1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

[Solved] problems with control panel and exe files

Discussion in 'Virus & Other Malware Removal' started by mm21, Nov 27, 2001.

Thread Status:
Not open for further replies.
Advertisement
  1. mm21

    mm21 Thread Starter

    Joined:
    Nov 27, 2001
    Messages:
    30
    i'm having trouble with my control panel, once i'm there, i cant open anything in it
    i was reading some instructions that were given to someone with a similar problem, and i used the "exefix8" link.
    It seemed to work, cuz when i went back to the control panel, everything opened and i thought everything was fine.
    But a few days later, i tried to open something in the control panel, and it wouldnt open.

    This has happened twice, and i've used the exefix8 2 times, and it always fixes it, but i've noticed that when i download a jpeg or mpeg, they save as exe files, and thats when the stuff in my control panel gets messed up
    its only when i download stuff
    Nothing else in my computer is messed up, everything seems to be working fine, except for the control panel and the files that keep saving as "exe" files

    i did the startlog, but i dont know very much about technical stuff on the computer, so i wouldnt know if there r errors in it... :(
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Hi mm21,

    Welcome to the board!

    If it changes back all the time, it certainly points to the presence of a virus or trojan.Why not post your startup log here, so that we could get a look, and maybe offer some advice?

    Greetz,
     
  3. mm21

    mm21 Thread Starter

    Joined:
    Nov 27, 2001
    Messages:
    30
    thanks for taking the time to try and help me, herers the log:


    StartUp Log (version 1.53) - Release Date 8/19/2001

    __________________________________________________________________________
    __________________________________________________________________________

    StartUp Log Index

    1. HKLM Run
    2. HKCU Run
    3. HKLM RunOnce
    4. HKCU RunOnce
    5. HKLM RunServices
    6. HKLM RunServicesOnce
    7. WIN.INI file
    8. SYSTEM.INI file
    9. AUTOEXEC.BAT file
    10. StartUp folder
    11. All Users StartUp
    12. Misc. StartUp Configurations

    __________________________________________________________________________
    __________________________________________________________________________

    The following is a list of your current Start-Ups
    __________________________________________________________________________
    __________________________________________________________________________

    1. HKLM Run - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ScanRegistry"="c:\\windows\\scanregw.exe /autorun"
    "TaskMonitor"="c:\\windows\\taskmon.exe"
    "SystemTray"="SysTray.Exe"
    "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
    "EM_EXEC"="c:\\mouse\\system\\em_exec.exe"
    "CPQEASYACC"="C:\\Program Files\\Compaq\\Easy Access Button Support\\cpqeadm.exe"
    "EACLEAN"="C:\\Program Files\\Compaq\\Easy Access Button Support\\eaclean.exe"
    "Aureal A3D Interactive Audio Init"="A3dInit.exe"
    "Compaq Internet Setup"="C:\\Compaq\\Internet\\InetWizard.exe /RUN"
    "CISrvr Program"="C:\\COMPAQ\\INTERNET\\CISRVR.EXE"
    "AvconsoleEXE"="C:\\Program Files\\Network Associates\\McAfee VirusScan\\avconsol.exe /minimize"
    "VsecomrEXE"="C:\\Program Files\\Network Associates\\McAfee VirusScan\\VSECOMR.EXE"
    "Vshwin32EXE"="C:\\PROGRAM FILES\\NETWORK ASSOCIATES\\MCAFEE VIRUSSCAN\\VSHWIN32.EXE"
    "VsStatEXE"="C:\\Program Files\\Network Associates\\McAfee VirusScan\\VSSTAT.EXE /SHOWWARNING"
    "McAfeeWebScanX"="C:\\PROGRAM FILES\\NETWORK ASSOCIATES\\MCAFEE VIRUSSCAN\\WebScanX.Exe"
    "Service Connection"="c:\\cpqs\\bwtools\\bwtray.exe"
    "OEMCLEANUP"="c:\\windows\\OPTIONS\\oemreset.exe"
    "LoadQM"="loadqm.exe"
    "InstantAccess"="C:\\PROGRA~1\\TEXTBR~1.0\\BIN\\INSTAN~1.EXE /h"
    "RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\BIN\\REGIST~1.EXE"
    "PE2CKFNT SE"="C:\\Program Files\\Ulead Systems\\Ulead Photo Express 2 SE\\ChkFont.exe"
    "StillImageMonitor"="C:\\WINDOWS\\SYSTEM\\STIMON.EXE"
    "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
    "Adaptec DirectCD"="C:\\PROGRA~1\\IOMEGA~1\\DIRECTCD.EXE"
    "CreateCD"="C:\\PROGRA~1\\IOMEGA~1\\EASYCD~1\\CREATECD\\CREATECD.EXE -r"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    "NoChange"="1"
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    "Installed"="1"


    ==========================================================================
    __________________________________________________________________________

    2. HKCU Run - Registry

    [RegPath]
    "StartUp"


