Ya know, I should know better. I'm a Service Desk manager, an IT Security advisor, and a computer guru. But sometimes I hit the stupid branch down the stupid tree when I get up in the morning. Being tired is never a good idea to look at stuff your friends send you. But somehow, I managed to let TCPIPMON.EXE sneak in. I've been trying for around 6 hours to kill it - but I suspect this new variant has more than the rpcc.dll and tcpipmon.exe. Ya know, after running HJT, I see a lot of stuff I can unload on my machine that I know it doesn't need. The two SVCHOST.EXE do concern me but I know that Creative is notorious for using a least one (I have a Audigy2ZS). The RUNDLL32.EXE makes me suspicious but I think it may be related to my nVidia drivers.