• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
asainthug9

Error Place Help

4 posts in this topic

Hi I have an errorplace redirecting bug in my system. I have downloaded the Hijack program to get a log of my processes. Here it is.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 9:14:53 AM, on 6/12/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Common Files\Microsoft Shared\Works

 

Shared\WkUFind.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\Program Files\NetPumper\NetPumperIEProxy.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Nam Le\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

 

http://www.couldnotfind.com/search_page.ht...count_id=144940

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

 

http://www.couldnotfind.com/search_page.ht...count_id=144940

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

 

https://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL

 

= http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant

 

= http://www.couldnotfind.com/search_page.ht...count_id=144940

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

 

https://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant

 

= http://www.searchwww.com/bar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =

 

https://www.yahoo.com

F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe

F2 - REG:system.ini: Shell=Explorer.exe

 

C:\WINDOWS\System32\System32.exe

O2 - BHO: HTML Source Editor - {05BBB56A-2A69-4a5c-BFDA-43295DD67434}

 

- C:\WINDOWS\Downloaded Program Files\wassist.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

 

C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {68DF91F7-A4F3-42F3-8627-488002E6E454} -

 

C:\WINDOWS\nertzgb.dll

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -

 

C:\WINDOWS\wsem218.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} -

 

C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

 

C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program

 

Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

 

C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [diagent] "C:\Program

 

Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common

 

Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NetPumper] "C:\Program

 

Files\NetPumper\NetPumperIEProxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

 

Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Zone Labs Client]

 

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [nevcz] C:\WINDOWS\nevcz.exe

O4 - HKLM\..\Run: [RealTray] C:\Program

 

Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program

 

Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program

 

Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [obmvofej] C:\WINDOWS\obmvofej.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy

 

Sweeper\SpySweeper.exe /0

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program

 

Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download with NetPumper - C:\Program

 

Files\NetPumper\AddUrl.htm

O8 - Extra context menu item: E&xport to Microsoft Excel -

 

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet

 

Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -

 

http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} -

 

http://www.searchwww.com/search.cab

O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) -

 

http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} -

 

http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX

 

Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

 

http://a1540.g.akamai.net/7/1540/52/200305....info.apple.com

 

/bonnie/us/win/QuickTimeInstaller.exe

O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2

 

Class) - http://www.contenidospc.com/ruboskizo2.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -

 

http://207.188.7.150/046c2b7432c76092e918/netzip/RdxIE6.cab

O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} -

 

http://webpdp.gator.com/v3/download/pdpplu...094_hd3ptdm.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control)

 

-

 

http://a840.g.akamai.net/7/840/537/2004033...l.antivirus.com

 

/housecall/xscan53.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj

 

Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

 

Object) -

 

http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} -

 

http://cabs.roings.com/cabs/roing.cab

O17 -

 

HKLM\System\CCS\Services\Tcpip\..\{1FCB333B-3096-4659-B060-92FFEA3B3A

 

F1}: NameServer = 66.51.205.100,66.51.206.100

O17 -

 

HKLM\System\CS1\Services\Tcpip\..\{1FCB333B-3096-4659-B060-92FFEA3B3A

 

F1}: NameServer = 66.51.205.100,66.51.206.100

O17 -

 

HKLM\System\CS2\Services\Tcpip\..\{1FCB333B-3096-4659-B060-92FFEA3B3A

 

F1}: NameServer = 66.51.205.100,66.51.206.100

 

 

Thanks for Help me. :D

Share this post


Link to post
Share on other sites

I realized that the log must be difficult to read, so I am reposting it and making it neater. Thanks

 

Logfile of HijackThis v1.97.7

Scan saved at 4:06:36 PM, on 6/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\NetPumper\NetPumperIEProxy.exe

C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe

C:\WINDOWS\System32\cisvc.exe

C:\WINDOWS\System32\CTsvcCDA.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.ht...count_id=144940

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.ht...count_id=144940

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.ht...count_id=144940

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchwww.com/bar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = https://www.yahoo.com

F0 - system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\System32.exe

O2 - BHO: HTML Source Editor - {05BBB56A-2A69-4a5c-BFDA-43295DD67434} - C:\WINDOWS\Downloaded Program Files\wassist.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {68DF91F7-A4F3-42F3-8627-488002E6E454} - C:\WINDOWS\nertzgb.dll

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem218.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

O4 - HKLM\..\Run: [nevcz] C:\WINDOWS\nevcz.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [obmvofej] C:\WINDOWS\obmvofej.exe

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: AIM (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB

O16 - DPF: {086A694F-91FB-4068-B44C-124FB69BF05D} - http://www.searchwww.com/search.cab

O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4...006_regular.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.contenidospc.com/ruboskizo2.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/046c2b7432c76092e918/netzip/RdxIE6.cab

O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} - http://webpdp.gator.com/v3/download/pdpplu...094_hd3ptdm.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033...all/xscan53.cab

O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{1FCB333B-3096-4659-B060-92FFEA3B3AF1}: NameServer = 66.51.205.100,66.51.206.100

O17 - HKLM\System\CS1\Services\Tcpip\..\{1FCB333B-3096-4659-B060-92FFEA3B3AF1}: NameServer = 66.51.205.100,66.51.206.100

O17 - HKLM\System\CS2\Services\Tcpip\..\{1FCB333B-3096-4659-B060-92FFEA3B3AF1}: NameServer = 66.51.205.100,66.51.206.100

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0