Jump to content


Photo

errorplace


  • Please log in to reply
8 replies to this topic

#1 BOOMerang

BOOMerang

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 25 May 2004 - 12:55 PM

hello, I've got a problem with this site called erroplace.com which redirect some of the sites I try to open it really bugs me . Could you please help me remove it? if you could explain it in a simple way I don't know much about computers I've run Ad-aware and used my virusscanner but it didn't work

thanks

#2 BOOMerang

BOOMerang

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 25 May 2004 - 01:15 PM

I made this coz I saw other people do it too...
can someone help me now plz?

thanks

Logfile of HijackThis v1.97.7
Scan saved at 19:49:05, on 24-5-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\A.Visser\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.paradigit.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {26C00EB6-C13C-4E91-9FE0-3B100159E9EF} - C:\WINDOWS\System32\IEEnhancer.dll
O2 - BHO: (no name) - {9F157057-AAB5-4F43-AF92-E5B90F6D60F5} - C:\WINDOWS\spgjwkg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SysInit] C:/Program Files/Common Files/svchost.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\Adstartup.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
O16 - DPF: IEEnhancer - http://64.69.90.233/...p/IEPackage.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.sexop.tv/sexoptvnl169.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} - http://webpdp.gator....094_hd3ptdm.cab
O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://x0.nl/install/dial.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7575.0075231481
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downlo..._1012_EN_XP.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?319
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downlo...tpe32_EN_XP.cab
O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.98.176.62/EPlugin_GB.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.reds...rsinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0990AF1-493F-43AC-858E-8FF907F99497}: NameServer = 195.121.1.34 195.121.1.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBD10178-0360-4842-81F2-24D435FE6F10}: NameServer = 195.121.1.34

#3 BOOMerang

BOOMerang

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 27 May 2004 - 05:07 AM

*bump*

I still have this problem :'(

#4 BOOMerang

BOOMerang

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 01 June 2004 - 10:05 AM

*bump*

#5 NonSuch

NonSuch

    Spyware Eradicator!

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,369 posts

Posted 01 June 2004 - 05:46 PM

BOOMerang,

I'm sorry it has taken so long to get to your log. Thank you for being so patient.

First, please do an online virus scan at Trend Micro and an online Trojan scan at Sygate. The links for both scans are in my signature below. Reboot after each scan.

Next, please print a copy of these instructions because you will be working with all windows closed except HijackThis.

Right now, you have HijackThis in a temporary folder. Please create a new folder on the C: drive and name it C:\HJT or something similar. You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select "New" then "Folder" and name it HJT.

Unzip HijackThis into the new folder. When you run HijackThis from this folder and have it "Fix checked" it will create a backup file of modifications to use if restore is necessary. Delete the old copy of HJT please.

Next, you are using DAP which is not technically malware, but it may include malware and allow it into your system. You can find safer alternatives here:
http://www.spywarein...cat=dlman#dlman To remove it, fix the RED items with HJT and then remove DAP in Add/Remove Programs.

Now, please run HijackThis and place a check mark next to the following items then, WITH ALL OTHER WINDOWS CLOSED, select “fix checked.”

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll

O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - (no file)

O2 - BHO: (no name) - {26C00EB6-C13C-4E91-9FE0-3B100159E9EF} -

C:\WINDOWS\System32\IEEnhancer.dll


The following 02 item has a randomly named file name, and such are normally malware. UNLESS you know what this is, and that it is from a safe source, please check for removal with HijackThis:

O2 - BHO: (no name) - {9F157057-AAB5-4F43-AF92-E5B90F6D60F5} - C:\WINDOWS\spgjwkg.dll

O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll

O4 - HKLM\..\Run: [SysInit] C:/Program Files/Common Files/svchost.exe

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\Adstartup.exe

O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm

O9 - Extra button: Run DAP (HKLM)


O16 - DPF: IEEnhancer - http://64.69.90.233/...p/IEPackage.cab

O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) -
http://gamingzone.ub...s/GSManager.cab

O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab

O16 - DPF: {4E15D681-1D20-11D4-8B72-000021DA1956} - http://www.sexop.tv/sexoptvnl169.exe

O16 - DPF: {731918D2-517A-47E2-886A-3BC1380C591D} -
http://webpdp.gator....094_hd3ptdm.cab

O16 - DPF: {841A9192-5690-11D4-A258-0040954A01BE} - http://x0.nl/install/dial.ocx

O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) -
http://akamai.downlo..._1012_EN_XP.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?319

O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} -
http://akamai.downlo...tpe32_EN_XP.cab

O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.98.176.62/EPlugin_GB.cab

O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} -
http://download.reds...rsinstaller.cab



Next, change your settings to show hidden files and folders. Then reboot into
safe mode and delete the following:


C:\Program Files\DAP[/b\ < folder

C:/Program Files/Common Files/svchost.exe < file ONLY THIS ONE, NOT THE ONE IN THE SYSTEM32 FOLDER; THAT'S A LEGITIMATE FILE!

C:\WINDOWS\System32\[b]Adstartup.exe
< file


Reboot, scan with HijackThis, and post a fresh log to this same thread.

#6 BOOMerang

BOOMerang

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 02 June 2004 - 05:19 AM

thanks for responding.
I've done all you said and here is my fresh log

Logfile of HijackThis v1.97.7
Scan saved at 0:42:00, on 2-6-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.paradigit.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O14 - IERESET.INF: START_PAGE_URL=http://www.paradigit.nl
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7575.0075231481
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBD10178-0360-4842-81F2-24D435FE6F10}: NameServer = 195.121.1.34

#7 NonSuch

NonSuch

    Spyware Eradicator!

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,369 posts

Posted 02 June 2004 - 07:48 AM

BOOMerang,

You're very welcome.

You've done a great job cleaning up!!! Posted Image There's just this one item remaining...... So, with all windows closed, except HijackThis, fix the following:

O2 - BHO: (no name) - {0B90AA1B-F649-44C3-9FD3-736C332CBBCF} - (no file)

Reboot.

Now, you should have a clean log!

Next, proceed to the Windows Update site, see link below; scan for and install any/all critical updates that may be needed.

Last, but far from least, please take a moment or two to read the following article in the link below, "How did I get infected in the first place?" There, you'll find valuable information on keeping your system malware free in the future. You'll also find links to good, free anti-spyware tools that will add extra layers of protection to your system.

Good job, BOOMerang! :wave:

Edited by NonSuch, 02 June 2004 - 07:50 AM.


#8 BOOMerang

BOOMerang

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 02 June 2004 - 09:11 AM

thanks a lot :D

You're a great helper!!! :thumbsup: :thumbsup: :thumbsup: :bounce:

#9 NonSuch

NonSuch

    Spyware Eradicator!

  • Trusted Advisor
  • PipPipPipPipPip
  • 1,369 posts

Posted 02 June 2004 - 09:19 AM

BOOMerang,

You are very welcome. I'm happy we could help. Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button