Symptoms – Rundll32.exe 99% CPU Usage !Grumble! Logs Attached

BullGuard Antivirus Forum > Virus Removal > Removal Help > Symptoms – Rundll32.exe 99% CPU Usage !Grumble! Logs Attached

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

WOFrank
New Member

Date Joined Nov 2004
Total Posts : 5

Posted 11-28-2004 1:54 (GMT +2)

Like many of you, I'm at my wits end here. Not only have I lost many precious Saturdays in reformatting my harddrive, but I fear confidential information is being compromised.

With little diagnostic help, I'm running Real Secure Desktop Protector 7.0, Symantec AV 8.0, Ad-Aware, and Spybot S&D, but something keeps hogging my CPU causing rundll32 to hover at 99% - forcing a power down. The other weird thing, not sure if it's related, is at random times, RealSecure Desktop protector just disables all configuration settings until I re-install. ISS bbs and phone support offers no help, but other net searches have mentioned these anti-PFW attacks. A call to IBM tech support told me to download Ad-Aware and Spybot S&D - (thanks :-/)

I update windows and definition files religiously (but still not on SP2).

Spybot S&D finds some DSO Exploits, and an Alexa related item.

After reading these wonderful forums, I went ahead and ran eScan AV Toolkit (4.4.7) and ran TrendMicro's online scan. eScan found two minor things and one error.

It's obvious this pain in the a@# is either on my external harddrive (where I've been backing up office files), or somewhere behind my router at home.

eScan's results:
Virus?
File C:\WINDOWS\system32\SBUtils\SBWebCtl.dll tagged as not-a-virus:AdWare.WindowEnhancer. No Action Taken.
File E:\IBM Laptop Backups\T23\Drivers Downloads\AGSetup0608.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Error from log:
Sat Nov 27 17:07:53 2004 => ERROR!!! Invalid Entry \??\C:\WINDOWS\system32\drivers\TDIMSYS.SYS in SYSTEM\CurrentControlSet\Services\TDIMSYS...

Has anyone heard of or fixed these issues?

Desperately awaiting a word,
Frank

Post Edited (WOFrank) : 11/29/2004 4:26:18 PM GMT

WOFrank
New Member

Date Joined Nov 2004
Total Posts : 5

Posted 11-28-2004 2:00 (GMT +2)

Here's a HJT Log:

Logfile of HijackThis v1.97.7
Scan saved at 6:56:36 PM, on 11/27/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\notepad.exe
C:\DOCUMENTS AND SETTINGS\FRANK TRAINA\DESKTOP\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [vptray] C:\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: IBM Java Console (HKLM)
O9 - Extra button: Create Mobile Favorite (HKLM)
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O10 - Unknown file in Winsock LSP: c:\program files\google\google desktop search\googledesktopnetwork1.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {2F175895-5819-4014-83BF-385FA6833677} (IObjSafety.eSupportWS) - https://esupport.accenture.com/inc/download/IObjSafety.ocx
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101175632961
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

WOFrank
New Member

Date Joined Nov 2004
Total Posts : 5

Posted 11-28-2004 2:19 (GMT +2)

And a CWShredder Log:

(sorry if this is too much info)

StartupList report, 11/27/2004, 7:14:13 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\Frank Traina\Desktop\Spyware AAAHH\StartupList.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\LIUtilities\WinTasks\wintasks.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\System32\notepad.exe
C:\DOCUMENTS AND SETTINGS\FRANK TRAINA\DESKTOP\HijackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Nortel Networks\Extranet.exe
C:\Documents and Settings\Frank Traina\Desktop\Spyware AAAHH\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
RealSecure(r) Desktop Protector.lnk = ?
WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

S3TRAY2 = S3Tray2.exe
SynTPLpr = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
TpShocks = TpShocks.exe
TPHOTKEY = C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
BMMLREF = C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
TPKMAPHELPER = C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
TP4EX = tp4ex.exe
EZEJMNAP = C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
AGRSMMSG = AGRSMMSG.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
ATIModeChange = Ati2mdxx.exe
UC_SMB =
UC_Start = C:\IBMTools\Updater\ucstartup.exe
tgcmd = "C:\Program Files\Support.com\bin\tgcmd.exe" /server
ibmmessages = C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
UpdateManager = "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
dla = C:\WINDOWS\system32\dla\tfswctrl.exe
QCWLICON = C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
vptray = C:\SYMANT~1\SYMANT~1\vptray.exe
AWMON = "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
BluetoothAuthenticationAgent = rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
BMMGAG = RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

IBM RecordNow! =
ibmmessages = C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
Google Desktop Search = "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
H/PC Connection Agent = "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
AIM = C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
Google Desktop Search Capture - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll - {7c1ce531-09e9-4fc5-9803-1c2956615786}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

