system error #384

Discussion in 'adware, spyware & hijack cleaning' started by keg, Feb 17, 2004.

Thread Status:
Not open for further replies.
  1. keg

    keg Guest

    Logfile of HijackThis v1.97.7
    Scan saved at 9:44:22 PM, on 2/17/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\Ati2evxx.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\hidserv.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\wanmpsvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\Atiptaxx.exe
    C:\Program Files\DELL\AccessDirect\dadapp.exe
    C:\Program Files\DELL\AccessDirect\DadTray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe
    C:\PROGRA~1\QUICKT~1\qttask.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\WINNT\reg32.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    C:\Program Files\America Online 8.0\aoltray.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
    C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
    C:\PROGRA~1\HEWLET~1\HPOFFI~1\bin\hpoevm07.exe
    C:\WINNT\system32\hpoipm07.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOSTS07.exe
    C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\HPOFXM07.exe
    C:\Program Files\Open Site\opnste.exe
    C:\WINNT\system32\ntvdm.exe
    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://thesearchs.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find4u.net/sp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find4u.net/index.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://thesearchs.com/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://wgpzzi.t.muxa.cc/s.php?aid=240 (obfuscated)
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://thesearchs.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\secure.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://thesearchs.com/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINNT\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware.us/srchasst.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/index.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\secure.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://wgpzzi.t.muxa.cc/h.php?aid=240 (obfuscated)
    R3 - Default URLSearchHook is missing
    O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL (file missing)
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DadApp] C:\Program Files\DELL\AccessDirect\dadapp.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINNT\system32\spool\DRIVERS\W32X86\hpoopm07.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRA~1\QUICKT~1\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
    O4 - HKLM\..\Run: [Reg32] C:\WINNT\reg32.exe
    O4 - HKLM\..\Run: [sys] regedit -s sys.reg
    O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
    O4 - HKLM\..\Run: [EnigmaPopupStop] C:\Program Files\SpyHunter\PopupBlocker\EnigmaPopupStop.exe
    O4 - HKLM\..\Run: [Open Site] C:\Program Files\Open Site\opnste.exe
    O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINNT\system32\rundll32.vbe
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: winlogon.exe
    O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: AIM (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {1FDEC088-A699-46FE-BF76-D5FD6DAE6150} (UCSearch.ucUCSearch) - http://www.zuvio.com/UCSearch.CAB
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/bonnie/us/win/QuickTimeInstaller.exe
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37781.8636805556
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://active.macromedia.com/flash2/cabs/swflash.cab
     
  2. keg

    keg Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    7
    Hi, I am new to this and am trying to figure out why I keep getting this system error #384. I purchased spybot today to try and fix the problem but it hasn't worked. I've download a few other spyware fixits but also had no luck...anyone have any suggestions?

    THANKS!
     
  3. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi keg :)

    Welcome to Wilders.

    Could u please download and run CWShredder,
    then post a fresh HijackThis log.



    snowbound
     
  4. keg

    keg Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    7
    Hi Wilders!

    Thanks for the reply. I've tried to download cwshredder, but keep getting the unable to download page...I'll try again...

    Greg
     
  5. keg

    keg Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    7
    No LUCK wilders!!
     
  6. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    There has been some trouble at Merijins site so the download may still not be possible. :(

    Just be patient and one of the experts will advise u on alternative methods of ridding your computer of the CoolWebSearch infection.


    Thanks



    snowbound
     
  7. keg

    keg Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    7
    Thanks for your help. I'm about tired of purchasing fix-it programs not to have them fix the problem. I appreciate your help.

    Greg
     
  8. keg

    keg Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    7
    Hey Snowbound,

    Should I delete everything in my log? Would that help?

    Thanks,
    Greg
     
  9. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    No! Don't do that. :eek:

    Most of what is there is harmless. Please just wait for the experts to give u recommendations.

    They will help u to clean out your computer. :)




    snowbound
     
  10. keg

    keg Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    7
    Thanks!

    Sorry to sound so naive, but will someone email an answer to me? I am really new to posting a problem and am sorta technologically challenged...

    Greg
     
  11. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    It's ok,

    they will walk u through how to fix everything.

    It may take some time as most of the experts live in Europe so u may want to check back periodically or tomorrow and they will have an answer for u. :)



    snowbound
     
  12. keg

    keg Registered Member

    Joined:
    Feb 17, 2004
    Posts:
    7
    Thanks a lot Snowbound!! You've provided much more assistance than the fix-it programs I've purchased today!

    Cheers,

    Greg
     
  13. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Your Welcome keg(Greg) ;) :)





    snowbound
     
  14. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Could you post the link here in this forum where you purchase SYPBOT S and D...it is a free program but the do take donation.

    I have heard that some are selling a rip off copy of it.


    have you also then updated your spybot after you bought it ?
     
  15. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
Thread Status:
Not open for further replies.