rundll32.exe missing

[bleudie]

I hope I am in the right place. This might be long, but I have a lot
of things going on and this is just one of many problems that I can
find no other help for. OK, I have had some serious virus and/or
adware problems the last few days. I have run scan after scan
(Ad-Aware, Spybot, Norton Virus scan, Ccleaner, trendmicro, pcpitstop,
these are all I can remember, there may have been more), multiple times
per day, safe mode and normal. Apparently, on one of my scans, my
rundll32.exe file was deleted and I cannot figure out how to get it
back. When I try to do certain things like open My Computer
properties, or clean out IE cookies (from the desktop, I can do it if I
open the browser itself, but it was also hit by the virus, so it causes
its own problems), I get the following message:

Windows cannot find 'C:\WINDOWS\system32\rundll32.exe'. Make sure
you typed the name correctly, and then try again. To search for a
file, click the Start button, and then click Search.

Well I did the search for it, it found nothing. It does not show up in
my processes listed in task manager anymore, and I think it used to.
In the middle of all these other problems, I deleted all system restore
points except the most recent one, but now I can't even do a system
restore, and it is turned off and it will not let me turn it back on.
One of the problems I was having was that some type of virus would try
to send spam from MY email account, using my IP address, causing my IP
to be blacklisted at some sites that I go to. I only mention that in
this posting in case it has anything to do with this. I am "this far"
from pulling my hair out because I cannot fix this! If anyone has any
suggestions at all, PLEASE let me know. I run WindowsXP Media Center
Edition, SP2 on a Dell Inspiron 6000 Notebook and I did not receive any
CD's with it. I will provide any other info that someone may think
useful in helping me. Thank you in advance to anyone who can help.

Bleu

 

[Guest]

I hope I am in the right place. This might be long, but I have a lot
of things going on and this is just one of many problems that I can
find no other help for. OK, I have had some serious virus and/or
adware problems the last few days. I have run scan after scan
(Ad-Aware, Spybot, Norton Virus scan, Ccleaner, trendmicro, pcpitstop,
these are all I can remember, there may have been more), multiple times
per day, safe mode and normal. Apparently, on one of my scans, my
rundll32.exe file was deleted and I cannot figure out how to get it
back. When I try to do certain things like open My Computer
properties, or clean out IE cookies (from the desktop, I can do it if I
open the browser itself, but it was also hit by the virus, so it causes
its own problems), I get the following message:

Windows cannot find 'C:\WINDOWS\system32\rundll32.exe'. Make sure
you typed the name correctly, and then try again. To search for a
file, click the Start button, and then click Search.

Well I did the search for it, it found nothing. It does not show up in
my processes listed in task manager anymore, and I think it used to.
In the middle of all these other problems, I deleted all system restore
points except the most recent one, but now I can't even do a system
restore, and it is turned off and it will not let me turn it back on.
One of the problems I was having was that some type of virus would try
to send spam from MY email account, using my IP address, causing my IP
to be blacklisted at some sites that I go to. I only mention that in
this posting in case it has anything to do with this. I am "this far"
from pulling my hair out because I cannot fix this! If anyone has any
suggestions at all, PLEASE let me know. I run WindowsXP Media Center
Edition, SP2 on a Dell Inspiron 6000 Notebook and I did not receive any
CD's with it. I will provide any other info that someone may think
useful in helping me. Thank you in advance to anyone who can help.

Hi Bleu,
Open Windows Explorer and locate this path:
C:\Windows\INF, you will see a folder named sr.inf right click on it and
select Install when finsihed Restart your computer.
If no joy try system Restore to an Earlier date before the Infection took
place.

