MainDoctor WhoMusicSoftware
Main Page

Alden Bates' Weblog

Feigning normality since 1973

I have a strange thing

in my Windows temporary directory, there is a file named cmdlineext02.dll, which is registered with Windows as "CmdLineExt 1.0 Type Library"

I've deleted it a couple of times in the past, and it keeps coming back.

The temporary directory seems to be a rather odd place to install *anything*, let alone a dll.

Oh well

Current Mood: confused

Posted February 23, 2003 10:01 PM
in Computers


This file appears to be "installed" by Unreal Tournament 2003. Deleting it leaves a dangling reference in the registry, however UT2K3 just recreates it next time you play...

Posted by: abates | October 22nd, 2003 - 03:12 am

Nope, I can catagorically confirm it is not related to Unreal Tournament 2003!!!

btw it is not recreated by running UT2k3, it's recreated when you reboot!

Posted by: (Anonymous) | November 19th, 2003 - 03:45 am

sounds like here's one of the little hackers now

I know this thread is stale, but I'm really surprised there aren't more hits on google for this problem.

I had this, and it must be really frickin' sneaky... I had HIGH internet security in IE 6, NO cookies, Mcafee ASAP Viruscan, and XP ICF Firewall enabled, AND I was TOTALLY Patched

McAfee saw it, but couldn't stop it, and right after I got it it tried to download two different back doors, one being download KL and I forget what the other was now, which mcafee DID stop, but no matter what I did I couldn't keep the cmdlineext02.dll from coming back, I unregistered it with windows, deleted all the reg keys, emptied recycle bin. I even deleted all those folders in the temp internet folder they say you're not supposed to delete, and it kept coming back.

Luckily I don't keep a lot of data on that computer, so it wasn't a huge deal to reinstall XP, except for you have to do a total reformat. After the first (overwrite) install it was back. AFter a reformat, all seems well, the worst part was downloading the service pack and patches! Security patches that obviously don't do a fricken' thing, I might add.

It sounds like this little toad knows all about it. Let's Kill Him!

Posted by: (Anonymous) | June 13th, 2004 - 08:00 am

Erugh, that sounds sucky. I'm glad it hasn't come back for me (though I've reinstalled Windows twice since then anyway...)

Posted by: abates | June 13th, 2004 - 01:47 pm

I just had this too, had IE6 set to High Security and all that. Not sure when or how it got on there. I routinely clean my windows\temp folder, and there was this one file I couldn't delete, CmdLineExt03.dll. I had to boot from a floppy to delete it, Safe Mode didn't do it. I ran every virus and adware scanner and nothing turned up.

Posted by: Dave <> | June 25th, 2004 - 06:17 pm


I just discovered the same thing on my pc. I have up to date Mcafee virus software and it does not have a problem with anything. When I figure this one out I will let you know.

Posted by: Mike B. | October 30th, 2003 - 08:41 pm

Hi guys

Thought I'd share a post I just found:

Posted by: mtrea

My son's computer had cmdlineext02.dll as a running task, too. It had been created at the same time as a Warcraft III map download named something like 'Azotil'. (I deleted it and can't remember exact name.) It had been installed for two days, complete with registry changes, and the machine had been crashy of late. I don't see why a Warcraft file should run constantly in the background. I could find no info on the internet with a search which also leads me to believe this is not a valid program. My son has gotten trojans several times because of the number of multiplayer games he plays. I would suggest doing some online scans for trojans and viruses.

I'mm 99.5% sure this cmdlineext02.dll file is a spyware/adware component surreptitiously co-installed along with other geniuine software - maybe for example packaged into a ut2k3 download such as a map from a website. Just a guess, but I'd guess it is linked to the PurityScan adware - search on pscan.exe - it's an evolving adware that self-updates and installs an ever-changing list of files, so cmdlineext02.dll might not yet be known by virus scanners. Course it could be something else entirely!

Posted by: (Anonymous) | June 13th, 2004 - 08:00 am

Me too!

I came across this post while searching for "CmdLineExt02.dll" to try to find out what exactly it was and why it's in my Temp directory... well, no luck with a Google search but I noticed this appeared around about the same time I installed a piece of ad-ware called "PurityScan" (it came along with another app).

PurityScan is one seriously dodgy piece of software, and though I have a hardware intrusion detector, software firwall *and* virus scanner it still managed to install files all over the place. I followed the removal instructions from Symantec's website but was still left with a few 'unexplained' mysterious files like one called aulo.exe and this cmdlineext02.dll which I just noticed today. Safest thing to do is to remove it and keep it zipped for a few days - if you notice no problems with your other software then we can safely bin it.

The reason it keeps coming back is that there are 4 registry entries relating to it:

[HKEY_CLASSES_ROOT\CLSID\ {9869EFB4-18E9-11D3-A837-00104B9E30B5}\InprocServer32]

[HKEY_CLASSES_ROOT\TypeLib\ {9869EFA6-18E9-11D3-A837-00104B9E30B5}\1.0\0\win32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {9869EFB4-18E9-11D3-A837-00104B9E30B5}\InprocServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\ {9869EFA6-18E9-11D3-A837-00104B9E30B5}\1.0\0\win32]

Backup, then delete, these too! Of course somewhere there'll be the file that it reinstalls from, but I don't know where.... yet!

Posted by: (Anonymous) | November 19th, 2003 - 03:41 am

Hmm, thanks, I'm going to do some more investigation and see if I can determine exactly where on my system it's being reinstalled from.

Posted by: abates | November 19th, 2003 - 11:37 am

Same Problem - All game EXE files gone

I have recently found CmdlineExt02.dll within my TEMP directory. Don't know if this is what is causing my gaming problem. As wierd as it sounds, all of my game EXE files have disappeard, and now I'm left with a bunch of ICONs that have no where to link from. So far no virus scanner has helped. Please let me know if anybody else has this same problem or has found a fix

Posted by: Maurice | November 29th, 2003 - 07:45 pm

this morning i turned on my computer and zone alarm asked if tb_setup can access the internet. so my investigation started about 20 mins ago...i think it is related to this CmdLineExt02.dll but is still to early to tell. i probably wont stumble upon this site again so i'll leave you with what i know.

see if you have tb_setup in your local settings\[user]\temp directory.
tb_setup creates HKLM software\microsoft\windows\current version\run in you registry. i have also discovered tb_setup creates a .dll as well and I believe CmdLineExt02.dll is the .dll my source information was talking about. remove tb_setup.dll the key above, the keys the previous poster specified and reboot. see if the keys are in place and search for the CmdLineExt02.dll is on your system.

Posted by: (Anonymous) | November 30th, 2003 - 08:02 am

I have run into this a few times and I'm poking into it. I believe that it's a fairly invasive bit of anti-piracy software designed to ensure cd copy protection. It's very dodgy (for instance, it will repeatedly crash numerous games, Homeworld 2 being the example that currently springs to mind).

I'm going to stub this out with my own DLL and see what happens.

Posted by: ouroborous | December 6th, 2003 - 10:46 pm

I haven't had the DLL pop up again recently, so I haven't been able to track down where it's coming from. Good luck!

Posted by: abates | December 6th, 2003 - 11:25 pm

It's SecureROM, probably version 2.0. Especially if you have a CDROM/DVDROM burner, it seems to throw fits. There's no real solution except to crack your game to not use SecureROM anymore.

Gotta love copy protection. It doesn't even slow the pirates down, but it causes major headaches for the law-abiding users... *sigh*

At least it wasn't a virus (actually, that's debatable...)

