HELP! errorplace.com, how do i remove it?!

Please do the appropriate reading and do not post HijackThis logs unless your are ask to post one. Read this thread: http://forums.majorgeeks.com/showthread.php?t=35407 Follow the directions there and run the programs indicated. If it becomes necessary to post a HijackThis log we will tell you. But you must follow the directions and shut down all non-required applications. You had way to much stuff running. I repeat read the above thread and follow directions.

 

You have installed, updated and run and fixed what the below have found?
- Ad-aware
- SpyBot S&D
- CWShredder
- CCleaner

And have you tried it in safe mode?

If yes, now you can post (as an attachment) a HijackThis log. Make sure you have HijackThis 1.98 hotfix

 

He probably has some DLL files , at least one, he will need to manually delete from safe mode, from there Ad-Aware, or Spybot should remove it. As Chaslang said, your Hijack This log file will alert us to the file name you will need to delete.

 

Might want to try our tutorial completely. I see a toolbar installed, check add\remove programs for any toolbars, shopping or crap you didnt install. Your computer is so loaded with garbage, spending some time removing programs you do not use as well as some drive cleaning is a good idea. Checking your startup for items that do not need to be there when Windows boot would help you as well.

http://forums.majorgeeks.com/showthread.php?t=35407

These items can be removed:

C:\WINDOWS\ALCXMNTR.EXE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: jimmyhelp.CBrowserHelper - {0E02EA12-9695-4FE3-9CDB-35DFAF276622} - C:\WINDOWS\fcsvxbaqn.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [4ET.exe] C:\docume~1\owner\locals~1\temp\4ET.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)


Chaslang is more experienced in this then me and may have more to add next time he is on, but please, do the tutorial and cleanup your machine to make this logfile shorter. Also, close all running programs before you run Hijack This.

 

Your still not following directions as indicated in the link I gave you and as I specifically request in my first message to you. Have you looked at your log. You have tons of items running that are not necessary making me have to figure what they are in many cases. Obviously there are some that are easy like MusicMatch, but for everything I don't recognize I have to waste time figuring out what it is or I have to ask you what it is and if you installed it. This wastes a load of time for both of us and delays us from getting to your real problems.
Read the link I gave you in that first message again and pay attention to what it is telling you about shutting down ALL applications and items in your system tray.

I repeat from my first message:
"But you must follow the directions and shut down all non-required applications. You had way to much stuff running. I repeat read the above thread and follow directions."


Edit: you just beat me in Major

 

In addition to what Major Attitude has already stated, fix these lines too with HijackThis:
I would first look for an uninstall ( in Add/Remove programs) for this Red Swoosh client.
(see Pest Patrol: http://pestpatrol.com/pestinfo/r/red_swoosh.asp)

O4 - HKCU\..\Run: [Red Swoosh EDN Client] C:\Program Files\RSNet\RSEDNClient.exe
O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://www.makeoversolutions.com/save/makeover.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {AD8D3C68-0C60-4B53-8A9E-BC654BBB36FE} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab28177.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab28177.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab28177.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

The reboot to safe mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam
and delete
C:\Program Files\RSNet\RSEDNClient.exe
C:\Documents and Settings\Owner\Application Data\eber.exe
C:\docume~1\owner\locals~1\temp\4ET.exe <----- the file Major gave to you

In my next message, I have a bunch of questions we need answers to before we can decide what to do.

 

Here are a bunch of questions about lines I see. We need answers before continuing with these:

Did you download and install this ESPN toolbar?
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll

Did you install this Microsoft Input Message Editor stuff (the next 4 lines)?
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

Did you install and do you use these next two Intervideo items?
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"

Did you install this Digstream stuff?
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
Disney Internet Group Streaming. System Tray background downloading task from ESPN Motion, the online sports channel, MOVIES.COM, or ABC TV (all part of the Disney Group). This task downloads in the background videos that you will watch or are likely to watch when you access, or next access ESPN Motion, Movies.com, or ABC TV. It is through this invisible background downloading that these services achieve their seemingly seamless, no-buffering, and uninterrupted, video streaming when you watch a video.

I believe we have had a bunch of discussions here on MG's about Messenger Plus being spyware/adware. Consider whether or not you really need this program.
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"

Did you place the restriction below on Control Panel or are you using a program to do this?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Do you recognize the IP Address in the next line (I added more info about them below). If not, have HijackThis fix this O17 line too.
O17 - HKLM\System\CCS\Services\Tcpip\..\{D57BEEC2-6017-4B80-B5C5-823D7B13FFA4}: NameServer = 205.252.144.126 218.102.62.71

205.252.144.126 = [ imspcml002.netvigator.com ]
!!! rwhois.cais.net failed to respond ***
displaying Referrer's Records (whois.arin.net):
OrgName: CAIS Internet
OrgID: CAIS
Address: 6861 Elm Street Third Floor
City: McLean
StateProv: VA
PostalCode: 22101
Country: US

218.102.62.71 = [ dns02.netvigator.com ]
!!! whois.apnic.net failed to respond ***
displaying Referrer's Records (whois.arin.net):
OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

 

To check the first item, just run SpywareBlaster and select Tools and then Misc IE Settings and see if you have check the option labeled "Disable the IE Home Page settings area in the Internet Tools Control Panel"

For the IP Addresses, leave them for now but you should try to check out what they might be for. Here is some more info on them:

imspcml002.netvigator.com = [ 203.198.23.216 ]
Registrant: PCCW-HKT Datacom Services Limited NETVIGATOR-DOM
39/F PCCW Tower Taikoo Pl. 979 Kings Rd
Taikoo Place Hong Kong
Quarry Bay 00000
HK
Domain Name: NETVIGATOR.COM
Administrative Contact Technical Contact: Shek David dnsadmin@netvigator.com
39/F PCCW Tower Taikoo Place
979 Kings Road
Quarry Bay
HK
852 2883 3375 fax: 852 2962 5858
Record expires on 10-Feb-2009.
Record created on 09-Feb-1996.
Database last updated on 1-Aug-2004 16: 01: 47 EDT.
Domain servers in listed order:
NS3.NETVIGATOR.COM 218.102.23.228
NS4.NETVIGATOR.COM 203.198.7.66

 

Yes, if you did not create the restrictions, have HijackThis fix that line.