My Log - system error 384, missing wallpaper and more...argh

Discussion in 'adware, spyware & hijack cleaning' started by samuryan, Jun 24, 2004.

Thread Status:
Not open for further replies.
  1. samuryan

    samuryan Registered Member

    Joined:
    Jun 23, 2004
    Posts:
    3
    Here's my log - thanks SO much to anyone who can help me. I've tried both S&D and Ad-aware (both say my computer is clean now) and I've run HijackThis a few times and "fixed" things, but nothing is fixed. I think my main problem is with R0 & R1 - they keep coming back with the wrong page - (this page being "C:\WINDOWS\secure.html" which comes up saying "system error #384" on the page) It is also opening up porn pages that I can only get rid of by pressing Ctl+Alt+Del. AND THEN my wallpaper gets taken over by some warning that my computer is in imminent danger (which I can change only if I go to the very edge of the screen, go to Properties>Desktop>Customize Desktop>Web then delete something called "security" in the Web Pages dialogue box). Can someone help? I've spent about 13 hours in the past 2 days on this & am going a bit batty :eek:



    Logfile of HijackThis v1.97.7
    Scan saved at 11:12:39 PM, on 23/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\WINDOWS\System32\mgabg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\Mixer.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\WINDOWS\System32\PDesk\PDesk.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINDOWS\System32\wisptis.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system.exe
    C:\WINDOWS\system.exe
    C:\WINDOWS\system.exe
    C:\WINDOWS\system.exe
    C:\WINDOWS\system.exe
    C:\WINDOWS\system.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system.exe
    C:\DOCUME~1\Heather\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\TAVBY3ZF\HijackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
    O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O2 - BHO: (no name) - {98DE779A-2364-4293-AB71-2B97C61C4640} - C:\PROGRA~1\FREEDO~1\fdahlp99.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37668.8275462963
     
  2. samuryan

    samuryan Registered Member

    Joined:
    Jun 23, 2004
    Posts:
    3
    I hope I'm not jumping the gun by saying this, but I think I solved my problem. Ran S&D, Ad-aware, HijackThis - fixed what needed to be fixed there, then uploaded any current updates from MS for XP and finally, ran CWShredder...things seem back to normal. I really hope this is the end of it!
     
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
  4. samuryan

    samuryan Registered Member

    Joined:
    Jun 23, 2004
    Posts:
    3
    Thanks Pieter,

    Some of my guidance came from reading other threads on this forum that you wrote in - very helpful advice. This site has been my saving grace...took a lot of reading & a lot of time, but my computer is all better now! Thanks again to all the other volunteers that help with this site.
     
Thread Status:
Not open for further replies.