If you can't restore the system then download this file called HijackThis
and Send the report to the Aumha forum.
To download the File from here:
http://www.aumha.org/free.htm
HTH.
Please let us know your result.
Regards,
nass

 

[bleudie]

Hi Nass!! Thanks so much for responding. OK, when I right-clicked on
sr.inf and then 'install', it gave me a window wanting to know what
program I wanted to use to open it with. I had no idea, so I cancelled
it out. I will do it though, if you can tell me which program to use.
I wonder if maybe it doesn't know what program to use because of this
missing exe file? And no, I cannot do a system restore because when I
try to do that, it gives me the same message as almost everything else:


Windows cannot find 'C:\WINDOWS\system32\rundll32.exe'. Make sure
you typed the name correctly, and then try again. To search for a
file, click the Start button, and then click Search.

Here is my Hijack This log.

Logfile of HijackThis v1.99.1
Scan saved at 4:18:46 PM, on 10/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
C:\DOCUME~1\BLEU~1.LAP\LOCALS~1\Temp\Temporary Directory 2 for
hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.itpaystolearn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
=
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA}
- (no file)
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn3\yt.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper -
{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: (no name) - {40A2988E-C954-4DDE-BD08-453191805BB9} - (no
file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {746455FE-D059-47e7-AF0E-140E03F5A447} - (no
file)
O2 - BHO: (no name) - {871A54C1-1EB3-48bd-A879-5DBA4EF16BE6} -
C:\WINDOWS\system32\dvfekfvx.dll
O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - C:\Program
Files\BHO Plugin\plugin1.dll (file missing)
O2 - BHO: Norton Internet Security 2006 -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} -
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {D494A535-3BDE-4671-A0AC-6C1336D83CE7} - (no
file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Norton Internet Security 2006 -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B}
- C:\Program Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI
Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
Shared\ccApp.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program
Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [{78-84-4B-B0-ZN}] C:\windows\system32\ordsregr.exe
ELT001
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell
Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\system32\Netverchk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program
Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Yahoo! Services -
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program
Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -
C:\Program Files\Common Files\Microsoft Shared\Encarta Search
Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
%windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program
Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} -
http://www.terp17.com/ax/axo.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3}
(CPlayFirstDinerDash2Control Object) -
http://zone.msn.com/bingame/dsh2/default/DinerDash2.1.0.0.55.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
-
http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161916384562

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) -
http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} -
http://locator1.cdn.imagesrvr.com/s...r/files/WinAntiVirusPro2006ScannerInstall.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer
Class) -
http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.5/installer.exe

O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl
Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://download.games.yahoo.com/games/web_games/popcap/insaniquarium/popcaploader_v6.cab

O16 - DPF: {E4C29FDC-F547-4219-ACFD-571F2A7A564A} (WebCamTest Class) -
http://awbeta.net-nucleus.com/CABUPDATES/winwcd.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) -
http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments
Control) - http://by120fd.bay120.hotmail.msn.com/activex/HMAtchmt.ocx
O17 -
HKLM\System\CCS\Services\Tcpip\..\{CC73FBFB-A792-43B5-97B0-22E1BFB661FC}:
NameServer = 204.97.212.10
O17 -
HKLM\System\CCS\Services\Tcpip\..\{DD615249-0193-4C62-A3F7-5D10ADDC9F5C}:
NameServer = 204.97.212.10
O17 -
HKLM\System\CCS\Services\Tcpip\..\{FD354B98-457C-4305-A041-141147619956}:
NameServer = 204.97.212.10
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234}
- C:\WINDOWS\system32\cgyiev.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation -
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation
(ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet
Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation
- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program
Files\Norton Internet Security\comHost.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation -
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton Internet Security\Norton
AntiVirus\navapsvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program
Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\Security
Console\NSCSRVCE.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel
Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation -
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program
Files\Intel\Wireless\Bin\WLKeeper.exe


Again, thank you very much for your help so far.

Bleu

 

[Guest]

I hope I am in the right place. This might be long, but I have a lot
of things going on and this is just one of many problems that I can
find no other help for. OK, I have had some serious virus and/or
adware problems the last few days. I have run scan after scan
(Ad-Aware, Spybot, Norton Virus scan, Ccleaner, trendmicro, pcpitstop,
these are all I can remember, there may have been more), multiple times
per day, safe mode and normal. Apparently, on one of my scans, my
rundll32.exe file was deleted and I cannot figure out how to get it
back. When I try to do certain things like open My Computer
properties, or clean out IE cookies (from the desktop, I can do it if I
open the browser itself, but it was also hit by the virus, so it causes
its own problems), I get the following message:

Windows cannot find 'C:\WINDOWS\system32\rundll32.exe'. Make sure
you typed the name correctly, and then try again. To search for a
file, click the Start button, and then click Search.

Well I did the search for it, it found nothing. It does not show up in
my processes listed in task manager anymore, and I think it used to.
In the middle of all these other problems, I deleted all system restore
points except the most recent one, but now I can't even do a system
restore, and it is turned off and it will not let me turn it back on.
One of the problems I was having was that some type of virus would try
to send spam from MY email account, using my IP address, causing my IP
to be blacklisted at some sites that I go to. I only mention that in
this posting in case it has anything to do with this. I am "this far"
from pulling my hair out because I cannot fix this! If anyone has any
suggestions at all, PLEASE let me know. I run WindowsXP Media Center
Edition, SP2 on a Dell Inspiron 6000 Notebook and I did not receive any
CD's with it. I will provide any other info that someone may think
useful in helping me. Thank you in advance to anyone who can help.

Hi Bleu,
It is better for you to send the HijackThis Log to one of the forum specific
to HijackThis for analysis, you will get better help as I can see many Viral
infections ( ConHook,AntiVirus Gold, Browser Helpers. etc..) here need to be
treated carefully and better to be sent for an Expert like these forums
listed here:
parasite experts:
http://forums.spywareinfo.com/
http://aumha.net/viewforum.php?f=30
Or one of the other HijackThis Logs forums listed here:
http://www.spywareinfo.com/~merijn/forums.html

For Example for bad/Viral infections;
Plugin1.dll Trojan variant
Netverchk.exe (party Poker) ConHook
dvfekfvx.dll not listed on any search engine
DFP most of them not good
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234}

So please don't go mad and delete any thing just send the Report to one of
this Forums I mentioned and they will help you.
HTH.
Please let us know your result as your input is much appreciated.
Regards,
nass

 

[Joe]

I hope I am in the right place. This might be long, but I have a lot
of things going on and this is just one of many problems that I can
find no other help for. OK, I have had some serious virus and/or
adware problems the last few days. I have run scan after scan
(Ad-Aware, Spybot, Norton Virus scan, Ccleaner, trendmicro, pcpitstop,
these are all I can remember, there may have been more), multiple times
per day, safe mode and normal. Apparently, on one of my scans, my
rundll32.exe file was deleted and I cannot figure out how to get it
back. When I try to do certain things like open My Computer
properties, or clean out IE cookies (from the desktop, I can do it if I
open the browser itself, but it was also hit by the virus, so it causes
its own problems), I get the following message:

Windows cannot find 'C:\WINDOWS\system32\rundll32.exe'. Make sure
you typed the name correctly, and then try again. To search for a
file, click the Start button, and then click Search.

Well I did the search for it, it found nothing. It does not show up in
my processes listed in task manager anymore, and I think it used to.
In the middle of all these other problems, I deleted all system restore
points except the most recent one, but now I can't even do a system
restore, and it is turned off and it will not let me turn it back on.
One of the problems I was having was that some type of virus would try
to send spam from MY email account, using my IP address, causing my IP
to be blacklisted at some sites that I go to. I only mention that in
this posting in case it has anything to do with this. I am "this far"
from pulling my hair out because I cannot fix this! If anyone has any
suggestions at all, PLEASE let me know. I run WindowsXP Media Center
Edition, SP2 on a Dell Inspiron 6000 Notebook and I did not receive any
CD's with it. I will provide any other info that someone may think
useful in helping me. Thank you in advance to anyone who can help.

