"rundll32.exe" Process on Windows 7

Q

What is the "rundll32.exe" process on windows 7? Is the "rundll32.exe" process a virus? Can I terminate the "rundll32.exe" process?

✍: FYIcenter.com

A

"rundll32.exe" process represents "Windows host process (Rundll32)" program.

"rundll32.exe" process is normally running under the parent process "explorer" as shown in the process tree below:

Boot
   explorer
      rundll32

On the Processes tab of "Task Manager", "rundll32.exe" process may be listed multiple times, because Windows system uses it to run multipe DLL programs repeatedly.

Image Name                 Memory   Description
--------------------   ----------   -----------
rundll32.exe              4,752 K   Windows host process (Rundll32)
rundll32.exe                684 K   Windows host process (Rundll32)
...

Additional information about "rundll32.exe" process:

Command line:
   C:\windows\system32\rundll32.exe 
   "C:\Program Files\LENOVO\HOTKEY\hotkey.dll",InstallAudioHotkeyHook

Programe file information:
   Name: rundll32.exe
   Location: C:\windows\system32\rundll32.exe
   Description: Windows host process (Rundll32)
   Version: 6.1.7600.16385 (win7_rtm.090713-1255)
   Size: 45568 bytes
   Last modified: 7/13/2009 9:39:31 PM
   Company Name: Microsoft Corporation
   
Some data files used:
C:\Windows\System32
C:\Windows\System32\en-US\rundll32.exe.mui
C:\Windows\System32
C:\Windows\System32\en-US\rundll32.exe.mui
C:\Windows\System32\en-US\setupapi.dll.mui

Some registry keys used:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER
HKLM\SYSTEM\ControlSet001\services\crypt32
HKU\.DEFAULT\Control Panel\International
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER

Some DLL libraries used:
C:\windows\SYSTEM32\ntdll.dll
C:\windows\system32\kernel32.dll
C:\windows\system32\KERNELBASE.dll
C:\windows\system32\USER32.dll
C:\windows\system32\GDI32.dll
C:\windows\system32\LPK.dll
C:\windows\system32\USP10.dll
C:\windows\system32\msvcrt.dll
C:\windows\system32\imagehlp.dll
C:\windows\system32\ADVAPI32.dll

"rundll32.exe" process is not a virus. You should not terminate "rundll32.exe" process.

 

"TpShocks.exe" Process on Windows 7

"igfxHK.exe" Process on Windows 7

System Processes on Windows 7

⇑⇑ Windows 7 Processes Tutorials

2016-12-21, 3214🔥, 0💬