Posted by: ouroborous | December 6th, 2003 - 11:34 pm

Get rid of %TEMP%\CmdLineExt02.dll

I, too, noticed the strange mysterious file today. To get rid of it: regsvr32 /u CmdLineExt02.dll This gets rid of it cleanly, as it seems, from the registry. Manual removal from the filesystem is required, though. .014

Posted by: (Anonymous) | January 8th, 2004 - 05:25 pm


I know for a fact that this file is related to UT2003...

It has the same creation date as the v2225 update so I believe that this latest update places this spyware into the machine.

Haven't had a chance to remove it, but I bet it comes back whenever I start UT2003!!!

Posted by: (Anonymous) | January 14th, 2004 - 12:15 pm

I thought so too, but I've played UT2K3 several times recently, and the file hasn't come back... There's probably something you have to do in the game which results in the file being installed...

Posted by: abates | January 16th, 2004 - 08:09 pm

When you use an exe crack or keygen, some are installing this dll, and their dimension and content proves that (over 43250 bytes, for the last version 03.dll

Posted by: (Anonymous) | January 20th, 2004 - 04:49 am

hmm, I'm not using an exe crack or keygen to my knowledge.

Posted by: abates | January 20th, 2004 - 11:47 am


You have this dll installed when using a crack or keygen in exe format.
The dimension of the exe shows it contain at least the 43250 bytes of the dll.

Posted by: (Anonymous) | January 20th, 2004 - 04:34 am


Looks like they have upgraded the CD-ROM copy protection. I just bought with real $$$ GTA Vice city and I can confrim that CmdLineExt02.dll is from GtaVice City.

I deleted the dll's and ran Vice City and sure enough they came back. You can tell which program is using it when you run a game you will notice a spinning CD ROM animated currsor with a small trangle in the upper left hand corner.

Soloution to this is to not buy software use cracked copies. However expect even stranger things to be running on your machine. Better to buy the product then you can sue them for spyware if found

Along with CmdLineExt02.dll are SIntfIcn.ani ( the ani cursor), SIntf16.dll, SIntf32.dll and SIntfNT.dll

Posted by: (Anonymous) | January 24th, 2004 - 10:03 pm

I discovered the CmdLineExt02.dll today and was wondering where the *** that registered dll came from. BTW I was able to deregister and delete it successfully. The source was ROLLER COASTER TYCOON 2 my youngest got for Christmas. I had tried to copy th CD to HD with VirtualCD and run it from there. It didn't work as it couldn't read the last sector.

After deleting the CmdLineExt02.dll today I tried it again, and voila CmdLineExt01.dll (01??) and SIntfIcn.ani appeared in TEMP after the copy process.

The hot tip was the CDROM with the triangle - at least no more mystery.

Posted by: (Anonymous) | January 28th, 2004 - 02:20 pm

I think your right about the GTA Vice City, just a hunch, but I have it too and it certainly does some crazy stuff to validate the play CD (from a bit for bit copy)

Posted by: (Anonymous) | May 9th, 2004 - 12:36 pm

The Simpsons Hit & Run, creates CmdLineExt03.dll

seams similar to what iv been reading here.

Posted by: (Anonymous) | February 2nd, 2004 - 03:20 am

~ Legit?

Has anyone seen this: ?

Posted by: (Anonymous) | February 25th, 2004 - 01:37 pm

Hard to say whether it's relevant or not... Could just have been a coincidence in the naming...

Posted by: abates | February 25th, 2004 - 02:54 pm

just get adaware 6.0 freeware or trial.

that will solve your problems.
the most recent update catches it as spyware.
maybe there are different versions of the file that are being seruptitiously installed by update 'circulators' so it is often not a geniune package from the software company but a 3rd party download that might be changing legit copies of the dll?

Posted by: (Anonymous) | March 6th, 2004 - 05:37 pm

I have both adaware and spybot, but neither have picked up any spyware...

Posted by: abates | March 6th, 2004 - 07:56 pm


i got that also after installing unrealtournament2003 and yes i used a key generator. i got rid of it by deleting the registry entries and it didnt come back. but the joke is that there's another one called cmdlineext03.dll i scan my pc with pestpatrol and spybot. none of them detect it as spyware but it still annoys me to have those files on my comp. i opened it with wordpad ,the only thing readable is this (Compressed by Petite (c)1999 Ian Luck.) when i scan the file with pestpatrol it says its related to those files:kernel32.dll, user32.dll, advapi32.dll, shell32.dll, ole32.dll, oleaut32.dll. if anybody knows i'de like to know what this does. i will delete this file the same way i deleted the first one and see what happens. this file is in the windows\system folder. i hope i can reboot!

Posted by: (Anonymous) | March 10th, 2004 - 08:45 pm

I have found this file on many computers that I have worked on. It appears to be part of a new driver based anti-piracy program. That is all I have on it so far. After I take it appart and it's other components (SIntf16.dll, SIntf32.dll, SIntfNT.dll that I have found so far.) I should have more info for ya.


Posted by: GM | August 21st, 2004 - 06:19 pm

re I found it in my temp

I jsut decided to clean out my Temp file and this is the only file that wouldn't delete. After reading this whole thread I was inspired to open this file up in wordpad.. I was able to get much more readable text(in order):

This program cannot be run in DOS mode.

Compressed by Petite (c)1999 Ian Luck.

  CmdLineExt.CmdLineContextMenu.1 = s 'CmdLineContextMenu Class'
    CLSID = s '{9869EFB4-18E9-11D3-A837-00104B9E30B5}'
  CmdLineExt.CmdLineContextMenu = s 'CmdLineContextMenu Class'
    CLSID = s '{9869EFB4-18E9-11D3-A837-00104B9E30B5}'
    CurVer = s 'CmdLineExt.CmdLineContextMenu.1'
  NoRemove CLSID
    ForceRemove {9869EFB4-18E9-11D3-A837-00104B9E30B5} = s 'CmdLineContextMenu Class'
      ProgID = s 'CmdLineExt.CmdLineContextMenu.1'
      VersionIndependentProgID = s 'CmdLineExt.CmdLineContextMenu'
      InprocServer32 = s '%MODULE%'
        val ThreadingModel = s 'Apartment'
      'TypeLib' = s '{9869EFA6-18E9-11D3-A837-00104B9E30B5}'

Does this tickle anyone funny? I think it has to be wouldnt keep an important file running in a temp dir.

Posted by: cutty201 | March 6th, 2004 - 07:56 pm


I picked up a virus over the weekend that was initiating a keylogger, capturing my families userids and passwords and sending them to an IM account. CmdLineExt03.dll was in my son's "\\Documents and Settings\[login id]\Local Settings\Temp" directory and was being used to launch the CmdLineExt DLL. I have found a reference to the CmdLineExt.dll on CodeGuru and am convinced some less than reputable individual has hijacked good code for bad purposes. Also after reading this thread of posts I found the folowing at McAfee on how to use VirusShield to help combat this type of spyware/virus.

Check out the following links.

Posted by: (Anonymous) | April 5th, 2004 - 07:49 am


I found that dll in my temporary directory. Don't know what it is, but I delete all registry key and then i've been able to delete the file

Hope i will help.

Posted by: (Anonymous) | April 19th, 2004 - 03:51 pm


Yea i have this CmdLineExt02.dll file and also my browser's homepage is set to C:\mysearch.html in wich i deleated that file and now my browser no longer works. I have a program called HijackThis and SpyBot S&D and nither are able to get rid of it. everything i deleat keeps coming back. i would like to konw where the room file is that keeps installing this. i even deleated it while my modem was turned off so it would download it again. didnt work. but my windows media player doesnt open either i dont know if its related but it happened at the same time.

Posted by: (Anonymous) | May 10th, 2004 - 12:10 am

Have you tried adaware? It's quite good - I use it. :)

Posted by: abates | May 10th, 2004 - 02:49 am

Guess what?

