My Log - system error 384, missing wallpaper and more...argh

Discussion in 'adware, spyware & hijack cleaning' started by samuryan, Jun 24, 2004.

Thread Status:
Not open for further replies.
  1. samuryan

    samuryan Registered Member

    Joined:
    Jun 23, 2004
    Posts:
    3
    Here's my log - thanks SO much to anyone who can help me. I've tried both S&D and Ad-aware (both say my computer is clean now) and I've run HijackThis a few times and "fixed" things, but nothing is fixed. I think my main problem is with R0 & R1 - they keep coming back with the wrong page - (this page being "C:\WINDOWS\secure.html" which comes up saying "system error #384" on the page) It is also opening up porn pages that I can only get rid of by pressing Ctl+Alt+Del. AND THEN my wallpaper gets taken over by some warning that my computer is in imminent danger (which I can change only if I go to the very edge of the screen, go to Properties>Desktop>Customize Desktop>Web then delete something called "security" in the Web Pages dialogue box). Can someone help? I've spent about 13 hours in the past 2 days on this & am going a bit batty :eek:



    Logfile of HijackThis v1.97.7
    Scan saved at 11:12:39 PM, on 23/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\System32\mgabg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\System32\PDesk\PDesk.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINDOWS\System32\wisptis.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system.exe
    C:\WINDOWS\system.exe
    C:\WINDOWS\system.exe
    C:\WINDOWS\system.exe
    C:\WINDOWS\system.exe
    C:\WINDOWS\system.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system.exe
    C:\DOCUME~1\Heather\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\TAVBY3ZF\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
    O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\fdahlp99.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37668.8275462963
     
  2. samuryan

    samuryan Registered Member

    Joined:
    Jun 23, 2004
    Posts:
    3
    I hope I'm not jumping the gun by saying this, but I think I solved my problem. Ran S&D, Ad-aware, HijackThis - fixed what needed to be fixed there, then uploaded any current updates from MS for XP and finally, ran CWShredder...things seem back to normal. I really hope this is the end of it!
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,440
    Location:
    Netherlands
  4. samuryan

    samuryan Registered Member

    Joined:
    Jun 23, 2004
    Posts:
    3
    Thanks Pieter,

    Some of my guidance came from reading other threads on this forum that you wrote in - very helpful advice. This site has been my saving grace...took a lot of reading & a lot of time, but my computer is all better now! Thanks again to all the other volunteers that help with this site.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.