spyware! system error #384 - hijackthis log

Discussion in 'adware, spyware & hijack cleaning' started by kimwipes, Jun 24, 2004.

Thread Status:
Not open for further replies.
  1. kimwipes

    kimwipes Registered Member

    Joined:
    Jun 24, 2004
    Posts:
    3
    I've tried following the advice on similar threads, but it hasn't worked, any advice is appreciated! thanks


    Logfile of HijackThis v1.97.7
    Scan saved at 9:33:05 PM, on 6/23/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe
    C:\Program Files\TightVNC\WinVNC.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\PopUp Killer\PopUpKiller.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    C:\WINDOWS\system32\rundll32.exe
    D:\users\david\Desktop\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\TightVNC\vncviewer.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINDOWS\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\secure.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\secure.html
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 10.127.1.11 10.127.2.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 10.127.1.11 10.127.2.11
     
  2. kimwipes

    kimwipes Registered Member

    Joined:
    Jun 24, 2004
    Posts:
    3
    Bump **
     
  3. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Hello kimwipes

    I would like you to start with this:

    Download CWShredder Click on update, then close all browsers, and then click on Fix, not scan.

    Next, download Spybot S&D Check for Updates first, download ALL Updates and Do a Scan. When finished, make sure ALL RED items have been ticked, and click the "Fix Selected Problems" Button.

    Reboot the computer.

    Run Hijackthis again and post a fresh log here.
     
  4. kimwipes

    kimwipes Registered Member

    Joined:
    Jun 24, 2004
    Posts:
    3
    Taz, thanks, the latest version of cwshredder got rid of the iexplorer hijack. The log is bellow. The only thing remaining is the annoying desktop "Warning! you are in danger ...", whenever I try to replace it, the new desktop flashes in for a second and comes right back

    Logfile of HijackThis v1.97.7
    Scan saved at 11:27:22 PM, on 6/27/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Network ICE\BlackICE\blackd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\NMSSvc.exe
    C:\Program Files\Norton Utilities\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Speed Disk\nopdb.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Turtle Beach\AudioStation\tbaspi.exe
    C:\Program Files\TightVNC\WinVNC.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\PopUp Killer\PopUpKiller.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\cidaemon.exe
    D:\users\david\Desktop\HijackThis.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\PopUpKiller.EXE
     
  5. Taz71498

    Taz71498 Registered Member

    Joined:
    May 27, 2004
    Posts:
    674
    Location:
    USA
    Copy what is in the quote box below to notepad and save it as noactd.reg


    Close notepad. Doubleclick the file your just created and confirm you want to merge it with the registry.
    It may take a reboot for the changes to take effect.

    Run Hijackthis again and post a new log.
     
Thread Status:
Not open for further replies.