Jump to content


Photo

Unknown ActiveX Objects... HiJackThis log


  • Please log in to reply
6 replies to this topic

#1 jimeee

jimeee

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 14 July 2004 - 10:01 PM

I have done several online virus scans, CWShredder, AdaAware, Spybot S&D and XCleaner.

I am concerned about 11 unknown (to me anyway) ActiveX Objects "016" on the HiJackThis logfile. How do I get rid of these unknown ActiveX Objects or do I need to? They come right back after fixing the with HiJackThis after I reboot. Maybe I have other problems too.

Here is my HiJackThis logfile:

Logfile of HijackThis v1.98.0
Scan saved at 7:57:28 PM, on 7/14/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PopUp Stopper\dpps2.exe
C:\Program Files\CookieWall AnalogX\cookie.exe
C:\PROGRA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Maintenance APPS\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\GuruNet\GuruNet.exe
C:\Program Files\MyVitalAgent\VitalAgent\Program\VtlAgent.exe
C:\Program Files\ClipMate5\ClipMt53.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\Program Files\Spyware Maintenance APPS\SpywareGuard\sgmain.exe
C:\PROGRA~1\COMMON~1\ATOMIC~1\agtserv.exe
C:\Program Files\Diskeeper Home Edition\DkService.exe
C:\Program Files\Spyware Maintenance APPS\SpywareGuard\sgbhp.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\EudoraADELPHIA\Eudora.exe
C:\Program Files\EUdoraYAHOO\Eudora.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PowerDesk\PDExplo.exe
C:\Program Files\Spyware Maintenance APPS\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refdesk.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.refdesk.com/"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\bv7wjznv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\bv7wjznv.slt\prefs.js)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\Spyware Maintenance APPS\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYWAR~2\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\PopUp Stopper\dpps2.exe"
O4 - HKLM\..\Run: [CookieWall] C:\Program Files\CookieWall AnalogX\cookie.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\Spyware Maintenance APPS\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] c:\Program Files\Spyware Maintenance APPS\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ClipMate5.lnk = C:\Program Files\ClipMate5\ClipMt53.exe
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\Spyware Maintenance APPS\SpywareGuard\sgmain.exe
O4 - Global Startup: GuruNet.lnk = C:\Program Files\GuruNet\GuruNet.exe
O4 - Global Startup: MyVitalAgent.lnk = C:\Program Files\MyVitalAgent\VitalAgent\Program\VtlAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} -
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -
O16 - DPF: {6B401179-541E-4BF3-800F-10C39B529DB9} - http://ftp.gurunet.c...stallerFree.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} -
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadt...pcpowerscan.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab



Thanks for any help anyone can give me.

Jim
===

#2 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 17 July 2004 - 02:01 AM

As you're now a helper trainee you've probably figured it out by now.... welcome aboard :)

Close all other windows except for hijackthis, perform a scan and put a check against the following items and click 'fix checked'.

O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} -
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#3 jimeee

jimeee

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 17 July 2004 - 10:12 AM

Scoff: This is an interesting problem that had me stumped and may still have me stumped but I am working on figuring it out. I hope you and other experts can follow my explanation herein. I had previously done as you suggested to get rid of these ActiveX Objects. But they come back the next time I boot up the computer. So I said to meself, self why not run HijackThis each time I boot up and get rid of these ActiveX Objects. So yesterday I did so. After that a program that I use called GuruNet wouldn't work. So this morning when I booted up I tried to use GuruNet and it worked okay. Also the day before yesterday I had HijackThis fix another of the ActiveX Objects and lo and behold after booting up the next time I now have 12 of the ActiveX Objects with just numbers and no names instead of the 11 of the same I had before. So now I am thinking that everytime I had HijackThis fix one or more of these ActiveX Objects that the fix doesn't really stick. So the next time I reboot the same ActiveX Object comes back with only the numbers showing and not the name part of the ActiveX Object. I am going to see if I can find a HijackThis log and see if those numbers without the name along with it were actually ones that I had HiJackThis fix. I will reply here again with what I learn.

In fact I will look for a log now and not put this reply in until I find out what the log says.

Shown below are two partial logs just showing the ActiveX Object parts of the logs only. It is as I suspected that HijackThis hasn't got rid of any of these ActiveX Objects but only removed the names from them and left the numbers there. Can you or anybody please explain what is going on here??? Help please...

Partial log from 2004 0717 0716(7:16AM)
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} -
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} -
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} -
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} -
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -
O16 - DPF: {6B401179-541E-4BF3-800F-10C39B529DB9} - http://ftp.gurunet.c...stallerFree.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} -
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} -
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} -
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadt...pcpowerscan.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} -


Partial log from 2004 0516 0859(8:59AM)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {6B401179-541E-4BF3-800F-10C39B529DB9} - http://ftp.gurunet.c...stallerFree.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} (CTAdjust Class) - http://download.micr...04/clearadj.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup144.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.micro...rchsettings.cab

#4 jimeee

jimeee

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 17 July 2004 - 10:17 AM

Oh by the way what is the "warn" thingie on me for that is over on the left frame under my name?

#5 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 17 July 2004 - 10:25 AM

Hi jimee

the warn meter tells you how naughty you've been. cnm can warn you for bad behaviour - warns can lead to banishment. You can see you're own warn meter but no-one elses. Theres a topic somewhere - try searching for it... EDIT : look at FAQ on the main forum page.

As to the other - off the top of my head - I'm not sure. Its 1.22am here so I'm off to bed after I do one more, But I'll have a think tmrw. Try checking out the numbers with spywareblaster

Edited by Scoff, 17 July 2004 - 10:28 AM.

Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#6 jimeee

jimeee

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 17 July 2004 - 11:47 AM

Thanks for your help regarding the warn meter. It took a little searching before finding the facts on the meter.

Have a good sleep and come back refreshed...

Hope you are able to help me figure out what is going on with these ActiveX Objects...

#7 jimeee

jimeee

    Member

  • Full Member
  • Pip
  • 8 posts

Posted 23 July 2004 - 11:45 PM

No help coming regarding this problem I guess???




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button