Home How it works Support Boost Connect Download

Boost Connect

Uncovering the DNA of programs.
Good programs    
1
6
7
,
7
9
6
  
Fair programs  
0
1
1
,
1
2
0
  
Bad programs 
0
0
4
,
2
7
7

What is rundll32.exe?

Part of Windows host process (Rundll32) by Microsoft

(rundll32.exe is a system file that is installed with Windows)
Download Boost and enjoy your PC. Speed up Windows host process (Rundll32) and optimize your PC.

How does rundll32.exe run?

Process - rundll32.exe is an instance of a running program. This 32-bit program executes with the privileges as the currently logged in user account. rundll32.exe is executed by the process explorer.exe (Windows Explorer by Microsoft).

How does rundll32.exe start?

Autoplay handler - rundll32.exe is typically associtated with identifier name of MSPhotoAcqHWEventHandler with and identifier of SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPhotoAcqHWEventHandler. Autoplay will scan removable media, when it arrives, looking for media content types (music, graphics, or video). When a removable media arrives, Windows determines what actions to perform by evaluating the content and comparing it to registered handlers for that content. An application will register a handler for Autoplay events associated with a media type.
Approved shell extension - rundll32.exe has a CLSID (globally unique identifier) of {9D687A4C-1404-41ef-A089-883B6FBECDE6}. When the system detects that the user is downloading an external program that runs as part of the Windows user interface, the system searches for a digital certificate or requests that the user approve the action. If you enable this policy, Windows only starts approved programs.
Scheduled task - rundll32.exe is launched automatically by registering itself into the Windows Task Scheduler under the task name '\PC Utility Kit Registration3'. Task Scheduler provides the ability to schedule the launch of programs or scripts at pre-defined times or after specified time intervals or even with event-based triggers.
Startup files (user) run - rundll32.exe is registered with the run identifier 'uprkr' and the execution command 'rundll32.exe ",RetrieveKey' in the Windows registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Run keys are startup registry keys that are used to launch an application automatically when a user logs into Windows.
User start menu folder - The shortcut file rundll32.lnk is loaded in the user's Startup folder (%AppData%\Microsoft\Windows\Start Menu\Programs\Startup\) that points to the executable rundll32.exe. The startup folder contains programs that automatically start when Windows starts for the logged in user.
Startup files (all users) run - rundll32.exe is registered with the run identifier 'CTMasterOnOffMonitor' and the execution command 'Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch' in the Windows registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Run keys are startup registry keys that are used to launch an application automatically when any Windows user logs into Windows.

Community

What is the community is seeing?What is the community is doing?
About 0.3% of all Boost users have the rundll32.exe process running.Of the 0.3% of rundll32.exe users, 20.0% have disabled it.
How stable is Windows host process (Rundll32)?
Based on crash data discovered by Boost, stability is a measure of how sound this particular process and the average percent of times it crashes.
     rundll32.exe0.03%
Typical program1.26%
How resource intensive is rundll32.exe?
Comparison based on the average resource utilization across all programs.
0.02345% CPU234511.2%
Average CPU utilization across all programs is 0.00001%.
7.64 MB RAM35.5%
Average private memory utilization across all programs is 21.53 MB.
     55 /min2.4%
Average I/O read and write operations for all programs is 2,253 per minute.
              19 GDI objects12.7%
Average number of GUI GDI and USER objects for all programs is 150.
          27 context switches/sec27.0%
Average context switches for all programs is 100 per second.
Typical file (disk image) location:
C:\Windows\System32\rundll32.exe

Are there other versions of Windows host process (Rundll32...?

rundll32.exe - version 6.2.9200.16384 (win8_rtm.120725-1247)
rundll32.exe - version 6.2.9200.16384 (win8_rtm.120725-1247)
rundll32.exe - version 6.1.7600.16385 (win7_rtm.090713-1255) (this)
rundll32.exe - version 6.1.7600.16385 (win7_rtm.090713-1255)
rundll32.exe - version 6.1.7600.16385 (win7_rtm.090713-1255)
rundll32.exe - version 6.0.6000.16386 (vista_rtm.061101-2205)
rundll32.exe - version 6.0.6000.16386 (vista_rtm.061101-2205)
Why are multiple of the same versions listed?

What modules are loaded?

