Try shutting down all programs prior to shutting down windows and see if that makes a difference.

oh uh... have you done anything that would require rundll32.exe to run. if not, it sounds like some malcious program is using it for its own puposes... pull out HijackThis and post your log. also scanning your computer for spyware and viruses.

(check to see if rundll32 is running before you shutdown your computer if it is,there maybe spyware or some other program running. windows calls rundll32.exe to shutdown the computer if it is not running beforehand, it maybe a problem with xp's settings)

oh uh... have you done anything that would require rundll32.exe to run. if not, it sounds like some malcious program is using it for its own puposes... pull out HijackThis and post your log.

BinaryMayhem,

I do agree that is probably a malware issue, but please do not ask members to post HJT logs in any forum except our Security forum. We had to create the security forum primarily due to the overwhelming postings of HJT logs across this entire site, and do ask that members concentrate their "malware"-related posts there. Read Dani's (our site admin) post at the top of each forum concerning this issue: http://www.daniweb.com/techtalkforums/announcement.php?f=10&announcementid=1


Thanks,

DMR

By the way:

oh uh... have you done anything that would require rundll32.exe to run.
A user may not have done anything explicitly which would cause rundd32.exe to run; like svchost.exe, that program is responsible for loading legitimate system programs. "Malware" programs can abuse rundll32.exe, but the pure fact that rundll32 is active is notnecessarilly indicative of a problem.

(Again though- the rundll32 shutdown error would have me looking at a virus/malware infection as well)

Glad you got it sorted. :)

If by chance you get an error when you start Windows that alludes to bridge.dll not being found (which can happen once spyware removal utilities delete the file):

1. In the "run..." dialog box in your Start menu, type "regedit" (omit the quotes)

2. Navigate to HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->CurrentVersion->Run

3. In the right-hand pane of the editor, locate the entry which references bridge.dll

4. Right-click on that entry and choose Delete.

5. Exit the editor

BinaryMayhem,

I do agree that is probably a malware issue, but please do not ask members to post HJT logs in any forum except our Security forum. We had to create the security forum primarily due to the overwhelming postings of HJT logs across this entire site, and do ask that members concentrate their "malware"-related posts there. Read Dani's (our site admin) post at the top of each forum concerning this issue:

Thank you,
I am entirely aware of where HJT posts are to be made; however, I have a tendency to jump from form to form alot and sometimes forget where I am. furthermore, I assume the poster has seen and read the sticky at the top of the page (after all what good is a sticky is no one reads them)

maybe an extra button should be added for submitting a post in the techsupport forum labeled "SUBMIT HJT log". where the bb could either move the entire post to the secuirty form, or create a new post there.

I will try to remmber to inform members that all HJT logs belong in the security forum.A user may not have done anything explicitly which would cause rundd32.exe to run; like svchost.exe, that program is responsible for loading legitimate system programs. "Malware" programs can abuse rundll32.exe, but the pure fact that rundll32 is active is not necessarilly indicative of a problem.
rundll32.exe should never be running on a constant bases and rarely crashes!

I assume the poster has seen and read the sticky at the top of the page...

Unfortunately, most people don't. I don't blame them though- we're used to the "etiquette" of tech support forums because we've worked on them for awhile, but the average user who, until this onslaught of malware, has rarely or never had to avail themselves of such services probably doesn't even know that thereare guidelines for sites such as ours.



maybe an extra button should be added for submitting a post in the techsupport forum labeled "SUBMIT HJT log". where the bb could either move the entire post to the secuirty form, or create a new post there.That is a great idea IMO. I'll pass it by Dani; she'd be the one who would have to implement it if it can actually be done.