Jump to content

No Control Panel


Recommended Posts

I posted this in the PC Help section, and sho-dan asked me to post the problem here.

I used MBAM to clean a virus off my computer 4 months ago. Since then, the control panel won't start: it gives me an error that "Windows Explorer has encountered a problem and needs to close." I've searched the internet, and can't find a solution for this. I've done two repair installations of the OS, but it does not fix this problem. I can run the individual applets by using Start->Run->control name.cpl, so the applets are there and work, but the normal control panel access does not work.

Another symptom is that the computer does not always shut down properly. I've shut it down at night, and walked away assuming that it would turn off only to find in the morning that it was still on.

The PC is running XP with SP3 installed. I deleted the MBAM logs from the summer, so I can't tell you what it found. I have AVG Free running along with the Online Armor firewall.

Thanks for your help!

I'll post the rest of the logs after the Panda scan is finished.

Malwarebytes' Anti-Malware 1.30

Database version: 1428

Windows 5.1.2600 Service Pack 3

11/27/2008 10:33:27 AM

mbam-log-2008-11-27 (10-33-27).txt

Scan type: Quick Scan

Objects scanned: 63377

Time elapsed: 6 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Here are the results of the Panda scan:

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-11-28 19:24:06

PROTECTIONS: 0

MALWARE: 24

SUSPECTS: 1

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

00035722 adware/comet Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2D51D869-C36B-42bd-AE68-0A81BC771FA5}

00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}

00041446 application/myway HackTools No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC}

00041446 application/myway HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{66FC8717-EFA7-4546-8C4A-E224F3A80C76}

00041446 application/myway HackTools No 0 Yes No hkey_classes_root\clsid\{66fc8717-efa7-4546-8c4a-e224f3a80c76}

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Dave Miers\Cookies\dave miers@atdmt[2].txt

00145807 Cookie/Linksynergy TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@linksynergy[1].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@com[2].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@com[3].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@com[1].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@xiti[1].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@azjmp[3].txt

00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@azjmp[2].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@toplist[1].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@toplist[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@apmebf[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@apmebf[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@apmebf[4].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@www.burstbeacon[1].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@www.burstbeacon[3].txt

00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@server.iad.liveperson[2].txt

00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@fl01.ct2.comclick[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dave Miers\Cookies\dave miers@advertising[1].txt

00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@adrevolver[2].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@ads.pointroll[3].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@ads.pointroll[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Dave Miers\Cookies\dave miers@questionmarket[2].txt

00172449 Cookie/MetriWeb TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@metriweb[1].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@go[2].txt

00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@go[1].txt

00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@target[1].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@atwola[3].txt

00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@atwola[1].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@ads.addynamix[2].txt

00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\Dave Miers\DoctorWeb\Quarantine\VirtumundoBeGone.exe

02897073 Cookie/Revenue TrackingCookie No 0 Yes No C:\Documents and Settings\Tyler Miers\Cookies\tyler miers@adsrevenue[1].txt

03610091 Trj/Banker.FWD Virus/Trojan No 0 Yes No C:\Documents and Settings\Tyler Miers\My Documents\Pyromaniac1444%27s SWEP Maker 1.5 EXE.zip[Pyromaniac1444's SWEP Maker 1.5 EXE.exe]

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

No C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtmulti.dll

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

and finally, the HJT scan:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:30:33 PM, on 11/28/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Tall Emu\Online Armor\oasrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Tall Emu\Online Armor\oacat.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Tall Emu\Online Armor\oaui.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Tall Emu\Online Armor\oahlp.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe

O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--

End of file - 5347 bytes

Link to post
Share on other sites

Here they are:

Volume in drive C is DRV2_VOL1

Volume Serial Number is 9C60-7597

Directory of C:\WINDOWS\SYSTEM32

04/14/2008 05:42 AM 68,608 access.cpl

04/14/2008 05:42 AM 549,888 appwiz.cpl

05/08/2003 08:25 PM 815,104 B57exp.cpl

06/03/2003 11:38 AM 94,208 BCMSM.CPL

05/11/2001 01:00 AM 183,808 bdeadmin.cpl

04/14/2008 04:42 AM 110,592 bthprops.cpl

04/14/2008 05:42 AM 135,168 desk.cpl

04/14/2008 04:42 AM 80,896 firewall.cpl

04/14/2008 05:42 AM 155,136 hdwwiz.cpl

02/10/2004 10:53 AM 94,208 igfxcpl.cpl

04/14/2008 05:42 AM 360,960 inetcpl.cpl

04/14/2008 05:42 AM 129,536 intl.cpl

04/14/2008 05:42 AM 380,416 irprops.cpl

12/04/2008 08:33 PM 73,728 javacpl.cpl

04/14/2008 05:42 AM 68,608 joy.cpl

07/16/2003 11:26 AM 187,904 main.cpl

04/14/2008 05:42 AM 618,496 mmsys.cpl

07/16/2003 11:31 AM 35,840 ncpa.cpl

04/14/2008 04:42 AM 25,600 netsetup.cpl

04/14/2008 05:42 AM 257,024 nusrmgr.cpl

07/16/2003 11:34 AM 36,864 nwc.cpl

04/14/2008 05:42 AM 32,768 odbccp32.cpl

06/12/2000 05:09 AM 454,718 plotman.cpl

04/14/2008 05:42 AM 114,688 powercfg.cpl

06/12/2000 05:09 AM 454,719 styleman.cpl

04/14/2008 05:42 AM 300,544 sysdm.cpl

07/16/2003 11:41 AM 28,160 telephon.cpl

04/14/2008 05:42 AM 94,208 timedate.cpl

04/14/2008 04:42 AM 148,480 wscui.cpl

03/12/2004 02:53 PM 45,056 wtcpl.cpl

04/14/2008 05:42 AM 162,304 wuaucpl.cpl

31 File(s) 6,298,237 bytes

0 Dir(s) 18,111,320,064 bytes free

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.