Comodo Internet Security Defense+ log shows a lot of rundll32.dll calls for files that are in sub-folders on my E: drive. This is where I download everything to. I'm wondering why these rundll32 calls are being made. Is it related to Indexing and Search perhaps? Here is a short sample: 9/24/2009 12:58:48 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image E:\sources\Audacity Recorder\Lame\misc\lame.bat 9/24/2009 1:00:48 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image E:\sources\Audacity Recorder\Lame\misc\lame4dos.bat 9/24/2009 1:03:11 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image E:\sources\Doug Knox Registry fixes\xp_fileassoc.bat 9/24/2009 1:05:35 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image E:\sources\Image Manipulation Programs\Debut Video Capture\debutsetup.exe 9/24/2009 1:07:46 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image E:\sources\Malware-Spyware Removers\Hosts files\mvps.bat 9/24/2009 1:10:43 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image E:\sources\System Information\Batch Files\mslook.bat 9/24/2009 1:12:47 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image E:\sources\System Information\SINO\SINO.exe 9/24/2009 1:16:51 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image E:\sources\System Repair\Doug Knox Registry fixes\xp_fileassoc.bat 9/24/2009 1:18:52 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image E:\sources\System Repair\RapidEE\RapidEE_setup.exe 9/24/2009 1:20:52 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image E:\sources\System Repair\Restore File Associations\xp_fileassoc.bat 9/24/2009 1:22:53 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image E:\sources\System Repair\VSSfix\vssfix.bat 9/24/2009 1:24:56 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image E:\sources\System Rescue Disks\EBCD\Work\ebcd-0.6.1-pro\BOOTRD1-PRO\00-MouseDriver\BIN\ DRIV ERS\Mouse.com 9/24/2009 1:26:56 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image E:\sources\System Rescue Disks\EBCD\Work\ebcd-0.6.1-pro\ BOOT RD1-PRO\01-LocaleSupport\BIN\DOS\COUNTRY.SYS In XP I used to turn off the Indexing services as well as disable it via drive properties, but with the advent of Search from the Start button as a quick way to find things, that doesn't appear to be a good idea in Win 7.

Hi, Regarding rundll32, I would like to share the following with you: INFO: Windows Rundll and Rundll32 Interface For the log, I suspect this is related to some of your operations. As this log is from Comodo Internet Security Defense+, it is also recommended that you contact COMODO for further investigation and explanation. Thanks.Nicholas Li - MSFT

Thank you for the link to info on rundll/rundll32. I wasn't aware rundll32 could be called from a command line or that was it's original reason for existing. This is not caused by anything I'm doing. I have not even looked at anything in E:\sources\System Rescue Disks\EBCD for a long time, certainly not since installing Win 7. Comodo is just reporting what is happening, not why it's happening as far as I can tell. So my question remains, does Indexing and/or Search use rundll32.dll to do their work? I'm am going to post this in the Comodo forum as you suggested. Will post back here if I get any useful information. Thanks again

I think I figured out why this is happening. I had added a link to E:\Sources (actually a Symbolic Link) using the mlink command in All Programs. I believe it was right after that I started seeing the rundll32.dll entries being logged by Comodo. I just removed that link and will see if they continue but I don't believe they will. My conclusion therefore is that Win 7 was doing some indexing so the Start / Search would work quickly and since I had the Symlink in All Programs it was therefore indexing all the executable files in my E:\Sources directory.