Solved

RUNDLL Error loading C:\WINDOWS\Khescb.dll.

Posted on 2007-03-29
20
786 Views
Last Modified: 2013-11-17
I currently have a Dell D600 Latitude laptop, and a Dell Optiplex GX280 workstation that both are receiving this error message at boot up:   RUNDLL Error loading C:\WINDOWS\Khescb.dll.  Does anyone know what this is and how to resolve?


Thanks
cswilley
0
Comment
Question by:cswilley
  • 6
  • 5
  • 4
  • +1
20 Comments
 
LVL 22

Expert Comment

by:orangutang
ID: 18817925
Well, does C:\WINDOWS\Khescb.dll exist on your computer? Try TuneUp Utilities (http://tuneup.swmirror.com/TU2007TrialEN.exe)
0
 
LVL 86

Expert Comment

by:jkr
ID: 18817953
Since usually DLLs are not installed in 'C:\WINDOWS', this pretty much looks like malware. Go to 'Start', 'Run...', type 'msconfig', then hit 'ENTER'. When 'msconfig' has started, go to the rightmost tab and locate the entry that contains the reference to that DLL and disable it.
0
 
LVL 22

Expert Comment

by:orangutang
ID: 18818207
You could do that, too...
Also, how about sending us your HijackThis (http://www.merijn.org/files/HiJackThis_v2.exe) log?
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 

Author Comment

by:cswilley
ID: 18818928
Hi everybody thanks so much for responding to me and so fast!  The first thing I did was to disable the DLL on each system thorugh msconfig, this stopped the initinal error message  the c:\windows\khescb.dll, but now it's giving an error message of svchost.exe application error message, unable to read memory.  Both systems will work after clicking the ok button on the error message.  I did run the Hijack on one of the systems but wasn't to sure where to send the report.
0
 
LVL 22

Expert Comment

by:orangutang
ID: 18819054
After you scan, click the "Save Log" button, I think.
0
 

Author Comment

by:cswilley
ID: 18819129
orangutang:You could do that, too...
Also, how about sending us your HijackThis (http://www.merijn.org/files/HiJackThis_v2.exe) log?

I need and email address to send the report to.
0
 
LVL 22

Expert Comment

by:orangutang
ID: 18819236
I think you could just copy and paste its contents here.
0
 

Author Comment

by:cswilley
ID: 18819313
Here's the report

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:30:49 PM, on 3/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
C:\Program Files\LANDesk\LDCLient\xddclient.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\slpservice.exe
C:\WINDOWS\system32\slpmonx.exe
C:\Program Files\LANDesk\LDCLient\softmon.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LANDesk\LDCLient\rcgui.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\bdefevere\Local Settings\Temporary Internet Files\Content.IE5\HFYE62CJ\HiJackThis_v2[1].exe
C:\Program Files\LANDesk\LDCLient\vulScan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://triblink.trb/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://config.trb./proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\tmp51.tmp.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {9ccf96cb-1010-41df-b4b5-a1a6514a010a} - C:\WINDOWS\system32\MSDcat.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IESet] IExplorer.dll                                                              .dbt
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll                                                              .dbt
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [IESet] IExplorer.dll                                                              .dbt
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll                                                              .dbt (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll                                                              .dbt (User 'Default user')
O4 - Startup: MSWin--1811083516.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120161319418
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TRIBUNE.AD.TRB
O17 - HKLM\Software\..\Telephony: DomainName = TRIBUNE.AD.TRB
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TRIBUNE.AD.TRB
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = TRB,CORP,TRIBUNE.AD.TRB
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BE7E23B-DCAC-4A8D-99FB-461C4928A12F}: NameServer = 163.194.17.2,163.192.23.12
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TRIBUNE.AD.TRB
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = TRB,CORP,TRIBUNE.AD.TRB
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = TRIBUNE.AD.TRB
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = TRB,CORP,TRIBUNE.AD.TRB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = TRB,CORP,TRIBUNE.AD.TRB
O20 - AppInit_DLLs:  
O20 - Winlogon Notify: MSDcat - C:\WINDOWS\SYSTEM32\MSDcat.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDCLient\issuser.exe
O23 - Service: LANDesk(R) Extended device discovery service (LDXDD) - Unknown owner - C:\Program Files\LANDesk\LDCLient\xddclient.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SLPMONX - ProdEx Technologies - C:\WINDOWS\system32\slpservice.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDCLient\softmon.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12203 bytes
0
 
LVL 10

Expert Comment

by:kcarrim
ID: 18819384
Or have the log analyzed at www.hijackthis.de

You can also download, install and run Prevx1 available here > http://www.prevx.com/
0
 
LVL 10

Expert Comment

by:kcarrim
ID: 18819425
Your system is really infected. Run a Spyware and Virus scan. You may need additional tools. Will post a couple of links shortly. What i would like you to do is click start, run, regedit.