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "AOL Instant Messenger (TM)"="C:\\Program Files\\Netscape\\Communicator\\Program\\AIM\\aim.exe -cnetwait.odl"
    "Reminder"="C:\\Program Files\\Microsoft Money\\System\\reminder.exe"
    "MSMSGS"="C:\\Program Files\\Messenger\\msmsgs.exe /background"
    "Mirabilis ICQ"="C:\\Program Files\\ICQ\\NDetect.exe"
    "AIM"="C:\\PROGRAM FILES\\NETSCAPE\\COMMUNICATOR\\PROGRAM\\AIM\\aim.exe -cnetwait.odl"


    ==========================================================================
    __________________________________________________________________________

    3. HKLM RunOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


    ==========================================================================
    __________________________________________________________________________

    4. HKCU RunOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]


    ==========================================================================
    __________________________________________________________________________

    5. HKLM RunServices - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
    "Aureal A3D Interactive Audio"="sa3dsrv.exe"
    "ConfigServices"="C:\\CPQS\\TOOLS\\CONFIG.EXE"
    "Vshwin32EXE"="C:\\PROGRAM FILES\\NETWORK ASSOCIATES\\MCAFEE VIRUSSCAN\\VSHWIN32.EXE"
    "McAfeeWebScanX"="C:\\PROGRAM FILES\\NETWORK ASSOCIATES\\MCAFEE VIRUSSCAN\\WebScanX.Exe /RUNSERVICES"
    "HC Reminder"="hc.exe"
    "RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\BIN\\REGIST~1.EXE"


    ==========================================================================
    __________________________________________________________________________

    6. HKLM RunServicesOnce - Registry

    [RegPath]
    "StartUp"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]


    ==========================================================================
    __________________________________________________________________________

    7. WIN.INI File - (c:\windows\win.ini)

    Your win.ini run/load lines should look like run= and load= exclusively.
    There should be nothing to the right of the equal signs.


    These are the run and load lines in your WIN.INI file

    run=

    load=

    ==========================================================================
    __________________________________________________________________________

    8. SYSTEM.INI File - (c:\windows\system.ini)

    Your system.ini shell line should look like shell=Explorer.exe exclusively.
    You should only see Explorer.exe following the equal sign.


    This is the shell line in your SYSTEM.INI file

    shell=Explorer.exe

    ==========================================================================
    __________________________________________________________________________

    9. AUTOEXEC.BAT File - (c:\autoexec.bat)

    (Some trojans have been known to start from this file)


    These are your program startups and set paths in your autoexec.bat file

    @ECHO OFF
    @REM Setup for QR, BW & Hibernation
    @PATH C:\CPQS\SAVEREST;C:\CPQS\TOOLS;C:\WINDOWS\COMMAND;C:\WINDOWS
    @IF EXIST C:\CPQS\SAVEREST\QRSETUP.* CALL C:\CPQS\SAVEREST\QRSETUP /MFG C:
    @IF EXIST C:\HIBERNAT\PHDISK*.* IF EXIST C:\HIBERNAT\NEW_HIB.* CALL C:\HIBERNAT\NEW_HIB
    @PATH C:\CPQS\SAVEREST;C:\CPQS\TOOLS;C:\WINDOWS\COMMAND;C:\WINDOWS;%PATH%
    @IF EXIST C:\APPL.ZIP\NUL IF EXIST C:\WINDOWS\SMARTDRV.EXE C:\WINDOWS\SMARTDRV.EXE
    @PATH C:\CPQS\SAVEREST;C:\CPQS\TOOLS;C:\WINDOWS\COMMAND;C:\WINDOWS
    C:\PROGRA~1\NETWOR~1\MCAFEE~1\SCAN.EXE C:\ /NOEXPIRE
    @IF ERRORLEVEL 1 PAUSE
    SET BLASTER=A220 I5 D1
    C:\essolo.com
    REM Environment Settings For McAfee VirusScan
    SET PATH=%PATH%;C:\PROGRA~1\NETWOR~1\MCAFEE~1
    CALL C:\CPQS\TOOLS\DOSPATH.BAT

    ==========================================================================
    __________________________________________________________________________

    10. StartUp Folder - (c:\windows\start menu\programs\startup)

    Shortcuts to any program will automatically start when placed here.


    These are the shortcuts located in your StartUp folder

    C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Find Fast.lnk
    C:\WINDOWS\Start Menu\Programs\StartUp\Office Startup.lnk
    C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Works Calendar Reminders.lnk
    C:\WINDOWS\Start Menu\Programs\StartUp\America Online 7.0 Tray Icon.lnk
    C:\WINDOWS\Start Menu\Programs\StartUp\Watch.lnk
    C:\WINDOWS\Start Menu\Programs\StartUp\Photo Express Calendar Checker SE.lnk
    C:\WINDOWS\Start Menu\Programs\StartUp\MS_SETUP.exe
    C:\WINDOWS\Start Menu\Programs\StartUp\Microsoft Office.lnk
    C:\WINDOWS\Start Menu\Programs\StartUp\PowerReg SchedulerV2.exe

    ==========================================================================
    __________________________________________________________________________

    11. All Users Folder - (c:\windows\all users\start menu\programs\startup)

    Shortcuts to any program will automatically start when placed here.


