Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 0.63%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.32%
6.2.9200.16384 (win8_rtm.120725-1247) 0.48%
6.2.9200.16384 (win8_rtm.120725-1247) 2.22%
6.1.7600.16385 (win7_rtm.090713-1255) 20.13%
6.1.7600.16385 (win7_rtm.090713-1255) 28.68%
6.1.7600.16385 (win7_rtm.090713-1255) 0.16%
6.0.6000.16386 (vista_rtm.061101-2205) 6.81%
6.0.6000.16386 (vista_rtm.061101-2205) 3.49%
5.2.3790.3959 (srv03_sp2_rtm.070216-1710) 0.16%
5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 0.16%
5.1.2600.5512 (xpsp.080413-2105) 27.10%
5.1.2600.5512 (xpsp.080413-2105) 0.16%
5.1.2600.5512 (xpsp.080413-2105) 0.16%
5.1.2600.5512 (xpsp.080413-2105) 0.16%
5.1.2600.5512 (xpsp.080413-2105) 0.16%
5.1.2600.5512 (xpsp.080413-2105) 0.16%
5.1.2600.5512 (xpsp.080413-2105) 0.16%
5.1.2600.5512 (xpsp.080413-2105) 0.16%
5.1.2600.3311 (xpsp.080212-0004) 0.16%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) 8.40%

Relationships

Parent processes
Related files

PE structurePE file structure
Show functions
Import table
api-ms-win-core-path-l1-1-0.dll
PathCchAppend
imagehlp.dll
ImageDirectoryEntryToData
kernel32.dll
ExitProcess, GetCommandLineW, EncodePointer, GetNativeSystemInfo, SetFilePointer, SetErrorMode, FreeLibrary, CreateProcessW, LoadLibraryExW, GetCurrentProcess, SetProcessDEPPolicy, WaitForSingleObject, SetEvent, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, GetSystemDirectoryW, WideCharToMultiByte, FormatMessageW, ReadFile, CreateFileW, ReleaseSRWLockShared, Wow64EnableWow64FsRedirection, GetLastError, GetProcAddress, LocalAlloc, IsWow64Process, CreateEventW, DecodePointer, HeapSetInformation, AcquireSRWLockShared, GetCurrentThreadId, CloseHandle, LocalFree, SetUnhandledExceptionFilter, GetStartupInfoW, InterlockedCompareExchange, InterlockedExchange, Sleep, QueryPerformanceCounter, GetCurrentProcessId, GetModuleHandleA, GetSystemTimeAsFileTime, GetTickCount, UnhandledExceptionFilter, TerminateProcess, QueryActCtxW, SearchPathW, SetSearchPathMode, GetModuleHandleW, CreateActCtxW, ActivateActCtx, ResolveDelayLoadedAPI, DelayLoadFailureHook, ReleaseActCtx, GetFileAttributesW, DeactivateActCtx, CompareStringW, lstrlenA, lstrlenW, LoadLibraryW, LoadLibraryA, LoadLibraryExA
msvcrt.dll
DllMain
ntdll.dll
NtOpenProcessToken, NtQueryInformationToken, NtSetInformationToken, NtClose, RtlNtStatusToDosError, RtlImageNtHeader, NtSetInformationProcess
shlwapi.dll
PathIsRelativeW, SHSetThreadRef
user32.dll
CreateWindowExW, SetWindowLongW, GetClassNameW, SetClassLongW, RegisterClassW, LoadIconW, GetClassLongW, DestroyWindow, GetMessageW, DefWindowProcW, GetWindow, CharNextW, GetWindowLongW, LoadCursorW, TranslateMessage, LoadStringW, PostThreadMessageW, MessageBoxW, DispatchMessageW

rundll32.exe

Windows host process (Rundll32) by Microsoft

Remove rundll32.exe
Version:   6.1.7600.16385 (win7_rtm.090713-1255)
MD5:   51138beea3e2c21ec44d0932c71762a8
SHA1:   8939cf35447b22dd2c6e6f443446acc1bf986d58
SHA256:   5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124
This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

rundll32.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). It configures an autoplay handler withing explorer.exe named MSPhotoAcqHWEventHandler that will launch the program automatically. It is installed with a couple of know programs including ASUS Security Protect Manager published by ASUS, Musicmatch® Jukebox from Musicmatch Inc. and Musicmatch® Jukebox by Musicmatch Inc.. This version is designed to run on Windows 7 and is compiled as a 64 bit program.

