# [Resolved] Rundll 32 error



## neville (Oct 12, 2002)

Hi guys,
I get an error message every time I turn on my computer.
The message is :
Rundll32
This program has performed an illigegal...
If I close the window it pops up again immediately.
If I close it several times in a row it goes away.
However it comes back again as soon as I connect to the internet.
When I hit the details buton it informs me that an invalid page fault was made in module SETUPAPI.DLL
Anyone an idea what could be causing this?


----------



## weeniebeenie (Sep 23, 2002)

If ur running win9x or later.

Start-Run-type in "MSCONFIG", goto the startup tab and clear all progams from starting up except systray and explorer.


----------



## TonyKlein (Aug 26, 2001)

...and Scan Registry, or you won't have a recent backup of the registry to revert to, should disaster ever strike...

And your antivirus, and your firewal....

But please do this first:

Download *StartupList 1.34* at http://www.lurkhere.com/~nicefiles/index.html

Unpack, doubleclick it, and it will generate a text file that will list all running processes, _all_ applications that are loaded automatically when you start Windows, and more.

Go to Edit > select all, copy it and please post the contents here.

It'll help us troubleshoot this issue.


----------



## neville (Oct 12, 2002)

Done both.
Get the following message when turning on my computer:
Systray : this program has performed an illegal operation...

Here's the startup list:

StartupList report, 13/10/02, 12:48:28
StartupList version: 1.34.0
Started from : C:\WINDOWS\DESKTOP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\LOADQM.EXE
C:\GMOUSE\GNETMOUS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\LUCOMSERVER.EXE
C:\WINDOWS\DESKTOP\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SystemTray = SysTray.Exe
ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
Adaptec DirectCD = C:\Program Files\CD-Writer Plus\DirectCD\DIRECTCD.EXE
GSICONEXE = GSICON.EXE
DSLAGENTEXE = DSLAGENT.EXE
LoadQM = loadqm.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
gnetmous = C:\Gmouse\gnetmous.exe
b3dUpdate = C:\WINDOWS\BDE\Update\Zupdate.EXE -silent -p "C:\WINDOWS\BDE\Update" -s setup.cab
QuickTime Task = C:\WINDOWS\SYSTEM\QTTASK.EXE
WinampAgent = "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
Norton eMail Protect = C:\Program Files\Norton AntiVirus\POPROXY.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
5-1-5-23 = c:\windows\5-1-5-23.exe -m

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=hpfsched

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 4/9/2002, 3:1:12)

[Rename]
NUL=C:\PROGRA~1\WINDOW~2\SETUP_WM.EXE
NUL=C:\WINDOWS\SYSTEM\WMPLOC.DLL

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)
mode con codepage select=850
keyb be,,C:\WINDOWS\COMMAND\keyboard.sys

--------------------------------------------------

C:\CONFIG.SYS listing:

DEVICE=C:\WINDOWS\HIMEM.SYS
device=C:\WINDOWS\COMMAND\display.sys con=(ega,,1)
Country=032,850,C:\WINDOWS\COMMAND\country.sys

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Task Scheduler jobs:

Scannen op virussen.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/nl/win/QuickTimeInstaller.exe

--------------------------------------------------
End of report, 7.082 bytes
Report generated in 2,849 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## TonyKlein (Aug 26, 2001)

Nothing worrying there, except for the BDE foistware.

Go to Start > Run, type Msconfig, and check the following items on the Startup tab:

Microsoft Find Fast, LoadQM, b3dUpdate, and Quick Time Task.

Click OK, close Msconfig, and reboot.

Now download and install Ad-Aware . This is a program which scans your system for spyware/foistware.

After installing AAW, and before running the program, also download the Refupdate Utility. 
This utility searches for, downloads and automatically installs the latest AAW reffile (the spyware definitions, so to speak).

Run the refupdate.exe installation file, and once installed, go to Start Menu>Programs, find the Lavasoft Refupdate entry and run it.

Select wyvernworks.com, digital-solutions, tomcoyote, or bagpipes.net as the download server from the list of servers.

Now click connect; it will open a connection to the internet to check and update the current signature file.

(If the main 'Lavasoft.nu' server happens to be down, you'll get an error message. In that case choose another one from the list.)

When that's completed, close Internet Explorer, launch Ad-aware, and look at the bottom left corner.
It should now say "Signature file in use: "042-24.09.2002".

Then have your drives and registry scanned for spyware, check all found files and reg keys, hit 'backup', then click continue, and have them all removed.

Reboot once more.

Cheers,


----------



## TonyKlein (Aug 26, 2001)

If after doing that you're still getting the Rundll error, try disabling Advanced Power Management (Control Panel > Power Management)

If your setupapi.dll error returns, follow the step in the following MS article, to see whether that helps:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;q232489


----------



## neville (Oct 12, 2002)

I still get the systray error when starting my pc.
I can't get into power management because the Rundll32 error message keeps popping up. It also appears when I try to do other things, like get into the "properties" of my desktop.
Finally when I reboot my pc I get an explorer error and can't properly shut down.
Any ideas?


