Rundll32.exe issue

[Bob L.]

Hi:

Cross posting as I need maximum help on this. I have something that on
boot
starts 2 rundll32.exe's executing. After a brief period of time
Iexplore.exe executes and windows start popping open. If I stop the
rundll's the windows stop popping open and iexplore no longer runs.

How can I determine what started the rundll's and what are they executing?
How do I determine the string that is starting these apps? If I know I
can
search the hard drive and find them.

I ran ad-aware and spybot along with Norton anti-virus and these apps do
not
find this adware app. I've posted a hijackthis file to TomCoyote but no
one
posted a response.

Thanks for your help - at my wits end.

Bob

 

[Shenan Stanley]

Cross posting as I need maximum help on this. I have something that
on boot starts 2 rundll32.exe's executing. After a brief period of time
Iexplore.exe executes and windows start popping open. If I stop the
rundll's the windows stop popping open and iexplore no longer runs.

How can I determine what started the rundll's and what are they
executing? How do I determine the string that is starting these apps?
If I know I can search the hard drive and find them.

I ran ad-aware and spybot along with Norton anti-virus and these apps
do not find this adware app. I've posted a hijackthis file to TomCoyote
but
no one posted a response.

Thanks for your help - at my wits end.

Have you ran your HijackThis log file through this?
Log Analyzer: http://hjt.iamnotageek.com/

Have you checked the normal places for startups and/or ran:

MSCONFIG
(Startup Tab)
or
MSINFO32
(Software Environment -> Startup Programs)

to check what startups are being loaded?

Did you then Google or search some other way to see if these applications
were normal?

You ran AdAware and Spybot - latest version (not just updates for the
definitions - but the actual versions?)
Did you run CWShredder as well? Kephyr Bazooka Scanner? Immunize with
IE-SpyAd and/or SpywareBlaster?

Have you scanned with an antivirus application not currently installed on
your system?

 

[Rick \Nutcase\ Rogers]

Hi,

How to Troubleshoot By Using the Msconfig Utility in Windows XP [Q310560]
http://support.microsoft.com/?kbid=310560

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[pcbutts1]

Download, install, update and run all of the following.

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

Microsoft Windows AntiSpyware (Beta1)
http://www.microsoft.com/downloads/...A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

If none of the above fixes the issue then run Hijackthis again, save a copy
of the log file and cut and paste it back here to this group so that I can
analyze it.Ignore anyone who tells you to post it elsewhere. I need to see
it not them.



--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

 

[Guest]

Hi, I have had that same problem at one point with my old computer. when you
see the run dll error messege popping up and your ie doesnt work for you,you
have a file missing in your computer. the best way to fix that problem is to
run your restore disk.

 

[Jan Il]

Download, install, update and run all of the following.

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

Microsoft Windows AntiSpyware (Beta1)
http://www.microsoft.com/downloads/...A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

If none of the above fixes the issue then run Hijackthis again, save a
copy of the log file and cut and paste it back here to this group so that
I can analyze it.Ignore anyone who tells you to post it elsewhere. I need
to see it not them.

If the OP posts a link back here to the forum where they post their HJT log
you can visit the forum where they have posted it and review it there if you
wish. They need to post their log to one of the proper forums so that the
HTJ program trained experts can assist them in dealing with any problems
they may have. This is not the proper group to post any HJT logs, and it is
discouraged in the best interest of OP in getting expert support, as any
files wrongly removed can cause serious damage to or disable their OS.

Jan
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.

 

[pcbutts1]

What makes you think I am not a hjt trained expert? You don't know me, You
don't know what I do for a living, Why would I ask to see someone's log if I
did not know what I am doing. You MVP's are all the same, most of you
anyway. I will tell you just like I told the rest of them. Stop confusing
the user.Stop sending them somewhere else for problems that can be fixed
here. You are not helping, This group is intended to help people, replying
to me is not helping them. Sending them to another group is not helping, it
is a waste of time. I don't see you trying to help the OP. This is the place
for logs if it helps fix the users system. Do not tell me again or offer any
other alternatives for me and hjt logs, you are wasting my time and yours.
If the op wants his issue fixed in a timely manner then they will have to
post his log here as I will not go somewhere else to look for it. Email will
not work either. Now go help somebody else and leave me alone.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

 

[Peter Foldes]

You have really missed the point and the meaning of the post by Jan. It is dangerous in a way to post it here and do you know why at all?

 

[pcbutts1]

Dangerous how? The danger comes in giving out bad advice, I have not done
that. Nor shall I. Anyone who knows how to read and interpret hjt logs knows
the danger. Are you assuming that people purposely give out bad advice on
hjt logs an only on hjt logs?. The problem is that techies including some
MVP's who don't fully understand the logs but knows that removing something
could cause damage, are afraid of them so they fear them being posted
because they don't understand them. That is the only reason I can see why
they get hell bent over hjt logs, because they are not comfortable with
them. I have personally asked 3 MVP's who accused me of giving out bad
advice for hjt logs to prove it. Not one could. I have been posting on
Usenet for over 7 years now and have never seen bad hjt log information
given out. Have you? the reason is only people who know what they are doing
reply to hjt posts. HJT is not only used for spyware issues. Those forums
are cluttered and too confusing for the novice who only wants his/her
computer fixed. Plus it takes a few days to get a response which is why they
have to submit their logs more than once. Those automatic log analysis sites
are crap because they don't update. If something is unknown it does not
research it to find out what it is, not good. Sorry but I have not missed
the point in Jan's reply she did. Remove the troll posting from here and see
for yourself what I say about some MVP's
http://groups.google.com/groups?q=pcbutts1+hijackthis&start=0&ie=UTF-8&

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



You have really missed the point and the meaning of the post by Jan. It is
dangerous in a way to post it here and do you know why at all?

 

[Sum Yung Guy]

Stop sending them somewhere else for problems that can be fixed here.

Theoretically, someone here can probably tell me how to fix the starter on
my '56 buick. But this isn't the forum for that, either.

If the op wants his issue fixed in a timely manner then they will have to
post his log here as I will not go somewhere else to look for it. Email
will not work either. Now go help somebody else and leave me alone.

Why will email not work?

Let me ask it in a different way, the reason why things are normally kept in
the newsgroup is so that it will be discoverable by others so that they will
be able to solve the same problem if they run into it.

Or, will the pasting of a full log possible confuse the results of a search,
muddying the waters as it were?

For instance, I don't think people would argue that saying 'Remove lines X,
Y and Z' would be useful for other people to hear about (assuming, of
course, that lines X, Y and Z should always be removed when discovered)
however, when someone posts a file with lines A-Z, that means lines A-W will
be discoverable during searches and might end up making it harder for people
to find useful information regarding text that is in those lines.

Also, as an aside, with your 7 years of experience posting to Usenet, I
think you'll agree that people who walk into an existing community and
demand that everythying be done their way are generally not welcome. Yes,
change can be good, but a brash young upstart entering a community demanding
the change in a community where they have never been seen before is not the
person to effect that change. Make a name for yourself in the community
first, and then try to bring about change.

It also helps if you can provide intelligent reasoning as to why this change
is good. You haven't. You've merely said 'This is how it should be done
because I want it this way.' You've never explained why a log emailed to
you, with your reply coming in the newsgroup, isn't a valid course of
action.

 

[pcbutts1]

How about if they email them to you. Would that satisfy you. Why are you
trying to insist that I accept logs in my mail. If you pay me like I pay for
my domain then I will accept hjt logs in email. You are not making sense,
you think you are but you are not. This group just like all the rest is
indexed by Google so what difference does it make when searching whether it
finds it here or there. Spyware/Malware is a problem with Windows,
HijackThis is a tool to help diagnose the problem with Windows and IE
therefore this group is appropriate for hjt logs. Why is any other log
accepted? You really need to stop trying to convince me otherwise because
you are just wasting your time.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

 

[Peter Foldes]

<Dangerous how? The danger comes in giving out bad advice

Exactly. While you might not give out bad advise someone else just might. Now if the OP selects the advice that was not by you or by someone that knows what they are doing but by someone that is flying by the seat if their pants then the OP could create a scenario by removing the line from the bad advice that was given to him\her and have a system that will become unstable or even not start up again. That is about the point that I was mentioning in my previous post above

 

[Jan Il]

(e-mail address removed)...

What makes you think I am not a hjt trained expert? You don't know me, You
don't know what I do for a living, Why would I ask to see someone's log if
I did not know what I am doing. You MVP's are all the same, most of you
anyway. I will tell you just like I told the rest of them. Stop confusing
the user.Stop sending them somewhere else for problems that can be fixed
here. You are not helping, This group is intended to help people, replying
to me is not helping them. Sending them to another group is not helping,
it is a waste of time. I don't see you trying to help the OP. This is the
place for logs if it helps fix the users system. Do not tell me again or
offer any other alternatives for me and hjt logs, you are wasting my time
and yours. If the op wants his issue fixed in a timely manner then they
will have to post his log here as I will not go somewhere else to look for
it. Email will not work either. Now go help somebody else and leave me
alone.

Sorry...but, when you advise people to do things that are not in their best
interest, then I will not leave you alone. Even if I was not an MVP, I
would state the same.

If you are indeed a knowledgeable HJT expert.....then you know that a
newsgroup such as this is not the proper place to post HJT logs.

As most logs are user independent, based upon their individual problem, a
poster or reader may think that it may seem like a 'like' problem while it
may actually be something different. And....many users may not recognize
the difference....follow the advise meant for someone else, and wind up with
a dead PC.

That, to me, is one of the primary dangers of posting HJT logs in this or
any other newsgroup, second only to Users trying to self-diagnose their own
HJT logs.

If you are a fully trained and experienced expert in HJT, then I am sure
that the forums that we recommend here will be most happy to have your help.

Jan
MS MVP - IE/OE
Smiles are meant to be shared,
that's why they're so contagious.

Replies posted only to the newsgroup for the benefit or other readers.
How to make a good newsgroup post:
http://www.dts-l.org/goodpost.htm

 

[pcbutts1]

What you just said is equivalent of calling user dumb. Nobody's system is
the same, should everybody follow every advice given here? There is bad
advice and wrong advice given out in this group everyday. You can't assume
someone is giving out or going to give out bad advice until it happens. That
goes for everything not just hjt logs so chill out. The registry is more
dangerous then hjt yet registry edits are given out on a regular basis. Why
not send them to an " expert " group. At least hjt makes back ups reg edits
don't. If this was your group then I would honor your request but it's not
so I won't. You have your way of fixing things by sending them away. I have
mine. Lets leave it like that.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

 

[Shawn Fessenden]

[Windows 2000 Pro]

Issues:
Start->Run doesn't work for ANYTHING. Produces the message:
This Internet Shortcut cannot be opened because failed to run. (what
failed?)

Cannot find the file 'rundll32.exe (or one of it's components). (it IS
there, the path IS correct, all components ARE available)

Folder shortcuts on the desktop do not work correctly.

"Find Target" does not work correctly.

Starting PSDK Documentation: "HH.EXE was started without a command line"
(yes, it WAS started with a command line).

I have something of a similar problem. My browser was hijacked to
specific911. All that's been cleared up, but I cannot use Start->Run (trying
to launch anything this way results in "This Internet Shortcut cannot be
opened because failed to run." That's a space there where something
helpful should be

Also, if I right click any "special" desktop icon (Computer, Network, IE,
.... NOT a shortcut) and select Properties, the following results: "Cannot
find the file 'rundll32.exe' (or one of it's components). {Etc.}". Of
course, rundll32.exe is in the system directory and the path is correct.
Dependencies have also been verified.

Nor can I switch to "Add/Remove Windows Components" from "Add/Remove
Programs". I *can* switch to all other categories however.

Folder shortcuts on the desktop, when double clicked, open a default
instance of Windows Explorer, not their target (the target is correct).
Likewise, clicking "Find Target" from any standard shortcut's Properties
opens a default instance (of Windows Explorer) and does not find the target.

