Help! Active X is being stubborn

Hey Friend,

I just got hosed by a few worms and this has happened once before. I used HijackThis to the best of my abilities and i got the internet to go from about:blank garbage back to seemingly full working status. Unfortunately, now when i load, it gives me this stupid message about Active X not loading properly and it affecting the page. Essentially, i cant access my desktop properties - right click on my mouse is somehow disabled! I cant, for example, set a picture for my desktop background.

This may be something simple. I dont really know. But I'll attach the hijack log file. Please help! Thanks.

~Raging

 

Remove:
O15 - Trusted IP range: 66.197.161.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: ppctlcab -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C}
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5}
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300}
O23 - Service: McShield - Unknown - C:\Program Files

Remove, reboot and then scan and post a new HJT Attachment. Run any spyware/malware removers you have as well. Do a registry clean too.

 

jowolf359,

You cant come in here and just start telling users to remove things. There are certain procedures we follow in order to remove these infections. If you are going to help, follow our guidelines.

What about this hijacker? I think you need to leave this to us professionals. He is running an out of date version of HJT and a few other things.


RagingBull,

Please update to Hijack This 1.99.1 and attach a new log using the new version.

 

Hey Garrick,

Thanks for the quick responses. I have'nt made any changes to anything because the last few posts from the forum were a bit confusing. The desktop problems have not resolved themselves yet unfortunately. I've attached the updated hijackthis log based off the latest version of the prog. I'll hold off till your response and I appreciate all the help.

~Raging

 

The first thing that jumps out at me is that your Operating System is WAY out dated. After we get your system cleaned, I recommend your going to Windows Updates and getting updated. You need to install Service Pack 2 for security purposes and other reasons.

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Avalon\LOCALS~1\Temp\sp.dll/sp.html

O15 - Trusted IP range: 66.197.161.149

O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Download Pocket KillBox

Now, Copy and Paste C:\DOCUME~1\Avalon\LOCALS~1\Temp\sp.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

sp.dll ←–– Do a search for this file and delete if found!

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

First off, let me thank you for your continued help. I followed your instructions and the internet problems seem to be stabilized. Unfortunately, the desktop top is still messed up. Can't set background pictures, cannot access properties for the desktop. Placing folders on the desktop somehow duplicates the folder. Really weird. Worst of all, the right click function will not operate on icons anywhere. I have no idea what the deal is. I've attached the new hijack file. Wish you luck spotting the problem.

~RB

 

HJT log is clean, now on to the other problems...

FIRST:
Download the attached file to a folder where you can locate it. And then extract the fixdesktop1.reg file from the ZIP file. Double click on the fixdesktop1.reg file and when prompted to add the changes into registry say yes.

After you do the above, procede to the below:

Click Start > Run > type regedit

Navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Again, Look for a DWORD value called "NoViewContextMenu"

When located right click and delete it!


Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Look for a DWORD value called "NoViewContextMenu"

When located right click and delete it!


Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

Look for a DWORD value called "NoChangingWallPaper"

When located right click and delete it!



Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Only Should have "NoDriveTypeAutoRun"

Remove This Value "NoActiveDesktop"
Remove This Value "ForceActiveDesktopOn"

Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

There should on be the (default) string here

Remove This Value NoComponents
Remove This Value NoAddingComponents
Remove This Value NoDeletingComponents
Remove This Value NoEditingComponents
Remove This Value NoHTMLWallpaper


After doing the above, reboot and let me know what problems if any remain.

 

Wow, my computer continues to misbehave. The desktop is still messed up. Everything else seems to be working ok. It got this red spyware garbage thing that i cant get rid of and i made all the changes you mentioned. In the desktop settings tab it completely greys out the changing wallpaper section. Hope you can help. Thanks!

Raging

 

Click Start > Run > type regedit

Navigate to the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Again, Look for a DWORD value called "NoViewContextMenu"

When located right click and delete it!


Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Look for a DWORD value called "NoViewContextMenu"

When located right click and delete it!


Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

Look for a DWORD value called "NoChangingWallPaper"

When located right click and delete it!



Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Only Should have "NoDriveTypeAutoRun"

Remove This Value "NoActiveDesktop"
Remove This Value "ForceActiveDesktopOn"

Navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop

There should on be the (default) string here

Remove This Value NoComponents
Remove This Value NoAddingComponents
Remove This Value NoDeletingComponents
Remove This Value NoEditingComponents
Remove This Value NoHTMLWallpaper


After doing the above, reboot and let me know what problems if any remain.