Home How it works Support Boost Connect Download

Boost Connect

Uncovering the DNA of programs.
Good programs    
1
6
7
,
7
9
6
  
Fair programs  
0
1
1
,
1
2
0
  
Bad programs 
0
0
4
,
2
7
7

What is rundll32.exe?

Part of Windows host process (Rundll32) by Microsoft

(rundll32.exe is a system file that is installed with Windows)
Download Boost (100% FREE) Speed up Windows host process (Rundll32) and optimize your PC.

How does rundll32.exe run?

Process - rundll32.exe is an instance of a running program. This 64-bit program executes with the privileges as the currently logged in user account. rundll32.exe is executed by the process svchost.exe (Host Process for Windows Services by Microsoft).

How does rundll32.exe start?

Autoplay handler - rundll32.exe is typically associtated with identifier name of MSPromptEachTime with and identifier of SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPromptEachTime. Autoplay will scan removable media, when it arrives, looking for media content types (music, graphics, or video). When a removable media arrives, Windows determines what actions to perform by evaluating the content and comparing it to registered handlers for that content. An application will register a handler for Autoplay events associated with a media type.
Scheduled task - rundll32.exe is launched automatically by registering itself into the Windows Task Scheduler under the task name '\EasyShare Registration Task'. Task Scheduler provides the ability to schedule the launch of programs or scripts at pre-defined times or after specified time intervals or even with event-based triggers.
Startup files (user) run - rundll32.exe is registered with the run identifier 'uprkr' and the execution command 'rundll32.exe ",RetrieveKey' in the Windows registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Run keys are startup registry keys that are used to launch an application automatically when a user logs into Windows.
Approved shell extension - rundll32.exe has a CLSID (globally unique identifier) of {9D687A4C-1404-41ef-A089-883B6FBECDE6}. When the system detects that the user is downloading an external program that runs as part of the Windows user interface, the system searches for a digital certificate or requests that the user approve the action. If you enable this policy, Windows only starts approved programs.
User start menu folder - The shortcut file rundll32.lnk is loaded in the user's Startup folder (%AppData%\Microsoft\Windows\Start Menu\Programs\Startup\) that points to the executable rundll32.exe. The startup folder contains programs that automatically start when Windows starts for the logged in user.
Startup files (all users) run - rundll32.exe is registered with the run identifier 'CTMasterOnOffMonitor' and the execution command 'Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch' in the Windows registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Run keys are startup registry keys that are used to launch an application automatically when any Windows user logs into Windows.

Community

What is the community is seeing?What is the community is doing?
About 0.4% of all Boost users have the rundll32.exe process running.Of the 0.4% of rundll32.exe users, less than 1% have disabled it.
How stable is Windows host process (Rundll32)?
Based on crash data discovered by Boost, stability is a measure of how sound this particular process and the average percent of times it crashes.
     rundll32.exe0.03%
Typical program1.26%
How resource intensive is rundll32.exe?
Comparison based on the average resource utilization across all programs.
0.00018% CPU1787.1%
Average CPU utilization across all programs is 0.00001%.
15.83 MB RAM73.5%
Average private memory utilization across all programs is 21.53 MB.
 2 /min0.1%
Average I/O read and write operations for all programs is 2,253 per minute.
              27 GDI objects18.0%
Average number of GUI GDI and USER objects for all programs is 150.
Typical file (disk image) location:
C:\Windows\System32\rundll32.exe

Are there other versions of Windows host process (Rundll32...?

rundll32.exe - version 6.3.9600.16384 (winblue_rtm.130821-1623)
rundll32.exe - version 6.2.9200.16384 (win8_rtm.120725-1247)
rundll32.exe - version 6.1.7600.16385 (win7_rtm.090713-1255)
rundll32.exe - version 6.0.6000.16386 (vista_rtm.061101-2205)

What modules are loaded?

A module is a dynamic link library (DLL) or an executable file that is loaded into the process. Below is a list of non-system modules that are loaded by Windows host process (Rundll32).
winhttp.dll (Windows HTTP Services by Microsoft)
btmmhook.dll (Bluetooth Software by Broadcom)
flash.ocx (Shockwave Flash by Microsoft)
kwsui.dll (Kingsoft Internet Security by Beijing Kingsoft Security software Co)
optprocrash.dll (by PC Utilities Software Limited)
backgroundcontainer.dll (Background Container by Conduit Ltd)
spvc32loader.dll (Search Protect by ClientConnect LTD)
performancer.dll
fastandsafe.dll
lblocker.dll (Kingsoft Internet Security by Beijing Kingsoft Security software Co)

What else is related?

dbgsvc.exe (Debug Diagnostic Tool by Microsoft)
fhautoplay.dll (Microsoft® File History AutoPlay Integration Library by Microsoft)
buildnotification.exe (Microsoft® Visual Studio® 2012 by Microsoft)
ehexthost.exe (Media Center Extensibility Host by Microsoft)
onenoteim.exe (Microsoft OneNote by Microsoft)
powershell.exe (Windows PowerShell by Microsoft)
ipoverusbsvc.exe (Microsoft (R) Windows (R) Operating System by Microsoft)
iedvtool.dll (Internet Explorer by Microsoft)
korime.exe (Microsoft IME by Microsoft)
chtime.exe (Microsoft IME by Microsoft)
emet_gui.exe (Enhanced Mitigation Experience Toolkit by Microsoft)
emet_agent.exe (Enhanced Mitigation Experience Toolkit by Microsoft)
filemanager.exe (OneDrive by Microsoft)
mstore.exe (Microsoft Clip Organizer by Microsoft)
chsime.exe (Microsoft IME by Microsoft)
scardsvr.dll (Smart Card Resource Management Server by Microsoft)
gpsvc.dll (Group Policy Client by Microsoft)
certprop.dll (Microsoft Smartcard Certificate Propagation Service by Microsoft)
integratedoffice.exe (Microsoft Office by Microsoft)
actioncenter.dll (Action Center by Microsoft)
f12tools.dll (Internet Explorer by Microsoft)
ndsm.exe (Microsoft® .NET Framework by Microsoft)

