Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 0.64%
6.3.9600.16384 (winblue_rtm.130821-1623) 0.32%
6.2.9200.16384 (win8_rtm.120725-1247) 0.48%
6.2.9200.16384 (win8_rtm.120725-1247) 2.24%
6.1.7600.16385 (win7_rtm.090713-1255) 20.29%
6.1.7600.16385 (win7_rtm.090713-1255) 28.91%
6.1.7600.16385 (win7_rtm.090713-1255) 0.16%
6.0.6000.16386 (vista_rtm.061101-2205) 6.87%
6.0.6000.16386 (vista_rtm.061101-2205) 3.51%
5.2.3790.3959 (srv03_sp2_rtm.070216-1710) 0.16%
5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 0.16%
5.1.2600.5512 (xpsp.080413-2105) 27.32%
5.1.2600.5512 (xpsp.080413-2105) 0.16%
5.1.2600.5512 (xpsp.080413-2105) 0.16%
5.1.2600.3311 (xpsp.080212-0004) 0.16%
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) 8.47%

Relationships

PE structurePE file structure
Show functions
Import table
api-ms-win-core-path-l1-1-0.dll
PathCchAppend
imagehlp.dll
ImageDirectoryEntryToData
kernel32.dll
ExitProcess, GetCommandLineW, EncodePointer, GetNativeSystemInfo, SetFilePointer, SetErrorMode, FreeLibrary, CreateProcessW, LoadLibraryExW, GetCurrentProcess, SetProcessDEPPolicy, WaitForSingleObject, SetEvent, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, GetSystemDirectoryW, WideCharToMultiByte, FormatMessageW, ReadFile, CreateFileW, ReleaseSRWLockShared, Wow64EnableWow64FsRedirection, GetLastError, GetProcAddress, LocalAlloc, IsWow64Process, CreateEventW, DecodePointer, HeapSetInformation, AcquireSRWLockShared, GetCurrentThreadId, CloseHandle, LocalFree, SetUnhandledExceptionFilter, GetStartupInfoW, InterlockedCompareExchange, InterlockedExchange, Sleep, QueryPerformanceCounter, GetCurrentProcessId, GetModuleHandleA, GetSystemTimeAsFileTime, GetTickCount, UnhandledExceptionFilter, TerminateProcess, QueryActCtxW, SearchPathW, SetSearchPathMode, GetModuleHandleW, CreateActCtxW, ActivateActCtx, ResolveDelayLoadedAPI, DelayLoadFailureHook, ReleaseActCtx, GetFileAttributesW, DeactivateActCtx, CompareStringW, lstrlenA, lstrlenW, LoadLibraryW, LoadLibraryA, LoadLibraryExA
msvcrt.dll
DllMain
ntdll.dll
NtOpenProcessToken, NtQueryInformationToken, NtSetInformationToken, NtClose, RtlNtStatusToDosError, RtlImageNtHeader, NtSetInformationProcess
shlwapi.dll
PathIsRelativeW, SHSetThreadRef
user32.dll
CreateWindowExW, SetWindowLongW, GetClassNameW, SetClassLongW, RegisterClassW, LoadIconW, GetClassLongW, DestroyWindow, GetMessageW, DefWindowProcW, GetWindow, CharNextW, GetWindowLongW, LoadCursorW, TranslateMessage, LoadStringW, PostThreadMessageW, MessageBoxW, DispatchMessageW

rundll32.exe

Windows host process (Rundll32) by Microsoft

Remove rundll32.exe
Version:   5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
MD5:   da285490bbd8a1d0ce6623577d5ba1ff
SHA1:   c466b4f4c2600fd62fbe943d8049afd0f6606f48
SHA256:   a46e1537ae3f1752822d72c6c0870fed8afee396c6c1bacc3ea781decd5dcddc
This is a Windows system installed file with Windows File Protection (WFP) enabled.

Overview

rundll32.exe executes as a process with the local user's privileges. It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). It configures an autoplay handler withing explorer.exe named MSPhotoAcqHWEventHandler that will launch the program automatically. It is installed with a couple of know programs including ASUS Security Protect Manager published by ASUS, Micro Video Capture 7.0.0.980 from MicroVideo Software Corp. and Micro Video Capture 7.0.0.980 by MicroVideo Software Corp.. This version is installed on Windows XP.

DetailsDetails

File name:rundll32.exe
Publisher:Microsoft Corporation
Product name:Windows host process (Rundll32)
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\rundll32.exe
Original name:RUNDLL32.EXE.MUI
File version:5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product version:5.1.2600.2180
Size:32.5 KB (33,280 bytes)
Digital DNA
PE subsystem:Windows GUI
Entropy:6.056689
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

ResourcesPrograms

The following programs will install this file
ASUS Security Protect Manager
 ASUS
3% remove
ASUS Security Protect Manager increases system security through the use of Multifactor AuthenticationPolicy. A system administrator can assign multifactor authentication policies to other users and adminis-trators. Multifactor authentication policies define authentication methods and credentials that are requiredto log on to the system and ASUS Security Protect Manager. Authentication methods include password,TPM password, fingerprint, ...
Crystal Reports ActiveX
 City of San Jose
1% remove
Mail Merge Toolkit
 MAPILab Ltd.
5% remove
Mail Merge Toolkit is a powerful add-in for Microsoft Office 2002 (XP), 2003, 2007, 2010 and 2013 designed to extend the mail merging capabilities in Microsoft Outlook, Microsoft Word and Microsoft Publisher. Allows you to insert data fields into subject fields, add attachments, send emails in GIF, HTML, RTF and text formats. When sending GIF messages from MS Publisher, HTML-links can be assigned for image areas (image map technology). ...
Micro Video Capture
 MicroVideo Software Corp.
7% remove
With Micro Video Capture, you can record video and image from webcam, TV tuner card, digital camera and other capture devices in real time, and all captured video files can be saved as AVI format by using any compression codec. What's more, it enables you to set each capture device's properties, preview recorded files, add water mark or texts on your captured file, and even watch TV program if there's a TV tuner installed. Micro Video C...

BehaviorsBehaviors

Autoplay handlers
Runs under the registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers'
  • Handler name 'WinampMTPHandler'
  • Handler name 'PStarterVideoFilesArrival'
  • Handler name 'PStarterPicturesArrival'
  • Handler name 'PStarterMusicFilesArrival'
  • Handler name 'PStarterMixedCDArrival'
  • Handler name 'PStarterDVDBurningOnArrival'
  • Handler name 'PStarterBlankCDArrival'
  • Handler name 'Power2GoPlayCDAudioOnArrival'
  • Handler name 'PDirDVArrival'
  • Handler name 'P2GDVDBurningOnArrival'
  • Handler name 'P2GCDBurningOnArrival'
  • Handler name 'muveeVideoOnArrival'
  • Handler name 'muveeVideoCameraArrivalCaptureWizard'
  • Handler name 'MSShowPicturesOnArrival'
  • Handler name 'MSSHAudioDevHandler'
  • Handler name 'MSRipCDAudioOnArrival'
  • Handler name 'MediaCapture9VideoCamera'
  • Handler name 'MSSdRunBackup'
  • Handler name 'MSSdConfigBackup'
  • Handler name 'MSPromptEachTimeNoContent'
  • Handler name 'MSPromptEachTime'
  • Handler name 'MSPhotoAcqHWEventHandler'
Approved shell extensions
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
  • CLSID: {9D687A4C-1404-41ef-A089-883B6FBECDE6}
Scheduled tasks
  • The job 'MyTurboPC.com Registration3' runs daily in the path '\MyTurboPC.com Registration3'
  • The job 'EasyShare Registration Task' runs daily in the path '\EasyShare Registration Task'
  • The task 'PC Utility Kit Registration3' runs daily in the path '\PC Utility Kit Registration3'
  • The task 'PC Unleashed Online Registration3' runs daily in the path '\PC Unleashed Online Registration3'
  • The task 'SparkTrust Registration3' runs daily in the path '\SparkTrust Registration3'
  • The job 'ParetoLogic Registration' runs daily in the path '\ParetoLogic Registration'
  • The task 'SpeedMaxPc Registration3' runs daily in the path '\SpeedMaxPc Registration3'
  • The job 'ParetoLogic Registration3' runs daily in the path '\ParetoLogic Registration3'
  • The task 'SpeedyPC Registration3' runs daily in the path '\SpeedyPC Registration3'
  • Entry path '\{DF592278-9ED5-4925-9117-7AD619F1AAA8}'
  • Entry path '\{D6488D52-E069-4A39-816E-D1598D5449A4}'
  • Entry path '\{C8536D19-006C-4D7C-B8C4-5A4B5160C5ED}'
  • Entry path '\{BBA662F7-038F-467B-8873-EB604B5242A2}'
  • Entry path '\{B86A1F70-22DB-44E2-850A-04DB8130A83A}'
  • Entry path '\{A9F6F357-C7F2-493B-9CA6-BA8096AAF4DF}'
  • Entry path '\{8A560E02-3FEE-4E3F-BD2F-E30E081ACB04}'
  • Entry path '\{898C3889-ACDA-439E-91B0-36187A01B19B}'
  • Entry path '\{0FF765F0-1DE5-461B-9F9B-936450ABA203}'
  • Entry path '\{0420CBAC-4E40-4938-9955-4C7C8595BC42}'
  • Entry path '\{00BAB955-E3A4-40EE-A715-E595C89513B0}'
  • Entry path '\EasyShare Registration Task'
  • Entry path '\MyTurboPC.com Registration3'
Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'uprkr' → rundll32.exe ",RetrieveKey
User start menu folder
Shortcut pointer placed in '%appdata%\Microsoft\Windows\Start Menu'
  • Shortcut to 'rundll32.exe'
  • Shortcut to 'lsass.exe'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'CTMasterOnOffMonitor' → Rundll32.exe CTMWatch.dll StartCTMasterOnOffWatch

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 36.50%
Windows 7 Home Premium 25.00%
Windows Vista™ Home Premium 9.00%
Windows Vista Ultimate 7.00%
Windows Vista Home Premium 4.50%
Windows 7 Professional 3.00%
Microsoft Windows 7 Professional 2.50%
Windows 8.1 2.00%
Windows 8 Pro 2.00%
Windows Vista Home Basic 1.50%
Windows 8 1.50%
Windows 8.1 Pro 1.00%
Windows 7 Home Basic 1.00%
Windows 7 Starter 1.00%
Windows 8 Single Language 0.50%
Windows 8 Enterprise 0.50%
Windows 8 Pro with Media Center 0.50%
Windows 7 Home Premium N 0.50%
Windows Server 2008 Standard 0.50%

Distribution by countryDistribution by country

United States installs about 50.56% of Windows host process (Rundll32).

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 21.36%
Acer 18.45%
Toshiba 13.59%
Dell 13.59%
Sony 9.71%
Lenovo 9.71%
Alienware 4.85%
GIGABYTE 4.85%
ASUS 1.94%
Gateway 1.94%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE