943,603 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > rundll32.exe problems
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Mar 12th, 2004
0

rundll32.exe problems

Expand Post »
Hey, I have been having sometrouble as of late. (about march 8th) I have windows xp. lately when I want to shut down my pc I have to manully shut down my rundll32.exe, why? I have been reading a lot of things on this bridgedll thing and i looked it up in my msconfig and its there but i don't know what to do with it now that i found it.

I ran hijackthis and here is what i got:

Logfile of HijackThis v1.97.7
Scan saved at 2:41:07 PM, on 3/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [rundll32.exe] C:\WINDOWS\System32\rundll32.exe.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...AB?38004.94875
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by15fd.bay15.hotmail.msn.com/...x/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A25B4830-2FC7-47F1-9152-D66BEFBB37E7}: NameServer = 142.177.1.2 142.177.129.11


What do I do with this to stop from having to manully shutdown my rundll32??? Is it a trojan or virus, spyware?? thank you for any help!!
Similar Threads
Reputation Points: 10
Solved Threads: 0
Newbie Poster
moxin is offline Offline
13 posts
since Mar 2004
Permalink
Mar 12th, 2004
0

Re: rundll32.exe problems!

Nevermind people I believe I fixed it myself...Thx for all your help!
Reputation Points: 10
Solved Threads: 0
Newbie Poster
moxin is offline Offline
13 posts
since Mar 2004
Permalink
Mar 13th, 2004
0

Re: rundll32.exe problems!

but nobody helped You !

what did you do to fix it ,always nice to know
Team Colleague
Reputation Points: 1056
Solved Threads: 791
I hate 20 Questions
caperjack is offline Offline
12,713 posts
since Aug 2003
Permalink
Mar 16th, 2004
0

Re: rundll32.exe problems!

I just found the bridgedll.exe in the scan that i did with hijackthis and fixed it, and everything was fine!
Reputation Points: 10
Solved Threads: 0
Newbie Poster
moxin is offline Offline
13 posts
since Mar 2004
Permalink
Mar 28th, 2004
0

Re: rundll32.exe problems

Hi Moxin,

I am experiencing exactly the same problem on my laptop as you were. I am running Win2000 but assume the cause is the same. The problem has only started recently and on shutdown, it cannot close rundll32.exe automatically and requires me to click on I have checked my msconfig startup and there is a line which is as follows:

Startup Item - Bridge
Command - rundll32.exe "C:\WINNT\system32\bridge.dll",Load
Location - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

You mention the fix involves this file, but you do not explain exactly how you fixed it. Can you provide me with some more information ?

Kind Regards

Simon
Reputation Points: 10
Solved Threads: 0
Newbie Poster
smjohns is offline Offline
4 posts
since Mar 2004
Permalink
Mar 28th, 2004
0

Re: rundll32.exe problems

You can either navigate to the bridge.dll locations & delete them, (after backing up your registry, of course).
Or, you can download & run HijackThis & delete all instances of it with that.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is online now Online
12,163 posts
since Feb 2004
Permalink
Mar 28th, 2004
0

Re: rundll32.exe problems

Hi Crunchie, and thanks for the quick reply.

I have done a quick search of my system and the only bridge.dll file can be found in my c:\winnt\system32\bridge.dll.

What I have done is disabled the start up of this, using msconfig. This fixes the problem and does not seem to cause any adverse affects. I will leave this in safe startup mode for the time being to check it does not affect anything else.

I assume that if all is ok, my next steps will be to:

a) Use regedit to permenantly remove the row "rundll32.exe "C:\WINNT\system32\bridge.dll",Load" from the registry folder "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

b) Delete bridge.dll from C:\winnt\system32\ folder?

Or should I leave the bridge.dll file where is is and just delete the registry row?

Cheers again for all your help.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
smjohns is offline Offline
4 posts
since Mar 2004
Permalink
Mar 28th, 2004
0

Re: rundll32.exe problems

Delete all instances of bridge.dll & nothing else. It is linked to a trojan virus so I wouldn't be surprised if it's on it's Pat Malone (alone).
Probably advisable to post a HJT log, up to you.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is online now Online
12,163 posts
since Feb 2004
Permalink
Mar 28th, 2004
0

Re: rundll32.exe problems

Hi Crunchie,

Thanks for you help.

One more question, if this bridge.dll is linked to a trojan virus, why has my virus checker (Sophos) not picked it up. I ran a full scan and it does not see it as a virus? Is this just a .dll file which a trojan virus uses? Very strange. Having said that, my virus checker did block a virus earlier last week. Could this file have been installed then?

Anyway, I have deleted it and the registry entry and all is ok.....so far

Cheers

Simon
Reputation Points: 10
Solved Threads: 0
Newbie Poster
smjohns is offline Offline
4 posts
since Mar 2004
Permalink
Mar 28th, 2004
0

Re: rundll32.exe problems

A lot of AV's do not pick up all trojans, as you are probably already aware. Even when you get rid of the trojan/virus, they tend to leave behind files that they used. That would be why you get the error messages. I'm no expert though, but this is my understanding of it.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is online now Online
12,163 posts
since Feb 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
This thread is currently closed and is not accepting any new replies.
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Admin Password
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Zeus (Kneber) Botnet Infection is bad for business





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC