Process srrstr.dll

P

peoplearebusy

New member
Local time
7:11 PM
Messages
9
Location
PA
Hi, I have been having an issue lately with srrstr.dll that runs under rundll32 .
This will randomly start doing whatever its trying to do and use up 25% of processor resources until I end the process through task manager. From what I found this has something to do with Windows trying to create a restore point. I would like to know what I need to do to fix this.

I have attached a screenshot of the process in task manager.
 

Attachments

My Computer

Computer Manufacturer/Model Number
ME
OS
Dual: Windows 7 PRO 64 bit & Windows Server 2008 64 bit
CPU
AMD Phenom II X4 955 Black Edition Deneb 3.2GHz Socket AM3
Motherboard
ASUS M4A785TD-V EVO
Memory
4 GB G.SKILL DDR3
Graphics Card(s)
Nvidia Geforce 9500gt
Sound Card
On-board
Monitor(s) Displays
Hanns G HW191D
Screen Resolution
1440 x 900
Hard Drives
2 WD Caviar Black 640GB drives WD6401AALS
PSU
OCZ 600W OCZ600MXSP
Case
Rosewill Wind Knight
Cooling
Stock AMD heatsink/fan, 6x120mm fans, G.Skill Ram Fan
Keyboard
Logitech
Mouse
Logitech
Internet Speed
Cable
peoplearebusy said:
Hi, I have been having an issue lately with srrstr.dll that runs under rundll32 .
This will randomly start doing whatever its trying to do and use up 25% of processor resources until I end the process through task manager. From what I found this has something to do with Windows trying to create a restore point. I would like to know what I need to do to fix this.

I have attached a screenshot of the process in task manager.
Click to expand...

Turn off backup service, or deal with the amount of cpu it consumes when making a restore point
 

My Computer

Computer Manufacturer/Model Number
HP Pavillion dv-7 1005 Tx
OS
Win 8 Release candidate 8400
CPU
[email protected]
Memory
4 gigs
Graphics Card(s)
Nvidia 9600M
Sound Card
HD built-in
Monitor(s) Displays
17" Wxga
Screen Resolution
1440x900
Cooling
none
Internet Speed
45Mb down 5Mb up
Hello peoplearebusy.



It would be advisable to not disable system restore as one day you may have need of it.
 

My Computer

Computer Manufacturer/Model Number
* BFK Customs *
OS
W 7 64-bit Ultimate
CPU
Intel Q9550 Yorkfield
Motherboard
ASUS P5Q Pro
Memory
8GB Dominator 8500C5D
Graphics Card(s)
ATI : XFX 5870
Sound Card
Realtek HD Audio 7-1
Monitor(s) Displays
1x 47" LCD HDMI & 3x 26" LCD HDMI
Screen Resolution
1920x1080P & 1920x1200
Hard Drives
1x 80GB Intel X25-M G2 SSD : 1x 500GB & 1x 640GB WD Caviar Black(s)
PSU
Corsair 620HX
Case
Cooler Master RC-690
Cooling
Tuniq Tower 120, 2x 140mm and 3x 120mm case fans
Keyboard
Microsoft 500
Mouse
Razer Diamondback 3G
Internet Speed
14 Mb/s
Other Info
1x Koutech 3Gb/s SATA HDD Hot Swap Rack
Thank you for your responses but I am a little unsure if this process is working correctly. If I do not End this process in task manager it will continue to run forever. The longest I have seen it run without disabling it is about 35 minutes. I will let it run and see if it stops tommorow. Thanks again
 

