1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help!!!!!errorplace

Discussion in 'Virus & Other Malware Removal' started by gnrx2, Aug 5, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. gnrx2

    gnrx2 Thread Starter

    Joined:
    Aug 5, 2004
    Messages:
    4
    HELP!!!!! Im new to this forum.
    Every time I try to enter internet explorer the page says action cannot be displayed and at the top it says www.errorplace.com. I got HJT and her is the scan log.

    Logfile of HijackThis v1.98.1
    Scan saved at 7:37:52 PM, on 8/5/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\gearsec.exe
    C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\mspmspsv.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Microsoft Hardware\Mouse\point32.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINNT\system32\SahAgent.exe
    C:\WINNT\gozga.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Optimizer\optimize.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Internet Optimizer\actalert.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
    C:\WINNT\explorer.exe
    C:\Documents and Settings\Anthony S. Guerriero\Desktop\HijackThis.exe

    R1  HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
    R3  URLSearchHook: (no name)  _{0428FFC7193145b795CB3CBB919777E1}  (no file)
    R3  URLSearchHook: (no name)  _{CFBFAE0017A611D099CB00C04FD64497}  (no file)
    R3  URLSearchHook: (no name)  {20EC3D2D33C14C9DBC37C2D500688DA2}  C:\Program Files\TV Media\TvmBho.dll
    O2  BHO: NavErrRedir Class  {0428FFC7193145b795CB3CBB919777E1}  (no file)
    O2  BHO: (no name)  {537079626F742D532644206D7942484F}  C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2  BHO: (no name)  {83DE62E0580511D89B2500E04C60FAF2}  C:\WINNT\2_0_1browserhelper2.dll
    O2  BHO: BHObj Class  {8F4E5661F99E4B3E8D850EA71C0748E4}  C:\WINNT\wsem300.dll
    O2  BHO: jimmyhelp.CBrowserHelper  {9AF3D1914B7543E1BF737940960A1A8A}  C:\WINNT\fpxnckdag.dll
    O2  BHO: brdg Class  {9C691A337DDA4C2FBE4CC176083F35CF}  C:\WINNT\Downloaded Program Files\bridge.dll
    O2  BHO: Band Class  {BDF6CE3DF5C5446298143C8EAC330CA8}  C:\WINNT\AdRoar.dll
    O3  Toolbar: &Radio  {8E718888423F11D2876E00A0C9082467}  C:\WINNT\System32\msdxm.ocx
    O3  Toolbar: Band Class  {BDF6CE3DF5C5446298143C8EAC330CA8}  C:\WINNT\AdRoar.dll
    O3  Toolbar: zSearch Bar  {5886A6DCAAF445E9979A8E5E6DEE30E7}  C:\Program Files\zSearch\zSearch.dll
    O4  HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4  HKLM\..\Run: [POINTER] point32.exe
    O4  HKLM\..\Run: [TCASUTIEXE] TCAUDIAG off
    O4  HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
    O4  HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4  HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" atboottime
    O4  HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4  HKLM\..\Run: [SAHAgent] C:\WINNT\system32\SahAgent.exe
    O4  HKLM\..\Run: [glgtrbic] C:\WINNT\gozga.exe
    O4  HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
    O4  HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4  HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4  HKLM\..\Run: [vibgv] C:\WINNT\vibgv.exe
    O4  HKLM\..\Run: [Wast] C:\WINNT\wast2.exe 2
    O4  HKLM\..\Run: [AdRoarUpdate] C:\WINNT\ARUpdate.exe
    O4  HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4  HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
    O4  HKLM\..\Run: [Spyware remover] C:\WINNT\Remove_spyware.exe
    O4  HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4  HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe cnetwait.odl
    O4  HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4  HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
    O4  Global Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
    O4  Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O9  Extra button: Net2Phone  {4B30061A5B3911D380F80090276F843F}  C:\Program Files\Net2Phone\Net2fone.exe
    O9  Extra 'Tools' menuitem: Net2Phone  {4B30061A5B3911D380F80090276F843F}  C:\Program Files\Net2Phone\Net2fone.exe
    O9  Extra button: AIM  {AC9E2541281411d5BC6D00B0D0A1DE45}  C:\Program Files\AIM\aim.exe
    O9  Extra button: Add to Library  {ECDCA4E5DE444b948F46CD0D5B4895FC}  C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm
    O16  DPF: {624757599E84458EA1AB5D2C442ADFDE}  http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16  DPF: {6B4788E2BAE811D2A1B400400512739B} (PWMediaSendControl Class)  http://216.249.25.152/code/PWActiveXImgCtl.CAB
    O16  DPF: {90C9629ECD3211D3BBFB00105A1F0D68} (InstallShield International Setup Player)  http://www.napster.com/client/isetup.cab
    O16  DPF: {9C691A337DDA4C2FBE4CC176083F35CF} (brdg Class)  http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
    O16  DPF: {E0CE16CB741C4B248D04A817856E07F4} (IObjSafety.DemoCtl)  http://cabs.roings.com/cabs/budicon.cab
    O17  HKLM\System\CCS\Services\Tcpip\..\{B8317C67EE81416E941D5A51277B51A6}: NameServer = 209.165.131.12,209.165.131.13



    any help? THANX
     
  2. FinestRanger

    FinestRanger

    Joined:
    Oct 13, 2003
    Messages:
    2,367
    Download and save these freeware/donationware programs to a permanent folder. Remember to check for updates and run them weekly.

