cannot start mspaint

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • paglamon
    Lord of Digital Video
    Lord of Digital Video
    • Aug 2005
    • 2126

    cannot start mspaint

    I am suddenly getting this error whenever I try to run mspaint. I have tried to run it from the system32 folder with same error. Uninstalled and reinstalled paint:same error. Ran MBAM scan. Deleted whatever it found. Still same error.What do you think ?

    Last edited by blutach; 31 Aug 2008, 09:18 PM.
    sigpic

    ONLY MOMENTS LINGER...DEWDROPS ON A FALLEN LEAF
  • Chewy
    Super Moderator
    • Nov 2003
    • 18971

    #2


    did you reinstall from the xp cd?

    Comment

    • paglamon
      Lord of Digital Video
      Lord of Digital Video
      • Aug 2005
      • 2126

      #3
      Yes. And in fact I was guided by that same link you posted. I even downloaded an earlier version of paint from microsoft download site. But as soon as I put the old version into the system32 folder(along with the older dll files) it changed instantaneously into the newer version. However,if I did not put the older version into system32 I could open this older version of mspaint from any other folder.Even Hijackthis found no dubious process.
      sigpic

      ONLY MOMENTS LINGER...DEWDROPS ON A FALLEN LEAF

      Comment

      • Chewy
        Super Moderator
        • Nov 2003
        • 18971

        #4
        post that MBAM log, any showing an infection

        Comment

        • paglamon
          Lord of Digital Video
          Lord of Digital Video
          • Aug 2005
          • 2126

          #5
          Malwarebytes' Anti-Malware 1.25
          Database version: 1098
          Windows 5.1.2600 Service Pack 3

          14:53:52 31/08/2008
          mbam-log-08-31-2008 (14-53-52).txt

          Scan type: Quick Scan
          Objects scanned: 38160
          Time elapsed: 4 minute(s), 38 second(s)

          Memory Processes Infected: 0
          Memory Modules Infected: 0
          Registry Keys Infected: 2
          Registry Values Infected: 0
          Registry Data Items Infected: 0
          Folders Infected: 0
          Files Infected: 1

          Memory Processes Infected:
          (No malicious items detected)

          Memory Modules Infected:
          (No malicious items detected)

          Registry Keys Infected:
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO.H) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{0055c089-8582-441b-a0bf-17b458c2a3a8} (Trojan.BHO.H) -> Quarantined and deleted successfully.

          Registry Values Infected:
          (No malicious items detected)

          Registry Data Items Infected:
          (No malicious items detected)

          Folders Infected:
          (No malicious items detected)

          Files Infected:
          C:\Documents and Settings\Default User\Local Settings\Temp\bsasee3y5d\IDMIECC.dll (Trojan.BHO.H) -> Delete on reboot.
          sigpic

          ONLY MOMENTS LINGER...DEWDROPS ON A FALLEN LEAF

          Comment

          • Chewy
            Super Moderator
            • Nov 2003
            • 18971

            #6
            that looks like the remnants of a fairly serious infection

            you were using something else to clean with?



            sdfix has some registry patches to reverse damage by malware?


            are you sure it's only paint affected?

            tsakmanager, msconfig, regedit etc

            Comment

            • Chewy
              Super Moderator
              • Nov 2003
              • 18971

              #7
              Troubles Removing Win32.qhost.abh - posted in Am I infected? What do I do?: I was recently infected with that Anti virus XP virus. I ran spybot, ad-aware, and ESET NOD32 with no luck on removing win32.qhost.abh. I also tried running eset in safe mode and still no luck on removing win32.qhost.abh Just Now I ran a Spybot scan and I still have this trojan. Could anybody please help me with this trojan? I am out of ideas and need help.


              this exact prodedure for atf cleaner and SAS seem to compliment MBAM rather well

              Comment

              • paglamon
                Lord of Digital Video
                Lord of Digital Video
                • Aug 2005
                • 2126

                #8
                are you sure it's only paint affected?

                tsakmanager, msconfig, regedit etc
                All working. And I just found out that Paint is also working, but only in SAFE MODE.