A module is a dynamic link library (DLL) or an executable file that is loaded into the process. Below is a list of non-system modules that are loaded by Windows host process (Rundll32).
shell32.dll (Windows Shell Common Dll by Microsoft)
urlmon.dll (Windows® Internet Explorer by Microsoft)
nvhotkey.dll (NVIDIA Hotkey Service, Version 176.44 by NVIDIA)
nvmctray.dll (NVIDIA Media Center Library by NVIDIA)
igfxdev.dll (Intel(R) Common User Interface by Intel)
ieframe.dll (Windows® Internet Explorer by Microsoft)
atl.dll (Microsoft (R) Visual C++ by Microsoft)
idmmkb.dll (Internet Download Manager by Tonec)
idmnetmon.dll (Internet Download Manager by Tonec)
nvapi.dll (NVIDIA Windows drivers by NVIDIA)
msoxmlmf.dll (Microsoft Office InfoPath by Microsoft)
gcswf32.dll (Shockwave Flash by Adobe Systems)
btmmhook.dll (Bluetooth Software by Broadcom)
srrstr.dll (Microsoft® Windows System Protection Configuration Library by Microsoft)
sqlite3.dll (by Bitdefender SRL)
babylonchrometoolbar.dll (Babylon ToolBar )
busolution.dll (BU Dynamic Link Library by Visual Tools)
zlib1.dll (zlib by Stardock)
sahook.dll (McAfee SiteAdvisor by McAfee)
images.dll (Trillian by Cerulean Studios)
jpeg62.dll (Jpeg by Independent JPEG Group )
libungif.dll ( libungif Library )
expatxml.dll (Trillian by Cerulean Studios)
toolkit.dll (Trillian by Cerulean Studios)
kdu_v43r.dll (Kakadu Software Tools for JPEG2000 by The University of New South Wales)
mozglue.dll (Firefox by Mozilla)
mozsqlite3.dll (SQLite Database Library by Mozilla)
45ezsetp.dll (QuotationCafe Easy Installer by Mindspark Interactive Network)
4sezsetp.dll (Gaming Assassin Easy Installer by Mindspark Interactive Network)
5bezsetp.dll (PetsHarmony Easy Installer by Mindspark Interactive Network)
4mezsetp.dll (ChristmasHolidayLaughs Easy Installer by Mindspark Interactive Network)
gcezsetp.dll (WeatherBlink Easy Installer by Mindspark Interactive Network)

What else is related?

msvcp60.dll (Microsoft (R) Visual C++ by Microsoft)
rstrui.exe (System Restore Application by Microsoft)
dismhost.exe (Dism Host Servicing Process by Microsoft)
bcmsqlstartupsvc.exe (Business Contact Manager for Microsoft Outlook 2010 by Microsoft)
msonsext.dll (Microsoft Office by Microsoft)
encwcbar.dll (Microsoft Encarta by Microsoft)
workfolderssvc.dll (Microsoft® Work Folders Service by Microsoft)
appreadiness.dll (AppReadiness by Microsoft)
ole32.dll (Microsoft OLE for Windows by Microsoft)
microsoft.biztalk.brmacontrols.dll (Microsoft (R) BizTalk (R) Server 2010 by Microsoft)
ssoconfig.exe (Microsoft® Enterprise Single Sign-On by Microsoft)
webfarmservice.exe (Microsoft IIS Extensions by Microsoft)
tfsjobagent.exe (Microsoft® Visual Studio® 2010 by Microsoft)
tfsbuildservicehost.exe (Microsoft® Visual Studio® 2010 by Microsoft)
ruleengineupdateservice.exe (Microsoft (R) BizTalk (R) Server 2010 by Microsoft)
entsso.exe (Microsoft® Enterprise Single Sign-On by Microsoft)
btsntsvc.exe (Microsoft (R) BizTalk (R) Server 2010 by Microsoft)
drmstor.dll (Microsoft® Windows Media Services by Microsoft)
themeui.dll (API de tema do Windows by Microsoft)
ntbackup.exe (Utilitário de cópia de segurança do Windows by Microsoft)
browseui.dll (Biblioteca da interface de utilizador do browser da shell by Microsoft)
shdocvw.dll (Objecto Doc da shell e biblioteca de controlos by Microsoft)

Windows host process (Rundll32) Stability

rundll32.exe crashes or has encountered a critical error 0.8900% of the time.
1.  
Error: Nicht mehr funktionsfhig (APPCRASH)
Occurred on: September 9, 2013
2.  
Error: Nicht mehr funktionsfhig (APPCRASH)
Occurred: over 6 months ago
3.  
Error: Nicht mehr funktionsfhig (APPCRASH)
Occurred: over 6 months ago

What Windows OS versions does this run on?

Microsoft Windows XP (5.1.2600.196608)
Microsoft Windows 7 Ultimate (6.1.7600.0)
Windows 7 Professional (6.1.7600.0)
Windows 7 Starter (6.1.7600.0)
Windows 7 Ultimate (6.1.7600.0)
Windows 7 Enterprise (6.1.7601.65536)
Windows 7 Home Premium (6.1.7601.65536)
Windows 7 Professional (6.1.7601.65536)
Windows 7 Starter (6.1.7601.65536)
Windows 7 Ultimate (6.1.7601.65536)
Windows 7 Ultimate N (6.1.7601.65536)
Windows 7 Home Basic (6.1.7601.65536)

