Google Answers Logo
View Question
 
Q: computer has been hijacked by errorplace, what do I do to get rid of errorplace? ( Answered,   1 Comment )
Question  
Subject: computer has been hijacked by errorplace, what do I do to get rid of errorplace?
Category: Computers
Asked by: aturnerj-ga
List Price: $5.00
Posted: 03 Jun 2004 10:20 PDT
Expires: 03 Jul 2004 10:20 PDT
Question ID: 355955
How do I rid my computer of Errorplace?  It has taken over my computer.

Request for Question Clarification by aceresearcher-ga on 03 Jun 2004 10:31 PDT
Greetings, aturnerj!

What anti-virus program are you running?

What is your Operating System?

Thanks,

aceresearcher

Clarification of Question by aturnerj-ga on 04 Jun 2004 10:46 PDT
Request for Question Clarification by  aceresearcher-ga  on 03 Jun 2004 10:31 PDT

Greetings, aturnerj!

What anti-virus program are you running?

What is your Operating System?

Thanks,

aceresearcher

Thanks for responding.  I am using the Windows XP Professional system
and am running Norton Antivirus Corporate Edition.  I also use
AD-Aware.
Answer  
Subject: Re: computer has been hijacked by errorplace, what do I do to get rid of errorplace?
Answered By: aceresearcher-ga on 04 Jun 2004 11:58 PDT
 
Okay, aturnerj, I think we need to go through this step-by-step (and
please humor me if I ask you to repeat something you've already done,
and do it again anyway).

Make sure you have backed up all of your important document files.

Disable System Restore, following these instructions from
Symantec:(http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam

Then, open up your Norton Anti-Virus dialog box and select
"LiveUpdate" in the upper left-hand corner to download any needed
additions to the program and its virus definitions. If NAV wants you
to restart your system, let it do so. Then, from the NAV dialog box,
click "Full System Scan" and "Scan Now".

Then, please download, install, and run the following free utilities:

[I know you said you've got Ad-Aware installed, but to be sure you've
got the latest-and-greatest,  please download it anew -- and be sure
to heed the advice below about "Checking for Updates" first, before
actually running each program.]

Spybot Search & Destroy
http://www.security.kolla.de

AdAware
http://www.lavasoft.de

*** IMPORTANT ***
The first time you run them, or if you already have Spybot and/or
AdAware installed on your PC, be sure to download the latest updates
first **each time you run them**.
*****************

HijackThis!
http://www.spychecker.com/program/hijackthis.html     OR
http://www.net-integration.net/tools/hijackthis.html

Please post here a copy of your HijackThis! scan log.


Something to keep in mind is that even if these programs give your
system a "clean bill of health", it does *not* mean that you can be
absolutely sure that your system is clean. It is only a *reasonable
assurance* that it is clean.


Please let me know whether these steps resolve your problem, or
whether you need more assistance.

Before Rating my Answer, if you have any Questions about the above
information, please post a Request for Clarification, and I will be
glad to see what I can do for you.


Regards,

aceresearcher

Request for Answer Clarification by aturnerj-ga on 07 Jun 2004 14:11 PDT
I followed your suggestions and still I have that awful
annoyance---ERRORPLACE.  It continues to hijack my computer.  OK, here
is what I have done thus far.  I downloaded spybobt search &
destroy----I did the check for problems, clicked on fix selected
problems.  When I do this, the system scans and always  (more than 10
times) comes back with 5 problems.  The 5 problems are always the
same.  There is always "Error during check!  Xabot (Ungultiger
Datentyp fur) and DSO Exploit.

THere is always a + beside the DSO Exploit and when I click on it, I
get 5 different versions of the error.  Here they are:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Error during check!: Xabot (Ungültiger Datentyp für '') ()
  

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-21-823518204-1606980848-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3  ---
2004-05-25 Includes\Cookies.sbi
2004-05-29 Includes\Dialer.sbi
2004-05-28 Includes\Hijackers.sbi
2004-05-28 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-28 Includes\Malware.sbi
2004-05-04 Includes\Revision.sbi
2004-04-12 Includes\Security.sbi
2004-05-28 Includes\Spybots.sbi
2004-05-24 Includes\Tracks.uti
2004-05-28 Includes\Trojans.sbi
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Error during check!: Xabot (Ungültiger Datentyp für '') ()
  

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-21-823518204-1606980848-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3  ---
2004-05-25 Includes\Cookies.sbi
2004-05-29 Includes\Dialer.sbi
2004-05-28 Includes\Hijackers.sbi
2004-05-28 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-28 Includes\Malware.sbi
2004-05-04 Includes\Revision.sbi
2004-04-12 Includes\Security.sbi
2004-05-28 Includes\Spybots.sbi
2004-05-24 Includes\Tracks.uti
2004-05-28 Includes\Trojans.sbi

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Error during check!: Xabot (Ungültiger Datentyp für '') ()
  

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-21-823518204-1606980848-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3  ---
2004-05-25 Includes\Cookies.sbi
2004-05-29 Includes\Dialer.sbi
2004-05-28 Includes\Hijackers.sbi
2004-05-28 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-28 Includes\Malware.sbi
2004-05-04 Includes\Revision.sbi
2004-04-12 Includes\Security.sbi
2004-05-28 Includes\Spybots.sbi
2004-05-24 Includes\Tracks.uti
2004-05-28 Includes\Trojans.sbi

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Error during check!: Xabot (Ungültiger Datentyp für '') ()
  

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-21-823518204-1606980848-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3  ---
2004-05-25 Includes\Cookies.sbi
2004-05-29 Includes\Dialer.sbi
2004-05-28 Includes\Hijackers.sbi
2004-05-28 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-28 Includes\Malware.sbi
2004-05-04 Includes\Revision.sbi
2004-04-12 Includes\Security.sbi
2004-05-28 Includes\Spybots.sbi
2004-05-24 Includes\Tracks.uti
2004-05-28 Includes\Trojans.sbi
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Error during check!: Xabot (Ungültiger Datentyp für '') ()
  

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-21-823518204-1606980848-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet
Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3  ---
2004-05-25 Includes\Cookies.sbi
2004-05-29 Includes\Dialer.sbi
2004-05-28 Includes\Hijackers.sbi
2004-05-28 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-28 Includes\Malware.sbi
2004-05-04 Includes\Revision.sbi
2004-04-12 Includes\Security.sbi
2004-05-28 Includes\Spybots.sbi
2004-05-24 Includes\Tracks.uti
2004-05-28 Includes\Trojans.sbi
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
=================================================================
AFTER I WOULD CLICK THE FIX SELECTED PROBLEMS, I WOULD THEN CLICK ON
IMMUNIZE.  WHEN DOING THAT, I GET "aLL KNOWN BAD PRODUCTS ARE BLOCKED
ALREADY."  WHEN SEEING THIS, I CLICK ON "OK".
============================================================================



I also downloaded spyware blaster------clicked on enabled all
protection---clicked on internet explorer, restricted sites, and
mozilla/firefox clicked on protect against checked items. 
mozilla/firefox  comes up mozilla/firefox not detected.



I also downloaded Hijackthis but did not down anything with it because
when the menue of things to download came up, I did not know what to
delete.  I heeded the opinion o f the instructions that cautioned
against deleting things that one did not know anything about.

Clarification of Answer by aceresearcher-ga on 07 Jun 2004 14:21 PDT
Just to doublecheck --

Did you disable System Restore before running AdAware and Spybot?

Did you download a new copy of AdAware and a new copy of Spybot?

Did you click "Check for Updates" in each of those programs before running them?

Have you shut down your system and restarted it?


If the answer to any of the above is "no", please complete that item
and proceed through all the steps after it.

Once you have done all the steps -- in that order -- please run
HijackThis! and click the option "Save log". Then, please post a copy
of that log here.

ace

Request for Answer Clarification by aturnerj-ga on 07 Jun 2004 18:51 PDT
Thanks again for your reply.  I had previously done all of the things
that you have suggested.  So here is the hihackthis log.  Thanks for
working with me to resolve this problem.


Logfile of HijackThis v1.97.7
Scan saved at 9:44:38 PM, on 6/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\program files\altnet\points manager\points manager.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
C:\PROGRA~1\Altnet\DOWNLO~1\asm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\SNDVOL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Arthur\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6C5F05E4-3E7E-4EDF-8630-13C659AF5B68} -
C:\WINDOWS\aqhtjxx.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe"
"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P
Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points
manager\points manager.exe -s
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition]
"C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk =
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Wireless-B USB Network Adapter Utility.lnk =
C:\Program Files\Linksys\Wireless-B USB Network Adapter\WUSB11Cfg.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
https://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX
Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/1182989795e121011301/netzip/RdxIE601.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38080.6173611111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Clarification of Answer by aceresearcher-ga on 07 Jun 2004 23:11 PDT
aturnerj,

When you say that you "still have Errorplace", can you describe the
symptoms you're getting that cause you to know this?

