|
![](/i/fill.gif) |
> On 22/01/2014 1:40 AM, Francois Labreque wrote:
>> not quite, but...
>>
>> Ever since I tried to install the latest Blender, whenever I boot my PC,
>> I get the system32 folder that opens. I suppose there's a registry
>> entry somewhere that got created improperly and instead of trying to
>> load "C:\Windows\System32\whatchamacallit.dll" or
>> "%SYSTEM_ROOT%\System32\foobar.exe" it simply loads
>> "C:\Windows\System32".
>>
>> How do I find out which one it is? Regedit's search function is not
>> smart enough to let me search for ( "system32" except when it's
>> "system32\" )
>>
>>
>
> I've seen this before, have a look here:
>
> http://support.microsoft.com/kb/170086
>
> Cheers Dre
This KB article sent me on the proper path...
I paid a closer look at the syntax of the entries in
HLCU\Software\Microsoft\Windows\CurrentVersion\Run, and bingo.
It was an invalid entry created by the Epson Printer software installer.
(Apologies to the Blender Foundation for wrongly acusing them!)
I also found a gazillion entries where rundll32.exe is not using the
full path, which could lead to very easy trojan horse injections.
ex:
Good:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\htmlfile\shell\print\command]
@="\"C:\\WINDOWS\\system32\\rundll32.exe\"
\"C:\\WINDOWS\\system32\\mshtml.dll\",PrintHTML \"%1\""
Bad:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\jpegfile\shell\open\command]
@="rundll32.exe C:\\WINDOWS\\system32\\shimgvw.dll,ImageView_Fullscreen %1"
--
/*Francois Labreque*/#local a=x+y;#local b=x+a;#local c=a+b;#macro P(F//
/* flabreque */L)polygon{5,F,F+z,L+z,L,F pigment{rgb 9}}#end union
/* @ */{P(0,a)P(a,b)P(b,c)P(2*a,2*b)P(2*b,b+c)P(b+c,<2,3>)
/* gmail.com */}camera{orthographic location<6,1.25,-6>look_at a }
Post a reply to this message
|
![](/i/fill.gif) |