1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Access Denied - Unable to open Control Panel

Discussion in 'Windows XP' started by talon785, Jul 27, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. talon785

    talon785 Thread Starter

    Joined:
    Nov 3, 2003
    Messages:
    15
    I seem to have gotten some trojans, so far 2 of the trojans that have shown up on online virus scan are Agent.G and Dyfuca.m ...the trojans show they are uncleanable, I am unable to run programs, keep getting a popup message that is saying:
    C:\Windows\System32\Autoexec.nt. The system file is not suitable for running ms-dos and microsoft windows applications.

    I did some searcing around the boards, found a similar problem, tried the fix, but it didn't work.
    I am unable to access much of my control panel, keeps telling me I don't have permission.
    I am unable to delete some files, popup keeps telling me the file is in use and can't be deleted....I am running windows xp pro. Can someone please help me out with this?
    Another thing also, I tried to download and run AVG but I keep getting the MS-DOS pop up that I mentioned earlier in the post.
     
  2. KHolloman

    KHolloman

    Joined:
    Jul 22, 2004
    Messages:
    896
    do you have Spybot or Adaware? If not download them ,along with HiJackThis from www.downloads.com and post your HiJack log on here.
     
  3. Bob Cerelli

    Bob Cerelli

    Joined:
    Nov 2, 2002
    Messages:
    22,468
    That should be just a plain text file.

    Other than the REM'd out lines, shat are the contents of that file?

    All I have is:
    lh %SystemRoot%\system32\mscdexnt.exe
    lh %SystemRoot%\system32\redir
    lh %SystemRoot%\system32\dosx
     
  4. talon785

    talon785 Thread Starter

    Joined:
    Nov 3, 2003
    Messages:
    15
    I had spybot already downloaded, scanned and it did find some dyfuca entries, bargain buddies entries, I cleaned them, restarted and scanned again, everything came back clean, ran adaware and it also showed some spyware, cleaned all them and here is what I get from the hijack log, I am still unable to open alot of my files, control panel, etc...Still getting the popup c:\windows\system32\autoexec.nt. The system file is not suitable for running ms-dos and microsoft windows applications.




    Logfile of HijackThis v1.97.7
    Scan saved at 4:16:03 PM, on 7/27/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WindUpdates\WinUpdt.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WindUpdates\WinKA.exe
    C:\WINDOWS\system32\drivers\KodakCCS.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\ScsiAccess.EXE
    C:\WINDOWS\System32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Greg H\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.midco.net:3128
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem219.dll (file missing)
    O2 - BHO: (no name) - {6AFE3D77-9C45-5ACD-8350-645579D4791A} - C:\WINDOWS\System32\rib.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe
    O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autofix
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38112.9803819444
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln Object) - http://www.microsoft.com/security/controls/DoomCln.CAB
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
     
  5. Bob Cerelli

    Bob Cerelli

    Joined:
    Nov 2, 2002
    Messages:
    22,468
    You might run MSCONFIG and see if it is listed in the Startup.

    Also

    Start Regedit
    Go to both:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

    Double check that it isn't there as well.
     
  6. talon785

    talon785 Thread Starter

    Joined:
    Nov 3, 2003
    Messages:
    15
    When I do the regedit, what am I suppose to be looking for? I didn't understand the post about the rem'd out lines? I'm lost on that part of things, I know how to get to the regedit, but don't know what i'm suppose to be looking for, do I delete something?
     
  7. Bob Cerelli

    Bob Cerelli

    Joined:
    Nov 2, 2002
    Messages:
    22,468
    First off, if you are not sure about editing the registry, either get someone else to help you or be very careful. Most of the computer's configurations and settings are kept there.

    After you start Regedit, go to the location given in the previous post and look to see if that file is listed in either of the startup sections and remove it.
     
  8. talon785

    talon785 Thread Starter

    Joined:
    Nov 3, 2003
    Messages:
    15
    it's not listed in either place...This is frustrating since I am still unable to open anything inside the control panel...can't even open avg to run it.
     
  9. Bob Cerelli

    Bob Cerelli

    Joined:
    Nov 2, 2002
    Messages:
    22,468
    Have you tried doing the virus and spyware scans etc from safe mode.
     
  10. talon785

    talon785 Thread Starter

    Joined:
    Nov 3, 2003
    Messages:
    15
    yes, I booted into safe mode, still unable to run avg, open any programs through the control panel, unable to install software from the cd-rom, keep getting the message about the ms-dos applications.
     
  11. Bob Cerelli

    Bob Cerelli

    Joined:
    Nov 2, 2002
    Messages:
    22,468
    Have you tried searching the entire registry for that file?

    Also, it now seems that in addition to the first post about C:\Windows\System32\Autoexec.nt, you also can't even open up the Control Panel programs

    Also see references to Panda Anti-Virus:
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab



    How did you initially do a virus scan or show the HJT log if you can't open any programs?

    I'm no HJT expert, but these also seem suspicious. Maybe you can take the time to find out what they are.

    C:\Program Files\WindUpdates\WinKA.exe

    O2 - BHO: (no name) - {6AFE3D77-9C45-5ACD-8350-645579D4791A} - C:\WINDOWS\System32\rib.dll

    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)

    O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
     
  12. talon785

    talon785 Thread Starter

    Joined:
    Nov 3, 2003
    Messages:
    15
    Sorry it took me awhile to get back due to my harddrive going out completely, When it wouldn't let me open any programs, I gave up and figured it was time to delete everything and reinstall XP, so I tried to delete everything on the harddrive, format and install XP, it would only format to a low % and quit, installed it on another computer, tried to format and install XP again, it done the same thing, it would get to 48% and quit formatting, I took it into a computer shop and they told me the harddrive was no good, so I ended up putting a new harddrive in, formatting and installing XP on the new HD. Thank You BOB for all your help, but I guess with the harddrive on it's way out already when I posted, there wasn't much left to do, but it was worth a try and I also learned some different things to check if this same thing should happen again. I figured I would post back with the lowdown so this thread can be closed....Thanks again.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Access Denied Unable
  1. emptyxremedy
    Replies:
    2
    Views:
    485
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/255011

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice