|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
deubanks
Guest
|
 Posted: Wed Dec 31, 2003 2:55 pm Post subject: ctrlpan.dll |
|
|
| I am having the same problem with ctrlpan.dll. The error comes everytime I start the computer and says "error loading ..... ctrlpan.dll. I ran the CW Shredder and it helped some other problems I was having, but not this one. Any suggestions? Thanks |
|
| Back to top |
|
 |
Acheton
Forums Admin
Premium Member
Joined: Sep 04, 2003
Posts: 2699
Location: Uk
|
| Posted: Wed Dec 31, 2003 3:20 pm Post subject: |
|
|
Hi deubanks,
I've moved your post here to it's own thead. Please always start a new thread even if you have the same problem as someone else. Please could you download and run HijackTHis and post a log here in this thread. Then we can help you out.
thanks,
ach  |
|
| Back to top |
|
|
Zer0
Security Expert
Joined: Dec 31, 2003
Posts: 93
Location: Canada
|
| Posted: Wed Dec 31, 2003 6:30 pm Post subject: |
|
|
Hello,
Please run Cwshredder. Once downloaded, open it and hit the "Next" button. Wait while it scans your PC. It will then list what you're infected with. Hit "Next" Again and you're finished. |
|
| Back to top |
|
|
TonyKlein
Site Moderator
Joined: Oct 15, 2002
Posts: 5815
Location: Netherlands
|
| Posted: Thu Jan 01, 2004 7:38 am Post subject: |
|
|
... or you may not be...
After running CWShredder, please do the following:
Go to http://tomcoyote.org/hjt/, and download Hijack This.
Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and please show us its contents.
Most of what it lists will be harmless or even required, so do NOT fix anything yet.
Someone here will be happy to help you analyze the results.
Now press "Config" > "Miscellaneous Tools".
Under the "Generate Startuplist log" button, check the "List also minor sections" box.
Now press "Generate Startuplist Log"
This will generate a text file that will list all running processes, all applications that are loaded automatically when you start Windows, and more.
Go to Edit > select all, copy it and post its contents here as well.
_________________
Tony |
|
| Back to top |
|
|
Zer0
Security Expert
Joined: Dec 31, 2003
Posts: 93
Location: Canada
|
| Posted: Thu Jan 01, 2004 12:58 pm Post subject: |
|
|
| Sorry, I read to fast. Didnt see you already ran it. |
|
| Back to top |
|
|
deubanks
Guest
|
| Posted: Sat Jan 03, 2004 2:46 pm Post subject: ctrlpan.dll |
|
|
Is this what you need, I am a rookie...
Logfile of HijackThis v1.97.7
Scan saved at 2:44:36 PM, on 1/3/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\W32SUP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETZERO\ZCAST.EXE
C:\PROGRAM FILES\NETZERO\CHKRAS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://aifind.cc/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://aifind.cc/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://aifind.cc/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://aifind.cc/
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\NZSEARCHENH.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [w32sup] C:\WINDOWS\SYSTEM\w32sup.exe
O4 - HKLM\..\Run: [Control] rundll32.exe C:\WINDOWS\SYSTEM\ctrlpan.dll,Restore ControlPanel
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar...vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar.../cabsa.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...8367824074
O19 - User stylesheet: C:\WINDOWS\hh.htt
O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)
| Acheton wrote: |
Hi deubanks,
I've moved your post here to it's own thead. Please always start a new thread even if you have the same problem as someone else. Please could you download and run HijackTHis and post a log here in this thread. Then we can help you out.
thanks,
ach |
|
|
| Back to top |
|
|
TonyKlein
Site Moderator
Joined: Oct 15, 2002
Posts: 5815
Location: Netherlands
|
| Posted: Sat Jan 03, 2004 8:54 pm Post subject: |
|
|
Yup, that's what we wanted to see.
Please do the following:
Download the very latest version of CWShredder by Merijn Bellekom, the creator of Hijack This.
Run it, press 'Fix', and allow it to fix all it finds.
Next, post a fresh Hijack This log. THere will be one or two things left to do.
Cheers,
_________________
Tony |
|
| Back to top |
|
|
deubanks
Guest
|
| Posted: Sun Jan 04, 2004 11:57 am Post subject: ctrlpan.dll |
|
|
This should be the latest.
