Lost file Windows\system32\rundll32.exe

clester · 12-Nov-2009, 11:23 AM #1

Valis sent me here for help. He was able to fix this problem about a week ago but it has happened again. I am running Windows XP home edition.

This file affects numerous applications and does not allow them to be performed.

For instance when I right click on My Computer and try to go to Properties
I get the error
Windows cannot find C:\Windows\System32\Rundll32.exe

I need help recovering this. Last week Valis had me co to the dos window and we expanded sytem 32 in that and it was recovered.

I also would like to know why this happening

Thanks
Clester

NICK G · 12-Nov-2009, 11:31 AM #2

This is how to do it again.
Why it's doing it is another thing.
I would go to the Malware section of this forum and start there with scans and advice.
Good luck.

Lance1 · 12-Nov-2009, 11:34 AM #3

I think that Valis had you expand rundll32.exe. To do this go to Start \ Run and type expand X:\i386\rundll32.ex_ c:\windows\system32\rundll32.exe "X being the letter of your CD ROM" Put the XP CD in the try and hit enter. After it expands Restart the computer.

Lance1 · 12-Nov-2009, 11:36 AM #4

AAAA! you beat me NICK G! I got to learn to type faster.

clester · 12-Nov-2009, 01:43 PM #5

Quote:

Originally Posted by Lance1

AAAA! you beat me NICK G! I got to learn to type faster.

Thanks for the help. The problem is solved. Now if I can figure out why it is happening. Any ideas????

Clester

clester · 12-Nov-2009, 01:45 PM #6

Quote:

Originally Posted by clester

Valis sent me here for help. He was able to fix this problem about a week ago but it has happened again. I am running Windows XP home edition.

This file affects numerous applications and does not allow them to be performed.

For instance when I right click on My Computer and try to go to Properties
I get the error
Windows cannot find C:\Windows\System32\Rundll32.exe

I need help recovering this. Last week Valis had me co to the dos window and we expanded sytem 32 in that and it was recovered.

I also would like to know why this happening

Thanks
Clester

Thanks for the replies guys the problem is solved. Any ideas as to why it is happening????

Phantom010 · 12-Nov-2009, 01:47 PM #7

Please click here to download and install the HijackThis installer.

Run it and select Do a system scan and save a logfile.

The log will be saved in Notepad. Copy and paste the log in your next post.

Do not fix anything

NICK G · 12-Nov-2009, 02:15 PM #8

Quote:

Originally Posted by NICK G;

Why it's doing it is another thing.
I would go to the Malware section of this forum and start there with scans and advice.
Good luck.

Seems Phantom has put you on the right track to resolve other issues.

clester · 13-Nov-2009, 10:16 AM #9

Thanks for the help. Here is the result of the scan
Clester

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:25 AM, on 11/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\WINDOWS\system32\kmw_run.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Debbie Lester\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\DEBBIE~1\LOCALS~1\Temp\Rar$EX00.609\CP Destroyer.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Documents and Settings\All Users\Application Data\KwinzySrch\kwinzy155.exe
C:\Program Files\KwinzySrch\kwinzy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O1 - Hosts: 195.245.119.131 spyware-protector-2009.com
O1 - Hosts: 195.245.119.131 www.spyware-protector-2009.com
O1 - Hosts: 195.245.119.131 secure.spyware-protector-2009.com
O1 - Hosts: 195.245.119.131 knocker
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKLM\..\Run: [kmw_run.exe] "C:\WINDOWS\system32\kmw_run.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [YBrowser] "C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe"
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] "rundll32" C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Turbine Download Manager Tray Icon] "C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DLCJCATS] "rundll32" C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCJtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SmileboxTray] "C:\Documents and Settings\Debbie Lester\Application Data\Smilebox\SmileboxTray.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [UniblueRegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKUS\S-1-5-21-769079328-2221179514-3766738458-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://storemail.academy.com/iNotes6W.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.5.0.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://storemail.academy.com/dwa7W.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KwinzySrch Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\KwinzySrch\kwinzy155.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
--
End of file - 10457 bytes

Phantom010 · 13-Nov-2009, 11:43 AM **#10**

You computer is infected. Please click on Report button and kindly ask to be moved to the Malware Removal forum.

clester · 13-Nov-2009, 04:51 PM **#11**

Phantom010

What do you want me to do after going to Malware Removal Forum

**valis** · 13-Nov-2009, 05:50 PM **#12**

craig:

Let me pm a couple people who are security experts to take a look at your log.

Glad to see you finally made it you, you old curmudgeon. Welcome to my digital life.

timothy

**valis** · 13-Nov-2009, 05:55 PM **#13**

okay, I've asked a few specialists to take a look at your log. In return, wanna buy a mug?

clester · 13-Nov-2009, 06:08 PM **#14**

Yes sir I will look at the store nad make a purchase
Thanks

cybertech · 13-Nov-2009, 06:17 PM **#15**

Post a new hijackthis log and tell me what is going on now since the thread was marked solved...

Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet laptop malware memory modem monitor motherboard network printer problem ram registry router security slow software sound toshiba trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!