Need help. I cannot start 'System 1

[stoney696969]

Need help.
I cannot start 'System Restore', either to use it, or to shut it down. I get an 'error' with:

"An exception occurred while trying to run "shell32.dll,Control_RunDLL "C:WINDOWs\system32\sysdm.cpl",System"

Adaware, Trendmirco, Macaffe fails to show anything.

My highjack log:

Logfile of HijackThis v1.97.7
Scan saved at 10:58:27 PM, on 1/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\shpc32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\hijack\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PMAIL\winpm-32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up

Stopper Pro\popuppro.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [C-Media Mixer] C:\Program Files\PCI Audio Applications\Bin\AudioRack.exe /MixerStartup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinPatrol Plus] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [SHPC32] shpc32.exe
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: axscanner -

http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: axscannerruntime -

http://www.pestscan.com/scanner/axscannerruntime.cab

O16 - DPF: mscomctl -

http://www.pestscan.com/scanner/mscomctl.cab

O16 - DPF: msvcp71 -

http://download.pestpatrol.com/Downloads/Components/msvcp71.cab

O16 - DPF: msvcr71 -

http://download.pestpatrol.com/Downloads/Components/msvcr71.cab

O16 - DPF: ppctlcab -

http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) -

http://download.macromedia.com/pub/shockwave/cabs/authorware/awswax65.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -

http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) -

http://64.124.45.181/downloads/ccpm_0237.cab

O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} -

http://dst.trafficsyndicate.com/Dnl/T_401/QDow.cab

O16 - DPF: {29B2C103-AB53-4971-B765-FC1CE5D8B2D1} -

http://www.silvercrk.com/php/iraqisolitaire_scecab_24.174.175.17.3204010522731918733_662020.cab

O16 - DPF: {345CA9DC-1600-4CD2-BFCF-7B57DD1A32DA} (NeoworkInstall Control) -

http://easyinstall.icons.com.ne.kr/easyinstall/ocx/ver1003/NeoworkInstall.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akamai.net/7/1540/52...pple.com/bonnie/us/win/QuickTimeInstaller.exe

O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) -

http://tw.msi.com.tw/autobios/client/iftwclix.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37903.7810648148

O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -

http://dload.ipbill.com/del/loader.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) -

http://web14.compaq.com/falco/SysQuery.cab

Any suggestions?
stoney

 

[carrr]

Check out this post:

http://www.mail-archive.com/pcworks@imagicomm.com/msg07847.html

WIth the exception of this entry, your log looks ok:

O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll

 

[viol8ion]

O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll

That dll is from realnetworks... not evil (other than RA does take over your computer with little icons in your sys tray and all that crap). Try uninstalling Real Audio and see if that fixes the problem... RA has been known to cause system crashes and weird conflicts.

When in doubt, deny all terms and defnitions.

http://www.wuli.com

 

[carrr]

Sorry that link posted in so badly...I just noticed it. Try this one:

http://www.mail-archive.com/pcworks@imagicomm.com/msg07847.html

 

[carrr]

Strange...it's pasting in clearly, but once I post it...it's a mess.

If viol8ion's suggestion doesn't pan out for you, copy and paste your error message into a Google search window. You should find the post I was trying to direct you to as the first hit.

 

[viol8ion]

What I think carrr is suggesting is to do a system repair, using your System CD. This might be a good idea, AS I don't see any spyware or hijackware on your system according to the hijackthis log.

When in doubt, deny all terms and defnitions.

http://www.wuli.com

 

[carrr]

Correct.
I posted the link as it had a nice step-by-step walk through.

 

[stoney696969]

I tried to repair but the computer wont start the cd. I will try it manually tonight, as suggested. Thanks for the tip, I was pretty sure I was clean but it was real nice getting a second opinion. Thanks again, stoney

 

[stoney696969]

Thanks for the information, and tips, but no help so far.
When I put in my winxp cd it will still not initalize, and doing it from the 'run' menu gives me a different error code. I am thinking that the system cpl security settings have been changed, so that it wont allow any changes. Everything else is fine, I just cant change my system restore to turn it on or off. I try to stay current on the viri and stuff, and consider myself to be somewhat of an 'advanced' user <g> (not looking for flames). I am pretty good at hunting down spyware and device/driver problems. I am not good at security settings. Is there some way that my system cpl setting have been changed? As an aside, I am getting a DOS attack 4 times per second, which has been stopped by Zone Alarm. Any connection? Thanks for all input... stoney

 

[viol8ion]

Can you boot into safe mode? If so, do that and try again.

When in doubt, deny all terms and defnitions.

http://www.wuli.com

 

[daveoasis]

Another thought: when you get your PC up and running, immediately clone your hard drive with Norton Ghost, V2i Protector, Acronis, etc.

Keep this HD in a safe place. You might use more than one drive. After a problem occurs that is too difficult, just put the cloned drive & replace the master drive. Use the backups and any other data to be recovered to your new drive. You should be in good shape. I have used this technique many times in the last year for my clients.

Good luck and tell us how it is going?

Dave