Problems With Rundll32.exe At Startup

Whenever i boot up my computer, rundll32.exe starts up under my user name and eats up a lot of my cpu. This happened before, I never fixed it and i even reformatted my desktop's hard drive to try to get rid of it. I think my rundll32.exe is infected with a virus.


heres a log of my hijackthis:


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 5:07:00 PM, on 4/19/2008


Platform: Windows XP SP2 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.6000.16640)


Boot mode: Normal


Running processes:


C:\WINDOWS\System32\smss.exe


C:\WINDOWS\system32\winlogon.exe


C:\WINDOWS\system32\services.exe


C:\WINDOWS\system32\lsass.exe


C:\WINDOWS\system32\svchost.exe


C:\WINDOWS\System32\svchost.exe


C:\WINDOWS\system32\spoolsv.exe


C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe


C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe


C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe


C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe


C:\WINDOWS\system32\nvsvc32.exe


C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe


C:\WINDOWS\Explorer.EXE


C:\Program Files\Viewpoint\Common\ViewpointService.exe


C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe


C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe


C:\Program Files\ASUS\AI Booster\OverClk.exe


C:\Program Files\ASUS\AI Nap\AiNap.exe


C:\Program Files\ASUS\AI Gear\GearHelp.exe


C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe


C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe


C:\Program Files\Analog Devices\Core\smax4pnp.exe


C:\Program Files\Analog Devices\SoundMAX\Smax4.exe


C:\Program Files\ASUS\PC Probe II\Probe2.exe


C:\WINDOWS\system32\ctfmon.exe


C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe


C:\Program Files\ASUS\AASP\1.00.15\aaCenter.exe


C:\WINDOWS\system32\wscntfy.exe


C:\WINDOWS\system32\WgaTray.exe


C:\Documents and Settings\Administrator\Desktop\WindowsXP-KB835935-SP2-ENU.exe


c:5921ea22f5537209ea33614b32c\i386\update\update.exe


C:\PROGRA~1\MOZILL~1\FIREFOX.EXE


C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll


O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe


O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot


O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe


O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"


O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Nap\AiNap.exe"


O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear\GearHelp.exe"


O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe


O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup


O4 - HKLM\..\Run: [nwiz] nwiz.exe /install


O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit


O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"


O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe


O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray


O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_2] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmnetmgr.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_3] C:\WINDOWS\system32\regsvr32 /s /u "C:\WINDOWS\system32\wmv8dmod.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_4] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvdmod.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_5] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvdmoe2.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_6] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmadmoe.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_7] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmspdmod.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_8] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmspdmoe.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_9] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmoe.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_10] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmoe2.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_20] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmadmod.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_21] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mpg4dmod.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_22] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mp43dmod.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_23] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\mp4sdmod.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_24] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmsdmod.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_30] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\laprxy.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_31] "C:\WINDOWS\system32\logagent.exe" /RegServer


O4 - HKLM\..\RunOnce: [OE_WMPWMFSDK_Install_32] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\wmvcore.dll"


O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_1] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmstor.dll"


O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_2] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmclien.dll"


O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_4] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\drmv2clt.dll"


O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_5] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\blackbox.dll"


O4 - HKLM\..\RunOnce: [OE_WMPDRM_Install_6] C:\WINDOWS\system32\regsvr32 /s "C:\WINDOWS\system32\msnetobj.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_0] C:\WINDOWS\INF\unregmp2.exe /MigrateLibrary


O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_1] "C:\Program Files\Windows Media Player\migrate.exe" /s


O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_2] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmp.dll


O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_8] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpshell.dll


O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_9] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpasf.dll


O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_10] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\wmpdxm.dll


O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_11] C:\WINDOWS\system32\regsvr32 /s "C:\Program Files\Windows Media Player\mpvis.dll"


O4 - HKLM\..\RunOnce: [OE_WMPWMDM_Install_7] C:\WINDOWS\system32\regsvr32 /s C:\WINDOWS\system32\mspmsnsv.dll


O4 - HKLM\..\RunOnce: [OE_WMPWMP7_Install_20] C:\WINDOWS\INF\unregmp2.exe /Shortcuts /RegExts


O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp


O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S


O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204


O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe


O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe


O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe


O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe


O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe


O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe


O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--


End of file - 9682 bytes

Comments

  • Please post a new HijackThis log, preferably taken when you are not in the middle of Windows Update. ;)


    Cris.

  • whoops, my bad, here's the new one:


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 4:51:53 AM, on 4/20/2008


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16640)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe


    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe


    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe


    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe


    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe


    C:\WINDOWS\system32\nvsvc32.exe


    C:\Program Files\Viewpoint\Common\ViewpointService.exe


    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe


    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe


    C:\WINDOWS\system32\wscntfy.exe


    C:\WINDOWS\system32\WgaTray.exe


    C:\WINDOWS\Explorer.EXE


    C:\Program Files\ASUS\AI Nap\AiNap.exe


    C:\Program Files\ASUS\AI Gear\GearHelp.exe


    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe


    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe


    C:\Program Files\Analog Devices\Core\smax4pnp.exe


    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe


    C:\Program Files\ASUS\PC Probe II\Probe2.exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


    C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe


    C:\Program Files\ASUS\AASP\1.00.15\aaCenter.exe


    C:\Documents and Settings\Administrator\Desktop\HiJackThis\HijackThis.exe


    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll


    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe


    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot


    O4 - HKLM\..\Run: [AsusStartupHelp] C:\Program Files\ASUS\AASP\1.00.15\AsRunHelp.exe


    O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\AI Booster\OverClk.exe"


    O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Nap\AiNap.exe"


    O4 - HKLM\..\Run: [Ai Gear Help] "C:\Program Files\ASUS\AI Gear\GearHelp.exe"


    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe


    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install


    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"


    O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe


    O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray


    O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1


    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp


    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


    O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll


    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204


    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe


    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe


    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe


    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe


    O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe


    O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe


    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


    --


    End of file - 5804 bytes


    happy 4/20 :)

  • Your log is clean. :)

  • The only thing that loads up with rundll32.exe is the nVidia Graphics driver (which might explain why the problem persists after Windows reinstall). You could try to update the driver and see if the problem persists.


    Cris.

  • The only thing that loads up with rundll32.exe is the nVidia Graphics driver (which might explain why the problem persists after Windows reinstall). You could try to update the driver and see if the problem persists.


    Cris.


    i have the latest drivers but it's still a problem at startup

  • Ok, then try another older version. Sometimes some drivers have problems, and the solution is to try different versions.


    Start with the original driver, from the CD that came with your hardware.


    Cris.