| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 71432 | 2006-08-06 00:50:00 | ActiveX gone beserk !! | ForeverProvence (10914) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 476348 | 2006-08-06 16:31:00 | Haha well i'm in dear ol' Blighty mate so it's the middle of the day here. I've deleted the ActiveX controls that didn't say legitimate, re-booted but I still can't get to C drive. | ForeverProvence (10914) | ||
| 476349 | 2006-08-06 19:00:00 | You may have Haptime (www.pctoday.com) as explained on this site. It brings up that error according to the site above. Try the Haptime removal tool (www.symantec.com) See if that removes this activex error you're getting. Also get this (dl.filekicker.com) from here (www.simplysup.com) install it, click on scan, and then select the 3rd-7th option under the utilities menu. |
Speedy Gonzales (78) | ||
| 476350 | 2006-08-06 22:49:00 | Logfile of HijackThis v1.99.1 Scan saved at 22:46:33, on 06/08/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\WINDOWS\TASKMON.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\PROGRAM FILES\POWERSTRIP\PSTRIP.EXE C:\PROGRAM FILES\CYBERLINK\POWERDVD\PDVDSERV.EXE C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE C:\WINDOWS\SYSTEM\QTTASK.EXE C:\WINDOWS\SYSTEM\NVVID.EXE C:\WINDOWS\SYSTEM\IRMON.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\COMMON FILES\WMON\MSHTA.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime O4 - HKLM\..\Run: [NvVideoCenter] C:\WINDOWS\SYSTEM\NvVid.exe O4 - HKLM\..\Run: [IrMon] irmon.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - HKCU\..\Run: [Aaei] "C:\Program Files\Common Files\wmon\mshta.exe" -vt yazr O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU) O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - security.symantec.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - by101fd.bay101.hotmail.msn.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll |
ForeverProvence (10914) | ||
| 476351 | 2006-08-07 08:42:00 | Did u get the removal tool and run it? | Speedy Gonzales (78) | ||
| 476352 | 2006-08-07 16:58:00 | Yeah but Haptime wasn't found. Also used Avast! in safe mode with system restore disabled. It found loads of trojans, most of them in the C Archive folder but neither could move them to the chest or delete. Says it can't find the specified files. | ForeverProvence (10914) | ||
| 476353 | 2006-08-07 17:55:00 | OK . . . try this: First, get SpyBot running in advanced mode, and go to the settings area, and then Ignored Products, then right click on the white area away from any entries, and click on "Deselect All" . Reboot into Safe Mode, and run Spybot again . Some malware tries to disable Spybot from detecting it . . . that might be the case here . Make sure that you have SpyBot up to date, and with full immunization running too! |
SurferJoe46 (51) | ||
| 476354 | 2006-08-07 20:55:00 | I deselected all the products in SpyBot then ran it in Safe Mode. It found 5 items which i deleted. I re-booted in normal mode, tried to access the C drive but got the same message.. | ForeverProvence (10914) | ||
| 476355 | 2006-08-07 22:31:00 | Sure looks like Haptime to me too. By way of experiment and hopefully to give you access to your c: drive till we get it sorted, try this. Earlier you said you can access c:drive in the safe mode. Do this, then make a shortcut. Reboot. Does this work? |
Burnzee (6950) | ||
| 476356 | 2006-08-07 23:25:00 | Just another thought can you access your c: drive though the Disk Management Console. 1. START>RUN, type "diskmgmt.msc" without the quotes. 2. Right click c: drive. 3. Click OPEN. |
Burnzee (6950) | ||
| 476357 | 2006-08-07 23:26:00 | I can only access the shortcut to C:drive in safe mode. I get the same message if i click on it while in normal mode. I ran FixHaptime again in safe mode but it didn't find anything. | ForeverProvence (10914) | ||
| 1 2 3 4 | |||||