----------



## TonyKlein (Aug 26, 2001)

This is the first time you're mentioning the Systray error.

Is is Systray, or is it Setupapi.dll?

As for the rundll32 error, did you in fact run Ad-Aware and have everything removed?

Also take a look here:

Error Messages in Mmsystem.dll or Rundll32

And take a look at Henri Leboeuf's collection of Rundll32 errors:

http://www.generation.net/~hleboeuf/erundl32.htm


----------



## neville (Oct 12, 2002)

Hi,
I mentionned the systray error with the startup list, it appears when turning on my pc.

I did run adaware. I already had an earlier version but installed the most recent one and then ran the refupdate on it.

this is the exact error message:

RUNDLL32 caused an invalid page fault in
module SETUPAPI.DLL at 0187:77ebcb60.
Registers:
EAX=535c5357 CS=0187 EIP=77ebcb60 EFLGS=00010206
EBX=77ea0000 SS=018f ESP=0063f71c EBP=00000000
ECX=4f444e49 DS=018f ESI=77ea571f FS=111f
EDX=575c3a43 ES=018f EDI=0063f705 GS=0000
Bytes at CS:EIP:
00 00 00 73 00 0d 00 2b 00 00 00 0a 00 01 00 00 

hope this clears things up a little


----------



## Rollin' Rog (Dec 9, 2000)

It sounds like a failing attempt to install or complete an install of something.

I can't tell what it is from your startups, but this msmsgs entry seems to have a bit more going on there than I normally see.

Try running msconfig and clearing the check for it under startups. Does the rundll32 error still occur?

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background 
5-1-5-23 = c:\windows\5-1-5-23.exe -m


----------



## neville (Oct 12, 2002)

Unchecked it but the rundll32 error still appears as soon as a try, for example to get into the "properties" of my desktop.


----------



## Rollin' Rog (Dec 9, 2000)

recheck msmsgs then, that's not the problem.

Does the error always involve setupapi.dll, or are other modules somtimes mentioned? And did you verify the system.ini entry for mmsystem.dll as explained in the MS link Tony posted? Just go to start and run *system.ini*. It will open in Notepad

Try replacing both rundll32.exe and setupapi.dll using the System File Checker:

These are instructions for replacing a file using SFC in Win98. WinME requires the extraction to be made by running *msconfig* and using the "Extract One File" option there.

Using SFC to extract files

1. Go to Start>Run and enter SFC and click OK
2. Check "Extract one File"
3. Enter the file name and click on "Start"
4. In the "Restore from" field enter:: *D:\WIN98* [if 'D' is not the letter of your CD-Rom drive, modify appropriately]
5. Click OK

{if you do not have a Windows system CD, try subsitituting *c:\windows\options\cabs* in the"restore from field"}


----------



## neville (Oct 12, 2002)

Replacing both rundll32.exe and setupapi.dll seems to have corrected the problem!
Thanks you guys, you really helped me out here!

There's only one more problem which isn't related to this issue but which has been a troubling me for some time now:
I am not able to turn my pc off the regular way.
When I shut down Windows the "Windows is shutting down" screen keeps showing and I have to turn my pc of manually.
Any ideas there?


----------



## Rollin' Rog (Dec 9, 2000)

Great, well on the shutdown issue, you have Windows 98 Second Edditon, which was so prone to that problem that they very quickly put out a shutdown patch for it. Have you ever applied it?

If not, I would cut to the chase and do it, then if the problem continues, post a separate topic for it and we will have a closer look. You would probably have to follow the detailed steps in one of the shutdown troubleshoting links available.

Here is the patch:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q239887&LNG=ENG&SA=ALLKB&FR=0

By the way, when you restart after shutting down that way, does scandisk always run?


----------



## neville (Oct 12, 2002)

The patch didn't solve my problem. I'll first try the solutions suggested in the article and if that doesn't help I'll make a different post out of it.
By the way, scandisk does not run after shutting down this way.


----------



## Rollin' Rog (Dec 9, 2000)

Ok, I'll mark the rundll thread "resolved" to get it out of the way and look for another post.

Usually when scandisk doesn't run, it indicates that Windows thinks a complete shutdown has occured; this sometimes can happen if there are problems with Advanced Power Management not being properly enabled in the BIOS or in Windows.

But look in msconfig > advanced and make sure you don't have it disabled. Also do a Find Files for *scandisk.alt* if you have ever had Norton Disk Doctor on the system. Just delete it if you find it -- it would be in c:\windows\command


----------



## sshamlin (Dec 22, 2003)

How do i download to get information to troubleshoot Rundll32. it alway happen when I am on the internet.


----------

