MainDoctor WhoMusicSoftware
Main Page

Alden Bates' Weblog

Feigning normality since 1973


Filed in: Computers.

A while ago I kept finding a DLL in my temporary directory, an odd place to store a DLL, and mentioned it in my LiveJournal in a post titled I have a strange thing. So far that's proven to be the most popular post there in terms of comments, simply because there isn't a lot of information about the DLL on the web.

The library appears to be installed with a number of games. I got it most recently from Rollercoaster Tycoon 2. It may be created by other games, and may well be something to do with copy protection which requires you to keep the CDROM in the drive while you play. One person thought it might be preventing the copying of games altogether. CmdLineExt03.dll is likely to be a variant of 02, though so far no one has reported a CmdLineExt01.dll. The file is recreated on bootup if it's deleted.

Other games which may install it include Unreal Tournament 2003 (possibly only before the patch which removes the need to keep the CD in while playing), Grand Theft Auto Vice City, Nascar Racing 2003, Diablo 2, and quite probably some non-game software.

The latest anonymous comment suggests creating a directory with the same name as the file in order to prevent it coming back. Cunning!

Posted December 22, 2004 8:07 PM


I've recently installed Vice City, and as a consequence this file has appeared. I delete it, but it reappears when I run the game.


Posted by: Angus | January 27, 2005 11:52 AM

Yeah, that sounds like another example of its use to prevent piracy. I think it's harmless.

Posted by: Alden Bates | January 27, 2005 12:07 PM


Just thought you would like to know "I have got 01" Ain't I clever?
Just came up as a missing file in Norton One Button Check. Missing from an Administrator account in a login I never use for games. Found it in another account. I tend to use different accounts as to personal, work or games. Just in case I screw one of the accounts up. Am I just being paranoid?
If it is a game .dll I can't understand what program is looking for it in that account. I have played RC 2 but from a different user account.


Tony (UK)

Posted by: Tony Cella | March 24, 2005 12:35 PM

Tony: lucky you! :)

I'm beginning to think there may be both a legit cmdlineext.dll series (possibly used for copy protecting software) and one or more viruses/trojans which use the same name. It's hard to tell!

Posted by: Alden Bates | March 24, 2005 1:14 PM

I recently installed Rollercoaster Tycoon 2, and I found the "CmdLineExt01.dll" in my 'Temp' folder...First, I wanted to remove it, but it said I couldn't..., now I try it, and it just disappears...:S...

Posted by: Anonymous | March 28, 2005 5:47 AM

To get rid of this file:

Click Start, Run. Type the following into the "Open" field in the Run dialog box, then click OK:

regsvr32 /u CmdLineExt03.dll

This will "unregister" the DLL from Windows.

Once you reboot, you can delete the file.

To prevent it from returning, after you delete the file, create a new text file in any location you find CmdLineExt03.dll and name it the same as the dll. Click Yes when Windows asks if you want to change the file extension. Then right click the file, choose Properties, fill in the Read Only checkbox, then click OK.

Posted by: Andrew Brandt | March 31, 2005 6:58 AM

I had the same dll file and it wouldn't delete. I tried to fool it and move it to a disk, but no luck. I finally went to Safe Mode, explored the file and found ELITETOOLBAR!!!! I also found a registry subkey named ohhbackup that showed a blue bar when I tried to expand it. When I tried to delete it the reistry closed. In Safe Mode I found all sorts of spyware instead of blue bars. It was like finding a hidden camera in my house and smashing the lens. Should be illegal!

Posted by: orion1500 | June 2, 2005 7:46 PM

Right clicking on executable files on XP Home Desktop restarted the explorer shell rather than bringing up the context menu. Only .exe and .zip files were affected.

I used ShellExView from and through a process of elimination found cmdlineext03.dll to be the culprit. Used suggestion from Andrew Brandt, a few comments up, to eliminate the dll

Posted by: David | June 4, 2005 11:46 AM

I too have this file after installing Max Payne 2 (a very good game!). I also have a gkmixern.vxd that won't delete unless I reboot. Then it just comes back again (it's either timed or corresponding to some system event(s)).

Too bad, at least it's not as disappointing as Chronicles of Riddick not supporting WinDos users (read "XP only" in the smallest of letters on the box). I guess the video game clerks could have put a sticker on it, but they don't seem to up on the personal computer games these daze.

Still, I guess if you can't market/sell your product well, then you have to resort to these types of technologies.

Rootkit technology makes Don Diego triste.

Posted by: Don Diego | November 20, 2005 11:52 AM

Hello all. I just read through the first thread and also this one. Here are my experiences with CmdLineExt.dll.

I have WinXP SP1 fully updated (except for SP2). I have installed no-CD cracks, Virtual DAEMON Manager, and other things. My installation is going on 3 years old, and is quite ladden with heaps of unused programs. It has quite a messy history. But I have good reason to suspect this is recent activity.

