I got one of them things..................

[Guest Ferret1959]

Logfile of HijackThis v1.99.0

Scan saved at 02:38:25, on 19/01/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:WINDOWSSystem32smss.exe

C:WINDOWSsystem32csrss.exe

C:WINDOWSsystem32winlogon.exe

C:WINDOWSsystem32services.exe

C:WINDOWSsystem32lsass.exe

C:WINDOWSsystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:Program FilesCommon FilesSTOPzilla!SZServer.exe

C:WINDOWSExplorer.EXE

C:WINDOWSSystem32svchost.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSsystem32spoolsv.exe

C:WINDOWSSystem32alg.exe

C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe

C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe

C:WINDOWSSystem32nvsvc32.exe

C:WINDOWSSystem32svchost.exe

C:WINDOWSSystem32wdfmgr.exe

C:WINDOWSSYSTEM32ZoneLabsvsmon.exe

C:Program FilesThomsonSpeedTouch USBDragdiag.exe

C:PROGRA~1GrisoftAVGFRE~1avgcc.exe

C:Program FilesZone LabsZoneAlarmzlclient.exe

C:WINDOWSSystem32RunDll32.exe

C:Program FilesMultimedia Card Readershwicon2k.exe

C:WINDOWSSystem32spoolDRIVERSW32X863E_S4I0H2.EXE

C:WINDOWSTwain_32SlimU2HotKey.exe

C:Program FilesMicrosoft AntiSpywaregcasServ.exe

C:Program FilesSTOPzilla!Stopzilla.exe

C:Program FilesWinZipWZQKPICK.EXE

C:Program FilesMicrosoft AntiSpywaregcasDtServ.exe

C:Program FilesMailWasherMailWasher.exe

C:Program FilesWinTVWinTV2K.EXE

C:Program FilesBearShareBearShare.exe

C:Program FilesBearShareBearShare.exe

C:WINDOWSSystem32winmsdc.exe

C:WINDOWSSystem32vwipxspnt.exe

C:unzippedhijackthisHijackThis.exe

 

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32mcicdb.dll/sp.html (obfuscated)

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32mcicdb.dll/sp.html (obfuscated)

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.freeserve.com/

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINDOWSSystem32mcicdb.dll/sp.html (obfuscated)

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWSSystem32mcicdb.dll/sp.html (obfuscated)

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32mcicdb.dll/sp.html (obfuscated)

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINDOWSSystem32mcicdb.dll/sp.html (obfuscated)

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Microsoft Internet Explorer provided by Freeserve

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar1.dll

O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:Program FilesSTOPzilla!SZIEBHO.dll

O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:PROGRA~1FREESE~1FSBarFSBar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSystem32msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar1.dll

O4 - HKLM..Run: [speedTouch USB Diagnostics] "C:Program FilesThomsonSpeedTouch USBDragdiag.exe" /icon

O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP

O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup

O4 - HKLM..Run: [nwiz] nwiz.exe /install

O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NvMcTray.dll,NvTaskbarInit

O4 - HKLM..Run: [Zone Labs Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"

O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM..Run: [sunkist2k] C:Program FilesMultimedia Card Readershwicon2k.exe

O4 - HKLM..Run: [EPSON Stylus Photo R200 Series] C:WINDOWSSystem32spoolDRIVERSW32X863E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"

O4 - HKLM..Run: [HotKey] C:WINDOWSTwain_32SlimU2HotKey.exe

O4 - HKLM..Run: [gcasServ] "C:Program FilesMicrosoft AntiSpywaregcasServ.exe"

O4 - HKLM..Run: [sTOPzilla] C:Program FilesSTOPzilla!Stopzilla.exe /autostart

O4 - Global Startup: WinZip Quick Pick.lnk = C:Program FilesWinZipWZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &ieSpell Options - res://C:Program FilesieSpelliespell.dll/SPELLOPTION.HTM

O8 - Extra context menu item: &WordWeb... - res://C:WINDOWSwweb32.dll/lookup.html