BMMTask.job

--------------------------------------------------

Enumerating Download Program Files:

[IObjSafety.eSupportWS]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IObjSafety.ocx
CODEBASE = https://esupport.accenture.com/inc/download/IObjSafety.ocx

[Microsoft PID Sniffer]
InProcServer32 = C:\WINDOWS\System32\odc.dll
CODEBASE = https://support.microsoft.com/OAS/ActiveX/odc.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101175632961

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
Protocol #2: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
Protocol #3: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
Protocol #10: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 8,594 bytes
Report generated in 0.160 seconds

Command line options:
   /verbose - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x - to include Win9x-only startups even if running on WinNT
   /forcent - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history - to list version history only

Faspotun
New Member

Date Joined Dec 2004
Total Posts : 1

Posted 12-1-2004 4:31 (GMT +2)

I have exactly the same problem!

I own an IBM Thinkpad T41p and occasionally rundll32.exe causes constant (!) 100% CPU-activity.

Tgj
New Member

Date Joined Dec 2004
Total Posts : 1

Posted 12-7-2004 1:31 (GMT +2)

I have also that problem with my IBM Thinkpad r50

after running listdlls.exe (program to see .dll activity) i discovered that it is the file pwrmonit.dll

It it at batteri maximiser http://computercops.biz/startuplist-2883.html

Can't find a solution...still looking

fernacri
New Member

Date Joined Dec 2004
Total Posts : 2

Posted 12-22-2004 2:42 (GMT +2)

I have the exact same problem in a IBM T41 notebook with windows xp pro (service pack 2 installed)... can't find a solution yet... I'm keep rebooting the system from time to time when the rundll32.exe hangs. And sometimes I can't even shut down the notebook with the shutdown menu from windows, I have to power it down because the rundll32.exe refuses to unload from memory.

toaster
New Member

Date Joined Jan 2005
Total Posts : 1

Posted 1-5-2005 5:46 (GMT +2)

I had the same CPU usage problem with rundll32 on my T41 and XP SP2.
pwrmonit.dll is part of the power management utilities for IBM Thinkpads.
Updating to version 1.37a seemed to solve the issue:
http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-44226

fernacri
New Member

Date Joined Dec 2004
Total Posts : 2

Posted 1-11-2005 5:29 (GMT +2)

Thanks !!!

At first, I just disabled the "battery maximiser". Now, I installed the new version and it worked fine.

thanks again.

WOFrank
New Member

Date Joined Nov 2004
Total Posts : 5

Posted 2-17-2005 3:01 (GMT +2)

This seems to be an IBM issue. IBM sucks. Trying the http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-44226 fix....

WOFrank
New Member

Date Joined Nov 2004
Total Posts : 5

Posted 2-22-2005 8:03 (GMT +2)

Thanks toaster.

The battery maximiser update fixed the problem. In case IBM scans any of this, you are terrible. I've called tech support, described the issue, the useless CSR told me I had spyware or malicious code.

My IBM T41 now runs without disruptions.

Hopefully this can save others some time.

Post Edited (WOFrank) : 2/22/2005 6:15:45 PM GMT

simoncharris
New Member

Date Joined Mar 2005
Total Posts : 1

Posted 3-25-2005 5:20 (GMT +2)

Thanks for all the help...
M T41p as well and this thing has been a major headache...

In the past I would get the rundll going crazy randomly now I get it as soon as I boot up....
IBM update doesn't seem to work for me either as it just hangs when it tries to get a list of updates...

I will try the site manually thanks!

StevieD
New Member

Date Joined Aug 2005
Total Posts : 10

Posted 9-22-2005 6:19 (GMT +2)

Has anyone had any further problems with the rundll32 exe after doing the battery maximiser update?

DannyLowet
New Member

Date Joined Sep 2005
Total Posts : 1

Posted 9-30-2005 11:56 (GMT +2)

Had the same problem with a Thinkpad T41 of IBM, looked everywhere to solve the problem and have followed the above instructions; I hope it is now fixed!

jhyde81
New Member

Date Joined Oct 2005
Total Posts : 1

Posted 10-18-2005 9:10 (GMT +2)

I have the same problem and have a T41p running SP2. I updated the driver last August and it still runs amok If I disable it at startup using the MSCONFIG command, it seems to do the trick, but then I lose my power guage and menu. I wish IBM would get this fixed and use something other than Rundll32.exe. I will look for a new driver and see if it fixes it. I'm just glad to know I'm not the only one having this headache and wonder about a virus.

ewong
New Member

Date Joined Oct 2005
Total Posts : 1

Posted 10-25-2005 7:31 (GMT +2)

I had just encountered the same problem on my T41 starting roughly last week. It is possible the event was triggered by me installing an IBM mini PCI Wifi card into my machine. In any event, I down loaded both the power management pacth as described on this thread as well as the latest WiFi driver. Problem seems to have gone way.

cclapper
New Member

Date Joined Feb 2006
Total Posts : 1

Posted 2-6-2006 7:31 (GMT +2)

Hi, folks. I have an R50p, and had the same problem... intermittently. But now it has gotten so bad my machine is down to a crawl... moments even to switch between open windows. Horrible. At least it was. I linstalled the update toaster told us about, and now everything is spectacular. I have had my laptop up and running all day, and it is such a delight to see the Task Manager showing the System Idle Process soaking up 99% of the CPU cycles, rather than rundll32.exe. And the CPU usage running in single digits, instead of 100% (always).

Needless to say, my laptop is far perkier and more lively than it has been in months.

What a relief. In !!!!e of all the anti-virus and malware scans I had done, I was concerned that the real problem was some really insidious code (rootkit???) that was beyond the ability of all the diagnostic software I have access to.

Very glad (in some ways-) to find it was jus IBM. That's too harsh, I know- IBM has done a great job putting together some really nice systems... but, gosh, you know, I bought my laptop directly from IBM, and registerd it with them. I even bought the extended warranty. Don't you think they could have notified us about this problem and fix? Surely they realized, when they found the problem, how devastating it would be for so many of us? Couldn't they have dropped us an e-mail??? I was even concerned about applying any patches and updates for fear that whatever it was I had, would really screw things up and leave me with an unbootable machine.

Anyway, thanks everyone, and particulary toaster . You have made a big difference in the course of my day - for many, many days.

Thanks again. And 'thanks' to BullGuard for providing this forum.

Curt Clapper.

Esoj
New Member

Date Joined Apr 2007
Total Posts : 1

Posted 4-17-2007 11:03 (GMT +2)

I too have a thinkpad model t41 and have experienced all the problems, as you have shared with us concerning the rundll32.exe and the Battery Maximizer for the last month or more. With the help of Toasters entry which got me on track of how to fix the problem.

The current Version update is 1.38. A key point is that you must uninstall the old Version you now have before you can install the Update, and I found a downloadable program that fits the Job. It is called the "Software Installer" on a LENOVO page, go to URL: http://www-307.ibm.com/pc/support/site.wss/document.... this will describe the program and how to download it.

As you will find, you have the option to Display, install or uninstall. My machine had Version 1.34 and now it has Version 1.38 and NO more failures.

Steve Brown
New Member

Date Joined Apr 2007
Total Posts : 1

Posted 5-1-2007 8:05 (GMT +2)

I also have a thinkpad R50p with the same problem.

I sent my thinkpad to IBM to repair the DVD drive. Their fix was to reload the HD. When I got it back it had this problem described in this forum. My DVD drive is still broke. I called them and they said I had something corrupt and to reload the HD. I told them they had just reloaded the HD, but the tech guy would only say reload your computer. I reloaded not once but several times trying to fix this proble. This went on for many weeks. I kept googling until I finally found this forum. I appreciate so much you guys sharing the fix. It worked for me. I ran all day long Sunday without any problem. What a relief!!!

Just loading the new Battery MaxiMizer did not fix my problem. I had to use the "Software Installer" to get the new version 1.38 loaded. According to the "Software Installer" I had version 1.34 before.

You would think that IBM tech support would help you fix this problem since it is their software that is broke. They just would not listen to me.

Post Edited (Steve Brown) : 5/1/2007 6:09:34 PM GMT

rog7
New Member

Date Joined Apr 2008
Total Posts : 1

Posted 4-17-2008 3:33 (GMT +2)

This may surprise you folks, but I have what appears to be the same rundll32.exe CPU problem on my Dell Inspiron 8600 laptop. I found this forum when I Googled for a fix.

I now run Windows Task Manager all the time so I can see what's eating the CPU when it occurs (often daily). Mostly its rundll.exe and if I kill it sometimes all is OK (at least I can shutdown everything safely before a reboot) but at other times something else grabs the CPU, such as iexplore.exe, svchost.exe, vsmon.exe or whatever. At these times the only thing to do is power off & on.

I have also tried running Process Explorer instead of Task Manager (if you haven't tried it, download from http://technet.microsoft.com/en-gb/sysinternals/bb896653.aspx ) and with this I can Suspend the offending rundll32.exe and continue working normally. When something doesn't respond it's because it needs rundll32 so then I do have to reboot.

Forum Information

Currently it is Tuesday, October 07, 2008 5:49 PM (GMT +2)
There are a total of 62.565 posts in 15.604 threads.
In the last 3 days there were 19 new threads and 52 reply posts. View Active Threads