Find the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

In the right pane, check if "AppInit_DLLs" have any data. If so, post the details here.
0
 
LVL 10

Expert Comment

by:kcarrim
ID: 18819537
Run Hijackthis again, then fix the following entries:

C:\WINDOWS\system32\cscript

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe, > Should be C:\WINDOWS\system32\userinit.exe,

O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINDOWS\system32\tmp51.tmp.dll

O2 - BHO: (no name) - {9ccf96cb-1010-41df-b4b5-a1a6514a010a} - C:\WINDOWS\system32\MSDcat.dll

O4 - HKLM\..\Run: [IESet] IExplorer.dll .dbt
      
O4 - HKLM\..\RunServices: [IESet] IExplorer.dll .dbt

O4 - HKCU\..\Run: [IESet] IExplorer.dll .dbt
      
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
      
O4 - HKUS\S-1-5-18\..\Run: [IESet] IExplorer.dll .dbt (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM')
      
O4 - HKUS\.DEFAULT\..\Run: [IESet] IExplorer.dll .dbt (User 'Default user')
      
O4 - Startup: MSWin--1811083516.exe

O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TRIBUNE.AD.TRB
      
O17 - HKLM\Software\..\Telephony: DomainName = TRIBUNE.AD.TRB

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = TRIBUNE.AD.TRB

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = TRB,CORP,TRIBUNE.AD.TRB

O17 - HKLM\System\CS1\Services\Tcpip\..\{1BE7E23B-DCAC-4A8D-99FB-461C4928A12F}: NameServer = 163.194.17.2,163.192.23.12 > Check if you know these IP addresses before cleaning

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = TRIBUNE.AD.TRB

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = TRB,CORP,TRIBUNE.AD.TRB

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = TRIBUNE.AD.TRB
      
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = TRB,CORP,TRIBUNE.AD.TRB

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = TRB,CORP,TRIBUNE.AD.TRB

O20 - AppInit_DLLs: > For this one, see my previous post

O20 - Winlogon Notify: MSDcat - C:\WINDOWS\SYSTEM32\MSDcat.dll

0
 

Author Comment

by:cswilley
ID: 18819574
Nothing was in the AppInit_DLLs
0
 
LVL 10

Accepted Solution

by:
kcarrim earned 500 total points
ID: 18819668
Please restart after fixing with Hijackthis. You will need to disable System Restore before running a virus scan. Right click My Computer, Properties, System Restore. Tick the box "Turn off system restore on all drives"

You should also run a disk cleanup which can be done by doing the following:

Click start, run and type :

cleanmgr

Select the drive you want to cleanup (if applicable) , tick all the boxes, then click the More Options tab, under System Restore, click Clean Up. Click ok and accept to run the cleanup when prompted.

Download the following from my site:

Trend Micro Sysclean Package
http://www.pcdoctors.co.za/download.php?view.44
Extract to root of drive

Worm Stration Quick Fix
http://www.pcdoctors.co.za/download.php?view.164
Extract to root of drive

Restart your computer in safe mode.

First run the Sysclean package to run the virus scan. Be sure to download the latest pattern file here:
http://www.trendmicro.com/download/viruspattern.asp and extract it to the root of your drive.

When that is done, you can launch Avenger, load the virus.txt script and follow the prompts to reboot.
0
 
LVL 10

Expert Comment

by:kcarrim
ID: 18819817
When the system is restarted, put your XP cd-rom into the drive, then click Start, Run and type :

sfc /scannow

to restore missing or corrupted operating system files.
0
 

Author Comment

by:cswilley
ID: 18826274
Thanks for all of the help I cleared up the laptop, however two more workstations now have this problem, I am going to reimage those workstations.  Thanks again!
0
 
LVL 86

Expert Comment

by:jkr
ID: 19100649
I'd say that "When 'msconfig' has started, go to the rightmost tab and locate the entry that contains the reference to that DLL and disable it." would have done the job also.
0
 

Author Comment

by:cswilley
ID: 19100871
Thanks for the additional information.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
sleep laptop 20 59
Remote control Windows CE 7 51
Move windows 10 users 8 52
Windows 10 disk usage 100%. 28 76
This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question