Active X issues
#16
Posted 15 June 2005 - 12:27 PM
Register to Remove
#17
Posted 15 June 2005 - 09:56 PM
Next, follow the instructions here to uninstall Mcaffee. You should be able to skip down to " Download the registry cleanup file" as it appears you have already used Add/Remove programs.
Once both of those steps are done, reboot and see if things work properly. If not, post a fresh HJT log and well go from there.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#18
Posted 16 June 2005 - 07:23 AM
Logfile of HijackThis v1.99.1
Scan saved at 9:20:28 AM, on 6/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\OSD.EXE
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\PROGRA~1\NETSCA~1\NETSCA~1\pbhelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Enable Belkin Wireless Keyboard Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Keyboard\MagicKey.exe
O4 - Global Startup: Enable Belkin Wireless Mouse Driver.lnk = C:\Program Files\Belkin Wireless\Belkin Wireless Mouse\MouseAp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - http://jpedownload.j....com/wi/p2p.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go...GameManager.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec....sa/SymAData.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.over...com/WildApp.cab
O18 - Protocol: aim - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Unknown owner - c:\progra~1\mcafee\MCAFEE~1\MssSrv.exe (file missing)
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Netscape Update Service (NCUpdateSvc) - Netscape Communications Corporation - C:\Program Files\Netscape Internet Service\ncupdatesvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
#19
Posted 17 June 2005 - 04:40 PM
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#20
Posted 17 June 2005 - 06:49 PM
Once you have extracted it then double click to run it. Say yes to the two prompts, which will then give you a dialog telling you the action was performed. Once that is done go to Start > Control Panel > Internet Options and click the security tab. You should see a My Computer icon there now, click to hilight it and then click the custom level button . In the dialog that comes up click the dropdown box and choose medium then click the reset button next to the box. Close all the dialogs with the ok buttons and see if things work now (you will most likely get a prompt asking to allow the activex control to run).
The script toggles the settings only for the current user. Each user on the machine will need to run it if they have to use ActiveX in the local zone.
The script can also turn the protection back on. If you share your compuer I recommend you run the script again and choose to hide My Computer in IE's Security but decline to lock Internet Explorer.
Let us know how things work out.
File removed, updated file link in next post.
Edited by rand1038, 18 June 2005 - 12:46 PM.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#21
Posted 18 June 2005 - 09:22 AM
#22
Posted 18 June 2005 - 12:36 PM
If you are running any registry monitoring programs shut them down before you run the script, it makes changes to the registry which they may silently block.
Go to Start > Control Panel > User Accounts. Click the name of the account you are using then click "Change my account type" and in the window that comes up make sure "Administrator" is selected. If it is not you can try changing it but that will probably not work. You will need to sign on with the Administrator account and then change the settings for the account you normally use.
I wrote some checks into the script that should shed some light into what is happening. Download the copy I have attached to this post, unzip it and run it again. It will let you know if you do not have administrator privledges and if it was successful in changing the registry settings.
Attachment removed. See below for revised version.
Edited by rand1038, 21 June 2005 - 09:50 PM.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#23
Posted 18 June 2005 - 05:20 PM
#24
Posted 18 June 2005 - 06:21 PM
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#25
Posted 18 June 2005 - 06:26 PM
Edited by CAPTAIN, 18 June 2005 - 06:26 PM.
Register to Remove
#26
Posted 19 June 2005 - 08:38 AM
If you haven't done so yet, reboot the computer and see if the explorer problem still occurs, if it does then do the following.
First make sure the script has IE Unlocked and Local Zone visible. When you run the script the titles of the Yes/No dialog boxes show the current state of these items.
Go to Start > Run and in the run box type CMD and click ok.
In the command window that opens type CONTROL INETCPL.CPL and press enter. There is one space between the L and the I. This should open up the Internet Options dialog box.
Proceed with resetting the local zone settings to medium as I explained in the earlier post.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#27
Posted 19 June 2005 - 06:39 PM
#28
Posted 21 June 2005 - 12:02 PM
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
#29
Posted 21 June 2005 - 04:37 PM
Edited by CAPTAIN, 21 June 2005 - 04:37 PM.
#30
Posted 21 June 2005 - 08:36 PM
My guess would be you had a bogus copy of rundll32 in your path, probably in the Windows folder.I solved the problem with the runtime error by running an adware scan and then deleting them. Then I was able to open the control panel.
These problems will continue until we get ActiveX going in the Local Zone. I am doing some checking right now, I'll get back to you in a little bit.At This time, I still have a problem with Norton and my scanner. The box comes up that My current security setting prohibits running active x controls on this page, therefore the page can not be displayed correctly.
I don't know your skill level.
"I would rather be bruised by the truth than caressed by lies."
The help you receive here is free.
If you can please help keep us online by donating.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users