We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now



artvogel asked
Medium Priority
Last Modified: 2007-12-19
I'm using a Thinkpad 41p notebook running Windows XP Professional.  In task manager I'm showing two entries for rundll32.exe under the same user.  Is this a problem?  Also, the CPU usage for the 1st listing of rundll32.exe stays at zero, however, the CPU usage for the second listing often goes up to 99% and stays there, which slows down the computer substantially and over heats the CPU.  Is there a way to fix this?
Watch Question

Check for virus' and adware type programs.

AdWare and spybot S&D are good.  Virus scanning software if you don't have already you should.


yeah, you need one, not two. Get a good copy of that dll from elsewhere, the A/V probably won't be able to clean it up.

The other issue you have is the CPU "overheating".  It should be thermally designed to withstand operating at 100% utilization for a certain length of time.  If it overheats quickly then there may be something wrong with the cooling fan or obstruction to the airflow through the notebook chassis, such as built-up dust.
That's perfectly normal. There is nothing wrong with having two rundll32.exe running at the same time. All my computers have at least 2 running and they all function W2000 perfect. Do a search on Google, I saw an explanation once.

The run32.dll processes are active when something uses the system dynamic link libraries to execute its code.  In many cases they are perfectly normal but sometimes malicious processes can "hide" behind the run32 library.  So these are not necessarily okay.  In fact, if one of them is using up 99% of your CPU when the system should be at idle, I recommend running anti-virus and particularly anti-spyware as RDAdams mentions above.  But like I said - the overheating is a separate issue that you also need to address if you want the hardware to continue functioning reliably.
This seems to be a common misconseption. rundll32.exe is an Exe, not a Dll (the clue is in the file extention)
rundll32.exe can be passed the name of a dll in the command line, rundll32.exe will then host that dll.

Seeing a instance of rundll32.exe in the process list dosnt tell you mutch at all. the process could be hosting any dll. hence such there is no "correct number" of rundll32.exe instances

I would guess that the process in question that is consuming your CPU cycles is an instance of rundll32.exe being used to host a malishous dll.

the command line that strats the process is probably defined in the registry, theeasyest way of configuring the commandlines that run on startup is by typeing "msconfig" in the run box on the start menu. goto the startup tab on the dialog that opens and disable any of the commands that you dont want to run.

Altertativly you can configure them using regedit but i wouldnt recomend his unless your a very compitant user
rundll32.exe is no problem generally unless you see it listed way more times then that.....    

I suggest a software firewall program that keeps track of ALL INTERNET activity to the point where it asks you to give permission to a program to use the internet.

That will STOP trojans cold, been using this type of product for 4 years now.

If rundlll32.exe or joeblow.exe tries suddenly to go to an IP address, the software will alert you and you can permanently have it say NO, I usually then grab a boot disk, note where the file is and chance the extension to .exf and then reboot and if the PC works fine with out it, she's a goner.....

Bit Defender is a good one for this because it also includes a good antivirus and is easy to use:  free trial at:  www.bitdefender.com

I personally use a good firewall/security router ($250) and Fix It Utils Suite 5.0 with software firewall and antivirus, and that works quite well.  8)  

Bit Defender is a bit cheaper.  8)

If you want to go bananas:  Black Ice Defender is a pain in the neck now, I had a 2 year license and quit using it once they upgraded it to overkill mode, even I thought it was too far gone to want to use ever again.
Replaced it with the heavy duty overkill model hardware firewall/router anyhow when I bought a house. LOL!   Needed heavy duty model because it was living in the garage and temp in there in summer, 120 and high humidity.   [www.networkice.com in case you want to look, but NO trials]

Rundll32.exe is a trojan/virus in order to remove download ad-aware , update it then boot into safe mode to remove this culprit also go to
Click on the startup tab
Some if not all of the applications listed rely on RUNDLL32. You may have to work through each one until you find the application that isn't shutting down RUNDLL32 correctly. I am asuming that you have tried my "work around" without running any applications, just logging on, killing off runDLL32 and shutting down.
Kill of rundll32.exe?   It's a major windows system program....   now if it's infected, beware of this:  

XP makes a dllcache directory inside \windows\system32 and if anything is deleted out of system32, it gets replaced by dllcache file immediately....   that dllcache is full of XP install files...

Of course a trojan can also place a file in their too and if you don't know about this directory, it will repop in if you had deleted the files out of system32, you have to toast both....
or clean both or replace it from your XP cab files manually with a utility that can view/extract files out of .cab's....

WinRAR will do the trick nicely.

Ok, perhaps somebody should try and pick up on the "Thinkpad T41" part of the question, huh.  For example, it is a very new machine and the anti virus protection that comes installed on it is just fine.  So it is probably _not_ a trojan etc etc.

To the point, this same thing has happened to me and the fix that _seems_ to be working is to turn off the loading of the Bluetooth authentication agent on the T41 (run msconfig and click on the startup tab).  I don't use Bluetooth on this machine so I don't care.  I suspect IBM has done something wrong here, but I don't have time to spend hours with their support folks.  I would be very interested to hear if this works for you, too.
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
I have had a similiar problem on a IBM T41P. I heard a noise like disc activity when no disc light activity. (Seems the noise was the fan active because of overheating -comment from IBM support). I was also having problems with rundll32.exe 'not responding' on shutdown. I ran virusupdate,  virus scan, checked active progams in Zone Alarm and could see no probable cause. Then when I checked Task Manager I found CPU usage at  98%-100% for rundll32.exe.

Came here from google search, found the solution offered by peter_s_magnusson above and applied it. Appears to me to work. rundll32.exe CPU usage is now 0 and shut down is working without 'no response' rundll32.exe.

Checked with IBM support and they were not aware of the problem or the fix. For the moment it does appear to be an issue with "Bluetooth Authentication".


Found the problem continued after disabling Bluetooth in start up menu. From futher google reseach and after discussions with IBM support it seem to me this is an issue with pwrmonit.  

So Start - Run - type msconfig - select Startup Tab - Untick pwrmonit and restart. That solves the problem for the moment. Will look for a IBM fix.


Yes, I forgot to follow up comment: pwrmonit *also* gives problems.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.