Jump to content


Rundll32.exe multiplying over and over.

  • Please log in to reply
4 replies to this topic

#1 dogan



  • New Member
  • Pip
  • 3 posts

Posted 27 May 2004 - 01:54 PM

Hi guys.

As soon as I startup my computer and log into windows, the cpu reaches 100%.
I hit ctrl+alt+delete and check the processes and see that rundll32.exe is all over the place and keeps multiplying! :S

I've used spybot + ad-aware + NAV 04, with the latest updates. But nothing helps.. :(

What can I do? I tried replacing the rundll32.exe with another from another PC, but the problem is still there..

Here's the log from hijackthis:

Logfile of HijackThis v1.97.7
Scan saved at 20:49:43, on 2004-05-27
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Leman\Mina dokument\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lšnkar
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzill...ller/dwnldr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab


#2 Spamn-it-all



  • Full Member
  • Pip
  • 19 posts

Posted 27 May 2004 - 02:28 PM


Proceed with caution - I'm not an official helper - Not an Ubergeek just another regular geek who's had similar problems. Your HJT log looks like mine: short & sweet - lots of people have so much crap running, it's a wonder anyone can sort thru them all. I've not recieved much offical help. OlTramp gave me some advice on the old Forum, but no one's helped with my post on this one, yet. However, after some stumbling around (during which I had a period when I my PC would re-boot everytime I tried to logon), I think I may have found the answer:

I've had similar problems - DLLs (usually starting with "aa" or some variant - almost always starting with at least one "a") that keep re-appearing even if removed w/ Ad-aware (I'd 1st stop rundll32.exe w/ Task Manager - otherwise Ad-aware couldn't deleted them at all). Still they came back: part of VX2.BetterInternet. SO I downloaded the official VX2 Finder:
- developed by a Lavasoft (Ad-aware) coder.
Seems to have helped.
Before, my SpywareGuard settings were being erased on every re-boot, too - the settings to provide Download Protection & to block harmfull DLLs from running kept "un-checking". I ran the VX2finder & re-booted. Voila! My SG settings stayed put & a check w/ Ad-aware found NOTHING!!!!
So far, so good, but I've had this cleared up before & it came back, so I'm not relaxing just yet.
Still, give it a try, especially if you keep seeing VX2 stuff in your Ad-aware scans.


Edited by Spamn-it-all, 27 May 2004 - 02:29 PM.

Where are we going? And what am I doing in this handbasket?

#3 dogan



  • New Member
  • Pip
  • 3 posts

Posted 27 May 2004 - 02:58 PM

Thanks for your suggestions Spamn-it-all, but that didn't do the trick :/

The thing is that everything works fine if I rename/delete rundll32.exe. But as soon as it's in my system32 folder and I reboot, it's starts going all crazy again. I've even tried changing the .exe with a clean computer.

It's not any other files, it's just rundll32.exe.
It has 20++ (becomes more and more) instances running as soon as I start my computer.

Does someone please know what I should do?

#4 dogan



  • New Member
  • Pip
  • 3 posts

Posted 28 May 2004 - 09:40 AM



#5 dave38


    Devout Murphyite!

  • Retired Staff
  • PipPipPipPipPip
  • 8,508 posts

Posted 28 May 2004 - 04:53 PM

Dogan, your log shows no sign of Rundll running at all, and this is odd, because it should be!
It is an essential part of windows. If the log was taken with the file deleted, then please reinstall it in the correct folder, and post a new Hijack this log.

I suspect it is the files that are using rundll.exe to load that is the root cause of your problem.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!