I do not have the 01, 02, or 03 variant in any temp folder. My CmdLineExt.dll is in the System32 directory. It's 98,304 bytes. The company is "Sony DADC Austria AG". The comment is "SecuROM Content-Menu for Explorer". The file version is "1,0,201,0". The product version is "201". It was created on May 28, 2005, 8:28 PM. The date this file appeared on my system is minutes after installing a FEAR demo from a promotional CD (4 days ago). The FEAR video game is developed by Monolith and published by VU Games.

I'm very surprised nobody has mentioned the recent news of Sony's highly questionable anti-piracy methods. A quick Google search brought up to fill you in. What's even more surprising for me is that these comments here about this file appearing suspiciously were posted in 2003! Certainly Sony hasn't been developing this anti-piracy software that long ago!! Or have they?

My quest for info on this file started when Explorer.exe started taking all processing power for extended lengths while not doing anything. I cleaned my computer of spyware with Adaware, Spybot, HijackThis, and finally SpyCatcher. The first two finally scan and turn up nothing. The last, SpyCatcher, scanned my computer and assessed restrictions on about 100 files. Earlier I had identified one file, a .exe (with a filename designed to make you want to double-click it) that somehow got downloaded to my machine. I'm fairly certain it's spyware or a virus. I was unable to delete it before. Now, when I right-click the .exe to check its properties, SpyCatcher alerts me saying CmdLineExt.dll is attempting to run. Which led me here.

I am able to delete CmdLineExt.exe with no problems. However, I can't run regsevr with the file deleted, so I undeleted and ran regsvr32. I ran regsvr32 /u CmdLineExt.dll but SpyCatcher again warns me that this DLL is trying to be run. I say deny and regsvr32 tells me it can't remove references to this file, even though I think it did remove all but a few, which I deleted manually in regedit.

I still have no clue what CmdLineExt.dll is.
* It was created by Sony and deals with music copy protection.
* It was installed with the FEAR demo
* It is also attached to a virus/spyware-ladden .exe file.
* Spyware scanners currently don't consider it harmful.
* It is registered with Explorer.exe
* Explorer.exe seems to process at 99% for long periods of time for no reason at all (although I cannot confirm this DLL is the culprit yet)

I'm stumped. But I thought I'd let you all know before I delete this thing and move on with my life. At least this appears to be the end of the story for me.

Posted by: Eric | November 27, 2005 8:45 PM

Heh. I'm trying to get an application to work using a virtual machine. I run Windows from within a window in Linux.

The CmdLineExt.dll and varients to my knowledge are Securom added files. They files get checked, runned and/or added everytime you run a Securom protected program.. and I'm guessin so to in DRM media files. They are called (at least in my case) from the CD executable when it is first run, possible during the the whole time the program is running.. and possibly the CD executable creates/updates that dll file(s)

That CmdLineExt.dll seems to register itself (these CLSID's in my case) (excuse the mess)

HKCR..{...CmdLineExt.CmdLineContextMenu.1 = s 'CmdLineContextMenu Class'...{....CLSID = s '{9869EFB4-18E9-11D3-A 837-00104B9E30B5}'...}...CmdLineExt.CmdLineContextMenu = s 'CmdLineContextMenu Class'...{....CLSID = s '{9869EFB4-18E9-11D3-A837 -00104B9E30B5}'....CurVer = s 'CmdLineExt.CmdLineContextMenu.1'.
0000:8800 ..}...NoRemove CLSID...{....ForceRemove {9869EFB4-18E9-11D3-A837-00104B9E30B5} = s 'CmdLineContextMenu Class'....{.....ProgID = 'CmdLineExt.CmdLineContextMenu.1'.....VersionIndependentProgID = s 'CmdLineExt.CmdLineContextMenu'.....InprocServer32 = s '%MODULE%'.....{......val ThreadingModel = s 'Apartment'.....}.....'

I'm guessing that the first postings in 2003 coincide with the end of the generic securom protections, easily circumvented with by small programs you could just run.. while you played your CD which somehow bypassed or faked the security checks to the program.

And yes Securom has been on the scence since late 90's and @ the moment SONY does own it.

Btw if you left click your application in question and see something like Launch Analysis.. you should see a program like SecuExp.exe pop up in your temp dir.. and will then generate a log in c: main..


Posted by: Gary | January 1, 2006 2:22 PM

Andrew Brandt wrote about finding ohhbackup key in the registry. I couldn't delete it using regedit (the whole regedit app just shuts down). Any ideas how to remove this pesky key from my registry?? Thanks in advance.

Posted by: Kelvyn Chin | January 5, 2006 3:49 PM

If regedit is closing down when you try to delete the key, you could try rebooting into safe mode first.

You could also try using regedt32, which is another registry editing application which comes with Windows.

Posted by: Alden Bates | January 7, 2006 8:27 PM

also found this file [CmdLineExt03.dll] in temp directory after installing Silent Storm. Seems to be anti-piracy related.

Posted by: austin | January 9, 2006 2:53 PM

I was under the impression this had something to do with online console commands ??

Posted by: Craig | February 14, 2006 6:17 AM

It's dlls of SafeDisc for game cd copy protection.

Posted by: Anonymous | April 10, 2006 5:08 AM

Is the CmdLineExt entry in the registry related to the
CmdLineExt02.dll file the above posts have been talking about?

