When you open Task Manager, you may see Rundll32.exe entry in the Processes tab. Or, you may also encounter a rundll32.exe error at shutdown. Rundll32.exe is a valid system file which executes a DLL. The actual command may be Rundll32.exe filename.xxx,
To know the module which is executed by Rundll32, proceed further. Without any third-party tools, here is a neat way to track down what the Rundll32 is executing. Open a Command Prompt window and type the following command:
tasklist /m /fi "IMAGENAME eq rundll32.exe" >C:\rundll32.txt
Now, open the file C:\rundll32.txt file and identify the "odd" modules. (filter out the system files and dependencies used by Rundll32.exe. The odd one (in this example) is the timedate.cpl file. Yes. I had the Date/Time dialog open and this is what Rundll32.exe was executing.
Windows XP Home Edition does not have Tasklist.exe
The above is just an example and you may use this method to find out the module loaded by the rundll32.exe process. If an unknown module was found, it may be a Malware. In that case, it's a good idea to:
1.Inspect the startup applications
2.Scan the system using these tools:
* Ad-Aware
* SpyBot S&D
* CWShredder
* Online Virus scanners