                I will now try out those fixes you suggested. Thanks for staying with me.
                sigpic

                ONLY MOMENTS LINGER...DEWDROPS ON A FALLEN LEAF

                Comment

                • paglamon
                  Lord of Digital Video
                  Lord of Digital Video
                  • Aug 2005
                  • 2126

                  #9
                  Ran SDFix. Still the same error.
                  Here is the SDFix report:

                  SDFix: Version 1.220
                  Run by A.CHOWDHURY on 01/09/2008 at 00:19

                  Microsoft Windows XP [Version 5.1.2600]
                  Running From: C:\SDFix

                  Checking Services :


                  Restoring Default Security Values
                  Restoring Default Hosts File

                  Rebooting


                  Checking Files :

                  Trojan Files Found:

                  C:\DOCUME~1\A3E45~1.CHO\LOCALS~1\Temp\tmp18.tmp - Deleted





                  Removing Temp Files

                  ADS Check :



                  Final Check :

                  catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2008-09-01 00:23:30
                  Windows 5.1.2600 Service Pack 3 NTFS

                  scanning hidden processes ...

                  scanning hidden services & system hive ...

                  scanning hidden registry entries ...

                  scanning hidden files ...

                  scan completed successfully
                  hidden processes: 0
                  hidden services: 0
                  hidden files: 0


                  Remaining Services :




                  Authorized Application Key Export:

                  [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
                  "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
                  "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
                  "C:\\Program Files\\eLitecore\\Cyberoam Client for 24Online\\CyberoamClient.exe"="C:\\Program Files\\eLitecore\\Cyberoam Client for 24Online\\CyberoamClient.exe:*:Enabled:24Online Client"
                  "D:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="D:\ \Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Ena bled:Yahoo! Messenger"
                  "D:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="D:\\Progra m Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Ya hoo! FT Server"

                  [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
                  "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
                  "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

                  Remaining Files :


                  File Backups: - C:\SDFix\backups\backups.zip

                  Files with Hidden Attributes :


                  Finished!
                  sigpic

                  ONLY MOMENTS LINGER...DEWDROPS ON A FALLEN LEAF

                  Comment

                  • Chewy
                    Super Moderator
                    • Nov 2003
                    • 18971

                    #10
                    XP_CodecRepair.inf

                    is in the sdfix folder

                    no mspaint tho

                    [Version]
                    Signature="$Windows NT$"

                    [DefaultInstall]
                    DelReg=RemoveRestrictions
                    AddReg=ResetRegChanges

                    [ResetRegChanges]
                    HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowControlPanel,0x10001,0x00 000002
                    HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowHelp,0x10001,0x00000001
                    HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowMyComputer,0x10001,0x0000 0002
                    HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowMyDocs,0x10001,0x00000001
                    HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowMyMusic,0x10001,0x0000000 1
                    HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowMyPics,0x10001,0x00000001
                    HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowNetPlaces,0x10001,0x00000 001
                    HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowRun,0x10001,0x00000001
                    HKCU,Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced,Start_ShowSearch,0x10001,0x00000001
                    HKCU,Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer,NoDrives,0x10001,0x00000000

                    [RemoveRestrictions]
                    HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s","DisableRegistryTools"
                    HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s","DisableTaskMgr"
                    HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s","NoDispCPL"
                    HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoSetFolders"
                    HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoStartMenuMorePrograms"
                    HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","NoToolbarCustomize"
                    HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\Explorer","StartMenuLogoff"
                    HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableCMD"
                    HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableRegistryTools"
                    HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","DisableTaskMgr"
                    HKCU, "Software\Microsoft\Windows\CurrentVersion\Policie s\System","NoDispCPL"
                    HKCU, "Software\Policies\Microsoft\Internet Explorer\Restrictions","NoBrowserOptions"
                    HKCU, "Software\Policies\Microsoft\Windows\system","Disa bleCMD"

                    Comment

                    • Chewy
                      Super Moderator
                      • Nov 2003
                      • 18971

                      #11
                      the malware and mspaint issue may be a coincidence or just collateral damage

                      Comment

                      • paglamon
                        Lord of Digital Video
                        Lord of Digital Video
                        • Aug 2005
                        • 2126

                        #12
                        It is running ok in Safe Mode but not in Normal mode. What does this signify ?
                        sigpic

                        ONLY MOMENTS LINGER...DEWDROPS ON A FALLEN LEAF

                        Comment

                        • Chewy
                          Super Moderator
                          • Nov 2003
                          • 18971

                          #13
                          something may be loading in normal mode that is creating a conflict

                          Comment

                          Working...