    These are the shortcuts located in your All Users StartUp folder


    *(No start-ups found)*

    ==========================================================================
    __________________________________________________________________________

    12. Miscellaneous StartUp Configurations

    -============================-
    Registry StartUp Directories
    -============================-

    Should show the Start Menu StartUp and All Users StartUp directories

    .....................................................................

    [1] HKCU - Shell Folders

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

    "Startup"="C:\\WINDOWS\\Start Menu\\Programs\\StartUp"

    .....................................................................

    [2] HKCU - User Shell Folders

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders


    .....................................................................

    [3] HKLM - Shell Folders

    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders

    "Common Startup"="C:\\WINDOWS\\All Users\\Start Menu\\Programs\\StartUp"

    .....................................................................

    [4] HKLM - User Shell Folders

    HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders


    .....................................................................

    -=======================-
    Registry Shell Spawning
    -=======================-

    Open Commands for Executable File Types

    @="\"%1\" %*"
    (.exe file - RegPath = HKCR\exefile\shell\open\command)

    @="\"%1\" %*"
    (.com file - RegPath = HKCR\comfile\shell\open\command)

    @="\"%1\" /S"
    (.scr file - RegPath = HKCR\scrfile\shell\open\command)

    @="\"%1\" %*"
    (.bat file - RegPath = HKCR\batfile\shell\open\command)

    @="\"%1\" %*"
    (.pif file - RegPath = HKCR\piffile\shell\open\command)

    @="C:\\WINDOWS\\SYSTEM\\MSHTA.EXE \"%1\" %*"
    (.hta file - RegPath = HKCR\htafile\shell\open\command)

    -=========================-
    HKLM RunOnceEx - Registry
    -=========================-


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx]


    -====================-
    StubPaths - Registry (Partial Listing)
    -====================-

    (Please see the StubPath.txt on your desktop for complete listing)

    HKLM\Software\Microsoft\Active Setup\Installed Components


    "OldStubPath"="c:\\windows\\SYSTEM\\ie4uinit.exe"
    "RealStubPath"="C:\\WINDOWS\\SYSTEM\\IE4UINIT.EXE"
    "StubPath"="c:\\windows\\COMMAND\\sulfnbk.exe /L"
    "RealStubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:OE /CALLER:IE50 /user /install"
    "StubPath"=""
    "StubPath"="\"C:\\PROGRA~1\\OUTLOO~1\\setup50.exe\" /APP:WAB /CALLER:IE50 /user /install"

    -=================-
    DOSSTART.BAT File - (c:\windows\dosstart.bat)
    -=================-

    @echo off

    LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:IDECD001 /M:12
    c:\mouse\mouse.exe
    c:\essolo.com



    -=========================-
    ICQ Inet Registry StartUp
    -=========================-

    Shows applications that start when connected to Inet


    [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps]
    "Launch Browser"="No"


    -=====================-
    Screen Saver Settings (Possible system.ini start-up)
    -=====================-

    SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\CURVES~1.SCR

    ==========================================================================
    __________________________________________________________________________

    - Supplemental Environment Information -

    TMP=c:\windows\TEMP
    TEMP=C:\windows\TEMP
    winbootdir=C:\WINDOWS
    COMSPEC=C:\COMMAND.COM
    LOG=NUL
    QRCD=N:
    BOTD=C:
    MFG=YES
    ZIPD=D:
    CPQD=D:
    DSHD=C:
    D12=D:
    EN=EN
    LANG=EN
    PATH=C:\WINDOWS;C:\CPQS\SAVEREST;C:\CPQS\TOOLS;C:\WINDOWS\COMMAND;C:\WINDOWS;C:\PROGRA~1\NETWOR~1\MCAFEE~1;C:\WINDOWS\COMMAND
    windir=C:\WINDOWS


    ==========================================================================
    __________________________________________________________________________

    - End -
     
  4. Max19

    Max19 Account Disabled

    Joined:
    Jul 31, 2001
    Messages:
    1,222
    Before posting your start up log, scan for viruses.
     
  5. mm21

    mm21 Thread Starter

    Joined:
    Nov 27, 2001
    Messages:
    30
    ok, i did the symantec virus scan and it said there were no viruses detected in my memory, but i have 10 infected files

    one of the files says "infected with W95.CIH.damaged"

    the other 9 say that it is infected with "W32.Blebla.B.Worm"

    all 10 r "exe" files
     
  6. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
  7. mm21

    mm21 Thread Starter

    Joined:
    Nov 27, 2001
    Messages:
    30
    ok, i'll try that, and thank u for the help
     
  8. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    You're welcome. :)

    Hope it helps!

    Greetz,
     
  9. mm21

    mm21 Thread Starter

    Joined:
    Nov 27, 2001
    Messages:
    30
    hey, just wanted to let u know that the problem was corrected :)

    i just followed all the instructions in that link u sent me

    thanks so much :)
     
  10. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Great!

    No problem! :)

    Good luck,
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - [Solved] problems control
  1. HaroRider
    Replies:
    12
    Views:
    980
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/59835

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice