Multiple running instances of rundll32.exe
I've noticed that in the Task Manager of Windows 7, I have multiple running instances (2) of rundll32.exe. Does this necessarily means that my machine is infected by a malware as noted here: http://www.revthatup.com/how-to-fix-rundll32-exe/
Notice that I did a restore to the factory image that reside on separate partition. Could these kind of partitions also be affected by viruses?
Additionally, even after the factory restore, I am always getting an error message indicating that rundll32.exe stopped working at Windows 7 startup which seems very suspicious for a clean (?) installation.
It could be a virus, or could just be a program that needs to be run within a rundll32. You could have more information on what's being run by using Sysinternal's Process Explorer : click on each rundll32, and see its properties, or which filehandles it is using (could be tricky determining what is legit, and what is not...)
Using the recommended tool I was able to check these two instances of rundll32.exe, and there wasn't anything suspicious on the "DLL" view. Most of the DLLs are from Microsoft corporation. There are some of them which are not signed, but they reside in the C:\WINDOWS (sub)directories which probably seems fine. In the "Handlers" view there are a lot of entries which I don't have an idea how to interpret.
It's quite difficult to judge if things are ok or not, but at least if the "properties" shows you that it is running an "innocuous" command inside, then it should be fine. If you have reasons to believe otherwise, then a wipe/reinstall is almost always the best way to solve it (as once you get something bad, that something can hide itself and prevent you from knowing if you eradicated it or simply eradicated the obvious (and sometimes left visible on purpose) parts of it...)
The first rundll32.exe has a command parameter: "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp and the second one - C:\Windows\system32\AmbRunE.dll,RunDLLEntry
rundll32 is a part of Windows used to invoke functions in dll's that are explicitly meant to be called by them (meaning that you can run them from a command line/command line script, or from an executable without linking against the dll that the required function is contained in). For a mor in-depth explanation, see the MS Knowledge Base.
Also look here for a description of how you can adjust the table in your task manager to see the entire command line, and so which functions are actually being run by your rundll32. This will also tell you which rundll32.exe is being run (if one of them is in a strange folder, say C:\Program Files\whatever\rundll32.exe, that would likely be a problem. Both instances should have the same path (this may be different on 64bit systems which may have a separate 32bit version, I'm not sure about that).
The article that you link to is not good advice imho. While a changing symbol for rundll32 is a sign that tells you something is wrong, it is by no means certain that a modification of it would show up in this way!
Having multiple instances of rundll32 running at the same time is not very suspicious by itself.
Depending on the format used, factory images may be edited by malware, although I am by no means an expert on this and can't recall any such malware recently.
In terms of advice: First check the file paths of the running rundll32, then check which dll's/functions they are running. If you still have original recovery media (if not, you might be able to get some from your hardware vendor), recover your system from there instead of the hdd image if you're concerned about that.
Both rundll32.exe instances have full paths being: C:\WINDOWS\System32\rundll32.exe which seems OK. But having you said that "a changing symbol for rundll32 is a sign that tells you something is wrong" - indeed, the icon for the rundll32.exe is changed. Can we say that something is wrong?
OK, here's the deal. After some research, I've found that having multiples running instances of rundll32.exe, doesn't necessarily means that I am infected by a malware. By checking the parameters for each instance, you can identify which dll is loaded by the rundll32 instance in question. On Windows OS you can view this information from Task Manager -> Processes Tab -> View menu -> Select Columns -> Command Line. Make research for every parameter for each rundll32 instance.
Concerning the issue with rundll32 stopped working on Windows 7 - it was a driver issue related to Creative technologies. Many users of some Dell XPS laptops, encountered this problem especially after a factory reset, as in my case (which makes me think that the factory default image might not be infected, it is corrupted). I resolved the issue by invoking Creative Software AutoUpdate and let the tool update everything that is already installed.