| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 71432 | 2006-08-06 00:50:00 | ActiveX gone beserk !! | ForeverProvence (10914) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 476328 | 2006-08-06 00:50:00 | Hello There. I hope you can help me. The problem is I can't gain access to my C drive, when I try to I receive the following message "An ActiveX control on this page might be unsafe to interact with other parts of the page. Do you want to allow this interaction?" When i click yes absolutely nothing happens, there's just a white screen where all the icons should be. Also I've lost my screen wallpaper, again all I'm getting is a white screen, but strangely enough the wallpaper is visible for a few seconds when i boot up or shut down. These problems occured since my comp was attacked by loads of viruses from a rogue prog I downloaded from one of those crack sites, I know that'll teach me I guess ! I'm running Windows ME by the way. All and any help will be greatly appreciated, thanks :) | ForeverProvence (10914) | ||
| 476329 | 2006-08-06 01:02:00 | Hello there. Welcome to PressF1. First thing first. Let's make sure that your computer is completely free of malwares. Please post us a HJT log (HijackThis) so that we can be ascertain about that. (If you are not sure what HJT is, wait for a few minutes and someone will clarify that point) What antivirus / adware do you have on your machine? It will not do you any harm to check out PressF1's FAQ on how to remove malwares. Link: faqf1.net.nz What has ActiveX got to do with C Drive? Can you access your hard drive via safe mode condition? Cheers :) |
Renmoo (66) | ||
| 476330 | 2006-08-06 01:11:00 | Here's the log file : Logfile of HijackThis v1.99.1 Scan saved at 01:04:20, on 06/08/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\ALL USERS\START MENU\PROGRAMS\STARTUP\YACSMON.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file) O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: (no name) - {1395A06F-EEA0-4445-BA0C-E8B56B48E244} - (no file) O2 - BHO: (no name) - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - (no file) O2 - BHO: (no name) - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - (no file) O2 - BHO: (no name) - {07A75955-7AB4-F148-4D02-C0275057E5C2} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file) O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file) O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe O4 - Global Startup: YacsMon.exe O8 - Extra context menu item: &Search - edits.mywebsearch.com O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL (HKCU) O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - messenger.msn.com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - security.symantec.com O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - download.gigabyte.com.tw O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - by101fd.bay101.hotmail.msn.com O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - www.driveragent.com O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - apps.corel.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll Like I said before the message appears whenever i try to enter the C drive. I've used a few anti virus progs to make sure my comp is clean. I have Avast! running now. Also use Spyware Nuker 2005. |
ForeverProvence (10914) | ||
| 476331 | 2006-08-06 01:37:00 | Get rid of the following for a start... O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: (no name) - {1395A06F-EEA0-4445-BA0C-E8B56B48E244} - (no file) O2 - BHO: (no name) - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - (no file) O2 - BHO: (no name) - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - (no file) O2 - BHO: (no name) - {07A75955-7AB4-F148-4D02-C0275057E5C2} - (no file) O2 - BHO: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file) O3 - Toolbar: (no name) - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - (no file) O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file) O8 - Extra context menu item: &Search - edits.mywebsearch.com O9 - Extra button: Browser Adjustment - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - apps.corel.com The last 3 being Malware, may sort your problem. Also as suggested regularly on here, download , update then run Ewido. It will claen out any other nasties. |
pheonix (36) | ||
| 476332 | 2006-08-06 01:38:00 | Damn, dyslexic fingers.. "clean" not claen.. :badpc: | pheonix (36) | ||
| 476333 | 2006-08-06 01:51:00 | I've deleted what you told me too but all to no avail i'm afraid. I can't run Ewido cos i have Windows ME. |
ForeverProvence (10914) | ||
| 476334 | 2006-08-06 02:02:00 | Forgot to say i can access the C drive in Safe Mode. | ForeverProvence (10914) | ||
| 476335 | 2006-08-06 02:11:00 | reset the sicurity settings in internet optoins. also make sure you turn off the active wallpaper. | tweak'e (69) | ||
| 476336 | 2006-08-06 02:16:00 | Reset the security settings but i don't know how to turn off the active wallpaper. | ForeverProvence (10914) | ||
| 476337 | 2006-08-06 02:19:00 | DOH, sorry, should have picked up the ME as the OS. Two other possibilities if the above doesn't help.. Run Ccleaner and also the registry cleaner in Regseeker. These can be done in safemode. You may be surprised by the amount of rubbish left behind that these programs pick up. |
pheonix (36) | ||
| 1 2 3 4 | |||||