OS: Windows XP SP3 (WinNT 5.01.2600)
Computer: Gateway / MP8708 (I think is the model, got this from My Computer >>Properties)
Issue Appears: After Start-up or during log in to an account after logging out.
I've been having some issues lately with my wife's computer intermittently typing backwards, literally. Not a RTL/LTR issue. Restarting would fix the problem and then it would later re-emerge.
A few days ago after restarting my wife's computer I noticed that the computer was unresponsive. She would try to open a file and it would just hang. I noticed that any activity with Explorer such as browsing files, opening files etc would cause the system to hang and then explorer.exe would become unresponsive. I opened the process manager and found that rundll32.exe was in the process list. I've never noticed it before, it doesn't appear on any of my other windows computers as a running process and from my understanding it shouldn't be running for a long period of time. When I killed the process all the Explorer windows we tried opening from before, along with some programs started popping up on the screen and everything was working fine.
On restart the rundll32.exe again popped up and same issues. Killing the process again restored responsiveness of computer. I ran Norton 360 Comprehensive Scan and it found nothing more than a few tracking cookies which I had it remove. Malwarebytes also came up with no hits.
I ran hijack this and looked through the log and found C:\WINDOWS\Network Diagnostic\xpnetdiag.exe in the log file and did a search on it. I found a post by somebody else that had the same issues and followed the steps to remove them. The post can be found here:http://www.computing.net/answers/security/...exe-/19187.html
At the time the computer was typing backwards and after having HJT remove the two entries from the above post, the computer started typing normally. I'm guessing those entries were the root of the backwards typing problem (only mentioning this as I'm not sure if it is a related issue or not). I still have the issue with rundll32.exe. When I ran Norton I had killed the process, then tried running it again with rundll32.exe in the process tree. Norton wouldn't even open, so I had to kill rundll32.exe again to run the scan again. Both scans revealed nothing.
Luckily, HJT was able to run a scan with the rundll32.exe still in the process tree, though I don't know what dll it is accessing, why it is hanging or what it is doing. The location of rundll32.exe is in the System32 folder, which I believe is the correct folder for it to be running from. rundll32.exe is 32.5 KB (33,280 bytes).
Not sure if this has any bearing but this struck me as odd, as the computer is a few years old:
Created: Sunday, January 11, 2009, 11:45:37 PM
Modified: Sunday, April 13, 2008, 8:12:33 PM
Accessed: Today, April 15, 2009, 12:37:42 AM
Not sure if the dates are part of Windows Update or not.
I have a HJT log from before the above steps were taken on the Network Diagnostics/xpnetdiag.exe removal. A log for after it was removed and the computer was restarted, but after rundll32.exe process was killed and another log after restart with no modifications to the processes (rundll32.exe still running). Please let me know which logs you would like me to post or what additional steps/information you need.
I'd appreciate any help that anybody can offer as I am at the end of my options and pushing the limits of my knowledge in this area.