system error #384

Logfile of HijackThis v1.97.7
Scan saved at 9:44:22 PM, on 2/17/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Atiptaxx.exe
C:\Program Files\DELL\AccessDirect\dadapp.exe
C:\Program Files\DELL\AccessDirect\DadTray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\PROGRA~1\QUICKT~1\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINNT\reg32.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
C:\WINNT\system32\hpoipm07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOSTS07.exe
C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOFXM07.exe
C:\Program Files\Open Site\opnste.exe
C:\WINNT\system32\ntvdm.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://thesearchs.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find4u.net/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find4u.net/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thesearchs.com/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://wgpzzi.t.muxa.cc/s.php?aid=240 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://thesearchs.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchs.com/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware.us/srchasst.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://wgpzzi.t.muxa.cc/h.php?aid=240 (obfuscated)
R3 - Default URLSearchHook is missing
O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
O4 - HKLM\..\Run: [Reg32] C:\WINNT\reg32.exe
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: winlogon.exe
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.zuvio.com/UCSearch.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37781.8636805556
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab

 

Hi, I am new to this and am trying to figure out why I keep getting this system error #384. I purchased spybot today to try and fix the problem but it hasn't worked. I've download a few other spyware fixits but also had no luck...anyone have any suggestions?

THANKS!

 

Hi keg

Welcome to Wilders.

Could u please download and run CWShredder,
then post a fresh HijackThis log.



snowbound

 

Hi Wilders!

Thanks for the reply. I've tried to download cwshredder, but keep getting the unable to download page...I'll try again...

Greg

 

No LUCK wilders!!

 

There has been some trouble at Merijins site so the download may still not be possible.

Just be patient and one of the experts will advise u on alternative methods of ridding your computer of the CoolWebSearch infection.


Thanks



snowbound

 

Thanks for your help. I'm about tired of purchasing fix-it programs not to have them fix the problem. I appreciate your help.

Greg

 

Hey Snowbound,

Should I delete everything in my log? Would that help?

Thanks,
Greg

 

No! Don't do that.

Most of what is there is harmless. Please just wait for the experts to give u recommendations.

They will help u to clean out your computer.




snowbound

 

Thanks!

Sorry to sound so naive, but will someone email an answer to me? I am really new to posting a problem and am sorta technologically challenged...

Greg

 

It's ok,

they will walk u through how to fix everything.

It may take some time as most of the experts live in Europe so u may want to check back periodically or tomorrow and they will have an answer for u.



snowbound

 

Thanks a lot Snowbound!! You've provided much more assistance than the fix-it programs I've purchased today!

Cheers,

Greg

 

Your Welcome keg(Greg)





snowbound

 

Could you post the link here in this forum where you purchase SYPBOT S and D...it is a free program but the do take donation.

I have heard that some are selling a rip off copy of it.


have you also then updated your spybot after you bought it ?

 

see if you can get that shredder from this link..if so go off line and then run it letting it fix things it finds.


CWShredder 1.49.1
2004-02-16

http://www.majorgeeks.com/downloadget.php?id=3155&file=3&evp=3304750663b552982a8baee6434cfc13