Results 1 to 8 of 8
  1. #1
    Junior Member
    Join Date
    Feb 2005
    Location
    King Country
    Posts
    6

    Default Rundll32 file not found.

    Yesterday my computer went a bit squiffy (coincidentally after opening some emails). It started running continuously until I rebooted it.

    The start menu had two entries I hadnt noticed before

    crypt /System/Dirdata.exe
    expolarx /sysrem/ dirdata.exe

    The Running processes included Dirdata and Dirmiss32 which I had never noticed before. I suspect some infection.

    After a bit of online research I disabled the above MS programs, which can be hijacked by Trojans, into the system file and things improved.

    I have run a number of well known spyfinder tools to no avail.

    But I have no rundll to make shortcuts work, for example I cant use Control Panel or the interent shortcuts

    My primary concern is to restore shortcut function. How please?

    The Rundll file icon appears in the System file but it is just a picture

  2. #2
    tweakedgeek tweak'e's Avatar
    Join Date
    Dec 2004
    Location
    winterlessnorth (well almost)
    Posts
    4,944

    Default Re: Rundll32 file not found.

    what antivirus do you use?

    is it trying to access the net? eg is anythin unusuall listed in your firewall ?
    Tweak it till it breaks

  3. #3
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: Rundll32 file not found.

    I would get trojan remover. See if this picks anything up

    http://www.simplysup.com/tremover/

    Update it then scan..

    Or get hijackthis make a folder called hjt, and unzip the hijackthis file into this folder. Do a scan and post a log here.

  4. #4
    Senior Member
    Join Date
    Dec 2004
    Posts
    848

    Default Re: Rundll32 file not found.

    Have you spelt these file names correctly??
    To fix shortcut problem.
    Try this click start then run, in this box type sfc /scannow note there is a space after sfc.
    This will run the windows file checker which should replace any missing files.
    Or grab Rundll32 from here.
    http://www.richardthelionhearted.com.../winfiles.html
    hth
    The wise are not wise because they make no mistakes. They are wise because they correct their mistakes as soon as they recognize them. - Orson Scott Card (1951- ),

  5. #5
    Junior Member
    Join Date
    Feb 2005
    Location
    King Country
    Posts
    6

    Default Re: Rundll32 file not found.

    Thanks guys.

    I have reinstalled rundll from that site. Duh, I had actually been on that page earlier in the day when I getting Hijack to try. It showed up this list.
    Since I disabled those items I mentioned things seem to be back to relative normality now my icons work.

    Logfile of HijackThis v1.99.1
    Scan saved at 11:41:08 p.m., on 17/05/2005
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\PROGRAM FILES\GUIDESCOPE\GUIDE.EXE
    C:\WINDOWS\START MENU\PROGRAMS\STARTUP\RAMPUP.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
    C:\WINDOWS\RUNDLL32.EXE
    C:\MY DOCUMENTS\DOWNLOADS\SPYWARE TOOLSR\HIJACK\HIJACKTHIS.EXE
    C:\MY DOCUMENTS\DOWNLOADS\SPYWARE TOOLSR\HIJACK\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/p/hp/us/?http://hp.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:8000
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.1629.0\EN-US\MSNTB.DLL
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashserv.exe
    O4 - Startup: Guidescope.lnk = C:\Program Files\Guidescope\guide.exe
    O4 - Startup: RamPup.exe
    O4 - Startup: RAMPUP.INI
    O4 - Startup: SCREENTHEMES.LNK = C:\SCTHEMES\SCTHEMES.EXE
    O8 - Extra context menu item: Check &Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM
    O8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\PROGRAM FILES\IESPELL\IESPELL.DLL
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab

  6. #6
    VoidMaster
    Join Date
    Dec 2004
    Posts
    6,361

    Default Re: Rundll32 file not found.

    Speedy is not around at the moment I don't think, he is the Master Blaster when it comes to HijackThis logs but in the meantime you could go here and follow instructions:

    http://hjt.iamnotageek.com/

    It is a HijackThis log analyser.
    It's not the least charm of a theory that it is refutable. The hundred-times-refuted theory of "free will" owes its persistence to this charm alone; some one is always appearing who feels himself strong enough to refute it - Friedrich Nietzsche

  7. #7
    Member
    Join Date
    Dec 2004
    Location
    NZ
    Posts
    44,851

    Default Re: Rundll32 file not found.

    C:\PROGRAM FILES\GUIDESCOPE\GUIDE.EXE

    Do you use some kind of popup stopper?? I think this is what this is.
    Not sure if its spyware as well. Leave this entry unticked for now.

    C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE

    Tick this. See if Backweb or similar is in add/remove programs.
    If it is uninstall it.

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:8000

    Tick this entry

    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

    Tick this entry

    O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder

    Tick this entry

    O4 - Startup: Guidescope.lnk = C:\Program Files\Guidescope\guide.exe

    This looks like a popup stopper program. Leave this unticked for now.


    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    http://ak.imgfarm.com/images/nocach...etup1.0.0.6.cab

    Tick this. The above where I've said to tick, tick them and click on fix then reboot.

    Also check add/remove for these. Gator/Gain, CNBabe, Weatherbug, My Search Bar or MyWay Speed Bar. If theyre there, uninstall them.

  8. #8
    tweakedgeek tweak'e's Avatar
    Join Date
    Dec 2004
    Location
    winterlessnorth (well almost)
    Posts
    4,944

    Default Re: Rundll32 file not found.

    remove these.

    C:\WINDOWS\START MENU\PROGRAMS\STARTUP\RAMPUP.EXE
    C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BWDELAY.EXE
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:8000
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - Startup: RamPup.exe
    O4 - Startup: RAMPUP.INI
    O4 - Startup: SCREENTHEMES.LNK = C:\SCTHEMES\SCTHEMES.EXE

    DO NOT REMOVE "O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun"

    it would pay to boot into safe mode and scan with the usual spyware/antivirus tools. also next time you do a hjt log do it from safe mode.
    Tweak it till it breaks

Similar Threads

  1. Need to repair rundll32.exe file
    By Biggles in forum PressF1
    Replies: 7
    Last Post: 27-10-2006, 03:13 PM
  2. Registry file not found
    By in forum PressF1
    Replies: 1
    Last Post: 25-04-2002, 08:42 AM
  3. Replies: 5
    Last Post: 19-01-2002, 05:47 AM
  4. Replies: 2
    Last Post: 22-04-2001, 03:14 PM
  5. smm32.vxd file not found
    By in forum PressF1
    Replies: 0
    Last Post: 10-10-1999, 11:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •