Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't open Control Panel or IE


  • This topic is locked This topic is locked
55 replies to this topic

#1 Tehyoda

Tehyoda

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 PM

Posted 10 September 2012 - 04:02 PM

My Grandpa's friend recently gave me his computer to look at, saying he can't connect to the internet.
When I got it I could not open up Internet Explorer at all (nothing happened when I clicked on it).
I also couldn't open the Control Panel.
And when I tried to open msconfig, it said it's not found.
There's probably more but that's all I've noticed so far...

Same problems if I reboot into safe mode, IE and Control Panel don't work.

I ran Malwarebytes on it and it found some Adware, which it cleaned up. I wasn't thinking and didn't save the log.
I also ran the Avast quick scan on it, and it found nothing.

I noticed if I reboot into safe mode and go into the built in Administrator account, IE and the Control Panel work.
I also noticed that it had IE6 installed. So I updated to IE8 hoping it would fix some problems.

After I updated the Control Panel still won't work, and IE opens, but then closes right away.

I also do not have a disk for it (so I can't try running SFC)
It's running Windows XP Home, and I have a Windows XP Pro disk.

So it's looking more and more like a virus/malware infection.

EDIT: one more thing I forgot to mention, when I was installing Malwarebytes, when the installer was creating the shortcuts I got an error: CoCreateInstance failed; code 0x80040154 Class not registered.
The install completed after that but the shortcuts weren't created.

EDIT 2: something I just noticed; if I double click on IE (or any shortcut) nothing happens, but if I right click and click open it opens. This doesn't happen if I navigate to the folder where the .exe exists and double click on it.

Also if I open IE by clicking on C:\Program Files\Internet Explorer\iexplore.exe, it doesn't close but instead hangs right away before it displays anything. And I verified the shortcut for IE did point to iexplore.exe in the correct directory.

So:
Double click on IE shortcut - nothing happens.
Right click -> open on IE shortcut - opens and then closes right away.
Double click on iexplore.exe - opens and then hangs forcing me to close with task manager.

Double click on Adobe Reader shortcut - nothing happens.
Right click -> open on Adobe Reader shortcut - opens and stays open.

Hopefully that information will help.

Attached Files


Edited by Tehyoda, 11 September 2012 - 08:51 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 12 September 2012 - 09:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Please post the logs for my review.

Please let me know if your internet connection is working or not.

#3 Tehyoda

Tehyoda
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 PM

Posted 12 September 2012 - 12:10 PM

There is no Repair your computer option.

Options are: safe mode, safe mode with networking, safe mode with cmd, boot logging, vga mode, last known config, directory service restore, debugging mode, disable auto restart on fail, start windows normally, reboot, and return to os choices menu.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 12 September 2012 - 12:33 PM

My mistake, the tool is only for Vista or Windows 7.

Try this one. If not able to run in Normal Mode do it in Safe Mode.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

#5 Tehyoda

Tehyoda
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 PM

Posted 12 September 2012 - 01:12 PM

Done.

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 12 September 2012 - 01:29 PM

Looking better.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
===

Please post the logs and let me know if the problem persists.

#7 Tehyoda

Tehyoda
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 PM

Posted 12 September 2012 - 01:38 PM

Done.
Something I just noticed, I still can't open the Control Panel from the start menu.
But, if I open a command prompt and use the control command it opens.

Also, the problems with Internet Explorer persist.

Security Check
Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Adobe Flash Player 11.3.300.271
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 12% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


AdwCleaner
# AdwCleaner v2.001 - Logfile created 09/12/2012 at 13:32:37
# Updated 09/09/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Ray - RAY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Ray\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\2d88xb3k.default\extensions\wecarereminder@bryan
Folder Deleted : C:\Program Files\Free Offers from Freeze.com

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\2d88xb3k.default\prefs.js

C:\Documents and Settings\Ray\Application Data\Mozilla\Firefox\Profiles\2d88xb3k.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Ray\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2949 octets] - [12/09/2012 13:32:37]

########## EOF - C:\AdwCleaner[S1].txt - [3009 octets] ##########

Edited by Tehyoda, 12 September 2012 - 01:40 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 13 September 2012 - 06:56 AM

This tool will identify some corrupt operating files and replace them.

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

Keep me posted.

#9 Tehyoda

Tehyoda
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 PM

Posted 13 September 2012 - 07:44 AM

Ok new problem.

I plugged in the computer this morning and it instantly turned on (i didn't press the power button)
Then it gave me an error (before windows started):

Floppy diskette seek failure
Alert! System battery voltage is low
Strike the F1 key to continue, F2 to run the setup utility

If I press F1 it gives me the "We apologize for the inconvenience, but Windows did not start successfully."
No matter what option I select, it just reboots.

#10 Tehyoda

Tehyoda
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 PM

Posted 13 September 2012 - 07:57 AM

I replaced the CMOS battery and disabled the floppy drive in the bios. (there's no floppy drive anyways)
No more errors at BIOS,
but I can't boot into Windows, regardless of if I select safe mode or normal.

Edited by Tehyoda, 13 September 2012 - 08:05 AM.


#11 Tehyoda

Tehyoda
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 PM

Posted 13 September 2012 - 08:14 AM

Ah I fixed it, because the CMOS battery died, I'm guessing it reset the BIOS.
So I had to change the SATA mode from AHCI to ATA.

Going to run SFC now.

#12 Tehyoda

Tehyoda
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 PM

Posted 13 September 2012 - 08:41 AM

Ok ran SFC and rebooted.

IE still closes immediately after I open it,
and I still can't open the control panel from the start menu.

#13 Tehyoda

Tehyoda
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 PM

Posted 13 September 2012 - 08:59 AM

I got the control panel working by restoring the LNK file association.
Problems with Internet Explorer persist though.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:16 PM

Posted 13 September 2012 - 09:57 AM

Reset your HOSTS file.
How To:
http://support.microsoft.com/kb/972034

Use the Fix it button on the page.
===

Lets remove this empty service key.

Please run Notepad and copy the following text into a new file:

sc config Lavasoft Ad-Aware Service start= disabled
sc stop Lavasoft Ad-Aware Service
sc delete Lavasoft Ad-Aware Service


Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files". Locate remove.bat on the Desktop and double-click on it to run it. A DOS box will open and close, that is normal.
If any errors errors encountered please post.
When done you can delete the remove.bat file.

p.s. On a Vista/Windows7 Operating System run the remove.bat file as Administrator.
===

Let see what we can find on this iexplore.exe file.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    iexplore.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Now Run the DDS tool again and post both logs for my review.

#15 Tehyoda

Tehyoda
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 PM

Posted 13 September 2012 - 10:05 AM

EDIT: Just saw the 'run the DDS tool again'...doing that now...

When running the Microsoft fixit I get the error:

The Window's Installer Service could not be accessed.
This can occur if the Windows Installer is not correctly Installed.


I deleted the service without errors.

Here's the output from SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 02:11 on 11/10/2004 by Ray
Administrator - Elevation successful

========== filefind ==========

Searching for "iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe --a---- 638816 bytes [17:53 06/05/2010] [19:09 08/03/2009] B60DDDD2D63CE41CB8C487FCFBB6419E
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe --a---- 218696 bytes [16:08 10/09/2012] [22:04 07/09/2012] 4E0D8C9F83B7FD82393F7D8CCC27E7AE
C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe -----c- 93184 bytes [20:51 06/05/2010] [07:56 04/08/2004] E7484514C0464642BE7B4DC2689354C8
C:\WINDOWS\erdnt\cache\iexplore.exe --a---- 638816 bytes [18:09 12/09/2012] [19:09 08/03/2009] B60DDDD2D63CE41CB8C487FCFBB6419E
C:\WINDOWS\ie8\iexplore.exe --a--c- 93184 bytes [19:33 10/09/2012] [00:12 14/04/2008] 55794B97A7FAABD2910873C85274F409
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe -----c- 93184 bytes [07:56 04/08/2004] [00:12 14/04/2008] 55794B97A7FAABD2910873C85274F409
C:\WINDOWS\system32\dllcache\iexplore.exe --a--c- 638816 bytes [17:53 06/05/2010] [19:09 08/03/2009] B60DDDD2D63CE41CB8C487FCFBB6419E

-= EOF =-

Edited by Tehyoda, 13 September 2012 - 10:05 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users