O8 - Extra context menu item: Backward Links - res://C:Program FilesGoogleGoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://C:Program FilesGoogleGoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Check &Spelling - res://C:Program FilesieSpelliespell.dll/SPELLCHECK.HTM

O8 - Extra context menu item: Search with Freeserve - res://C:PROGRA~1FREESE~1FSBarFSBar.dll/VSearch.htm

O8 - Extra context menu item: Similar Pages - res://C:Program FilesGoogleGoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:Program FilesGoogleGoogleToolbar1.dll/cmtrans.html

O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:Program FilesieSpelliespell.dll

O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:Program FilesieSpelliespell.dll

O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:Program FilesieSpelliespell.dll

O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:Program FilesieSpelliespell.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft ActiveSyncinetrepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft ActiveSyncinetrepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft ActiveSyncinetrepl.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengerMSMSGS.EXE

O12 - Plugin for .mov: C:Program FilesInternet ExplorerPLUGINSnpqtplugin.dll

O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll

O12 - Plugin for .tiff: C:Program FilesInternet ExplorerPLUGINSnpqtplugin7.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1106068241984

O17 - HKLMSystemCCSServicesTcpip..{11A5D28C-3E84-4414-9DE2-764C84F2F3C4}: NameServer = 69.50.188.180 195.225.176.31

O17 - HKLMSystemCCSServicesTcpip..{4D3FA9C3-EE77-49E1-BCD6-5196F9809FC2}: NameServer = 69.50.188.180,195.225.176.31

O17 - HKLMSystemCCSServicesTcpip..{8E1CCDD6-E275-4649-A5FA-750A3A38278E}: NameServer = 69.50.188.180,195.225.176.31

O17 - HKLMSystemCS1ServicesTcpip..{11A5D28C-3E84-4414-9DE2-764C84F2F3C4}: NameServer = 69.50.188.180 195.225.176.31

O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe

O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe

O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe

O23 - Service: STOPzilla Service - Unknown - C:Program FilesCommon FilesSTOPzilla!SZServer.exe

O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:WINDOWSSYSTEM32ZoneLabsvsmon.exe

 

 

Still confused?????????????

[Newt]

Well, lots of the bad stuff is back since you couldn't finish the cleaning.

 

At this point it would be a matter of using a Hijackthis scan and removing lots of that startup trash but then running the removal program from safe mode and seeing how things went. There will likely be a little more cleaning to be done but sans a declutter, no way ot tell what.

 

All you said was that you couldn't get it to run in safe mode and without more detail than that, I'm sorta stuck for what to suggest. I know the file will run from safe mode as long as the PC will boot up which yours does.

[IanR]

Hi

 

What about disabling System Restore before running the cleaning apps?

 

Cheers

 

Ian.

[Newt]

Disabling SR and a reboot then enabling SR is certainly part of the process but I like to leave it to pretty much the last step.

[MrWiggly]

How about running from MS DOS ? ...

Just an idea ...

[Guest Ferret1959]

I've been using Mozilla Firefox all evening and not had one single problem.

 

I'd still like to get IE sorted as I can't use my spell checker and one or two other toys on Firefox.

[Stephen.uk]

Ferret, have you got the IEView extension ?

It adds an option to right click to view the current page in IE, very handy if you have to use IE on a certain page etc..

IEView

[Guest Ferret1959]

Stephen.

Thanks for the link, found a few other addons while I was there.

 

Does anyone do a spell checker for FF?

[Stephen.uk]

http://spellbound.sourceforge.net/download

 

Yes this one pleased me as I was unsure.

 

Its a tad awkward to install though, I have firefox 1 release version. but the install page gives an automated install which didn't work.

 

I downloaded from downloads page

SpellBound extension

Windows SpellBound libraries for Firefox 1.0 Release

 

then you must install the dictionary you want to use, this file did not auto load so save it then open FF extensions window and drag n drop the file there, it installs, restart firefox and your away.

http://dictionaries.mozdev.org/installation.html

 

[ 20. January 2005, 10:10 PM: Message edited by: Stephen.uk ]