Missing Control Panel and Unauthorised Restrictions

Purity42 · Dec 31, 2007

Hi,
For some reason or another my Control Panel has vanished and I attempted to access it via the Task Manager. When I tried to open it, it said the Administrator restrictions prevented me from accessing it. I've tried it again as the Administator to find the same results.

I used CWS and HJT and got the following reports:

I apologize for the triple post

Purity42 · Dec 31, 2007

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:45:15 PM, on 12/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1137941807\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\SERVICE.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Documents and Settings\Owner\My Documents\CWShredder.exe
C:\Documents and Settings\Owner\My Documents\HiJackThis_v2.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\proper.exe
O2 - BHO: (no name) - {0AEDF6FF-C17C-4EA9-9BA9-C0780DF5BBA4} - C:\WINDOWS\system32\bqlbpvvv.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1137941807\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [funk] funk.exe
O4 - HKLM\..\Run: [RundII32] C:\WINDOWS\System32\RundII32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Revealer] C:\Documents and Settings\Owner\My Documents\Revealer Free Edition\revealer.exe /b
O4 - HKLM\..\Run: [j6291432] rundll32 C:\WINDOWS\system32\j6291432.dll sook
O4 - HKLM\..\Run: [1Srv32] C:\Program Files\Spytech Software\Spytech SpyAgent\SpyAgent4.exe
O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [5d09e61e.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\5d09e61e.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00015.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: TA_Start.lnk = C:\WINDOWS\SYSTEM32\dwdsrngt.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - ?p=ZJxdm035YYUS
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\AMV Convert Tool 3.70\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {07ADB1C8-141F-365E-C72A-555D5E29669F} - http://85.255.115.229/1/gdnUS1402.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\rglbrfwm.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C563F3F-5621-4F23-BAC8-6B84DCA61AB2} (GoonzuGlobal_downloader Control) - http://cdn.goonzu.com/gscdnSkins/GoonzuGlobal_downloader1222.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1157822958779
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{84EB84BE-DED2-4675-AEDF-58104EFF5360}: NameServer = 195.58.103.111
O17 - HKLM\System\CCS\Services\Tcpip\..\{C93E269C-EA1C-40ED-B185-1BE190A3A3C9}: NameServer = 205.188.146.145
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: geeby - C:\WINDOWS\system32\geeby.dll (file missing)
O20 - Winlogon Notify: rqrpopp - rqrpopp.dll (file missing)
O20 - Winlogon Notify: RundII32 - RundII32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: service - Unknown owner - C:\WINDOWS\SERVICE.EXE

--
End of file - 9887 bytes

Purity42 · Dec 31, 2007

And this is the CWS Report:

**** Run Keys ****

RUN: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
RUN: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
RUN: [BCMSMMSG] BCMSMMSG.exe
RUN: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
RUN: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
RUN: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
RUN: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
RUN: [HostManager] C:\Program Files\Common Files\AOL\1137941807\ee\AOLSoftware.exe
RUN: [funk] funk.exe
RUN: [RundII32] C:\WINDOWS\System32\RundII32.exe
RUN: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
RUN: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
RUN: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
RUN: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
RUN: [Revealer] C:\Documents and Settings\Owner\My Documents\Revealer Free Edition\revealer.exe /b
RUN: [j6291432] rundll32 C:\WINDOWS\system32\j6291432.dll sook
RUN: [1Srv32] C:\Program Files\Spytech Software\Spytech SpyAgent\SpyAgent4.exe
RUN: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify
RUN: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
RUN: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
RUN: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
RUN: [5d09e61e.exe] C:\Documents and Settings\Owner\Local Settings\Application Data\5d09e61e.exe
RUN: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
RUN: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
RUN: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
RUN: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00015.exe"

**** Browser Helper Objects ****

BHO: [] C:\WINDOWS\system32\bqlbpvvv.dll
BHO: [Spybot-S&D IE Protection] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: [SSVHelper Class] C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

**** IE Toolbars ****

TOOLBAR: [Yahoo! Toolbar] C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

**** IE Extensions ****

IEExt: []
IEExt: [Web Browser Applet Control] C:\WINDOWS\System32\msjava.dll
IEExt: [Real.com] C:\WINDOWS\System32\msjava.dll
IEExt: [Real.com] C:\WINDOWS\System32\msjava.dll
IEExt: [Real.com] C:\WINDOWS\System32\msjava.dll
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe

**** Hosts File Entries ****

HOSTS: 192.168.200.3 ad.doubleclick.net
HOSTS: 192.168.200.3 ad.fastclick.net
HOSTS: 192.168.200.3 ads.fastclick.net
HOSTS: 192.168.200.3 ar.atwola.com
HOSTS: 192.168.200.3 atdmt.com
HOSTS: 192.168.200.3 avp.ch
HOSTS: 192.168.200.3 avp.com
HOSTS: 192.168.200.3 avp.ru
HOSTS: 192.168.200.3 awaps.net
HOSTS: 192.168.200.3 banner.fastclick.net
HOSTS: 192.168.200.3 banners.fastclick.net
HOSTS: 192.168.200.3 ca.com
HOSTS: 192.168.200.3 click.atdmt.com
HOSTS: 192.168.200.3 clicks.atdmt.com
HOSTS: 192.168.200.3 customer.symantec.com
HOSTS: 192.168.200.3 dispatch.mcafee.com
HOSTS: 192.168.200.3 download.mcafee.com
HOSTS: 192.168.200.3 downloads-us1.kaspersky-labs.com
HOSTS: 192.168.200.3 downloads-us2.kaspersky-labs.com
HOSTS: 192.168.200.3 downloads-us3.kaspersky-labs.com
HOSTS: 192.168.200.3 downloads1.kaspersky-labs.com
HOSTS: 192.168.200.3 downloads2.kaspersky-labs.com
HOSTS: 192.168.200.3 downloads3.kaspersky-labs.com
HOSTS: 192.168.200.3 downloads4.kaspersky-labs.com
HOSTS: 192.168.200.3 engine.awaps.net
HOSTS: 192.168.200.3 f-secure.com
HOSTS: 192.168.200.3 fastclick.net
HOSTS: 192.168.200.3 ftp.avp.ch
HOSTS: 192.168.200.3 ftp.downloads1.kaspersky-labs.com
HOSTS: 192.168.200.3 ftp.downloads2.kaspersky-labs.com
HOSTS: 192.168.200.3 ftp.downloads3.kaspersky-labs.com
HOSTS: 192.168.200.3 ftp.f-secure.com
HOSTS: 192.168.200.3 ftp.kasperskylab.ru
HOSTS: 192.168.200.3 ftp.sophos.com
HOSTS: 192.168.200.3 ids.kaspersky-labs.com
HOSTS: 192.168.200.3 kaspersky-labs.com
HOSTS: 192.168.200.3 kaspersky.com
HOSTS: 192.168.200.3 liveupdate.symantec.com
HOSTS: 192.168.200.3 liveupdate.symantecliveupdate.com
HOSTS: 192.168.200.3 mast.mcafee.com
HOSTS: 192.168.200.3 mcafee.com
HOSTS: 192.168.200.3 media.fastclick.net
HOSTS: 192.168.200.3 my-etrust.com
HOSTS: 192.168.200.3 nai.com
HOSTS: 192.168.200.3 networkassociates.com
HOSTS: 192.168.200.3 norton.com
HOSTS: 192.168.200.3 phx.corporate-ir.net
HOSTS: 192.168.200.3 rads.mcafee.com
HOSTS: 192.168.200.3 secure.nai.com
HOSTS: 192.168.200.3 securityresponse.symantec.com
HOSTS: 192.168.200.3 service1.symantec.com
HOSTS: 192.168.200.3 sophos.com
HOSTS: 192.168.200.3 spd.atdmt.com
HOSTS: 192.168.200.3 symantec.com
HOSTS: 192.168.200.3 trendmicro.com
HOSTS: 192.168.200.3 update.symantec.com
HOSTS: 192.168.200.3 updates.symantec.com
HOSTS: 192.168.200.3 updates1.kaspersky-labs.com
HOSTS: 192.168.200.3 updates2.kaspersky-labs.com
HOSTS: 192.168.200.3 updates3.kaspersky-labs.com
HOSTS: 192.168.200.3 updates4.kaspersky-labs.com
HOSTS: 192.168.200.3 updates5.kaspersky-labs.com
HOSTS: 192.168.200.3 us.mcafee.com
HOSTS: 192.168.200.3 vil.nai.com
HOSTS: 192.168.200.3 viruslist.com
HOSTS: 192.168.200.3 viruslist.ru
HOSTS: 192.168.200.3 virusscan.jotti.org
HOSTS: 192.168.200.3 virustotal.com
HOSTS: 192.168.200.3 www.avp.ch
HOSTS: 192.168.200.3 www.avp.com
HOSTS: 192.168.200.3 www.avp.ru
HOSTS: 192.168.200.3 www.awaps.net
HOSTS: 192.168.200.3 www.ca.com
HOSTS: 192.168.200.3 www.f-secure.com
HOSTS: 192.168.200.3 www.fastclick.net
HOSTS: 192.168.200.3 www.grisoft.com
HOSTS: 192.168.200.3 www.kaspersky-labs.com
HOSTS: 192.168.200.3 www.kaspersky.com
HOSTS: 192.168.200.3 www.kaspersky.ru
HOSTS: 192.168.200.3 www.mcafee.com
HOSTS: 192.168.200.3 www.my-etrust.com
HOSTS: 192.168.200.3 www.nai.com
HOSTS: 192.168.200.3 www.networkassociates.com
HOSTS: 192.168.200.3 www.sophos.com
HOSTS: 192.168.200.3 www.symantec.com
HOSTS: 192.168.200.3 www.symantec.com
HOSTS: 192.168.200.3 www.trendmicro.com
HOSTS: 192.168.200.3 www.viruslist.com
HOSTS: 192.168.200.3 www.viruslist.ru
HOSTS: 192.168.200.3 www.virustotal.com
HOSTS: 192.168.200.3 www3.ca.com
HOSTS: 192.168.200.3 www3.ca.com

**** IE Settings ****

Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: C:\windows\system32\blank.htm
Search Page: http://www.google.com

**** IE Context Menu (Right click) ****

IEContext: [&AOL Toolbar search] res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IEContext: [&Search] ?p=ZJxdm035YYUS
IEContext: [Add to AMV Convert Tool...] C:\Program Files\AMV Convert Tool 3.70\AMVConverter\grab.html
IEContext: [E&xport to Microsoft Excel] res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84EB84BE-DED2-4675-AEDF-58104EFF5360}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{84EB84BE-DED2-4675-AEDF-58104EFF5360}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0E155F04-F7CD-444B-B52B-9ECD7ADDECA6}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0E155F04-F7CD-444B-B52B-9ECD7ADDECA6}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8A2D5085-1208-46E7-A54E-97A0DA5D714E}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8A2D5085-1208-46E7-A54E-97A0DA5D714E}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BFE3B65E-A0F2-4D59-A1AF-A2CDA6E03643}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BFE3B65E-A0F2-4D59-A1AF-A2CDA6E03643}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C93E269C-EA1C-40ED-B185-1BE190A3A3C9}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C93E269C-EA1C-40ED-B185-1BE190A3A3C9}] DATAGRAM 4

**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No

**** Downloaded Program Files ****

Microsoft XML Parser for Java [file://C:\WINDOWS\Java\classes\xmldso.cab]
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [http://office.microsoft.com/templates/ieawsdc.cab] C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
{07ADB1C8-141F-365E-C72A-555D5E29669F} [http://85.255.115.229/1/gdnUS1402.exe]
{10000000-1000-0000-1000-000000000000
{166B1BCA-3F9C-11CF-8075-444553540000
{17492023-C23A-453E-A040-C7C580BBF700
{4C563F3F-5621-4F23-BAC8-6B84DCA61AB2
{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3
{8AD9C840-044E-11D1-B3E9-00805F499D93
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C
{B9F3009B-976B-41C4-A992-229DCCF3367C
{BB383206-6DA1-4E80-B62A-3DF950FCC697
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA
{D27CDB6E-AE6D-11CF-96B8-444553540000

**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AOL ACS] C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
[aswUpdSv] "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[avast! Antivirus] "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
[avast! Mail Scanner] "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
[avast! Web Scanner] "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[clr_optimization_v2.0.50727_32] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[FontCache3.0.0.0] C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[IDriverT] "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
[idsvc] "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
[ImapiService] C:\WINDOWS\System32\imapi.exe
[iPod Service] "C:\Program Files\iPod\bin\iPodService.exe"
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NetTcpPortSharing] "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[PlugPlay] %SystemRoot%\system32\services.exe
[Pml Driver HPZ12] C:\WINDOWS\system32\HPZipm12.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[service] C:\WINDOWS\SERVICE.EXE
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{422750EB-86AA-4173-8A7E-FEBADE226929}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[usprserv] %SystemRoot%\System32\svchost.exe -k netsvcs
[VSS] %SystemRoot%\System32\vssvc.exe
[w32time] %SystemRoot%\system32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[WMPNetworkSvc] "C:\Program Files\Windows Media Player\WMPNetwk.exe"
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WudfSvc] %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs

**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SEARCH: [CustomSearch] http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
SEARCH: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\windows\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.google.com
IEOPT: [Check_Associations] No
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [NotifyDownloadComplete] no
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Use Custom Search URL]
IEOPT: [Use FormSuggest] yes
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [StatusBarWeb]
IEOPT: [XMLHTTP]
IEOPT: [UseClearType] yes
IEOPT: [Enable Browser Extensions] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Play_Animations] yes
IEOPT: [CompatibilityFlags]
IEOPT: [SearchMigrated]
IEOPT: [SearchMigratedDefaultName] Yahoo! Search
IEOPT: [SearchMigratedDefaultURL] http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IEOPT: [SearchMigratedInstalled]
IEOPT: [AddToFavoritesExpanded]
IEOPT: [RunOnceHasShown]
IEOPT: [RunOnceComplete]
IEOPT: [AutoHide] yes
IEOPT: [Default]
IEOPT: [LastCommand]
IEOPT: [EnableToolBar]
IEOPT: [Save Directory] C:\Documents and Settings\Owner\My Documents\
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] C:\windows\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Default_Secondary_Page_URL]
IEOPT: [Extensions Off Page] about:NoAdd-ons
IEOPT: [Security Risk Page] about:SecurityRisk
IEOPT: [Check_Associations] yes
IEOPT: [IEWatsonEnabled]
IEOPT: [CustomizeSearch] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [SearchAssistant] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

Please tell me how to regain my Control Panel! Thank You!

GameMaster · Dec 31, 2007

Hello!
Please we have encountered a great problem. Your computer, among of 30 Trojan viruses and couple of AdWares, is hijacked by Rootkit. Many experts suggest reformation. Please reformat your hard drive and change all passwords on bank account if you held them on your computer.
I am sorry but I wouldn't fight against this. It's just too risky.

muckshifter · Dec 31, 2007

I concur ...

It is possible to clean your system, but it will take a lot of time & effort with no guarantee of 100% success.

I therefore advise a wipe & clean install of your system.

:user:

GameMaster · Dec 31, 2007

Yep definetely. I mean of course it's possible to clean, and I am ready to help but only and only if you promise me that I am not responsible for your bank account hack blah blah blah and usual sh*t.

Purity42 · Jan 1, 2008

I used the program ComboFix.exe and after about 10-15 minutes of "cleaning" it restarted my computer with my Control Panel, Task Manager, etc. all there and working. I'm not sure if this was the wrong action or not but I think I'll avoid wipe until I see any of the previous symptoms again

GameMaster · Jan 1, 2008

You don't have to be worried about Trojans.
Be worried if you do any bank actions on your computer as there is a great possibility some1 already has your passwords. I'm not sure did you understand this good enough. Please visit Wikipedia Rootkit definition.

Purity42 · Jan 1, 2008

As long as I don't have any bank passwords, PINs, etc. then I'm fine right? I'm only 15 and therefore don't even have a bank account and I'm the only one who uses this (the infected) computer.

muckshifter · Jan 2, 2008

I see we waste our time here ...

Some people we can help, but fools blunder on regardless ... you are a fool!!

You ask for help, then ignore our advice ... we don't offer the recommendation to format your HD lightly.

:wave:

GameMaster · Jan 2, 2008

Hey Mr muckshifter you are absolutely right. Some guy is wasting our time!!

captain zed · Mar 2, 2010

Aaaar that be spam i reckons

Control Panel Missing	2	Mar 30, 2011
Some virus has hijacked my control panel	7	Oct 3, 2007
Control Panel Missing	2	Dec 12, 2007
XP Restrictions - can't open Control Panel	4	Feb 26, 2008
Control Panel	4	Apr 16, 2013
control panel and security settings missing from the start menu	2	Sep 27, 2009
control panel	2	Nov 23, 2007
control panel dissappeared	1	Jul 2, 2008

Missing Control Panel and Unauthorised Restrictions

Purity42

Purity42

Purity42

GameMaster

muckshifter

I'm not weird, I'm a limited edition.

GameMaster

Purity42

GameMaster

Purity42

muckshifter

I'm not weird, I'm a limited edition.

GameMaster

captain zed

Ask a Question

Similar Threads