Can anyone hazard a guess please as to what Tiny Watcher means with the
following, first time it's thrown this up and I can't tell what might be legit.
or a problem - I have run Gmer but it doesn't show a problem, nor does
Hijack this upto now ?

"Windows\system32\rundll32.exe"

"Another process is using the same name but a different executable file"
<unretrievable path>

unretrievable path, what the..?

I don't know anything about tiny watcher, does this mean run32dll.exe was modified in a way by sth and is now recognised as a different executable?

If that's the case, that's seems dangerous. Open task manager and check if run32dll.exe stays there eating CPU, cause it shouldn't stay in memory, the legit run32dll.exe only runs in certains occasions when needed.

{QUOTE-> Can anyone hazard a guess please as to what Tiny Watcher means with the
following, first time it's thrown this up and I can't tell what might be legit.
or a problem - I have run Gmer but it doesn't show a problem, nor does
Hijack this upto now ?

"Windows\system32\rundll32.exe"

"Another process is using the same name but a different executable file"
<unretrievable path> <-QUOTE}

I would start running your scans. Do you remember downloading anything that may have triggered this?

{QUOTE-> unretrievable path, what the..?

I don't know anything about tiny watcher, does this mean run32dll.exe was modified in a way by sth and is now recognised as a different executable?

If that's the case, that's seems dangerous. Open task manager and check if run32dll.exe stays there eating CPU, cause it shouldn't stay in memory, the legit run32dll.exe only runs in certains occasions when needed. <-QUOTE}

PiCo - Yes I uttered the same WTF when I first set eyes on it - In the taskmanager it says rundll32.exe using 16,968 k and CPU shows 00 - there's only one version running.

{QUOTE-> Do you remember downloading anything that may have triggered this? <-QUOTE}

Yesterday I installed 'IE7Pro' but don't see any untoward reviews about it
on the net, yet.

The peculiar thing is that 'Tiny Watcher' normally asks if I want to
'Confirm' or 'Remove' any item that might be on the list but this morning it actually said,
" There is no 'Confirm' re. this - only 'Remove'.

I didn't click Remove because I can't tell if it would be removing the legit.
or the malware version, assuming that there is a malware version - hence the reason for asking here.

Just for reference, my rundll32.exe runs all the time. According to Process Explorer, it's target is "C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" which should have to do with my Nvidia software. I'm running XP home SP3.

I'm no expert, but have a look in Process Explorer and see if you can find rundll32.exe's target and then do a search on line for the .dll/s.

Didn't even give you the option to confirm - strange ???

{QUOTE->
have a look in Process Explorer and see if you can find rundll32.exe's target and then do a search on line for the .dll/s. <-QUOTE}

Hello IP - Identical result to yours because I run Nv. too.

I asked 'Cathy' to look for any versions of 'rundll32.exe' and it came up with
one in \Windows\SoftwareDistribution\Download\ .......................

Looks like a CLSID at the end there - Can you say if that folder is usually a part of XP - It looks to have 450 Meg. of what appears to be M$ stuff ?

I just wonder if it was a FP by 'Tiny' but it's the 'unretrievable path'
that gets me,
(probably because I thought it was 'irretrievable' - but I am wrong).

{QUOTE-> I asked 'Cathy' to look for any versions of 'rundll32.exe' and it came up with
one in \Windows\SoftwareDistribution\Download\ .......................

Looks like a CLSID at the end there - Can you say if that folder is usually a part of XP - It looks to have 450 Meg. of what appears to be M$ stuff ? <-QUOTE}
Hi MICRO! Yes, I have that folder, but mine is only 2.76MB with the download file being only 14.1KB. I have 2 files in the download file and they both have randoms letters and numbers. This is an nLite install of XP though so that could be part of the reason mine in smaller. I also have no rundll32 in that folder. Is the rundll32.exe the same file size or have the same hash as the one in \system32?

I'm also not familiar with "tiny". I just wanted to get you pointed in the right direction. Hopefully a Windows guru will pop in and explain why a rundll32 is in the \Windows\SoftwareDistribution\Download\ folder. Ok, I did a quick search for "\Windows\SoftwareDistribution\Download\" and it looks like it's where Windows stores it's updates. My XP is a new install so that could be why mine is smaller. I still have no idea why rundll32.exe is there.

{QUOTE-> I also have no rundll32 in that folder. Is the rundll32.exe the same file size or have the same hash as the one in \system32?
<-QUOTE}

Yes IP same size - Strange is that there, or at it's proper
path, all other files have two 'cog' like round things, one green, one brownish, on the file face but
the rundll32.exe file has a blank face, maybe it's due to it running a dll as an .exe App., who knows, 5.1.2600.2180, and 32.5 kb, 36.0 kb on the disk, both say M$ but apparently that doesn't even mean they are legit.


'Tiny Watcher' is a tiny handy App. except when, like many others, it
can't make out a FP - I shall just continue to monitor.