# My Log - system error 384, missing wallpaper and more...argh

Discussion in 'adware, spyware & hijack cleaning' started by samuryan, Jun 24, 2004.

Not open for further replies.
1. ### samuryanRegistered Member

Joined:
Jun 23, 2004
Posts:
3
Here's my log - thanks SO much to anyone who can help me. I've tried both S&D and Ad-aware (both say my computer is clean now) and I've run HijackThis a few times and "fixed" things, but nothing is fixed. I think my main problem is with R0 & R1 - they keep coming back with the wrong page - (this page being "C:\WINDOWS\secure.html" which comes up saying "system error #384" on the page) It is also opening up porn pages that I can only get rid of by pressing Ctl+Alt+Del. AND THEN my wallpaper gets taken over by some warning that my computer is in imminent danger (which I can change only if I go to the very edge of the screen, go to Properties>Desktop>Customize Desktop>Web then delete something called "security" in the Web Pages dialogue box). Can someone help? I've spent about 13 hours in the past 2 days on this & am going a bit batty

Logfile of HijackThis v1.97.7
Scan saved at 11:12:39 PM, on 23/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\mgabg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\WINDOWS\System32\wisptis.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system.exe
C:\WINDOWS\system.exe
C:\WINDOWS\system.exe
C:\WINDOWS\system.exe
C:\WINDOWS\system.exe
C:\WINDOWS\system.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system.exe
C:\DOCUME~1\Heather\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\TAVBY3ZF\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\fdahlp99.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKCU\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37668.8275462963

2. ### samuryanRegistered Member

Joined:
Jun 23, 2004
Posts:
3
I hope I'm not jumping the gun by saying this, but I think I solved my problem. Ran S&D, Ad-aware, HijackThis - fixed what needed to be fixed there, then uploaded any current updates from MS for XP and finally, ran CWShredder...things seem back to normal. I really hope this is the end of it!

Joined:
Apr 27, 2002
Posts:
13,407
Location:
Netherlands
4. ### samuryanRegistered Member

Joined:
Jun 23, 2004
Posts:
3
Thanks Pieter,

Some of my guidance came from reading other threads on this forum that you wrote in - very helpful advice. This site has been my saving grace...took a lot of reading & a lot of time, but my computer is all better now! Thanks again to all the other volunteers that help with this site.