About Microsoft Corporation

Microsoft, founded in 1975 by Bill Gates and Paul Allen, is a veteran software company, best known for its Microsoft Windows operating system and the Microsoft More...
Download Boost

File details

File name: rundll32.exe
Publisher: Microsoft Corporation (verified)
Name: Windows host process (Rundll32)
Description: Microsoft® Windows® Operating System
Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product version: 6.1.7600.16385
Size: 43.5 KB
Original file name: RUNDLL32.EXE.MUI
Windows file protection: Yes

Resource utilization

CPU utilization averages
Total CPU: 0.0366990233%
Privileged CPU: 0.0132479028%
User CPU: 0.02345112052424%
Privileged CPU time: 832161.33 ms
Privileged CPU time /min: 799 ms
CPU cycle count: 500,206,761
CPU cycle count /min: 110,544,452
Context switches /sec: 27
Memory utilization averages
Committed memory: 86.65 MB
Peak committed memory: 88.6 MB
Paged memory: 7.64 MB
Peak paged memory: 7.81 MB
Paged system memory: 146.13 KB
Non-paged system memory: 12 KB
Working set memory: 7.76 MB
Peak working set memory: 10.51 MB
Min working set memory: 6.86 MB
Private memory: 7.64 MB
Page faults: 4,103
Page faults /min: 235
Process I/O averages
Total read operations: 271
Read operations /min: 5
Total read transfer: 82.99 KB
Read transfer /min: 7.67 KB
Total write operations: 310
Write operations /min: 50
Total write transfer: 3.12 MB
Write transfer /min: 513.87 KB
Total other operations: 2,610
Other operations /min: 106
Total other transfer: 20.65 KB
Other Transfer /min: 1.92 KB
GUI Object Averages
GDI objects: 19
Peak GDI objects: 22
USER objects: 10
Peak USER objects: 15
Resources
Handle count average: 144
Thread count average: 5
Thread resource averages
ntdll.dll

Process details

Runs as (owner): User
Integrety level: High
Windows platform: 32-bit
Hosted Process
rundll32.exe (Windows host process (Rundll32) by Microsoft)
Parent Processes
explorer.exe (Windows Explorer by Microsoft)
Process Commands
"C:\Windows\System32\rundll32.exe" CMICNFG3.cpl,CMICtrlWnd
"C:\Windows\System32\rundll32.exe" P17RunE.dll,RunDLLEntry
"C:\Windows\System32\rundll32.exe" toolkit.dll,widgetHost 13625637532356
"rundll32.exe" "C:\Program Files\McAfee\SiteAdvisor\saHook.dll" saHooker_Initialize_and_Wait
"C:\Windows\System32\rundll32.exe" SPIRunE.dll,RunDLLEntry

Autoplay handler details

Name: WinampMTPHandler
Command: SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\AutoplayHandlers\Handlers\WinampMTPHandler

Approved shell extension details

CLSID: {9D687A4C-1404-41ef-A089-883B6FBECDE6}

Scheduled task details

Name: PC Utility Kit Registration3
Command: \PC Utility Kit Registration3

Startup files (user) run details

Name: uprkr
Command: rundll32.exe ",RetrieveKey

User start menu folder details

Name: rundll32.exe

Startup files (all users) run details

Name: CTMasterOnOffMonitor
Command: Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch

Network connectivity

UDP: LISTENING on port 51461

Image hashes

MD5: 51138beea3e2c21ec44d0932c71762a8
SHA-1: 8939cf35447b22dd2c6e6f443446acc1bf986d58
SHA-256: 5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

PE image details

Subsystem: Windows GUI
Langauge*: Microsoft Visual C++
File entropy: 6.05669
File packed: No
Import Table
api-ms-win-core-path-l1-1-0.dll
imagehlp.dll
kernel32.dll
msvcrt.dll
ntdll.dll
shlwapi.dll
user32.dll
Stay up to date with news about Boost
Subscribe to our newsletter to receive the latest Boost news and discounts.
  
Like on Facebook
Follow on Twitter
© 2023 Reason Software Company Inc.
228 Park Ave S #74122 New York, NY 10003
(646) 664-1038 | [email protected]
How it works Privacy Terms Support Contact Download Donate Reason Software, the makers of Boost logo

Download Boost and enjoy your PC.

Increase your PC's performance.
Remove unwanted crapware.
Reduce your boot time.
Identify and resolves crashes.
Download the FREE unlimited trial of Boost!
No spyware, no adware, no bundles, no tricks.
Download

Save 40% on Boost

For a limited time, from now until Thursday, March 30, 2023 you can purchase Boost for 40% off of the normal price, only $39.95 $24.95.
The instant online savings will be automatically applied during checkout.
 

100% Satisfaction Guarantee

Purchase with confidence. We stand behind Boost.
If for any reason you are not satisfied with your software purchase, simply contact our Customer Support within 30 days, and we'll refund the purchase price. We won't make you jump through hoops to get all your money back!