:
I've been using several adaware programs. Ad-aware, pestpatrol, spybot search and destroy, microsoft anti-spyware, and spy doctor. I did it before the situation worsened, and after. I also defragmented my computer and erased unneeded files.

before the log, i also closed the 5 running rundll32.exe i dont know if that changes anything in the log.

this is in safemode:

Logfile of HijackThis v1.99.1
Scan saved at 10:36:57 PM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .xml: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {68459DB3-59C9-449D-815B-65F729385C16} (VoiceSecure Control) - http://www.voice4web.com/vs.cab
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\ejentprf.dll
O20 - Winlogon Notify: MediaContentIndex - C:\WINDOWS\system32\kcrberos(3).dll
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\IEIresizeW7.dll
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\kcrberos(3).dll
O20 - Winlogon Notify: RunServicesOnce - C:\WINDOWS\system32\azmfd.dll
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\ejentprf.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\azmfd.dll
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\kcrberos(3).dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\azmfd.dll
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\kcrberos(3).dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\ejentprf.dll
O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\IEIresizeW7.dll
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\kcrberos(3).dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\IEIresizeW7.dll
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\IEIresizeW7.dll
O20 - Winlogon Notify: Uninstall - C:\WINDOWS\system32\IEIresizeW7.dll
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\kcrberos(3).dll
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\kcrberos(3).dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\azmfd.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UB-VPN\cvpnd.exe

Edited by kingocto, 24 July 2005 - 08:59 PM.

  • 0





  • Topic Starter
  • Member
  • PipPip
  • 33 posts
okay I fixed it. Sorry, i couldnt wait any longer. I did it the old rugged fashion way using a proxy profile. Since windows xp has multiple profiles, i created a new profile using safe mode.

Turned out that this worked!! I had 0% CPU usage and no spyware corrupting windows.

Since my folders were private, I had to go back on my computer using the broken profile in regular mode to make the files public. When I logged on, the only thing that worked was Task manager (crtl+al+del). I pushed the "new task" button.. browsed through the computer.. then right clicked on the private folder, went to Properties, and made it public. In fact, this was how I opened many of my programs... hjiackthis, adaware, etc. Since I didnt need explorer while doing this, I ended explorer.exe which caused my CPU usage to go down to 0% making the shift of the files to the proxy profile a lot easier.

I backuped up My Shared Documents. My favorites (from I.E. browser), and my Desktop. To backup favorites from firefox, you go to manage bookmarks, then export it to a folder on the C drive. I put all my backups on the C drive.

All this took only half an hour to do. Now, I put my desktop, shared folder, and favorites into the newer profile.. and it seems as if nothing has changed. Things are running fairly smooth.

But I treated this only as a last resort since I'm starting to hate using this old 300 Mhz computer.

And yeh, I know this is not how you guys would have done it. But I dont know anything about fixing things from hijackthis. Running anti-spyware was a pain. And now you guys can focus on other problems instead of worrying about mine :tazz:

Edited by kingocto, 25 July 2005 - 06:22 PM.

  • 0



    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP