Windows XP Rundll32.exe not responding while shutting down

[ankit2788]

HI,

I am new to this forum.
I checked few already existing threads on the same issue.
As soon as I try to shut down my computer, I get this message saying that the Rundll32.exe program is not responding.

I tried using hijackthis and below is the log summary.
Let me know what might be causing this problem,

Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:43:13 PM, on 3/28/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Quick Heal\Quick Heal Internet Security\onlinent.exe
C:\Program Files\Quick Heal\Quick Heal Internet Security\SCANMSG.EXE
C:\Angel PDA\PDA Autoupdater.exe
C:\Program Files\Quick Heal\Quick Heal Internet Security\UPSCHD.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Quick Heal\Quick Heal Internet Security\EMLPROXY.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Quick Heal\Quick Heal Internet Security\SA****VC.EXE
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Quick Heal\Quick Heal Internet Security\opssvc.exe
C:\Program Files\Quick Heal\Quick Heal Internet Security\quhlpsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Quick Heal\Quick Heal Internet Security\SCANWSCS.EXE
C:\WINDOWS\System32\lib32wany.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\msi64cider.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Quick Heal Core UI] "C:\Program Files\Quick Heal\Quick Heal Internet Security\strtupap.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PDA Autoupdater.] C:\Angel PDA\PDA Autoupdater.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: svchost64.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{70C73F90-ED29-4EB5-A832-6ECE2EA070B5}: NameServer = 218.248.241.2 218.248.255.211
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Core Mail Protection - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal Internet Security\EMLPROXY.EXE
O23 - Service: Core Scanning Server - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal Internet Security\SA****VC.EXE
O23 - Service: Core Scanning ServerEx - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal Internet Security\SA****VC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: IPC Performance Adapter (IpcApSrv) - Unknown owner - C:\WINDOWS\R_Slsvc.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Online Protection System - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal Internet Security\opssvc.exe
O23 - Service: Quick Update Service - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal Internet Security\quhlpsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Internet Security Helper Service WSC (ScanWscS) - Quick Heal Technologies (P) Ltd. - C:\Program Files\Quick Heal\Quick Heal Internet Security\SCANWSCS.EXE
O23 - Service: Windows Native Younging (WanySvc) - Unknown owner - C:\WINDOWS\System32\lib32wany.exe

 

[Silverhazesurfer]

http://support.microsoft.com/kb/310353

I would try that and see if you have any other issues. To get the machine to shut down, simply end task on any rundll32 files that are operational. Once you close the right one, the system will let you restart or shut down.

I see two different antivirus programs in operation, that's bad. pick one.

Could reference any of these lines:

O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - Global Startup: svchost64.lnk = C:\WINDOWS\system32\rundll32.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

 

[muckshifter]

this forum doesn't analyse HJT logs, but instead point you to BleepingComputers if you suspect any nasties that may be causing you a problem.

They are excellent in handling such things, highly recommended, however, I cannot "see" anything glaringly obvious that may be the culprit.

IMHO, you should at least update your OS to the latest Service Pack 3, uninstall the very little known AV program that your are using & download MSE and turn on MS's Firewall. It would at least save you some headaches. Never run more than one AV at a time.