# Download rundll.exe?



## DancinXtreme

Is there any place I can download a new rundll.exe? I keep getting an error message that says the file is corrupted, but I cant find anywhere to download another one. I'm also having problems opening any of my games...everything keeps saying 'corrupted file' or something along those lines, and a couple times I've had the rundll.exe error come up after I've tried to open something, so that may be the problem. Does anyone know what the problem is, and where I can download a new rundll.exe? Thanks


----------



## zephyr

You don't say what your OS is but there are a couple ways to replace files. Either use SFC to extract a new copy and replace the old one with it; or run a repair re-install to replace ALL damaged, corrupt, or missing files; or extract the file in question from the .cab files on your install disk.

I can direct you better when I know what OS you have.

Regards.


----------



## DancinXtreme

sorry bout that...I have windows 98


----------



## zephyr

No problem. Win98 SFC


----------



## DancinXtreme

I'm still having problems opening up some of my games. I ran SFC, restarted the computer, and I'm still having the problem. So perhaps it wasn't the rundll.exe causing it...any suggestions?


----------



## Triple6

You may have a virus or spyware causing the rundll error.

Try this:

In IE go to Tools -> Internet Options -> and delete Files and Cookies.

To check for and remove any Spyware or Adware that may be installed on your machine download, update, run, and fix ALL problems found by either of the above mentioned programs. You may need to reboot and have the scan run at startup. Run it again to make sure all components have been removed.

Ad-aware and Spybot:
http://spywareinfo.com/downloads.php?cat=sp#det

To check for a virus please visit one of the following sites for a free online virus scan. Even if you a virus scanner installed, this one gives you a second opinion, and it will be up-to-date which yours might not be.

Symantec:
http://securityresponse.symantec.com

Trend Micro:
http://housecall.trendmicro.com

If you have Kazaa, it has to go. Use Kazaa Begone to remove it. Kazaa is full of Spyware and spreads viruses. All file-sharing programs cause more problems than I can shake a stick of.

Kazaa Begone:
http://www.spywareinfo.com/~merijn/index.html

Then post a Hijack This Log to have someone analysis it for further cleaning/recommendations.

Hijack This:
http://spywareinfo.com/downloads.php?cat=sp#det


----------



## DancinXtreme

Well I did have a virus in my computer, but got rid of that a couple weeks ago. Ever since then though, after running Norton and spybot and ad-aware, I've been having more and more problems with my computer...it seems like those programs are causing more problems! I have no idea what's going on. But here's my hijack this log, if someone wants to help me out and can find any problems:

Logfile of HijackThis v1.97.7
Scan saved at 9:39:21 PM, on 12/3/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\CMMON32.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Xelent.Net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
F0 - system.ini: Shell=
N1 - Netscape 4: user_pref("browser.startup.homepage", "unitedstates.rub.to"); (C:\Program Files\Netscape\Users\amy\prefs.js)
O1 - Hosts: &K7zé&5ë)zë¹0ç0à©*Â\¸+ß]¤Õ+9ö|Ö5=ÅÁHVÍ¤èøC4bOßXluÑäðø¿MÚÁÅWeW¯i(~0´ìMáo¨VóWßPp;¥Y/ÑØàÛ.Â\ÿÈÉ½Û
O1 - Hosts: ¥_¶¿®
O1 - Hosts: ÷üýå«K'Ê¯ïK>Oø<+Äþ±®âP ¯2
O1 - Hosts: ÒæÐ0äm6C=ÄLÄB®Ú²¾Ú©%ýÿ¤Ï*ý[NSÂ!Ô¥ç_àîW|Ï«ÞL^JÛ
O1 - Hosts: ×É,æÞDbÍÖ¿n'F
O1 - Hosts: ÊêY¬ÞOpÅ©-_dC¦LHÀ¶_t;¥]AzðÔéko#ñÍÅºÖJP¬ß]îxÑZNôQ$9DÄÇ®-$ùÆ£FâBDÂR+çfC%¸2´lºËc]bJÍ=®Æ¦ ½µü*±)ïïtò&2ú]º¯_Fù!Zú0÷wXþñàå
O1 - Hosts: ù«ÉøGwÿ·ôGp<ó±]ú§ßÑ*}Ç8
O1 - Hosts: Ì_IbÓ]v;1wã%¥ßB-§PEÔ¿$9zißßBÄûíÓo©ËvHF}¬6Ï·cTñ% ºUh2ßÜêg©P²¾³Ù¢¬P&K7zé&5ë)zë¹0ç0à©*Â\¸+ß]¤Õ+9ö|Ö5=ÅÁHVÍ¤èøC4bOßXluÑäðø¿MÚÁÅWeW¯i(~0´ìMáo¨VóWßPp;¥Y/ÑØàÛ.Â\ÿÈÉ½Û
O1 - Hosts: ¥_¶¿®
O1 - Hosts: ÷üýå«K'Ê¯ïK>Oø<+Äþ
O2 - BHO: (no name) - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - (no file)
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - (no file)
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1211.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\Program Files\Norton SystemWorks\Norton Antivirus\NAVAPW32.exe /LOADQUIET
O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\Nprotect.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Net2Phone (HKLM)
O9 - Extra 'Tools' menuitem: Net2Phone (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Sidesearch (HKLM)
O9 - Extra button: @Home (HKCU)
O12 - Plugin for .bmp: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
O12 - Plugin for .MTD: C:\PROGRA~1\INTERN~1\Plugins\npmusicn.dll
O12 - Plugin for .hpb: C:\PROGRA~1\INTERN~1\PLUGINS\nphpipb.dll
O12 - Plugin for .ofb: C:\PROGRA~1\INTERN~1\PLUGINS\NPONFLOW.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir8d205.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: Yahoo! PageBuilder - http://pagebuilder.yahoo.com/members/tools/pagebuilder/prod/client.2.60.23/code/client.cab
O16 - DPF: {E09F6B38-3A0D-11D3-B5E7-0008C7BF61F2} (DetectMN) - http://www.musicnotes.com/download/npmusicn.cab
O16 - DPF: Yahoo! Word Racer - http://download.yahoo.com/games/clients/y/wr0_x.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Control) - http://content.communities.msn.com/cs/MsnPUpld.cab
O16 - DPF: {E98B87EE-3FCB-11D3-8A62-00C0F03C3792} (FTWL Class) - http://download1.firetalk.com/FireTalk/MFT_Test/FTWebLauncher.cab
O16 - DPF: Yahoo! Hearts - http://yog6.yahoo.com/yog/y/hq0_x.cab
O16 - DPF: {9771C160-AD19-11D5-91BE-0048546CB511} - http://216.176.203.23/webtwo/download.exe
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresearch.com/OTXMedia/OTXMedia.dll
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://us.creative.com/support/downloads/su/ocx/12119/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://us.creative.com/support/downloads/su/ocx/12119/CTPID.cab

Hopefully someone has some suggestions to help me out. Thanks for responding :0)


----------



## Triple6

I don't know what this is but if its in the Hijackthis log, remove it:
O1 - Hosts: &K7zé& 5ë)zë¹0ç0à©*Â\¸+ß]¤Õ+9ö|Ö5=ÅÁHVÍ¤èøC4bOßXluÑäðø¿MÚÁÅWeW¯i(~0
´ìMáo¨VóWßPp;¥Y/ÑØàÛ.Â\ÿÈÉ½Û
O1 - Hosts: ¥_¶¿®
O1 - Hosts: ÷üýå«K'Ê¯ïK>Oø<+Äþ±®âP ¯2
O1 - Hosts: ÒæÐ0äm6C=ÄLÄB®Ú²¾Ú©%ýÿ¤Ï*ý[NSÂ!Ô¥ç_àîW|Ï«ÞL^JÛ
O1 - Hosts: ×É,æÞDbÍÖ¿n'F
O1 - Hosts: ÊêY¬ÞOpÅ©-_dC¦LHÀ¶_t;¥]AzðÔéko#ñÍÅºÖJP¬ß]îxÑ ZNôQ$9DÄÇ®-$ùÆ£FâBDÂR+çfC%¸2´lºËc]bJÍ=®Æ¦ ½µü*±)ïïtò&2ú]º¯_Fù!Zú0÷wXþñàå
O1 - Hosts: ù«ÉøGwÿ·ôGp<ó±]ú§ßÑ*}Ç8
O1 - Hosts: Ì_IbÓ]v;1wã%¥ ßB-§P EÔ¿$9zißßBÄûíÓo©ËvHF}¬6Ï·cTñ% ºUh2ßÜêg©P²¾³Ù¢¬P &K7zé& 5ë)zë¹0ç0à©*Â\¸+ß]¤Õ+9ö|Ö5=ÅÁHVÍ¤èøC4bOßXluÑäðø¿MÚÁÅWeW¯i(~0
´ìMáo¨VóWßPp;¥Y/ÑØàÛ.Â\ÿÈÉ½Û
O1 - Hosts: ¥_¶¿®
O1 - Hosts: ÷üýå«K'Ê¯ïK>Oø<+Äþ

And all of this:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redi...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redi...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redi...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redi...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Xelent.Net
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
F0 - system.ini: Shell=
O2 - BHO: (no name) - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - (no file)
O2 - BHO: (no name) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - (no file)
O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\PROGRAM FILES\LYCOS\SIDESEARCH\SIDESEARCH1211.DLL
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O3 - Toolbar: (no name) - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - (no file)


----------



## DancinXtreme

do I just remove it from the log?


----------



## Triple6

Yes, by checking the objects in HijackThis.


----------



## DancinXtreme

OK, yea i figured that out after i posted the last message ::feels dumb:: thanks though :0)


----------

