What is HKLMU.exe
in [Windows XP]
|
Prev: diagnosing regsvr32 return code 0x8002801c (aka TYPE_E_REGISTRYACCESS)
Next: Remote Desktop Auto Maximize Window
From: ICU on 15 Oct 2009 12:40 I'm using WinXP Home , all updates installed, recently I have been getting an error when I shut down. It's just a flash on the screen that says something about HKLMU.exe and that .DLL initialization failed. The file is located in Windows\System32\Driver, no other file in this folder and I can not get any identidication on this file. This file is also mentioned in the Prefetch foler as well. I do have another another folder in Windows\System32\Drivers which is well populated. Any info or help would be appreciated. TIA ICU
From: Pegasus [MVP] on 15 Oct 2009 13:10 "ICU" <ICU(a)Nowhere.com> wrote in message news:Xns9CA580B7399C9ICU(a)74.209.131.10... > I'm using WinXP Home , all updates installed, recently I have been getting > an error when I shut down. > It's just a flash on the screen that says something about HKLMU.exe and > that .DLL initialization failed. > The file is located in Windows\System32\Driver, no other file in this > folder and I can not get any identidication on this file. > This file is also mentioned in the Prefetch foler as well. > > I do have another another folder in Windows\System32\Drivers which is well > populated. > > Any info or help would be appreciated. > > TIA > ICU There is no Windows system file called hklmu.exe. This is probably a residue from some cleaned-up virus or malware. Run msconfig.exe, then locate this file under the Startup tab and prevent it from starting by unticking it.
From: PA Bear [MS MVP] on 15 Oct 2009 14:26 You are seeing the effects of a hijackware infection! NB: If you had no anti-virus application installed or the subscription had expired *when the machine first got infected* and/or your subscription has since expired and/or the machine's not been kept fully-patched at Windows Update, don't waste your time with any of the below: Format & reinstall Windows. A Repair Install will NOT help! 1. See if you can download/run the MSRT manually: http://www.microsoft.com/security/malwareremove/default.mspx NB: Run the FULL scan, not the QUICK scan! You may need to download the MSRT on a non-infected machine, then transfer MRT.EXE to the infected machine and rename it to SCAN.EXE before running it. 2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!) in Safe Mode with Networking, if need be: http://onecare.live.com/site/en-us/center/howsafe.htm 2b. Vista or Win7=> Run this scan instead: http://onecare.live.com/site/en-us/center/whatsnew.htm 3. Run a /thorough/ check for hijackware, including posting requested logs in an appropriate forum, not here. Checking for/Help with Hijackware: � http://aumha.net/viewtopic.php?f=30&t=4075 � http://mvps.org/winhelp2002/unwanted.htm � http://inetexplorer.mvps.org/tshoot.html � http://www.mvps.org/sramesh2k/Malware_Defence.htm � http://www.elephantboycomputers.com/page2.html#Removing_Malware **Chances are you will need to seek expert assistance in http://spywarehammer.com/simplemachinesforum/index.php?board=10.0, http://www.spywarewarrior.com/viewforum.php?f=5, http://www.dslreports.com/forum/cleanup, http://www.bluetack.co.uk/forums/index.php, http://aumha.net/viewforum.php?f=30 or other appropriate forums.** If these procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Client - since 2002 www.banthecheck.com ICU wrote: > I'm using WinXP Home , all updates installed, recently I have been getting > an error when I shut down. > It's just a flash on the screen that says something about HKLMU.exe and > that .DLL initialization failed. > The file is located in Windows\System32\Driver, no other file in this > folder and I can not get any identidication on this file. > This file is also mentioned in the Prefetch foler as well. > > I do have another another folder in Windows\System32\Drivers which is well > populated. > > Any info or help would be appreciated. > > TIA > ICU
From: ICU on 15 Oct 2009 17:38 "Pegasus [MVP]" <news(a)microsoft.com> wrote in news:uV$rspbTKHA.5052(a)TK2MSFTNGP06.phx.gbl: > > "ICU" <ICU(a)Nowhere.com> wrote in message > news:Xns9CA580B7399C9ICU(a)74.209.131.10... >> I'm using WinXP Home , all updates installed, recently I have been >> getting an error when I shut down. >> It's just a flash on the screen that says something about HKLMU.exe >> and that .DLL initialization failed. >> The file is located in Windows\System32\Driver, no other file in this >> folder and I can not get any identidication on this file. >> This file is also mentioned in the Prefetch foler as well. >> >> I do have another another folder in Windows\System32\Drivers which is >> well populated. >> >> Any info or help would be appreciated. >> >> TIA >> ICU > > There is no Windows system file called hklmu.exe. This is probably a > residue from some cleaned-up virus or malware. Run msconfig.exe, then > locate this file under the Startup tab and prevent it from starting by > unticking it. I've tried that, as a matter of fact it's in the startup twice, unticked them both but it ends up back there when I check again after rebooting. Thanks for the reply. ICU
From: Pegasus [MVP] on 15 Oct 2009 17:42 "ICU" <ICU(a)Nowhere.com> wrote in message news:Xns9CA5B329EF1E1ICU(a)74.209.131.10... > "Pegasus [MVP]" <news(a)microsoft.com> wrote in > news:uV$rspbTKHA.5052(a)TK2MSFTNGP06.phx.gbl: > >> >> "ICU" <ICU(a)Nowhere.com> wrote in message >> news:Xns9CA580B7399C9ICU(a)74.209.131.10... >>> I'm using WinXP Home , all updates installed, recently I have been >>> getting an error when I shut down. >>> It's just a flash on the screen that says something about HKLMU.exe >>> and that .DLL initialization failed. >>> The file is located in Windows\System32\Driver, no other file in this >>> folder and I can not get any identidication on this file. >>> This file is also mentioned in the Prefetch foler as well. >>> >>> I do have another another folder in Windows\System32\Drivers which is >>> well populated. >>> >>> Any info or help would be appreciated. >>> >>> TIA >>> ICU >> >> There is no Windows system file called hklmu.exe. This is probably a >> residue from some cleaned-up virus or malware. Run msconfig.exe, then >> locate this file under the Startup tab and prevent it from starting by >> unticking it. > > I've tried that, as a matter of fact it's in the startup twice, unticked > them both but it ends up back there when I check again after rebooting. > > Thanks for the reply. > > ICU This means that your machine is not clean just yet. There is another executable that recreates or re-enables this entry after you have deleted it. This is normal behaviour for malicious software, and is of concern.
|
Next
|
Last
Pages: 1 2 3 4 5 6 Prev: diagnosing regsvr32 return code 0x8002801c (aka TYPE_E_REGISTRYACCESS) Next: Remote Desktop Auto Maximize Window |