XP Pro power-up error message window RUNDLL could not load cpcp.cpo

khokugo used Ask the Experts™
My laptop suddenly attacked by several spyware or malware yesterday, even though all my computers are supposedly protected by McAfee suite.  Only one laptop was heavily damaged.  I managed to clean it up with Prevx 3.0.  But after cleaning up, the error message started poppoing up when the laptop is turned on.  "Rundll could not load cpcp.cpo".  I understand that this "cpcp.cpo" is fishy and spyware/malware.  But it appears that the laptop is working properly.  Maybe the spyware itself has been cleaned, but something is still calling for that file at the start-up sequence?  Any way to eliminate this error message, or possibly further eliminate another threat related to this would be appreciated.  Thank you.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
go to start>run>msconfig
then to to startup
see the entry for it, uncheck it & restart your computer

Also download & run Combofix:

Will SzymkowskiSenior Solution Architect
Most Valuable Expert 2015
Top Expert 2015

I would also recommend using Superantispyware and Malwarebyes on your system as well. In some cases if the computer was severly damaged by a virus it is better to backup your data and do a fresh install of the OS. This will garuntee that nothing is still infecting your programs, files or performance of your computer.

Superantispyware - http://www.superantispyware.com/download.html
Malwarebytes - http://www.malwarebytes.org/

Hope this helps
the startup of cpcp.cpo is located in registry (I do not remember exactly) in Hkey_local_machine\software\microsoft\windows nt\CurrentVersion\winlogon - there you have a key shell, which value should be only explorer.exe

I supose you have something like this: explorer.exe rundll32.exe cpcp.cpo xwybdkhs.exe

maybe the easyest way to remove the entry is to use hijackthis - do a scan, check a line with cpcp.cpo and click "fix it" . it will enter the correct value.



hijaskthis did the trick.  Found the entry with cpcp.cpo and fixed it.  There is no more strange error message on powering up.  THanks.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial