MainAutomation server can't load object

Discussion in 'adware, spyware & hijack cleaning' started by Delusion, Jan 2, 2004.

Thread Status:
Not open for further replies.
  1. Delusion

    Delusion Guest

    Been getting this error everytime I launch my browser or surf to new pages. It started after a recent update to SB. I pin- pointed it to SB by un-checking and removing protection the error stopped. Using I.E. 6.0 any ideas?
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Apr 27, 2002
    Hi Delusion,

    That error could mean that an ActiveX object was trying to load. The fact that it was blocked by SpywareBlaster would mean that it is spyware.

    Could you follow the instructions in this post:

    Maybe we can find the evildoer.


  3. delusion

    delusion Guest

    Hello and thanks for the reply. I have ad-aware and SB-SD already and update them and run them often. I will post a hi-jack this log to the link provided maybe someone will see something I didnt.
  4. delusion

    delusion Guest

    Hello was instructed to post a hi-jack this log here from the spyware blaster forum. I have been getting the above error when launching my browser and while surfing the web. Started after a recent up-date to SB. Linked it to SB by removing protection on all checked from SB and the problem went away. Anyway heres the log any help is greatly appreciated.

    Logfile of HijackThis v1.97.7
    Scan saved at 10:01:06 PM, on 1/2/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\Common Files\Stardock\SDMCP.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
    C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
    C:\Program Files\ISP50\bin\bartshel.exe
    C:\Program Files\Common Files\Stardock\TrayServer.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\Rainlendar\Rainlendar.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\ISP50\bin\bartshel.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Programs\spyware programs\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
    O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
    O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Program Files\Common Files\Stardock\TrayServer.exe
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
    O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{13065C07-7579-4EE1-A0CF-75384E53DB8C}: NameServer =
    O17 - HKLM\System\CS1\Services\Tcpip\..\{13065C07-7579-4EE1-A0CF-75384E53DB8C}: NameServer =
  5. delusion

    delusion Guest

    Also wanted to add that I later went through and pin pointed the checked box causing the problems. It was marked IE Exploit (2) {72c24dd5-d7oa-438b-8a} more info called it a ie helper.dll vx2 responder. Followed web link for more info on removing but none of the dll's could be found on my system o_O For now i guess ill just leave it unprotected as the error boxes are very annoying. Any ideas?
  6. delusion

    delusion Guest

    Had CLSID wrong here is the correct one (need an edit botton) ;)
  7. Vietnam Vet

    Vietnam Vet Registered Member

    Feb 9, 2002
    Hi delusion,

    After you click on the More Info on Items button, right click on that window and enter into the find box:

    Internet Explorer Exploit (2)

    I don't think anything on that screen will help you, as there isn't a weblink listed for that one, but at least it is the right info for the item you identified as causing your problem.
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Apr 27, 2002
    Hi delusion,

    Before we fix anything, could you please mail me (by clicking this link) C:\Program Files\ISP50\bin\BandObject.dll

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll

    Then reboot. According to Javacool and me that should solve the problem, since the CLSID of the BHO is blocked as eStart by SpywareBlaster.
    We would like to have a look at that file to see if that block should be reconsidered or if that BHO is spyware as well.

    Thanks in advance,

Thread Status:
Not open for further replies.