DetailsDetails

File name:rundll32.exe
Publisher:Microsoft Corporation
Product name:Windows host process (Rundll32)
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\rundll32.exe
Original name:RUNDLL32.EXE.MUI
File version:6.1.7600.16385 (win7_rtm.090713-1255)
Product version:6.1.7600.16385
Size:43.5 KB (44,544 bytes)
Digital DNA
PE subsystem:Windows GUI
Entropy:6.056689
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
ASUS Security Protect Manager
 ASUS
3% remove
ASUS Security Protect Manager increases system security through the use of Multifactor AuthenticationPolicy. A system administrator can assign multifactor authentication policies to other users and adminis-trators. Multifactor authentication policies define authentication methods and credentials that are requiredto log on to the system and ASUS Security Protect Manager. Authentication methods include password,TPM password, fingerprint, ...
Musicmatch Jukebox
 Musicmatch Inc.
1% remove
The Jukebox has a skinnable, graphical interface and allows users to manage a catalogue of digital music, as well as CD and stream-based audio. It has a fairly advanced AutoDJ but has been noted as having a longer boot-up time than other players. The Plus version includes faster rip and burn times, exportable tables and tech support, as well as a "Super-Tagging" function that fetches for tags and album art and attaches them to the song ...

BehaviorsBehaviors

Autoplay handlers
Runs under the registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers'
  • Handler name 'WinampMTPHandler'
  • Handler name 'PStarterVideoFilesArrival'
  • Handler name 'PStarterPicturesArrival'
  • Handler name 'PStarterMusicFilesArrival'
  • Handler name 'PStarterMixedCDArrival'
  • Handler name 'PStarterDVDBurningOnArrival'
  • Handler name 'PStarterBlankCDArrival'
  • Handler name 'Power2GoPlayCDAudioOnArrival'
  • Handler name 'PDirDVArrival'
  • Handler name 'P2GDVDBurningOnArrival'
  • Handler name 'P2GCDBurningOnArrival'
  • Handler name 'muveeVideoOnArrival'
  • Handler name 'muveeVideoCameraArrivalCaptureWizard'
  • Handler name 'MSShowPicturesOnArrival'
  • Handler name 'MSSHAudioDevHandler'
  • Handler name 'MSRipCDAudioOnArrival'
  • Handler name 'MediaCapture9VideoCamera'
  • Handler name 'MSSdRunBackup'
  • Handler name 'MSSdConfigBackup'
  • Handler name 'MSPromptEachTimeNoContent'
  • Handler name 'MSPromptEachTime'
  • Handler name 'MSPhotoAcqHWEventHandler'
Approved shell extensions
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
  • CLSID: {9D687A4C-1404-41ef-A089-883B6FBECDE6}
Scheduled tasks
  • The job 'MyTurboPC.com Registration3' runs daily in the path '\MyTurboPC.com Registration3'
  • The job 'EasyShare Registration Task' runs daily in the path '\EasyShare Registration Task'
  • The task 'PC Utility Kit Registration3' runs daily in the path '\PC Utility Kit Registration3'
  • The task 'PC Unleashed Online Registration3' runs daily in the path '\PC Unleashed Online Registration3'
  • The task 'SparkTrust Registration3' runs daily in the path '\SparkTrust Registration3'
  • The job 'ParetoLogic Registration' runs daily in the path '\ParetoLogic Registration'
  • The task 'SpeedMaxPc Registration3' runs daily in the path '\SpeedMaxPc Registration3'
  • The job 'ParetoLogic Registration3' runs daily in the path '\ParetoLogic Registration3'
  • The task 'SpeedyPC Registration3' runs daily in the path '\SpeedyPC Registration3'
  • Entry path '\{DF592278-9ED5-4925-9117-7AD619F1AAA8}'
  • Entry path '\{D6488D52-E069-4A39-816E-D1598D5449A4}'
  • Entry path '\{C8536D19-006C-4D7C-B8C4-5A4B5160C5ED}'
  • Entry path '\{BBA662F7-038F-467B-8873-EB604B5242A2}'
  • Entry path '\{B86A1F70-22DB-44E2-850A-04DB8130A83A}'
  • Entry path '\{A9F6F357-C7F2-493B-9CA6-BA8096AAF4DF}'
  • Entry path '\{8A560E02-3FEE-4E3F-BD2F-E30E081ACB04}'
  • Entry path '\{898C3889-ACDA-439E-91B0-36187A01B19B}'
  • Entry path '\{0FF765F0-1DE5-461B-9F9B-936450ABA203}'
  • Entry path '\{0420CBAC-4E40-4938-9955-4C7C8595BC42}'
  • Entry path '\{00BAB955-E3A4-40EE-A715-E595C89513B0}'
  • Entry path '\EasyShare Registration Task'
  • Entry path '\MyTurboPC.com Registration3'
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'uprkr' → rundll32.exe ",RetrieveKey
User start menu folder
Shortcut pointer placed in '%appdata%\Microsoft\Windows\Start Menu'
  • Shortcut to 'rundll32.exe'
  • Shortcut to 'lsass.exe'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'CTMasterOnOffMonitor' → Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch
Network connections
  • [UDP] listens on port 51461

    • ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.04270945%
    0.028634%
    Kernel CPU:0.02053327%
    0.013761%
    User CPU:0.02217617%
    0.014873%
    Kernel CPU time:554,792 ms/min
    100,923,805ms/min
    CPU cycles:1,842,408/sec
    17,470,203/sec
    Context switches:27/sec
    284/sec
    Memory
    Private memory:7.8 MB
    21.59 MB
    Private (maximum):12.12 MB
    Private (minimum):9.09 MB
    Non-paged memory:7.8 MB
    21.59 MB
    Virtual memory:86.74 MB
    140.96 MB
    Virtual memory (peak):88.58 MB
    169.69 MB
    Working set:7 MB
    18.61 MB
    Working set (peak):10 MB
    37.95 MB
    Page faults:3,723/min
    2,039/min
    I/O
    I/O read transfer:7.67 KB/sec
    1.02 MB/min
    I/O read operations:5/sec
    343/min
    I/O write transfer:513.87 KB/sec
    274.99 KB/min
    I/O write operations:50/sec
    227/min
    I/O other transfer:1.92 KB/sec
    448.09 KB/min
    I/O other operations:106/sec
    1,671/min
    Resource allocations
    Threads:7
    12
    Handles:162
    600
    GUI GDI count:18
    103
    GUI GDI peak:20
    142
    GUI USER count:14
    49
    GUI USER peak:20
    71

    BehaviorsProcess properties

    Integrety level:Medium
    Platform:64-bit
    Command lines:
    • "C:\Windows\System32\rundll32.exe" spirune.dll,rundllentry
    • "C:\Windows\System32\rundll32.exe" p17rune.dll,rundllentry
    • "C:\Windows\System32\rundll32.exe" cmicnfg3.cpl,cmictrlwnd
    • rundll32.exe "C:\users\public\fundata\visitor.dll" startup
    • "C:\Windows\System32\rundll32.exe" toolkit.dll,widgethost 13625637532356
    • "rundll32.exe" "C:\Program Files\mcafee\siteadvisor\sahook.dll" sahooker_initialize_and_wait
    Owner:User
    Parent processes:

    ResourcesThreads

    Averages
     
    rundll32.exe (main module)
    Total CPU:0.02644044%
    0.272967%
    Kernel CPU:0.00897732%
    0.107585%
    User CPU:0.01746312%
    0.165382%
    CPU cycles:747,948/sec
    5,741,424/sec
    Context switches:2/sec
    79/sec
    Memory:56 KB
    1.16 MB
    ntdll.dll
    Total CPU:0.00008218%
    Kernel CPU:0.00000000%
    User CPU:0.00008218%
    CPU cycles:209/sec
    Memory:1.23 MB

    Common loaded modules

    These are modules that are typiclaly loaded within the context of this process.

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Windows 7 Ultimate 36.50%
    Windows 7 Home Premium 25.00%
    Windows Vista™ Home Premium 9.00%
    Windows Vista Ultimate 7.00%
    Windows Vista Home Premium 4.50%
    Windows 7 Professional 3.00%
    Microsoft Windows 7 Professional 2.50%
    Windows 8.1 2.00%
    Windows 8 Pro 2.00%
    Windows Vista Home Basic 1.50%
    Windows 8 1.50%
    Windows 8.1 Pro 1.00%
    Windows 7 Home Basic 1.00%
    Windows 7 Starter 1.00%
    Windows 8 Single Language 0.50%
    Windows 8 Enterprise 0.50%
    Windows 8 Pro with Media Center 0.50%
    Windows 7 Home Premium N 0.50%
    Windows Server 2008 Standard 0.50%

    Distribution by countryDistribution by country

    United States installs about 50.56% of Windows host process (Rundll32).

    OEM distributionDistribution by PC manufacturer

    PC Manufacturerdistribution
    Hewlett-Packard 21.36%
    Acer 18.45%
    Toshiba 13.59%
    Dell 13.59%
    Sony 9.71%
    Lenovo 9.71%
    Alienware 4.85%
    GIGABYTE 4.85%
    ASUS 1.94%
    Gateway 1.94%
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE