Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Certain programs may not start, and you receive an error message on a computer that is running Windows XP Service Pack 2: "Illegal System DLL Relocation"


View products that this article applies to.

Symptoms of the problem

Certain programs may not start after you install security update 925902 (MS07-017) and security update 928843 (MS07-008) on a computer that is running Microsoft Windows XP with Service Pack 2 (SP2). Additionally, you may receive an error message that resembles the following:
application_executable_name - Illegal System DLL Relocation

The system DLL user32.dll was relocated in memory. The application will not run properly. The relocation occurred because the DLL C:\Windows\System32\Hhctrl.ocx occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.

↑ Back to the top


Steps to resolve the problem

You may find it easier to follow the steps if you print this article first.

To resolve this problem, follow these steps:
  1. Install all important updates from the following Microsoft Web site:

  2. Try to run the program that did not start again. If the program starts and if you do not receive the error message in the "Symptoms of the problem" section, you are finished. If the error continues, follow steps 3 through 5.
  3. Visit the following Microsoft Web site:
  4. Click Download, and then click Run. If the Download button is not available, you must first click Validate to validate your copy of Windows.
  5. Follow the instructions that appear on the screen to install update 935448.

↑ Back to the top


Similar problems and solutions

You may receive a similar error message that references Shell32.dll when you run AVG Anti-Virus Control Center from Grisoft, Inc. This problem occurs if you are also running BricoPack Vista Inspirat from CrystalXP. To resolve this problem, uninstall BricoPack Vista Inspirat.

Note This is not a problem with AVG Anti-Virus Control Center or with Windows. This problem is not resolved when you install update 935448.

↑ Back to the top


More information for advanced users

Cause of the problem

The Hhctrl.ocx file that is included in security update 928843 and the User32.dll file that is included in security update 925902 have conflicting base addresses. This problem occurs if a program loads the Hhctrl.ocx file before the program loads the User32.dll file. Microsoft has confirmed that this problem affects the following third-party applications.
ProgramVersionManufacturer
Realtek HD Audio Control Panel 1.41, 1.45, 1.49, 1.57Realtek Semiconductor Corporation
ElsterFormular2006, 2007Elster
TUGZip3.4Christian Kindahl
CD-Tag2.27Claremont Software
Suunto Ski Manager 1.0.2, 1.1, 1.2Suunto
BMC PATROL7.1BMC Software, Inc
Notes
  • If you receive a similar message when you use another program, install the update that is mentioned in this article. If we confirm that other programs are affected by this problem, we will update this article with more information.
  • This problem does not occur with version 1.64 of the Realtek HD Audio Control Panel.

Update deployment information

To resolve this problem, use one of the following methods, as appropriate for your situation.

Important Windows Update and Microsoft Update only detect the affected versions of Realtek HD Audio Control Panel, ElsterFormular, TUGZip, and CD-Tag. However, other programs are affected by this problem. Therefore, if update 935448 is not installed on the computer by using Method 1 or by using Windows Server Update Services (WSUS) in Method 2, use Method 3.

Method 1: Install update 935448 by using Automatic Updates or by using Microsoft Update

To use Microsoft Update, visit the following Microsoft Web site:



Method 2: Deploy update 935448 in an enterprise by using Windows Server Update Services (WSUS) or Microsoft Systems Management Server (SMS)

IT professionals can use WSUS or SMS to deploy this update in an enterprise. For more information about WSUS or SMS, visit the following Microsoft Web sites:

Method 3: Install update 935448 from the Microsoft Download Center

The following file is available for download from the Microsoft Download Center:

Download Download the 935448 package now.

Release Date: April 3, 2007

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.


Known issues

Security update 928843 (MS07-008) and update 935448 contain Hhctrl.ocx files that have the same version number. If you install security update 928843 (MS07-008) after you install update 935448, you must reinstall update 935448.

Prerequisites

To apply this hotfix, you must have Windows XP Service Pack 2 (SP2) installed on the computer.

Installation information

To install this update without requiring any user intervention and without restarting the computer, administrators can use the following command:
WindowsXP-KB935448-x86-ENU /quiet /norestart
Note Restart the computer, and then verify that the installation was successful if you use the /quiet or the /restart switches. You should also review the KB935448.log file for information about any errors that occur when you use the /quiet switch.
For more information about the setup switches that are supported by this update, click the following article number to view the article in the Microsoft Knowledge Base:

262841 Command-line switches for Windows software update packages

Restart information You may have to restart the computer after you apply this update.

File information

The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For Service branch SP2GDR
File nameHhctrl.ocx
File version5.2.3790.2847
File size546,304
Date (UTC)02-Apr-2007
Time (UTC)05:58
Service branchSP2GDR
For Service branch SP2QFE

File nameHhctrl.ocx
File version5.2.3790.2847
File size546,304
Date (UTC)02-Apr-2007
Time (UTC)05:53
Service branchSP2QFE
Note When you install this update, the installer checks whether one or more of the files that are being updated on the system have previously been updated by a Microsoft hotfix. If you have previously installed a hotfix to update one of these files, the installer copies the SP2QFE files to your computer. Otherwise, the installer copies the SP2GDR file to your computer. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

824994 Description of the contents of Windows XP Service Pack 2 and Windows Server 2003 software update packages



Verify that the update is installed

To verify that this update is installed, use the following methods:
  • Method 1: Compare the version of the file that is installed on your computer to the version that is documented in the "File information" section.
  • Method 2: Verify the files that this update installed by reviewing the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB935448\Filelist
    Note This registry subkey may not contain a complete list of the installed files. Also, this registry subkey may not be created correctly if an administrator or an OEM integrates or slipstreams the update into the Windows installation source files.


Removal information

To remove this security update, use the Add or Remove Programs item in Control Panel. Administrators can also use the Spuninst.exe utility to remove this security update. The Spuninst.exe utility is located in the following folder:
%windir%\$NTUninstallKB935448$\Spuninst
To remove this update without requiring any user intervention and without restarting the computer, administrators can use the following command:
%windir%\$NTUninstallKB935448$\Spuninst\Spuninst.exe /quiet /norestart

Status of the problem

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

For more information about security update 925902 (MS07-017) and security update 928843 (MS07-008), click the following article numbers to view the articles in the Microsoft Knowledge Base:

928843 MS07-008: A vulnerability in the HTML Help ActiveX control could allow remote code execution

925902 MS07-017: A vulnerability in GDI could allow remote code execution

For more information about the command-line switches for Windows software update packages, click the following article number to view the article in the Microsoft Knowledge Base:

262841 Command-line switches for Windows software update packages

For more information about the terms that are used to describe software updates, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

↑ Back to the top


Technical revisions

The following table lists significant technical revisions to this article. The revision number and the last review date in this article might indicate minor editorial revisions or structural revisions to this article that are not included in the table.
DateRevisions
April 20, 2007The following changes were made to this article:
  • Updated the "Cause" section to remove AVG Anti-Virus Control Center (made by Grisoft, Inc), and BricoPack Vista Inspirat (made by CrystalXP), from the list of affected programs. Microsoft has confirmed that these programs are not affected by this problem.
  • Added a "Similar problems and solutions" section to document a similar problem with AVG Anti-Virus Control Center (made by Grisoft, Inc), and BricoPack Vista Inspirat (made by CrystalXP).
April 18, 2007The following changes were made to this article:
  • Added the "Symptoms of the problem" section and the "Steps to resolve the problem" section for consumers.
  • Moved the list of affected programs to a table in the "Cause" section. Updated the table to include version information for the affected versions of CD-Tag and TUGZip.
  • Created a "More information for advanced users" section for the "Cause" section, the existing "Resolution" section, the "Status" section, and the "References" section.
  • Created a "Known issues" section to document a known issue with this update. If you install security update 928843 (MS07-008) after you install update 935448, then you must reinstall update 935448.
  • Updated the "Cause" section to include information about additional programs that are affected by this problem. Microsoft has confirmed that this problem affects AVG Anti-Virus Control Center (made by Grisoft, Inc), version 7.5; BMC PATROL (made by BMC Software, Inc), version 7.1; and BricoPack Vista Inspirat (made by CrystalXP), version 1.1.
April 12, 2007The following changes were made to this article:
  • Updated the "Symptoms" section to include version information for the affected versions of Realtek HD Audio Control Panel and to document that Realtek has released version 1.64 to address this problem.
  • Updated the "Symptoms" section to include information about an additional program that is affected by this problem. Microsoft has confirmed that this problem affects Suunto Ski Manager (made by Suunto), versions 1.0.2 , 1.1, and 1.2. .
  • Updated the "Resolution" section to add prerequisite information, restart information, and file information for this update. This information was unintentionally removed on April 10, 2007.
  • Updated the "Resolution" section to add deployment information, removal information, and information about how to verify that the update is installed.
  • Added this table to list major technical revisions to this content.
April 10, 2007
  • Updated the "Resolution" section to include information about the availability of this update on Windows Update and on Microsoft Update.
  • Updated the "Resolution" section to include information about how to deploy this update in an enterprise by using WSUS and SMS.
April 6, 2007Updated the "Symptoms" section to include information about additional programs that are affected by this problem. Microsoft has confirmed that this problem affects ElsterFormular (made by Elster), versions 2006 and 2007, TUGZip (made by Christian Kindahl), and CD-Tag (made by Claremont Software).
April 3, 2007Updated the "Resolution" section to include information about the availability of this update on the Microsoft Download Center.
April 3, 2007Originally published this article to document the problem that affected Realtek HD Audio Control Panel and the availability of a hotfix.

↑ Back to the top


Keywords: atdownload, kblangall, kbmustloc, kbentirenet, qfekb, kbfix, kbbug, kbqfe, kbpubtypekc, kb, kbarchive, kbwinxpsp3fix

↑ Back to the top

Article Info
Article ID : 935448
Revision : 5
Created on : 4/13/2020
Published on : 4/13/2020
Exists online : False
Views : 643