This appears to be malware of some sort. I have an XP machine, restricted user. When s/he logs in she gets a Windows error message indicating that an attempt by rundll.exe to start something called HandlerPadARM.dll has failed because the module can't be located.
This dll is allegedly in ..\[User Name]\Local Settings\Application Data\mfcmapserv\ There is no such dll in that location. In fact, ..\mfcmapserv\ does not exist. This problem only occurs when this restricted domain user logs into this machine; it does not occur when I log in with a domain administrator account. So this has to be something in either the user's StartUp menu folder or in HKCU, yes? Except: There's nothing in the startup menu folder. A registry search on "handlerpadarm" finds nothing anywhere. I checked the Run, RunOnce, and RunServices registry nodes and nothing seems to be amiss there. I have run the following scans: Avast anti-virus (most current network-based version) Spybot 1.6.2 with most recent updates MalwareBytes 1.6.x with most recent updates ComboFix (most recent version) Avast and ComboFix found and removed some stuff but they didn't solve this problem. CCCleaner doesn't find any issues that appear to be relevant. A Google search on handlerpadarm finds nothing--zero results. A Google search on mfcmapserv finds some references to malware involving dlls of that name, ie. mfcmapserv.dll--but no references to a folder by that name. These hits suggest that I should check HKCU... run, runonce, etc...as I noted, nothing found there. This error message appears to be harmless but it is very annoying. I REALLY don't want to have to delete this person's profile and recreate it. Any suggestions would be gratefully appreciated. Ken Dibble www.stic-cil.org _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/[email protected] ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