Posted by: Ron Sandler | August 9, 2006 1:20 AM

Yes, that registry entry is related.

Aha, I've just checked, and I currently have cmdlineext03.dll installed, currently located in my system32 directory. There's a CmdLineExt entry in the registry linked to it, which is set up under the context menu for executable files.

AVG doesn't have a problem with it, neither does Adaware.

As several people on the older entry reported, the file contains the text "Compressed by Petite (c) 1999 Ian Luck". I downloaded Petite, but unfortunately it does not come with a decompressor.

The timestamp on the file corresponds exactly with the date/time I installed RollerCoaster Tycoon 3.

Probably to do with the copy protection again. :P

Posted by: Alden Bates | August 9, 2006 8:49 PM

i also have this problem as flagged up by the latest build of microsoft defender anytime i try to run diablo it throws up CmdLineCM warning with a high or severe rating (cant quite remember) and is replaced in the C:\windows\system32 folder anytine i remove it and reboot my pc ive only tried very basic methods of removal i havent yet tried registry editing but i think it may be harmless because ive been playing Diablo 2 for years now and have only found this annoyance sine updating to windows defender beta 2 hope this helps.

and if it is found to be harmfull i hope someone here can post simple/effective removal instructions

Posted by: Conrad Noble | September 15, 2006 7:59 PM

when changing the security access of the .dll is it done in the temp folder or the system32 folder ? thanks in advance !

Posted by: Conrad Noble | September 16, 2006 6:11 AM

Conrad: Someone suggested deleting the file, then creating a folder in the same place with the same name to prevent the file from coming back.

Posted by: Alden Bates | September 16, 2006 11:07 AM

Yeah, that works great for virus-related files that keep reappearing. Simply make a read-only .txt file and change the extension.
I found "CmdLineExt03.dll" in my System32 folder while looking for a reason my Firewall kept restarting and shutting down. I'm still doing a few tests but the problem stopped when I renamed this file and the Google Toolbar2...

- Mike

Posted by: Mikemc | September 19, 2006 2:18 AM

Oh and the file was dated September 16, which was when I was doing a download frenzy on

- Mike

Posted by: Mike | September 19, 2006 2:19 AM

i have successfully suppressed the problem for now, and have only had one instance of it re-appearing since changing the access rights to system only. which was down to a software change and so i went back to the previous days restore point. so in short i find that by changing the access rights to system only is not only easy but effective in keeping the file at bay.

Furthermore i believe that it is software inclined to prevent illegal copies although it does use underhanded tactics, i believe blizzard entertainment or Blizzard north at the time Who created the diablo II title did use similar tactics in the past to stop cheaters and was found to be using a form of "spy-ware" and was ordered to remove it from the game, which leads me to beleive they either re-inserted it or changed it to go undetected as ive been playing Diablo II for a long time now and have only had this specific problem since upgrading Windows defender to the Beta 2 program

Posted by: Conrad Noble | September 21, 2006 4:40 AM

Hey Conrad,

same problem here.

Ever when I start Diablo 2,Windows Defender says that this is an Trojan.

I think i will delete the Defender :-)

Posted by: Ricky Schmaeing | September 22, 2006 8:14 AM

In my opinion keeping defender would be the better option and finding a permanant solution or contacting blizzard would be the ideal

Posted by: Conrad Noble | September 23, 2006 6:33 AM

i have installed warcraft 3 throzen throne a year ago and have started using battelnet a few months later, i have also installed in the past diablo 1 2 and expansion. when i played diabloe (sabout 2 years ago i stopeed) my connection to battle net was flawless but now when im trying to go on to battlenet with throzen therone it will not work properly, have conecctability issues and not be able to stay on for more then 15 min top's to battle net(when playing a game) also i have trouble joining games . recently i have checked my windos defender (beta 2) for the history and hve found this CmdLineExt03.dll to have been "removed" could this have been affecting my connectability issues?

Posted by: Anonymous | November 13, 2006 2:15 AM

I keep getting cmdlineext02.dll as a virus from a stop sign scan. No information on maker or company. Cannot delete becuase of other dependancies or applications already running them. found threads to explorer.exe. Just trying to eliminate a virus. Anybody else?

Posted by: Odin | March 23, 2007 6:19 AM

I am having problems with my scarface pc game that i downloaded from u torrent the game keeps saying that you do not have the right disk in the cd/dvd drive and that the game is protected by (securom) i need some help on this so if you can help please! help me out.

Posted by: josh | July 23, 2007 11:29 AM

The CmdLineExt.dll file is a known file of [b]SecuROM[/b], which is an invastive/destructive program added to PC games now to supposedly stop the pirating of games. Now we all know that it's never going to do that...just look at the piracy rate that went sky high when Spore got was on torrent sites straight away and made history in the number of downloads it got.
In my oppinion, SecuROM is turning once honest paying customers to turn to getting pirated copies instead, to keep their PC's safe. To read more info go to: where you'll find it all.

Posted by: Calipip4 | February 23, 2009 7:30 PM

Post a comment Site Map