Logfile of HijackThis v1.97.7
Scan saved at 11:58:15 AM, on 1/4/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\W32SUP.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOBNZ08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSOL08.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\1033\MSOFFICE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HIJACK THIS\HIJACKTHIS.EXE
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\NZSEARCHENH.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [w32sup] C:\WINDOWS\SYSTEM\w32sup.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Startup: officejet 6100.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar...vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar.../cabsa.cab
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C...8367824074 |
|
| Back to top |
|
|
TonyKlein
Site Moderator
Joined: Oct 15, 2002
Posts: 5815
Location: Netherlands
|
| Posted: Sun Jan 04, 2004 7:33 pm Post subject: |
|
|
Check, and have Hijack THis fix these items:
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\NZSEARCHENH.DLL
O4 - HKLM\..\Run: [w32sup] C:\WINDOWS\SYSTEM\w32sup.exe
Now restart your computer and delete the C:\WINDOWS\SYSTEM\W32SUP.EXE file.
_________________
Tony |
|
| Back to top |
|
|
deubanks
Guest
|
| Posted: Sun Jan 04, 2004 10:33 pm Post subject: ctrlpan.dll |
|
|
WOW! no error on startup. You guys are great! Thanks very much
Just one question. When I ran the HiJack This and fixed the 2 items above I believe it then asked if I wanted to delete the items and I said Yes. Anyway, when I searched for the w32sup.exe I found one "Application" file but not an actual ".exe" file. Should I delete the application? |
|
| Back to top |
|
|
Bulldog
Site Moderator
Joined: Nov 16, 2003
Posts: 4002
Location: Canada
|
| Posted: Mon Jan 05, 2004 5:22 am Post subject: |
|
|
Hi deubanks.
What do you mean by application file ?
Are you able to post the entire path and file name please.
.
_________________
Cheers |
|
| Back to top |
|
|
TonyKlein
Site Moderator
Joined: Oct 15, 2002
Posts: 5815
Location: Netherlands
|
| Posted: Mon Jan 05, 2004 9:29 am Post subject: |
|
|
An application file is what Windows calls an exefile.
I think we may be talking about the same thing...
But it could be you're not seeing file extensions at all:
- Open My Computer.
- Select the Tools menu and click Folder Options. (Or go to Control Panel > Folder Options)
- Select the View Tab.
- UNcheck "Hide file extensions for known file types"
- Click Yes to confirm.
- Click OK.
_________________
Tony |
|
| Back to top |
|
|
deubanks
Guest
|
| Posted: Mon Jan 05, 2004 10:16 am Post subject: ctrlpan.dll |
|
|
That was it, the extensions were hidden. But it will not let me delete it using MS Explorer. It says the "specified file is currently being used by Windows".
As this point I am error free but it sounds like I need to delete it for other reasons? Thanks |
|
| Back to top |
|
|
Bill
Guest
|
| Posted: Tue Jan 06, 2004 5:20 am Post subject: Ctrlpan is infected with torjan..... |
|
|
Hi, i find difficulty in browsing my net and i cant even write mails as the CPU consumption for internet explorer reaches 99 percent whenever i do browsing..Then i installed spybot and problem was identified and i fixed it and that was some torjan..but whenever next time i reboot my system problem comes again...I then run trendmicro online scan and it detects that ctrlpan.dll is infected with Troj_Small_DB. I try to clean it but it says that its uncleanable. I tried to delete it but it says that its already in use. This torjan effects u can see in this site....
[url]http://www.trendmicro.com/vinfo/virusencyclo/default5.asp? VName=TROJ_SMALL.DB[/url]
On same page there is recovery instructions but i cannot find these entries which it mentioned and also i cannot stop the process bcz i cant find which process its running in. I am running WIN 2000 . Now i have installed ZOnealarm firewall and put restriction that it should ask before running this dll but after sometimes that permission restriction surprizingly changes. I am very much depressed ....what to do..? |
|
| Back to top |
|
|
Bulldog
Site Moderator
Joined: Nov 16, 2003
Posts: 4002
Location: Canada
|
| Posted: Tue Jan 06, 2004 5:40 am Post subject: |
|
|
Hi Bill,
| TonyKlein wrote: |
Please do the following:
Download the very latest version of CWShredder http://www.merijn.org/files/cwshredder.zip by Merijn Bellekom, the creator of Hijack This.
Run it, press 'Fix', and allow it to fix all it finds.
|
Next Download 'Hijack This!'. http://tomcoyote.org/hjt/
Unzip, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
_________________
Cheers
|
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
