P
Pick
I am running WinXP Home SP2. I have 2 problems that I need help with.
PROBLEM 1
A Rundll32.exe starts and appears to:
1) create a random filename.dll in C:\Win\System32.
2) create guard.tmp in C:\Win\System32.
3) add filename.dll to HKLM\software\microsoft\currentversion\shell
extensions\approved
4) add guard.tmp to HKLM\software\microsoft\currentversion\shell
extensions\approved
I ran Norton AV 2005, Spybot S&D, Giant Spyware, and HijackThis!.
None of these Apps resolved this problem.
I manually removed the reg entries and files, but the Rundll32.exe
recreates them.
I tried these steps in Normal & Safe modes, but the Rundll32.exe always
runs.
I want to know how the Rundll32.exe is getting started.
Is there a process for tracing calls to Rundll32.exe?
This leads me to:
PROBLEM 2
I want to run SysInternals Process Explorer. Each time I start it I get
a message "Process Explorer requires Debug Privileges". This happens
with several other utilities also.
I have 2 ID's, Administrator and Owner, and both are in the
Administrator group.
Why are Debug privileges not assigned to Administrator and Owner?
Is this a result of implementing XP SP2?
Is this a result of implementing .Net?
Is this a result of this Rundll32.exe?
Any help will be appreciated.
Thanks
PROBLEM 1
A Rundll32.exe starts and appears to:
1) create a random filename.dll in C:\Win\System32.
2) create guard.tmp in C:\Win\System32.
3) add filename.dll to HKLM\software\microsoft\currentversion\shell
extensions\approved
4) add guard.tmp to HKLM\software\microsoft\currentversion\shell
extensions\approved
I ran Norton AV 2005, Spybot S&D, Giant Spyware, and HijackThis!.
None of these Apps resolved this problem.
I manually removed the reg entries and files, but the Rundll32.exe
recreates them.
I tried these steps in Normal & Safe modes, but the Rundll32.exe always
runs.
I want to know how the Rundll32.exe is getting started.
Is there a process for tracing calls to Rundll32.exe?
This leads me to:
PROBLEM 2
I want to run SysInternals Process Explorer. Each time I start it I get
a message "Process Explorer requires Debug Privileges". This happens
with several other utilities also.
I have 2 ID's, Administrator and Owner, and both are in the
Administrator group.
Why are Debug privileges not assigned to Administrator and Owner?
Is this a result of implementing XP SP2?
Is this a result of implementing .Net?
Is this a result of this Rundll32.exe?
Any help will be appreciated.
Thanks