Solved: can only browse in safe mode /HJT log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

heavybob

Thread Starter
Joined
Jul 29, 2005
Messages
750
I have a Gateway laptop that can only browse the internet in safe mode. The following is my HJT log - please help!!!

aLogfile of HijackThis v1.99.1
Scan saved at 8:42:31 AM, on 1/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\System32\taskswitch.exe
C:\WINNT\System32\fast.exe
C:\Program Files\StarBand\Mission Control\HsuGui\HsuGuiControl.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\Program Files\StarBand\Mission Control\TaskBarClient.exe
C:\Program Files\Clarisys\Claritel-i750\Ipnappgw.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINNT\system32\acs.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Gilat\QMS\QMS.exe
C:\Program Files\Gilat\GSU\GSU.exe
C:\Program Files\Gilat\IBQoS\ibqossvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NET2PH~1\CommCtr.exe
C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\System32\RoamMgr.exe
C:\Program Files\GILAT\Internet Page Accelerator\RPAService.exe
C:\PROGRA~1\GILAT\INTERN~1\AS_Agent.exe
C:\Program Files\Flash Networks\NettGain2000\Bst\Srvany.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe
C:\WINNT\System32\Fast.exe
C:\Program Files\Gilat\NetAgent.exe
C:\PROGRA~1\StarBand\MISSIO~1\evrep.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Gateway 450\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by StarBand
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9877
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BackgroundSwitcher] C:\WINNT\System32\bgswitch.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINNT\System32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINNT\System32\fast.exe
O4 - HKLM\..\Run: [HsuGuiControl] C:\Program Files\StarBand\\Mission Control\HsuGui\HsuGuiControl.exe
O4 - HKLM\..\Run: [NettGain2000 Verifier] C:\Program Files\Flash Networks\NettGain2000\Bst\NettGain2000 Verifier.exe
O4 - HKLM\..\Run: [TaskBarClient] C:\Program Files\StarBand\\Mission Control\TaskBarClient.exe
O4 - HKLM\..\Run: [Claritel-i750] C:\Program Files\Clarisys\Claritel-i750\Ipnappgw.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\RunServices: [NettGain2000] C:\Program Files\Flash Networks\NettGain2000\Bst\WgwMngr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [CommCtr] C:\PROGRA~1\NET2PH~1\CommCtr.exe -auto
O4 - HKCU\..\Run: [gws8Rhdtl] ds1enh.exe
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Cardbus F5D7010\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: Sebring - C:\WINNT\System32\LgNotify.dll
O20 - Winlogon Notify: STOPzilla - C:\WINNT\SYSTEM32\IS3WLHandler.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINNT\system32\acs.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Gilat Quality Measurement Service (Gilat QMS) - Gilat Satellite Networks Ltd. - C:\Program Files\Gilat\QMS\QMS.exe
O23 - Service: Gilat host software update service (GilatHSU) - Gilat Satellite Networks Ltd. - C:\Program Files\Gilat\GSU\GSU.exe
O23 - Service: Gilat Network Agent Service (GilatNetAgent) - Gilat Satellite Networks Ltd. - C:\Program Files\Gilat\NetAgent.exe
O23 - Service: Gilat IBQoS Agent (ibqossvc) - Gilat Satellite Networks Ltd. - C:\Program Files\Gilat\IBQoS\ibqossvc.exe
O23 - Service: Adapter Switching (IntelRoam) - Intel Corporation - C:\Program Files\Intel\Switching\User\RoamSvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINNT\System32\RegSrvc.exe
O23 - Service: RoamMgr - Intel Corporation - C:\WINNT\System32\RoamMgr.exe
O23 - Service: RPAService - Unknown owner - C:\Program Files\GILAT\Internet Page Accelerator\RPAService.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINNT\System32\S24EvMon.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
O23 - Service: WgwService - Unknown owner - C:\Program Files\Flash Networks\NettGain2000\Bst\Srvany.exe


Thanks
Bob
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
what happens when you try normal mode ?

Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily


Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

O4 - HKCU\..\Run: [gws8Rhdtl] ds1enh.exe


now Start killbox, go to options on the top bar and make sure remove directories is enabled and remove duplicates is UNCHECKED paste the first file listed below into the full pathname and file to delete box

The file name will appear in the window, select delete on reboot , press the red X button, say yes to the prompt and NOto reboot now then repeat for each file in turn

[Note: Killbox makes backups of all deleted files & folders in a folder called C:\!killbox ] If Killbox tells you any files are missing don't worry but make a note and let us know in your next reply

C:\WINNT\System32\ds1enh.exe

Then on killbox top bar press tools/delete temp files, in the pop up box in the NT section select temp & temp internet & cookies only and in the 9x section select c:\windows\temp & c:\temp then on the drop down user account box, select your account, then repeat for every user account on the computer

then reboot

& post a new HJT log and tell us whether it helped and what symptoms you still have
 

heavybob

Thread Starter
Joined
Jul 29, 2005
Messages
750
Thanks Derek - but the client wants a format and reload - which should solve everything (I hope)
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
That normally cures most things
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top