Interestingly, while verifying that rundll32 (and shdocvw and mshtml) were
indeed in the system directory, I found that the standard search does not
find them! That is, click task bar, hit F3, type rundll32 (or shdocvw or
mshtml), select drive C and hit Enter, these files are not found in
c:\winnt\sytem32 UNLESS I EXPLICITLY SEARCH THAT LOCATION ONLY. That has
*got* to be some kind of clue. The directory is not hidden, system or read
only. I took ownership of that directory and it's objects but this peculiar
behavior remains. This I can't explain at all.

Er, what I mean is, I'm a Windows programmer & troubleshooter (have been for
15 years) & I've seen nearly everything Windows can throw at people. This
however has me completely stymied. I've run all kinds of registry fixers;
spyware, trojan, shreader etc etc anit-virus, anti-worm, you-name-it until
I'm blue in the face. Nothing finds anything at all wrong and no course of
action fixes these problems. I've reinstalled IE, my SDKs, malfunctioning
software... everything! And yet the basic problem remains.

ANY suggested course of action at all (except 'reinstall Windows') is
greatly appreciated - AND NEEDED BEFORE I RIP OUT THE REST OF MY HAIR!

 

[David Candy]

Well moron what about advanced options in Search. If you want to big note yourself ...

--
--------------------------------------------------------------------------------------------------
http://webdiary.smh.com.au/archives/_comment/001075.html
=================================================

[Windows 2000 Pro]

Issues:
Start->Run doesn't work for ANYTHING. Produces the message:
This Internet Shortcut cannot be opened because failed to run. (what
failed?)

Cannot find the file 'rundll32.exe (or one of it's components). (it IS
there, the path IS correct, all components ARE available)

Folder shortcuts on the desktop do not work correctly.

"Find Target" does not work correctly.

Starting PSDK Documentation: "HH.EXE was started without a command line"
(yes, it WAS started with a command line).

I have something of a similar problem. My browser was hijacked to
specific911. All that's been cleared up, but I cannot use Start->Run (trying
to launch anything this way results in "This Internet Shortcut cannot be
opened because failed to run." That's a space there where something
helpful should be

Also, if I right click any "special" desktop icon (Computer, Network, IE,
... NOT a shortcut) and select Properties, the following results: "Cannot
find the file 'rundll32.exe' (or one of it's components). {Etc.}". Of
course, rundll32.exe is in the system directory and the path is correct.
Dependencies have also been verified.

Nor can I switch to "Add/Remove Windows Components" from "Add/Remove
Programs". I *can* switch to all other categories however.

Folder shortcuts on the desktop, when double clicked, open a default
instance of Windows Explorer, not their target (the target is correct).
Likewise, clicking "Find Target" from any standard shortcut's Properties
opens a default instance (of Windows Explorer) and does not find the target.

Interestingly, while verifying that rundll32 (and shdocvw and mshtml) were
indeed in the system directory, I found that the standard search does not
find them! That is, click task bar, hit F3, type rundll32 (or shdocvw or
mshtml), select drive C and hit Enter, these files are not found in
c:\winnt\sytem32 UNLESS I EXPLICITLY SEARCH THAT LOCATION ONLY. That has
*got* to be some kind of clue. The directory is not hidden, system or read
only. I took ownership of that directory and it's objects but this peculiar
behavior remains. This I can't explain at all.

Er, what I mean is, I'm a Windows programmer & troubleshooter (have been for
15 years) & I've seen nearly everything Windows can throw at people. This
however has me completely stymied. I've run all kinds of registry fixers;
spyware, trojan, shreader etc etc anit-virus, anti-worm, you-name-it until
I'm blue in the face. Nothing finds anything at all wrong and no course of
action fixes these problems. I've reinstalled IE, my SDKs, malfunctioning
software... everything! And yet the basic problem remains.

ANY suggested course of action at all (except 'reinstall Windows') is
greatly appreciated - AND NEEDED BEFORE I RIP OUT THE REST OF MY HAIR!