Jump to content


Photo

56336BCB-3D8A-11D6-A00B-0050DA18DE71


  • Please log in to reply
3 replies to this topic

#1 normxxx

normxxx

    Member

  • New Member
  • Pip
  • 2 posts

Posted 02 July 2004 - 10:46 AM

Spybot reports I have the ActiveX control 56336BCB-3D8A-11D6-A00B-0050DA18DE71

It show a yellow flag with exclamation point in it javascript:emoticon(':!:') (but theirs is an oval) which I could not find defined anywhere. It could not remove the ActiveX.

Is this a problem? I have no symptoms, that I can identify. I ran PeperFix.exe, which reported that I had no Peper files.

I am running Win98 SE2. javascript:emoticon(':wtf:')

#2 Bugbatter

Bugbatter

    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 03 July 2004 - 09:27 PM

Please post a HJT log, and we will take a look at it.
Download HijackThis to its own permanent folder.
http://computercops..../hijackthis.zip
Here's how:
To create a folder:
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named "New Folder", which you can rename to "HJT" or "HijackThis".
Now you have C:\HJT\ folder.
Double-click on the .exe to scan.
Please post a HijackThis log (that's a StartupList).
After Scan, the Scan button changes to Save log. Click that, save it somewhere. Do Ctrl-A to Select all, and then copy and paste it here.
Microsoft MVP - Consumer Security

#3 normxxx

normxxx

    Member

  • New Member
  • Pip
  • 2 posts

Posted 05 July 2004 - 01:11 PM

Thank you. Here is the log file below, with the (offending?) item bolded:

Logfile of HijackThis v1.97.7
Scan saved at 1:46:43 PM, on 7/5/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NORTON\PERSONAL FIREWALL\NISSERV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\DELL\OPENMANAGE\CLIENT\ACTIONAGENT.EXE
C:\PROGRAM FILES\DELL\OPENMANAGE\CLIENT\EVENTAGT.EXE
C:\PROGRAM FILES\DELL\OPENMANAGE\CLIENT\DLT.EXE
C:\PROGRAM FILES\DELL\OPENMANAGE\CLIENT\IAP.EXE
C:\DMI\WIN32\BIN\WIN32SL.EXE
C:\DMI\WIN32\BIN\DELLDMI.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON\SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON\SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\PROGRAM FILES\NORTON\PERSONAL FIREWALL\NISUM.EXE
C:\PROGRAM FILES\NORTON\PERSONAL FIREWALL\SYMPROXYSVC.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\NORTON\PERSONAL FIREWALL\IAMAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\SXGTKBAR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\NORTON\SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\NORTON\SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\Program Files\Norton\SystemWorks\Norton CleanSweep\Monwow.exe
C:\PROGRAM FILES\NORTON\SYSTEMWORKS\NORTON UTILITIES\SYSDOC32.EXE
C:\PROGRAM FILES\CLIPTRAKKER\CLIPTRAKKER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NORTON\PERSONAL FIREWALL\ATRACK.EXE
C:\PROGRAM FILES\NORTON NAVIGATOR\FILEMGR.EXE
C:\MYPROGS\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dellnet.my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\PROGRAM FILES\NZSEARCH\NZSEARCHENH.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton\SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: P3P Client - {00000178-CD4A-447a-BCF9-6FD0096B5527} - C:\PROGRAM FILES\PRIVACY BIRD\P3PCLIENT.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton\SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [iamapp] c:\Program Files\Norton\Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON\SYSTEM~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton\SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [nisserv] c:\Program Files\Norton\Personal Firewall\NISSERV.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ActionAgent] C:\PROGRAM FILES\DELL\OPENMANAGE\CLIENT\ACTIONAGENT.EXE
O4 - HKLM\..\RunServices: [DEventAgent] C:\PROGRAM FILES\DELL\OPENMANAGE\CLIENT\EVENTAGT.EXE
O4 - HKLM\..\RunServices: [DLT] C:\PROGRAM FILES\DELL\OPENMANAGE\CLIENT\DLT.EXE
O4 - HKLM\..\RunServices: [Iap] C:\PROGRAM FILES\DELL\OPENMANAGE\CLIENT\IAP.EXE
O4 - HKLM\..\RunServices: [WIN32SL] c:\dmi\win32\bin\win32sl.exe -i -p -r
O4 - HKLM\..\RunServices: [DellDmi] C:\DMI\WIN32\BIN\DELLDMI.EXE
O4 - HKLM\..\RunServices: [3Com DMI Agent] C:\WINDOWS\SYSTEM\3com_dmi\3CDMINIC.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] c:\Program Files\Norton\SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton\SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton\SystemWorks\Norton CleanSweep\CSINSM32.EXE
O4 - Startup: Image.LNK = C:\Program Files\Norton\SystemWorks\Norton Utilities\IMAGE32.EXE
O4 - Startup: Norton System Doctor.lnk = C:\Program Files\Norton\SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: ClipTrakker.lnk = C:\Program Files\ClipTrakker\ClipTrakker.exe
O4 - User Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton\SystemWorks\Norton CleanSweep\CSINSM32.EXE
O4 - User Startup: Image.LNK = C:\Program Files\Norton\SystemWorks\Norton Utilities\IMAGE32.EXE
O4 - User Startup: Norton System Doctor.lnk = C:\Program Files\Norton\SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - User Startup: ClipTrakker.lnk = C:\Program Files\ClipTrakker\ClipTrakker.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: Dell Home (HKCU)
O15 - Trusted Zone: http://dellnet.my.msn.com
O15 - Trusted Zone: http://my.msn.com
O15 - Trusted Zone: http://www.suite101.com
O15 - Trusted Zone: http://www.symantec.com
O15 - Trusted Zone: http://security.symantec.com
O15 - Trusted Zone: http://service1.symantec.com
O15 - Trusted Zone: http://securityresponse.symantec.com
O15 - Trusted Zone: http://*.sarc.com
O15 - Trusted Zone: http://*.pestpatrol.com
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7868.8046759259
O16 - DPF: {5B2745C4-8488-432C-A985-77C3E2EFA64F} (PpayWallet) - https://www26.americ...nts/ppayspw.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab

O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://support.dell..../SysProfLCD.CAB
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/p...12/invinstl.exe
O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojansca...an/TDECntrl.CAB
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/p...13/invinstl.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.ma...director/sw.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab

#4 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 05 July 2004 - 04:11 PM

Yes, that one needs to go!
Run Hijack this again, and put a checkmark in the appropriate box. Then click the fix checked button. ensure that all other pprograms are closed when fixing.
Then reboot.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button