I denied it and ran a complete nod32 in-depth scan and came up with nothing. I then ran a search for this file run32dll.exe and come up with nothing as well. all the usual anti-malware scans and hijack this come up with zip. Any suggestions? -{ Quote: " run32dll.exe - run32dll - Process Information

Process File: run32dll.exe or run32dll
Process Name: PAL PC Spy

Click Here to Run a Free Scan for run32dll.exe Related Errors

Description:
run32dll.exe is a process belonging to PAL PC Spy. It is a key recorder and screen capture utility that monitors everything that happens on your computer. This process should be removed to ensure your personal privacy." }- Is the the same thing located in the windows system32 folder? thx http://img263.imageshack.us/img263/8242/rundll32insystem32zs8.jpg

-{ Quote: "...Is the the same thing located in the windows system32 folder?..." }-
Don't think so. Look more closely at the file names.

The file in your System32 folder is RUNDLL32, not RUN32DLL.

rundll32.exe is a file from Microsoft and is not related to run32dll.exe (note the placement of "32".) This file enables dll-files (libraries) to run as an exe (executable), usually you don't see it running unless you open Add/Remove Programs, however it can occur.

You could try using Ad-Aware or Spybot Search & Destroy to try to remove this problem. I don't know more about this particular threat... sorry.

Guess I should ask, what are your "normal anti-malware scans"?

-{ Quote: "normal anti-malware scans" }- adaware, spybot, defender, hijackthis, I can load AVG anti-spyware when needed but I had to uninstall it (not just stop it) because of constant internet connection attempts, even when it was stopped (I update all these programs manually and if they get annoying --example mcafee's constant attempts to try and access the 'net every surfing moment with at least a half-a-dozen programs, I dump them. Unfortunately the KAV (AV only--and I really like KAVs proactive defense) trial did the same thing and I couldn't get their Web AV to open so I could configure it--it just completely locked everything up, but nod32 appears to be fairly quiet, unless I update it, and the updates go smoothly, when I allow the connection thru my FW). Right now, as the anti-spyware. nod32 scans (in-depth) have come up with zip, I'm trying to manually hunt down some signs of what could be this keylogger "Pal PC spy", one being %system%\ PAL\ CSS\ run32dll.exe, before I reload the OS from a clean image. . btw, when it says %system%\ PAL\ CSS\ run32dll.exe would you look for this in the system32 folder? thx