PDA

View Full Version : Active X and Task manager closing (W2K)


balmes
02-13-2005, 10:46 AM
A friend of mine recently clicked on a link in a friends AIM away message on entitled "Pics of me on the beach." Since then my computer has had several problems, including task manager closing after only a few seconds and security options being changed on my computer, such as cookies and active X as well as other security options in internet explorer and folder viewing. I changed my settings in IE but I keep getting an error when I want to open a folder saying, "Your current settings prohibit running activeX controls on this page, as a result this page might not display correctly," and nothing appears in the folder window. I scanned with avast home, spy sweeper and ad-aware and the computer is clean, Im just not sure if/how I can change all my settings back to normal. I have also listed a hijackthis log if that is of any help.

Logfile of HijackThis v1.99.0
Scan saved at 12:25:49 PM, on 2/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\csrss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\Explorer.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINNT\system32\RUNDLL32.exe
D:\WINNT\system32\WINAMP6.EXE
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\chris\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "D:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Winamp Player 6] WINAMP6.EXE
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunOnce: [Winamp Player 6] WINAMP6.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/270f82f1f9856f697800/netzip/RdxIE601.cab
O23 - Service: avast! iAVS4 Control Service - Unknown - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown - D:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - D:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
balmes
02-13-2005, 10:51 AM
I just set all my content settings back to default and can view everything fine in IE and on my system, but task manager still closes after only a few seconds. Any help is appreciated.

GO BULLS
balmes
02-13-2005, 01:53 PM
new hijack list

Logfile of HijackThis v1.99.0
Scan saved at 3:51:03 PM, on 2/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\csrss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\Ati2evxx.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\Ati2evxx.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINNT\system32\RUNDLL32.exe
D:\WINNT\system32\WINAMP6.EXE
D:\WINNT\a64sddd.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\winnt\explorer.exe
D:\WINNT\system32\prutpct.exe
D:\WINNT\system32\prutpct.exe
D:\Documents and Settings\chris\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - D:\Program Files\E2G\IeBHOs.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "D:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Winamp Player 6] WINAMP6.EXE
O4 - HKLM\..\Run: [popuppers64] D:\WINNT\a64sddd.exe
O4 - HKCU\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [prutpct] D:\WINNT\system32\prutpct.exe
O4 - HKCU\..\RunOnce: [Winamp Player 6] WINAMP6.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINNT\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/270f82f1f9856f697800/netzip/RdxIE601.cab
O23 - Service: avast! iAVS4 Control Service - Unknown - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown - D:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - D:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
monkey_1
02-13-2005, 03:01 PM
Put a checkmark in HijackThis to fix/delete the next entries:

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - D:\Program Files\E2G\IeBHOs.dll

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "D:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [Winamp Player 6] WINAMP6.EXE
O4 - HKLM\..\Run: [popuppers64] D:\WINNT\a64sddd.exe
O4 - HKCU\..\Run: [prutpct] D:\WINNT\system32\prutpct.exe
O4 - HKCU\..\RunOnce: [Winamp Player 6] WINAMP6.EXE

O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com

<font color=orange>Mono</font color=orange>