Windows host process (Rundll32) Stability

rundll32.exe crashes or has encountered a critical error 0.8900% of the time.
1.  
Error: Stopped working (BEX)
Crashing module: ntdll.dll (still researching...)
Occurred on: June 20, 2014
2.  
Error: Stopped working (BEX)
Crashing module: ntdll.dll (still researching...)
Occurred on: June 20, 2014
3.  
Error: Stopped working (BEX)
Crashing module: ntdll.dll (still researching...)
Occurred on: June 20, 2014

What Windows OS versions does this run on?

Windows 8.1 (6.2.9200.0)

About Microsoft Corporation

Microsoft, founded in 1975 by Bill Gates and Paul Allen, is a veteran software company, best known for its Microsoft Windows operating system and the Microsoft More...
Download Boost

File details

File name: rundll32.exe
Publisher: Microsoft Corporation (verified)
Name: Windows host process (Rundll32)
Description: Microsoft® Windows® Operating System
Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
Product version: 6.3.9600.16384
Size: 48.5 KB
Original file name: RUNDLL32.EXE.MUI
Windows file protection: Yes

Resource utilization

CPU utilization averages
Total CPU: 0.0005320959%
Privileged CPU: 0.0003533822%
User CPU: 0.00017871363340%
Privileged CPU time: 781.25 ms
Privileged CPU time /min: 1 ms
CPU cycle count: 432,948,609
CPU cycle count /min: 13,088,006
Memory utilization averages
Committed memory: 200.97 MB
Peak committed memory: 251.41 MB
Paged memory: 15.83 MB
Peak paged memory: 49.93 MB
Paged system memory: 354.56 KB
Non-paged system memory: 33.19 KB
Working set memory: 26.76 MB
Peak working set memory: 66.11 MB
Min working set memory: 5.14 MB
Private memory: 15.83 MB
Page faults: 37,520
Page faults /min: 63
Process I/O averages
Total read operations: 760
Read operations /min: 1
Total read transfer: 1.08 MB
Read transfer /min: 1.83 KB
Total write operations: 363
Write operations /min: 1
Total write transfer: 863.32 KB
Write transfer /min: 1.44 KB
Total other operations: 7,471
Other operations /min: 10
Total other transfer: 377.31 KB
Other Transfer /min: 610 Bytes
GUI Object Averages
GDI objects: 27
Peak GDI objects: 34
USER objects: 22
Peak USER objects: 42
Resources
Handle count average: 322
Thread count average: 10
Thread resource averages

Process details

Runs as (owner): User
Integrety level: Medium
Windows platform: 64-bit
Parent Process
svchost.exe (Host Process for Windows Services by Microsoft)
Process Command
"C:\Windows\System32\rundll32.exe" "C:\Users\liang\funshion\base\FunshionPopup.dll",runDllW \\.\pipe\NamedPipe.511565390

Autoplay handler details

Name: MSPhotoAcqHWEventHandler
Command: SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPhotoAcqHWEventHandler

Scheduled task details

Name: \{00BAB955-E3A4-40EE-A715-E595C89513B0}

Startup files (user) run details

Name: uprkr
Command: rundll32.exe ",RetrieveKey

Approved shell extension details

CLSID: {9D687A4C-1404-41ef-A089-883B6FBECDE6}

User start menu folder details

Name: lsass.exe

Startup files (all users) run details

Name: CTMasterOnOffMonitor
Command: Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch

Image hashes

MD5: be1dae43dfbca94fb6b4157c1b16923e
SHA-1: aa4e976039bece6dbd242c97a019fd29a6dc63f7

PE image details

Subsystem: Windows GUI
Langauge*: Microsoft Visual C++
File entropy: 6.05669
File packed: No
Import Table
api-ms-win-core-path-l1-1-0.dll
imagehlp.dll
kernel32.dll
msvcrt.dll
ntdll.dll
shlwapi.dll
user32.dll
Stay up to date with news about Boost
Subscribe to our newsletter to receive the latest Boost news and discounts.
  
Like on Facebook
Follow on Twitter
© 2023 Reason Software Company Inc.
228 Park Ave S #74122 New York, NY 10003
(646) 664-1038 | [email protected]
How it works Privacy Terms Support Contact Download Donate Reason Software, the makers of Boost logo

Download Boost and enjoy your PC.

Increase your PC's performance.
Remove unwanted crapware.
Reduce your boot time.
Identify and resolves crashes.
Download the FREE unlimited trial of Boost!
No spyware, no adware, no bundles, no tricks.
Download

Save 40% on Boost

For a limited time, from now until Thursday, March 30, 2023 you can purchase Boost for 40% off of the normal price, only $39.95 $24.95.
The instant online savings will be automatically applied during checkout.
 

100% Satisfaction Guarantee

Purchase with confidence. We stand behind Boost.
If for any reason you are not satisfied with your software purchase, simply contact our Customer Support within 30 days, and we'll refund the purchase price. We won't make you jump through hoops to get all your money back!