While doing some cleanup I found both CmdLineExt02.dll and CmdLineExt03.dll in my temp folder, and the 03 one just refused to be deleted. Several googles later, on several variations of the CmdLineExt theme, it seems that, vagueness and differences of opinion not withstanding, this page has the best information on the subject.

To add my own two cents worth of experience, the CmdLineExt03.dll was also in my system32 folder although it had a different time stamp and was roughly 3K larger than the one in temp.

The command line "regsvr32 /u cmdlineext03.dll" did remove the all registry entries containing the string "cmdlineext" and made it possible for me to rename the file (just in case it turns out that I need to put it back).

Posted by: mj987 | May 24th, 2004 - 07:18 pm

this page has the best information on the subject.

Heh, for a long time it was the number 1 hit on Google... :)

I don't think the file's ever come back on my system, after the last time I deleted it, so hopefully it's gone for good.

Posted by: abates | May 24th, 2004 - 07:58 pm

just in case you cant delete it use this

This worked fine for me to delete the file but it was nowhere else on my system. Wasn't in my registry or windows\system32. I may have got to it early.

Posted by: rainspherebomb | June 20th, 2004 - 09:51 pm


I found the cmdlineext03.dll in my windows\system32 directory. So this file is most likely to be realted to cracked games? I still can't seem to delete it even after regsvr32.

Posted by: s0nlxaftrsh0ck | June 23rd, 2004 - 01:21 am

02 and 03 may well be different dlls... It's hard to say.

Posted by: abates | June 23rd, 2004 - 04:38 am

I also found this DLL in my /Temp/ folder. I probably got it from installing GTA: Vice City. After unregistering the DLL, I simply killed explorer.exe and was able to remove it.

Posted by: (Anonymous) | June 28th, 2004 - 03:27 am


I get this file with Nascar Racing 2003 PC game. I believe the previous threads about copyright protection on good citizens who buy the retail version.

Posted by: (Anonymous) | July 3rd, 2004 - 04:05 am


I have a very clean system (Adaware, Spybot, full Norton Internet Security, etc...), and on July 4 (happy independance day) noticed the 03.dll variant of this damn thing in my private /temp dir.

Don't know what it is for sure, but it does not belong on my PC. Have not installed anything from CD lately, but after doing some file date backtracking I noticed that the occurance of this thing correlated with the download/installation of Peck's Power Join from some Web site that I don't remember. Hmmmmmm..............

I also saw a .dat file in the same area as the .dll; makes me think this is collecting data, because as soon as I was able to remove the .dll, the .dat file disappeared by itself (previously both could not be deleted).

Removal for me was easy; delete the extra copy from windows/system32 first, search the registry for "cmdlineext", paying attention to the "cmdlineext03" entries (at least in my case)", and delete the *whole* "{-hexdata-}" top-level tree entry, not just the lowest level one matching the registry search. Now, your situation may vary, so backup your registry before proceeding, then kill the bad registry backup if (when) you successfully get rid of this thing(!).

After the registry entries were gone, I could delete the ...03.dll & .dat file from my ../Documnts and Settings/../LocalSettings/temp area.

Posted by: (Anonymous) | July 5th, 2004 - 03:14 am

All this stuff is belonging to a copy protection (sony software driven copy protection). you can find more info about this here:

It uses the cmdlineext02.dll (so i guess it uses the cmdlineext03.dll too in newer versions). hope this info will let you sleep well now as you don`t have to worry anymore about a virus or trojan :)

I found the cmdlineext03.dll everytime i started Spellforce so its just the copy protection... no less no more ;)

Posted by: (Anonymous) | July 7th, 2004 - 02:08 pm

Copy Protection

I use Daemon tools, a software based 'cd/dvd drive emulator'. I too found this file in my temp drive. Searched the net, found this page. Read it. Saw that its most likely copy-protection based. I tried renaming it, wouldn't let me. Remembered that Daemon tools has some features to attempt to stop some protections. Exited the Daemon tools system tray application, tried renaming the file again. It worked.

