Home How it works Support Boost Connect Download

Boost Connect

Uncovering the DNA of programs.
Good programs    
1
6
7
,
7
9
6
 
Fair programs  
0
1
1
,
1
2
0
 
Bad programs 
0
0
4
,
2
7
7

What is rundll32.exe?

Part of Windows host process (Rundll32) by Microsoft

(rundll32.exe is a system file that is installed with Windows)
Download Boost and enjoy your PC. Speed up Windows host process (Rundll32) and optimize your PC.

How does rundll32.exe run?

Process - rundll32.exe is an instance of a running program. This 64-bit program executes with the privileges as the currently logged in user account. rundll32.exe is executed by the process chrome.exe (Google Chrome by Google Inc).

How does rundll32.exe start?

Autoplay handler - rundll32.exe is typically associtated with identifier name of MSPhotoAcqHWEventHandler with and identifier of SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\AutoplayHandlers\Handlers\MSPhotoAcqHWEventHandler. Autoplay will scan removable media, when it arrives, looking for media content types (music, graphics, or video). When a removable media arrives, Windows determines what actions to perform by evaluating the content and comparing it to registered handlers for that content. An application will register a handler for Autoplay events associated with a media type.
Approved shell extension - rundll32.exe has a CLSID (globally unique identifier) of {9D687A4C-1404-41ef-A089-883B6FBECDE6}. When the system detects that the user is downloading an external program that runs as part of the Windows user interface, the system searches for a digital certificate or requests that the user approve the action. If you enable this policy, Windows only starts approved programs.
Scheduled task - rundll32.exe is launched automatically by registering itself into the Windows Task Scheduler under the task name '\PC Utility Kit Registration3'. Task Scheduler provides the ability to schedule the launch of programs or scripts at pre-defined times or after specified time intervals or even with event-based triggers.
Startup files (user) run - rundll32.exe is registered with the run identifier 'uprkr' and the execution command 'rundll32.exe ",RetrieveKey' in the Windows registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Run keys are startup registry keys that are used to launch an application automatically when a user logs into Windows.
User start menu folder - The shortcut file rundll32.lnk is loaded in the user's Startup folder (%AppData%\Microsoft\Windows\Start Menu\Programs\Startup\) that points to the executable rundll32.exe. The startup folder contains programs that automatically start when Windows starts for the logged in user.
Startup files (all users) run - rundll32.exe is registered with the run identifier 'CTMasterOnOffMonitor' and the execution command 'Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch' in the Windows registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Run keys are startup registry keys that are used to launch an application automatically when any Windows user logs into Windows.

Community

What is the community is seeing?What is the community is doing?
About 0.3% of all Boost users have the rundll32.exe process running.Of the 0.3% of rundll32.exe users, 12.0% have disabled it.
How stable is Windows host process (Rundll32)?
Based on crash data discovered by Boost, stability is a measure of how sound this particular process and the average percent of times it crashes.
     rundll32.exe0.03%
Typical program1.26%
How resource intensive is rundll32.exe?
Comparison based on the average resource utilization across all programs.
0.00001% CPU53.8%
Average CPU utilization across all programs is 0.00001%.
          6.21 MB RAM28.9%
Average private memory utilization across all programs is 21.53 MB.
              19 GDI objects12.7%
Average number of GUI GDI and USER objects for all programs is 150.
Typical file (disk image) location:
C:\Windows\System32\rundll32.exe

Are there other versions of Windows host process (Rundll32...?

Why are multiple of the same versions listed?

What modules are loaded?

A module is a dynamic link library (DLL) or an executable file that is loaded into the process. Below is a list of non-system modules that are loaded by Windows host process (Rundll32).

What else is related?

Windows host process (Rundll32) Stability

rundll32.exe crashes or has encountered a critical error 0.8900% of the time.
1.  
Error:   *E 'D*HBA 9F 'D9ED (APPCRASH)
Occurred: over 6 months ago
2.  
Error:   *E 'D*HBA 9F 'D9ED (APPCRASH)
Occurred: over 6 months ago
3.  
Error:   *E 'D*HBA 9F 'D9ED (APPCRASH)
Occurred: over 6 months ago

What Windows OS versions does this run on?

Windows 7 Home Premium (6.1.7600.0)
Windows 7 Ultimate (6.1.7600.0)
Windows 7 Ultimate N (6.1.7600.0)
Windows 7 Home Premium (6.1.7601.65536)
Windows 7 Ultimate (6.1.7601.65536)
Microsoft Windows 7 Professional (6.1.7601.65536)
Windows 7 Home Basic (6.1.7601.65536)
Windows 7 Home Premium (6.1.7601.65536)
Windows 7 Home Premium N (6.1.7601.65536)
Windows 7 Professional (6.1.7601.65536)
Windows 7 Ultimate (6.1.7601.65536)

About Microsoft Corporation

Microsoft, founded in 1975 by Bill Gates and Paul Allen, is a veteran software company, best known for its Microsoft Windows operating system and the Microsoft More...
Download Boost

File details

File name: rundll32.exe
Publisher: Microsoft Corporation (verified)
Name: Windows host process (Rundll32)
Description: Microsoft® Windows® Operating System
Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product version: 6.1.7600.16385
Size: 44.5 KB
Original file name: RUNDLL32.EXE.MUI
Windows file protection: Yes

Resource utilization

CPU utilization averages
Total CPU: 0.0001026343%
Privileged CPU: 0.0000972554%
User CPU: 0.00000537890420%
Privileged CPU time: 327.6 ms
Privileged CPU time /min: 0 ms
CPU cycle count: 1,032,629,148
CPU cycle count /min: 23,949
Memory utilization averages
Committed memory: 82.56 MB
Peak committed memory: 88.77 MB
Paged memory: 6.21 MB
Peak paged memory: 6.51 MB
Paged system memory: 142.34 KB
Non-paged system memory: 16.73 KB
Working set memory: 7.2 MB
Peak working set memory: 15.78 MB
Min working set memory: 6.99 MB
Private memory: 6.21 MB
Page faults: 6,056
Page faults /min: 1
Process I/O averages
Total read operations: 585
Total read transfer: 649.8 KB
Total other operations: 608
Other operations /min: 1
Total other transfer: 145.87 KB
Other Transfer /min: 0 Bytes
GUI Object Averages
GDI objects: 19
Peak GDI objects: 21
USER objects: 9
Peak USER objects: 10
Resources
Handle count average: 161
Thread count average: 11
Thread resource averages
mmdevapi.dll

Process details

Runs as (owner): User
Integrety level: Medium
Windows platform: 64-bit
Hosted Process
Parent Process
Process Commands
"C:\Windows\System32\rundll32.exe" "C:\users\user\appdata\Local\Google\Chrome\User Data\Default\Extensions\jbkceikmmebhmgcjiemejoaeholbnnjl\10.14.251.3_0\plugins\ChromeAutoApproveTB.dll" RunUP ExtensionId=jbkceikmmebhmgcjiemejoaeholbnnjl;IsSmartbar=true
"C:\Windows\System32\rundll32.exe" CTMWatch.dll StartCTMasterOnOffWatch
"C:\Windows\System32\rundll32.exe" "C:\Program Files\DriveTheLife\DrvCache.dll" DrvCacheInit de331c31ffaab236b909143d89b9343b19a6df5a2ed9635f7fb85b504a297053573b8ceb2bb03ced28c486e31869ade18ded4596aa46e081e2f08b89c37df58ecf2f6f8ef78a5983be3a688a9ebad9c20a6739f532fa0be76909bde452b80dec47f4f65f3b
Rundll32.exe "C:\Program Files\DriveTheLife\HwInfo.dll" LocalInfo de30182ee7a2a430be16153b8bb93c3c1bb8925c23c6665a7aa45e184b3878541b

Autoplay handler details

Name: WinampMTPHandler
Command: SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\AutoplayHandlers\Handlers\WinampMTPHandler

Approved shell extension details

CLSID: {9D687A4C-1404-41ef-A089-883B6FBECDE6}

Scheduled task details

Name: PC Utility Kit Registration3
Command: \PC Utility Kit Registration3

Startup files (user) run details

Name: uprkr
Command: rundll32.exe ",RetrieveKey

User start menu folder details

Name: rundll32.exe

Startup files (all users) run details

Name: CTMasterOnOffMonitor
Command: Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch

Network connectivity

UDP: LISTENING on port 52875
UDP: LISTENING on port 57292

Image hashes

MD5: dd81d91ff3b0763c392422865c9ac12e
SHA-1: 963b55acc8c566876364716d5aafa353995812a8
SHA-256: f5691b8f200e3196e6808e932630e862f8f26f31cd949981373f23c9d87db8b9

PE image details

Subsystem: Windows GUI
Langauge*: Microsoft Visual C++
File entropy: 6.05669
File packed: No
Import Table
api-ms-win-core-path-l1-1-0.dll
imagehlp.dll
kernel32.dll
msvcrt.dll
ntdll.dll
shlwapi.dll
user32.dll
Stay up to date with news about Boost
Subscribe to our newsletter to receive the latest Boost news and discounts.
 
© 2023 Reason Software Company Inc.
228 Park Ave S #74122 New York, NY 10003
(646) 664-1038 | [email protected]
How it works Privacy Terms Support Contact Download Donate Reason Software, the makers of Boost logo

Download Boost and enjoy your PC.

Increase your PC's performance.
Remove unwanted crapware.
Reduce your boot time.
Identify and resolves crashes.
Download the FREE unlimited trial of Boost!
No spyware, no adware, no bundles, no tricks.
Download

Save 40% on Boost

For a limited time, from now until Friday, June 2, 2023 you can purchase Boost for 40% off of the normal price, only $39.95 $24.95.
The instant online savings will be automatically applied during checkout.
 

100% Satisfaction Guarantee

Purchase with confidence. We stand behind Boost.
If for any reason you are not satisfied with your software purchase, simply contact our Customer Support within 30 days, and we'll refund the purchase price. We won't make you jump through hoops to get all your money back!