• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
jimeee

Unknown ActiveX Objects... HiJackThis log

7 posts in this topic

I have done several online virus scans, CWShredder, AdaAware, Spybot S&D and XCleaner.

 

I am concerned about 11 unknown (to me anyway) ActiveX Objects "016" on the HiJackThis logfile. How do I get rid of these unknown ActiveX Objects or do I need to? They come right back after fixing the with HiJackThis after I reboot. Maybe I have other problems too.

 

Here is my HiJackThis logfile:

 

Logfile of HijackThis v1.98.0

Scan saved at 7:57:28 PM, on 7/14/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\PopUp Stopper\dpps2.exe

C:\Program Files\CookieWall AnalogX\cookie.exe

C:\PROGRA~1\ZONEAL~1\zlclient.exe

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Spyware Maintenance APPS\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\GuruNet\GuruNet.exe

C:\Program Files\MyVitalAgent\VitalAgent\Program\VtlAgent.exe

C:\Program Files\ClipMate5\ClipMt53.exe

C:\Program Files\MailWasher Pro\MailWasher.exe

C:\Program Files\Spyware Maintenance APPS\SpywareGuard\sgmain.exe

C:\PROGRA~1\COMMON~1\ATOMIC~1\agtserv.exe

C:\Program Files\Diskeeper Home Edition\DkService.exe

C:\Program Files\Spyware Maintenance APPS\SpywareGuard\sgbhp.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\EudoraADELPHIA\Eudora.exe

C:\Program Files\EUdoraYAHOO\Eudora.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\PowerDesk\PDExplo.exe

C:\Program Files\Spyware Maintenance APPS\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.refdesk.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\bv7wjznv.slt\prefs.js)

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\bv7wjznv.slt\prefs.js)

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Spyware Maintenance APPS\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYWAR~2\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\PopUp Stopper\dpps2.exe"

O4 - HKLM\..\Run: [CookieWall] C:\Program Files\CookieWall AnalogX\cookie.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKLM\..\Run: [sBAutoUpdate] "C:\Program Files\Spyware Maintenance APPS\SpywareBlaster\sbautoupdate.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] c:\Program Files\Spyware Maintenance APPS\Spybot - Search & Destroy\TeaTimer.exe

O4 - Startup: ClipMate5.lnk = C:\Program Files\ClipMate5\ClipMt53.exe

O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher Pro\MailWasher.exe

O4 - Startup: SpywareGuard.lnk = C:\Program Files\Spyware Maintenance APPS\SpywareGuard\sgmain.exe

O4 - Global Startup: GuruNet.lnk = C:\Program Files\GuruNet\GuruNet.exe

O4 - Global Startup: MyVitalAgent.lnk = C:\Program Files\MyVitalAgent\VitalAgent\Program\VtlAgent.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab

O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} -

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -

O16 - DPF: {6B401179-541E-4BF3-800F-10C39B529DB9} - http://ftp.gurunet.com/pub/cabs/GNInstallerFree.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} -

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} -

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -

O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab

 

 

 

Thanks for any help anyone can give me.

 

Jim

===

Share this post


Link to post
Share on other sites

As you're now a helper trainee you've probably figured it out by now.... welcome aboard :)

 

Close all other windows except for hijackthis, perform a scan and put a check against the following items and click 'fix checked'.

 

O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} -

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} -

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} -

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} -

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

Share this post


Link to post
Share on other sites

Scoff: This is an interesting problem that had me stumped and may still have me stumped but I am working on figuring it out. I hope you and other experts can follow my explanation herein. I had previously done as you suggested to get rid of these ActiveX Objects. But they come back the next time I boot up the computer. So I said to meself, self why not run HijackThis each time I boot up and get rid of these ActiveX Objects. So yesterday I did so. After that a program that I use called GuruNet wouldn't work. So this morning when I booted up I tried to use GuruNet and it worked okay. Also the day before yesterday I had HijackThis fix another of the ActiveX Objects and lo and behold after booting up the next time I now have 12 of the ActiveX Objects with just numbers and no names instead of the 11 of the same I had before. So now I am thinking that everytime I had HijackThis fix one or more of these ActiveX Objects that the fix doesn't really stick. So the next time I reboot the same ActiveX Object comes back with only the numbers showing and not the name part of the ActiveX Object. I am going to see if I can find a HijackThis log and see if those numbers without the name along with it were actually ones that I had HiJackThis fix. I will reply here again with what I learn.

 

In fact I will look for a log now and not put this reply in until I find out what the log says.

 

Shown below are two partial logs just showing the ActiveX Object parts of the logs only. It is as I suspected that HijackThis hasn't got rid of any of these ActiveX Objects but only removed the names from them and left the numbers there. Can you or anybody please explain what is going on here??? Help please...

 

Partial log from 2004 0717 0716(7:16AM)

O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab

O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} -

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -

O16 - DPF: {6B401179-541E-4BF3-800F-10C39B529DB9} - http://ftp.gurunet.com/pub/cabs/GNInstallerFree.cab

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} -

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} -

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} -

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -

O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} -

 

 

Partial log from 2004 0516 0859(8:59AM)

O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab

O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx

O16 - DPF: {6B401179-541E-4BF3-800F-10C39B529DB9} - http://ftp.gurunet.com/pub/cabs/GNInstallerFree.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.microsoft.com/download/7/E...04/clearadj.cab

O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab

O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab

Share this post


Link to post
Share on other sites

Oh by the way what is the "warn" thingie on me for that is over on the left frame under my name?

Share this post


Link to post
Share on other sites

Hi jimee

 

the warn meter tells you how naughty you've been. cnm can warn you for bad behaviour - warns can lead to banishment. You can see you're own warn meter but no-one elses. Theres a topic somewhere - try searching for it... EDIT : look at FAQ on the main forum page.

 

As to the other - off the top of my head - I'm not sure. Its 1.22am here so I'm off to bed after I do one more, But I'll have a think tmrw. Try checking out the numbers with spywareblaster

Edited by Scoff

Share this post


Link to post
Share on other sites

Thanks for your help regarding the warn meter. It took a little searching before finding the facts on the meter.

 

Have a good sleep and come back refreshed...

 

Hope you are able to help me figure out what is going on with these ActiveX Objects...

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0