My Computer

Computer Manufacturer/Model Number
ME
OS
Dual: Windows 7 PRO 64 bit & Windows Server 2008 64 bit
CPU
AMD Phenom II X4 955 Black Edition Deneb 3.2GHz Socket AM3
Motherboard
ASUS M4A785TD-V EVO
Memory
4 GB G.SKILL DDR3
Graphics Card(s)
Nvidia Geforce 9500gt
Sound Card
On-board
Monitor(s) Displays
Hanns G HW191D
Screen Resolution
1440 x 900
Hard Drives
2 WD Caviar Black 640GB drives WD6401AALS
PSU
OCZ 600W OCZ600MXSP
Case
Rosewill Wind Knight
Cooling
Stock AMD heatsink/fan, 6x120mm fans, G.Skill Ram Fan
Keyboard
Logitech
Mouse
Logitech
Internet Speed
Cable
I will be happy to assist you with this. First, click on FixExe.reg below and run it. Next, follow the instructions below.
FixExe.reg



1. Click Here to download HJTsetup.exe:


2. Click on "Download Now"


3. Save HJTsetup.exe to your desktop.


4. Double click on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This.


5. Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.


6. Put a check mark in the box to Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there.


7. At the final dialogue box, click Finish. Hijack This will launch.


8. Click on the "Do a system scan and save a log" file button. The scan will ensue and a log file will be generated at the conclusion.


9. At the top of the log file click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.


10. Come back here to this topic and Paste the log in your next reply.


DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

DO NOT install or uninstall anything or otherwise make changes to your computer until we are finished with this process.
 

My Computer

Computer Manufacturer/Model Number
x
OS
xp, vista, seven
CPU
x
Motherboard
x
Memory
x
Graphics Card(s)
x
Sound Card
x
Monitor(s) Displays
x
Hard Drives
x
PSU
x
Case
x
Cooling
x
I have been advised by some of the security people that frequent these forums that HJT isn't as reliable as it once was when used in conjunction with Windows 7.
 

My Computer

Computer Manufacturer/Model Number
* BFK Customs *
OS
W 7 64-bit Ultimate
CPU
Intel Q9550 Yorkfield
Motherboard
ASUS P5Q Pro
Memory
8GB Dominator 8500C5D
Graphics Card(s)
ATI : XFX 5870
Sound Card
Realtek HD Audio 7-1
Monitor(s) Displays
1x 47" LCD HDMI & 3x 26" LCD HDMI
Screen Resolution
1920x1080P & 1920x1200
Hard Drives
1x 80GB Intel X25-M G2 SSD : 1x 500GB & 1x 640GB WD Caviar Black(s)
PSU
Corsair 620HX
Case
Cooler Master RC-690
Cooling
Tuniq Tower 120, 2x 140mm and 3x 120mm case fans
Keyboard
Microsoft 500
Mouse
Razer Diamondback 3G
Internet Speed
14 Mb/s
Other Info
1x Koutech 3Gb/s SATA HDD Hot Swap Rack
HJT Results

Here are the results:

Code: 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:01 PM, on 5/27/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL="http://www.yahoo.com/"]Yahoo![/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN.com[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL="http://go.microsoft.com/fwlink/?LinkId=69157"]MSN.com[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [URL]http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab[/URL]
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - [URL]http://service.futuremark.com/virtualmark/tc/FMSI.cab[/URL]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [URL]http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab[/URL]
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PPCtlPriv - Unknown owner - C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\ThreatFire\TFService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7613 bytes
 

My Computer

Computer Manufacturer/Model Number
ME
OS
Dual: Windows 7 PRO 64 bit & Windows Server 2008 64 bit
CPU
AMD Phenom II X4 955 Black Edition Deneb 3.2GHz Socket AM3
Motherboard
ASUS M4A785TD-V EVO
Memory
4 GB G.SKILL DDR3
Graphics Card(s)
Nvidia Geforce 9500gt
Sound Card
On-board
Monitor(s) Displays
Hanns G HW191D
Screen Resolution
1440 x 900
Hard Drives
2 WD Caviar Black 640GB drives WD6401AALS
PSU
OCZ 600W OCZ600MXSP
Case
Rosewill Wind Knight
Cooling
Stock AMD heatsink/fan, 6x120mm fans, G.Skill Ram Fan
Keyboard
Logitech
Mouse
Logitech
Internet Speed
Cable
You must log in or register to reply here.
Back
Top