Bleu

Click Start, Run, type SFC /SCANNOW, click OK. If any are damaged or
missing files, they'll be replaced. You may need to reboot afterwards
so damaged files will be replaced.

 

[bleudie]

Thank you Nass, I will probably go to the spywareinfo forums. Also,
from my other response, did you happen to know what program I should
use to open that sr.inf file? I'll ask around some other places too,
and see what I come up with. Thanks for your help, if you think of
anything else, please let me know.

Bleu

 

[bleudie]

Click Start, Run, type SFC /SCANNOW, click OK. If any are damaged or
missing files, they'll be replaced. You may need to reboot afterwards
so damaged files will be replaced.

Thanks Joe, for your response also. Well, I tried this, and it kept
giving me an error message saying that I needed to insert my Windows XP
Professional SP 2 CD. But like I said, I don't have any CD's. So I
let it go all the way through, and just kept hitting cancel when that
would come up. Then it would tell me that I may be asked to insert a
disk later, and do I want to skip this file? I would click yes, and
then just keep going through the motions. It went all the way through
to the end. But upon restarting the laptop, nothing was different. If
you should have any other suggestions, I'm all ears. Thank you still,
though, for trying to help.

Bleu

 

[Guest]

Thanks Joe, for your response also. Well, I tried this, and it kept
giving me an error message saying that I needed to insert my Windows XP
Professional SP 2 CD. But like I said, I don't have any CD's. So I
let it go all the way through, and just kept hitting cancel when that
would come up. Then it would tell me that I may be asked to insert a
disk later, and do I want to skip this file? I would click yes, and
then just keep going through the motions. It went all the way through
to the end. But upon restarting the laptop, nothing was different. If
you should have any other suggestions, I'm all ears. Thank you still,
though, for trying to help.

Hi Bleu,
About the sr.inf when it ask you about what program/Path, it was asking for
the CD which you said you don't have or you can point it to the *i386* folder
on your system.
Don' t try this for Now just see what the HijackThis Log will show and the
steps will be taken to Remove the Infections and Damaged files, that may cure
the Problem and allow you to Restore to An earlier Date when things where
clean from Viruses and malwares.
You may be asked to Uninstall Norton!, it is better if one of your Friends
have a Windows Media Centre CD you can borrow it and Run the sfc /scannow
after get rid of the Infection.
Please let us know your result and if you need any help.
Regards,
nass

 

[Guest]

put ur xp windows disk in and boot to cd rom and select xp repair but before
doing this make sure u turn off system retore so that u dont save this then
after repairing boot in to safe mode and go to download.com and download the
avg antispyware program this is a free 30 day trial and run full system scan
this is one of the antispyware programs that work cause most everything else
dont recognize it should take about 20 to 30 min for this run and get rid of
everything u can and this should take care of it for u.

 

[Guest]

bowmark, Hi i,m in Australia and have the same problem as Blue, have tried
same scans and seem to be relatively clean but that rundll32.exe is causing
me grief.
Unable to acess systems in control panel as windows can't find u guessed it
rundll32.exe. Since i updted windows xp to sp2 every time i load cd in player
it comes up with not compatable due to cd being older version. can't acess
restore pionts except fot the last 14 days and they don't seem to be able to
be restored to that piont?
Any help would be great.
thanx Bowmark

 

[Guest]

i would shut off system restore so u donr end up saving the prob u have and
then put ur os disklin and run in safe mode and click system repair and what
ever your system is missing the os disk will put it back in and u wont lose
any of your stuff u have on pc cause you are only doing a system repair

 

[Guest]

make sure u have uninstalled systemmpack 1 and then reinstall system pk 2
after you run the os repair

 

[Guest]

thanks for the help zombone but as i said due to the rundll32.exe ap missing
i can't access the system restore or most of the apps on the control panel.
Each time i try it tells me windows can't find system32\rundll32.exe.
When i put the xp pro cd in it goes straight to the start main menu for
install?
Thus back to where i started. Help me please its driving me nuts, just going
round in a circle.
Mark