Comodo Defense+ reporting rundll32 use in Windows 7

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
1

Comodo Internet Security Defense+ log shows a lot of rundll32.dll calls for files that are in sub-folders on my E: drive. This is where I download everything to and I have not opened any of these folders in a long time and definitely have not installed anything from them to Windows 7. Here is a short sample:

9/24/2009 12:58:48 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image
E:\sources\Audacity Recorder\Lame\misc\lame.bat

9/24/2009 1:00:48 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image
E:\sources\Audacity Recorder\Lame\misc\lame4dos.bat

9/24/2009 1:03:11 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image
E:\sources\Doug Knox Registry fixes\xp_fileassoc.bat

9/24/2009 1:05:35 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image
E:\sources\Image Manipulation Programs\Debut Video Capture\debutsetup.exe

9/24/2009 1:07:46 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image
E:\sources\Malware-Spyware Removers\Hosts files\mvps.bat

9/24/2009 1:10:43 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image
E:\sources\System Information\Batch Files\mslook.bat

9/24/2009 1:16:51 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image
E:\sources\System Repair\Doug Knox Registry fixes\xp_fileassoc.bat

9/24/2009 1:18:52 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image
E:\sources\System Repair\RapidEE\RapidEE_setup.exe

9/24/2009 1:20:52 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image
E:\sources\System Repair\Restore File Associations\xp_fileassoc.bat

9/24/2009 1:22:53 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image
E:\sources\System Repair\VSSfix\vssfix.bat

9/24/2009 1:24:56 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image
E:\sources\System Rescue Disks\EBCD\Work\ebcd-0.6.1-pro\BOOTRD1-PRO\00-MouseDriver\BIN\ DRIV ERS\Mouse.com

9/24/2009 1:26:56 PM C:\Windows\System32\rundll32.exe Create Process, Execute Image
E:\sources\System Rescue Disks\EBCD\Work\ebcd-0.6.1-pro\ BOOT RD1-PRO\01-LocaleSupport\BIN\DOS\COUNTRY.SYS

I’m wondering why these rundll32 calls are being made. Is it related to Indexing and Search perhaps? In XP I used to turn off the Indexing services as well as disable it via drive properties, but with the advent of Search from the Start button as a quick way to find things, that doesn’t appear to be a good idea in Win 7.

Is there any way to determine who called rundll32.dll? That would be very useful information for Comodo to log, along with the DLL name being called and the actual entry point.

2

It looks like there is some “under water” activity of Windows 7 causing most of this. It is most likely caused by the Application Experience. Read this topic started by Quill: https://forums.comodo.com/defense_help/rundll32dll_active_when_system_idle-t41620.0.html;msg301666#msg301666 .

I saw it happening a lot with Win 7 test versions. Probably because I opted in to help Microsoft gather data . Think I didn’t with installing the RTM.