    ***NOTE***A new version of SpyBot's been released (v1.3...it's no longer in beta). If you have been using 1.2 you can install right over it. If you downloaded and used 1.3 beta it is suggested you remove it and reboot prior to installing.

    ***NOTE*** (If you're already using Ad-aware, skip to the tutorial for instructions on how to configure ad-aware for a deep scan.)

    Ad-Aware download

    SpyBot Search and Destroy download

    I also highly recommend you install and update SpywareBlaster


    Tutorials for all 3 programs:

    ***NOTE*** The Ad-aware tutorial shows how to configure Ad-aware for a DEEP scan, the default settings are are ALWAYS changed
    per advice from the security experts on these forums. If you already know the basics of Ad-aware skip to Step #4 and configure
    it accordingly.


    Ad-aware tutorial link

    Spybot tutorial link

    SpywareBlaster tutorial link


    Run Ad-aware and Spybot in Safe Mode.

    How to start your computer in Safe Mode


    Re-start your computer and post another HJT log in this thread.
     
  3. cheapshot

    cheapshot

    Joined:
    Aug 29, 2001
    Messages:
    284
  4. gnrx2

    gnrx2 Thread Starter

    Joined:
    Aug 5, 2004
    Messages:
    4
    I have no internet access on the computer that has errorplace and the computer Im on does not have a cd burner so unless I can fit the spybot on a floppy I have no way to get it to the computer. The computer with errorplace does have spybot and spyware doctor and nether of them have removed errorplace.
     
  5. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Close your browser and check the following entries in HJT, click Fix and then REBOOT.

    R3  URLSearchHook: (no name)  _{0428FFC7193145b795CB3CBB919777E1}  (no file)
    R3  URLSearchHook: (no name)  _{CFBFAE0017A611D099CB00C04FD64497}  (no file)
    R3  URLSearchHook: (no name)  {20EC3D2D33C14C9DBC37C2D500688DA2}  C:\Program Files\TV Media\TvmBho.dll
    O2  BHO: NavErrRedir Class  {0428FFC7193145b795CB3CBB919777E1}  (no file)


    O2  BHO: (no name)  {83DE62E0580511D89B2500E04C60FAF2}  C:\WINNT\2_0_1browserhelper2.dll
    O2  BHO: BHObj Class  {8F4E5661F99E4B3E8D850EA71C0748E4}  C:\WINNT\wsem300.dll
    O2  BHO: jimmyhelp.CBrowserHelper  {9AF3D1914B7543E1BF737940960A1A8A}  C:\WINNT\fpxnckdag.dll
    O2  BHO: brdg Class  {9C691A337DDA4C2FBE4CC176083F35CF}  C:\WINNT\Downloaded Program Files\bridge.dll
    O2  BHO: Band Class  {BDF6CE3DF5C5446298143C8EAC330CA8}  C:\WINNT\AdRoar.dll

    O3  Toolbar: Band Class  {BDF6CE3DF5C5446298143C8EAC330CA8}  C:\WINNT\AdRoar.dll
    O3  Toolbar: zSearch Bar  {5886A6DCAAF445E9979A8E5E6DEE30E7}  C:\Program Files\zSearch\zSearch.dll


    O4  HKLM\..\Run: [glgtrbic] C:\WINNT\gozga.exe
    O4  HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load


    O4  HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4  HKLM\..\Run: [vibgv] C:\WINNT\vibgv.exe
    O4  HKLM\..\Run: [Wast] C:\WINNT\wast2.exe 2
    O4  HKLM\..\Run: [AdRoarUpdate] C:\WINNT\ARUpdate.exe
    O4  HKLM\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4  HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
    O4  HKLM\..\Run: [Spyware remover] C:\WINNT\Remove_spyware.exe

    O4  HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
    O4  HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe

    O16  DPF: {624757599E84458EA1AB5D2C442ADFDE}  http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

    O16  DPF: {9C691A337DDA4C2FBE4CC176083F35CF} (brdg Class)  http://static.flingstone.com/cab/20...TInc/bridge.cab
    O16  DPF: {E0CE16CB741C4B248D04A817856E07F4} (IObjSafety.DemoCtl)  http://cabs.roings.com/cabs/budicon.cab


    After rebooting, find and delete these files:


    O4  HKLM\..\Run: [glgtrbic] C:\WINNT\gozga.exe
    O4  HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load


    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINNT\vibgv.exe
    C:\WINNT\wast2.exe 2
    C:\WINNT\ARUpdate.exe
    C:\Program Files\TV Media\Tvm.exe
    C:\Program Files\zSearch\Zstb.exe
    C:\WINNT\Remove_spyware.exe
    C:\Program Files\TV Media\Tvm.exe
    C:\Program Files\zSearch\Zstb.exe


    Post a new log when done, okay?

    :)
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/258645

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice