MainAutomation server can't load object

Been getting this error everytime I launch my browser or surf to new pages. It started after a recent update to SB. I pin- pointed it to SB by un-checking and removing protection the error stopped. Using I.E. 6.0 any ideas?

 

Hi Delusion,

That error could mean that an ActiveX object was trying to load. The fact that it was blocked by SpywareBlaster would mean that it is spyware.

Could you follow the instructions in this post: http://www.wilderssecurity.com/showthread.php?t=15913

Maybe we can find the evildoer.

Regards,

Pieter

 

Hello and thanks for the reply. I have ad-aware and SB-SD already and update them and run them often. I will post a hi-jack this log to the link provided maybe someone will see something I didnt.

 

Hello was instructed to post a hi-jack this log here from the spyware blaster forum. I have been getting the above error when launching my browser and while surfing the web. Started after a recent up-date to SB. Linked it to SB by removing protection on all checked from SB and the problem went away. Anyway heres the log any help is greatly appreciated.

Logfile of HijackThis v1.97.7
Scan saved at 10:01:06 PM, on 1/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\ISP50\bin\ppshared.exe
C:\Program Files\ISP50\bin\bartshel.exe
C:\PROGRA~1\ISP50\dialer\dialer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Programs\spyware programs\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/homepage/search/
O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP50\hta\station.sbrt
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] C:\Program Files\Common Files\Stardock\TrayServer.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37972.9117476852
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{13065C07-7579-4EE1-A0CF-75384E53DB8C}: NameServer = 205.171.3.65 205.171.9.251
O17 - HKLM\System\CS1\Services\Tcpip\..\{13065C07-7579-4EE1-A0CF-75384E53DB8C}: NameServer = 205.171.3.65 205.171.9.251

 

Also wanted to add that I later went through and pin pointed the checked box causing the problems. It was marked IE Exploit (2) {72c24dd5-d7oa-438b-8a} more info called it a ie helper.dll vx2 responder. Followed web link for more info on removing but none of the dll's could be found on my system For now i guess ill just leave it unprotected as the error boxes are very annoying. Any ideas?

 

Had CLSID wrong here is the correct one (need an edit botton)
{72C24DD5-D70A-438B-8A42-98424B88AFB8}

 

Hi delusion,

After you click on the More Info on Items button, right click on that window and enter into the find box:

Internet Explorer Exploit (2)

I don't think anything on that screen will help you, as there isn't a weblink listed for that one, but at least it is the right info for the item you identified as causing your problem.

 

Hi delusion,

Before we fix anything, could you please mail me (by clicking this link) C:\Program Files\ISP50\bin\BandObject.dll

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.peoplepc.com/homepage/search/
O2 - BHO: (no name) - {3DE88907-3E38-11D4-BEB2-CBE76C0598DD} - C:\Program Files\ISP50\bin\BandObject.dll

Then reboot. According to Javacool and me that should solve the problem, since the CLSID of the BHO is blocked as eStart by SpywareBlaster.
We would like to have a look at that file to see if that block should be reconsidered or if that BHO is spyware as well.

Thanks in advance,

Pieter