So, the file -does- seem to be related to Copy protection.

Posted by: (Anonymous) | July 11th, 2004 - 07:26 pm

got it with Diablo 2 update

I bought Diablo 2 bundle (main game+extension) for about $10 a little more than one year ago (legit copy from a legit shop, no crack, no keygen program) and I saw those four files appearing once I started to play online on BattleNet.

Diablo 2 upgraded itself to version 1.09 or 1.10 and each time I started the game, those files come back.

I think they are generic programmer tools, used by Blizzard in this case. In itself they are not spyware, but can be used and abused by any asshole around here, too.

Posted by: (Anonymous) | July 19th, 2004 - 01:14 am

cmdlineext02.dll came back finally, and I'm pretty sure it was Roller Coaster Tycoon this time. I installed RCT2 a few weeks ago and it has a CD check system on it.

Why this file is installed in the temporary directory is still a mystery, since the DLL is reference from the Windows registry (implying it should be permanent) whereas the temporary directory may be purged now and then.

Posted by: abates | August 1st, 2004 - 03:15 pm

iv'e read everithing from the first post and id have to say i agree wit those guys who say its copy protection ive been pretty cautious with this computer and never before found to have this DLL, Until a few days ago when i bought Condition Zero and after installing BAM! ther it was AND im pretty sure its not spyware But if it turned out to be $&!! im suin! P>S tanks 4 da 411

Posted by: (Anonymous) | August 16th, 2004 - 02:16 pm


I also picked this up. This is because my virus checker (AVG, as it happens) keeps finding an executable file infected with Agobot in my wife's "My Documents" directory. The program is called MSNMSGR (nothing to do with the real MS Messenger - this one if only about 111 kb and doesn't have the MS logo attached to it). It consistently reappears after startup even though AVG deletes it, but does not appear to execute any processes.

Anyhow, I can find no refs in my registry to any version of MSNMSGR apart from Microsoft's version. But cmdlineeext02.dll is the only suspicious-looking entry that relates to the same directory - I'm wondering if the two are linked.

Posted by: (Anonymous) | August 17th, 2004 - 02:29 am

C:\WINDOWS\System32\CmdLineExt03.dll, loaded at 0x019d0000 - 43520 bytes - 3fcb7916 - file date is 7

HELLO, discovered this forum whilst doing my own researh on "CmdLineExt03.dll" and i thought i might share my problems. here is a list of things that didn't work on my machine before i deleted this stupid dll:

Windows media player - DVD and CD playback
Homeworld 1 & 2...

" go here to see the logfile HW2 created (it has the dll in it - strangely it was the first dll to load after the game ones, hmmmm. could this be it in action.)"

...GTA: Vice City
UT 2004 in fact most ut versions
counter strike - occasionally stuffed up
And lastly and most annoyingly the ability to delete BLANK ".exe" files from my desktop, in particular one called isqkbzi.exe (which is a virus name - downloads bad stuff)

Most of these work now that i have deleted that DLL

Yeah, pretty much everything was effected in some way, however i didnt have anti virus apps back then and you guys did so i might have experienced the whole shebang that that DLL was capable of, meh.

another hint would be to search your registry for things like: CmdLine, CmdLineExt and other fragments of the file, as i found more than i instance of this file in MY registry and NONE were affiliated with microsoft's command prompt.


Posted by: (Anonymous) | August 21st, 2004 - 07:48 pm

Hmm, I wonder if that's why UT2004 crashes occasionally on my machine. Though I think it was doing that before I installed RCT2, so I dunno.

Posted by: abates | August 21st, 2004 - 10:05 pm


I'm not a gamer, but I had this file in my TEMP folder and no idea where it came from or what it did. I can't pinpoint any negatives having it there, but there was a general malaise in the performance of my computer. I deleted the items in the TEMP folder and like others here, cmdlineext02.dll was still there and would not let me delete it. I have used the occasional crack and/or keygen, but really don't have a clue as to what placed it there. I found this page through Google and there seems to be little other information available. Since it wouldn't let me delete it or rename it (I tried that too), I created a sub-folder in my TEMP folder and moved cmdlineext02.dll into the newly created folder (it let me do that). Then I deleted it. I assume that by moving it, the associations were broken and I could then delete it. I searched my registry and the only references to it afterwards seemed to be pointed at my entries in search engines. It has been about a week since I deleted it and it has not returned.

Posted by: (Anonymous) | August 30th, 2004 - 02:11 am


I should add that I have Lavasoft Ad-Aware, Spybot S & D, Spyware Blaster and Norton Anti-virus and keep them all updated and none of them picked up this file. I only discovered it because it was the only thing left in my TEMP folder. Maybe it's nothing, but I didn't like having something there that was so tenacious.

Posted by: (Anonymous) | August 30th, 2004 - 02:17 am

What really annoyed me about this was that when I would do a right click on my quick launch bar, a Zone Alarm window would popup and say that it wanted access to the network. After clicking no, I'd then have to delete Explorer from the program list in order to use IE again. I tried to delete it, but couldn't, until I closed down one Explorer window I had open.

Posted by: (Anonymous) | September 17th, 2004 - 05:03 pm

make a new folder in temp and name it after the file and it will quit coming up

Posted by: (Anonymous) | December 21st, 2004 - 09:39 pm

Now that's a cunning solution!

Posted by: abates | December 21st, 2004 - 09:48 pm

This is a dll loaded by explorer.exe

OK, since a few days I was unable to delete/rename some .exe files from an explorer window, (those exe files were special executables for a different platform), I got the message "cannot delete" "it is being used by another program or user".

I traced down the problem and found that it was actually explorer.exe himself that was keeping a handle on the files: I can delete those files using a command prompt but if ever I try to delete them with the explorer first, I got the message with any program I try after because explorer.exe will keep those files opened...

So after that I checked what DLLs explorer.exe was using and I found a strange DLL: "CmdLineExt03.dll" loaded from a temp folder, so I unregistered it renamed it and killed explorer.exe and restart a new explorer.exe. I checked that it doesn't load the DLL anymore and miracle I could delete those .exe files without problems....

Explorer.exe will load that DLL when you perform an operation on any file (delete, rename etc...), if you do it in an explorer window, closing the window will unload the DLL but if you do an operation on your desktop then the DLL will stay loaded till you restart your computer or kill explorer.exe...

So after that I wanted to know were that DLL came from and I found that DIABLO II installs it every time I launched the game... So to remove it is not enough.

Note that Diablo II doesn't need the DLL to work correctly since the DLL will be loaded only after explorer.exe is restarted (the next time you'll turn on your computer or that explorer.exe crashes) and will only affect explorer.exe not DIABLO II.

My solution is to prevent explorer.exe from loading that library (works only on windows NT/2000/XP):

You have to know that explorer.exe is always run with current user's privileged so if you prevent yourself from accessing the DLL explorer.exe won't be able to read it either... That's what I did: I changed the permissions on the file and only allowed SYSTEM to access the file.

To achieve that: in the properties of the DLL, click on the "Security" tab and click on "Advanced" then uncheck "Inherit from parent etc..." then a panel comes up, click "Copy" and remove everything but SYSTEM under "Permission entries" say OK to everything.

After that you can restart explorer.exe to get rid of that DLL: in the task manager, kill explorer.exe and run a new one (still in the task manager in the File menu select New task (Run) and type explorer.exe)

After doing that you can use everything as normal, program like DIABLO II will only check if the DLL exists and if it is properly registered they do not check if they can read the content of the DLL... :-)

Thanks to Sysinternals for their great "Process Explorer" that helped me diagnose the whole thing:

Posted by: 2072 | January 11th, 2005 - 03:13 am

Commenting on this post is closed, plase comment here Site Map