Windows Vista Start Up

  • Thread starter Thread starter Joval
  • Start date Start date
J

Joval

Hi I am trying to figure out if this is a threat/virus, or if I truly have
files missing, maybe someone out there can help me out with this. I am
running windows vista premium edition 32-bit O/S. When I start my PC up, as
soon as it gets to the desktop, two boxes appear. in the top border of the
box it reads: RunDLL
Inside the box it reads: Erorr loading.
C:\Users\<user name>\AppData\Local\Temp\pmnlfFyx.dll
The specific Module could not be found.

The second box reads the same way except the file is:
C:\Users\<user name>\AppData\Local\Temp\gEwWpfDW.dll

I simply click close X in the top right hand corner, and am able to use the
PC at that point.
I anyone has any experience with this, I would appreciate your help.
Thank You.
 
The fact that it is a DLL being called from your temp folder AND the naming
of the DLL files absolutely not making sense I'm guessing you have some
spyware running or perhaps even worse.

First thing I would check out is your registry to see what is being started
that does not belong there, the rundll can either be called directly from
there or it first starts some other executable wich in turn calss rundll to
start those DLL files.

Go to Start -> Run -> and type 'regedit' and hit OK.
Inside your regedit there two spots to check to begin with:
\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

From both folders you will find entries (keys) from programs that are
started upon startup of windows and/or user login. The machine hive is mostly
used for programs that are bound to the system startup (for instance you
anti-virus software might be in there) while the Current User hive is used to
startup programs at user login and that are user bound.
Check out all the entries (keys) and their data to see if you can find any
program out of the ordinary (so folders that you do not recognize as being
one of your installed programs) or even direct links to the mentioned dll's
initiated by rundll.

Just be aware that their will always be programs and folders that you will
not directly recognize but are very valid to be there. In case of any doubt
of a program google it on the executable name.
 
I am having a similar issue EVERY time Vista boots up.

I get two instances of notepad that open with the following same message:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

Any idea how to eliminate this? I do not see any impact other than the
annoyance of these two pop up boxes.

JIM
 
Back
Top