Recently read about problem solved by your brilliant staff with a person who had deleted his rundll32 file. I came acrosss your posts in seeking what I thought was a solution to a similar problem: Windows claimed that file was an unknown command. Then poking around the register and the command window I finally realized that I also could not execute 'expand' nor 'ipconfig' either. It turns out that it was my 'path' parameters that were askew and that they had been altered in the last two or three days. What was happening apparently was that although the exe-files were within the system32 folder the path variable settings under the advanced environment tabs (My Computer\...) were not 'translating' %systemroot% as C:\Windows. Checking further I found that one or both of the following were responsible: The OS variable returned Windows_NT (I've got XP) and the register settings for HKLM/System/Current Control Set/Control/Session Manager/Environment reflected reg_sz type in the path line rather than reg_expand_sz. The outcome? I changed the OS to XP, the path found the commands and the register corrected itself with the correct type. All is well now.
Now my question is two-fold. Who or what could have changed such a parameter? To what end? I admit to having installed a series of freeware recently along with an upgrade of Kaspersky's AV program. And inasmuch as I do fiddle from time to time with the register (being one of those dangerous people who are neither neophytes nor experts in the domain) but I doubt I would modify a setting so obvious and basic. Is there a theoretical advantage to a hacker in having the remote computer believe its working under a false OS? Or even the opposite has occurred to me...if the screw-up were an accident might there be a small added layer of protection under this setup, since an outsider would have the same problem as I in taking control of those old DOS commands in the system32 folder. Perhaps, I should even switch back my settings.
Anyway, I'd appreciate any thoughts on this matter. And I repeat, you people are some of the most on-the-ball I'd found researching my problem. Keep up the good work.