Thanks,

ace

Clarification of Answer by aceresearcher-ga on 08 Jun 2004 00:01 PDT
Okay, we're going to use HijackThis! to delete some things.

First, reenable your System Restore functionality through your System
Properties menu.

Then run HijackThis!, and remove the following entries:


       This is TwainTech AdWare - might be the main source of your problems
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

       This one's also highly suspicious; remove it, too
O2 - BHO: (no name) - {6C5F05E4-3E7E-4EDF-8630-13C659AF5B68} -
C:\WINDOWS\aqhtjxx.dll

       If you're *really* fond of mp3 file-sharing, I know that you
won't want to delet this. Howeverk, you should know that Kazaa and
KazaaLite are frequently carriers of nasty vermin. You'll have to
choose whether you are willing to delete this:
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa Lite K++\kpp.exe"
"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp" /SYSTRAY

       This is spyware from RealPlayer; it runs independently of the Player:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe"  -osboot

       This is TightVNC Remote Network Spyware:
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper

       P2P Networking Adware:
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P
Networking\P2P Networking.exe /AUTOSTART

       TopSearch Adware (bundled with Kazaa)
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points
manager\points manager.exe -s

       FASH Spyware
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe

       PopUpStopper - has been reported by some to hijack Search Results
O4 - HKCU\..\Run: [PopUpStopperFreeEdition]
"C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"

       Claims to be an adware remover; it's actually known as "extortion ware"
O4 - Startup: Virtual Bouncer.lnk = C:\Program Files\VBouncer\VirtualBouncer.exe

       MS Office 2000 Resource hog which is not necessary
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE

       (see note above)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - 



       MS Messenger, in my opinion, is like putting a doormat out for
hackers into your computer. But if you use it all the time with your
friends, you may feel that it's worth the risk. If you choose to
uninstall this, first do so with the "Add/Remove Programs" in your
control panel. If HijackThis! still shows components hanging around
afterward, use HT to remove them.


       Likewise, I personally despise MusicMatch, because it's an "ET"
(it phones home without your permission, and in violation of its own
published privacy policy).

[I use the good old cdplayer.exe -- it's tiny (37kb), uses very few
system resources, and doesn't spy on you and report back on your
listening habits. The downside is it won't automatically pull up the
titles and artist. Frankly, I don't care -- I've got the CD jacket for
that if I want to see it.]

You'll have to choose whether you want to get rid of MusicMatch. You
can read more here:
  http://www.jms1.net/mmjb.html
Some people don't mind their listening habits and CD collection being
monitored, because it's worth it to have the song and album titles and
artist names automatically show up.

Again, if you choose to uninstall MusicMatch, first do so with the
"Add/Remove Programs" in your control panel. If HijackThis! still
shows components hanging around afterward, use HT to remove them.


Once you've done cleanup with these items, shut down and restart your
computer. (If for some reason you then have problems, you may have to
use your System Restore to recover.)

Then run HijackThis! and post the log again here.

ace
Comments  
Subject: Re: computer has been hijacked by errorplace, what do I do to get rid of errorplace?
From: afreestyle-ga on 24 Jun 2004 14:02 PDT
 
Having same issue which should I delete

Logfile of HijackThis v1.97.7
Scan saved at 12:28:09 PM, on 6/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Remote Master\Remote Master.exe
C:\program files\powerstrip\pstrip.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\IEHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Download\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
file://C:\WINDOWS\System32\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.pccreations.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.alienware.com/mothership.aspx
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} -
C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} -
C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IR501 Remote Control] C:\Program Files\Remote
Master\Remote Master.exe
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Synchronization Manager]
%SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program
Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program
Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: @btrez.dll,-4015 (HKLM)
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.alienware.com/mothership.aspx
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update
Installation Engine) -
http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object)
- http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash
Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = freemanville.local
O17 - HKLM\Software\..\Telephony: DomainName = freemanville.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = freemanville.local

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy