This forum is for removing Malware, Spyware, Adware. Post your HijackThis, DDS, RSIT, Combofix logs here.

Moderator: Moderators


Postby alichan » Sun Jul 31, 2011 3:12 am

Hi there:

I run a laptop with Windows XP, Service Pack 3. I have been having a lot of problems trying to access just normal web pages on google.com. I was being redirected constantly to all these advertisement pages that would reload to another ad if I backed out and tried to go back in. I was recommended to download Malwarebytes but I couldn't get this particular program to open. There were a bunch of other programs that I looked at but would offer a free trial that would later require you to buy the program and I was advised against this. (The main program was StopZilla). But at this link: http://www.myantispyware.com/2009/06/08 ... to-fix-it/ I looked for a way to try and fix the problem with getting the program to load but none of the options worked. I tried all of the options several times in both normal mode and safe mode with the same results of the program failing to open no matter how I try to. I also tried to boot the program from a thumb flash drive in both normal and safe modes with the same results.

While I was looking through the comments from the link above I noticed that a lot of people were coming here for help and decided to post to see if I could get some help too. If you could help, below is the information for the HijackThis program.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:58:18 PM, on 7/30/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
E:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
E:\Program Files\LogMeIn Hamachi\hamachi-2.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
E:\Program Files\TeamViewer\Version5\TeamViewer.exe
E:\Program Files\STOPzilla!\STOPzilla.exe
E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
E:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
E:\Program Files\Common Files\Java\Java Update\jusched.exe
E:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe
E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\uTorrent\uTorrent.exe
E:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQHIDCL.DAT
E:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
E:\Program Files\OpenOffice.org 3\program\soffice.exe
E:\Program Files\OpenOffice.org 3\program\soffice.bin
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Mozilla Firefox\plugin-container.exe
E:\Program Files\Common Files\Java\Java Update\jucheck.exe
E:\Program Files\Alwil Software\Avast5\AvastUI.exe
E:\Documents and Settings\Ali\My Documents\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - E:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: (no name) - {00DE9E64-A591-454B-8449-FE491EDCC5F0} - E:\WINDOWS\system32\ati2edxx32.dll
O2 - BHO: (no name) - {015CF382-7303-4A6D-A981-5FA78BA1AD85} - E:\WINDOWS\system32\ati2edxx32.dll
O2 - BHO: (no name) - {01BD3CC9-A591-454B-8449-FE491EDCC5F0} - E:\WINDOWS\system32\ati2edxx32.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - E:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - E:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - e:\program files\stopzilla!\sziebho.dll (file missing)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - E:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - E:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - E:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Program Files\ConduitEngine\ConduitEngine.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MaxMenuMgr] "E:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ACQTMOUSE] "E:\Program Files\Mouse Setting\Mouse Setting Software\4.0\ACQTMAPP.exe"
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [uTorrent] "E:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Fraps] E:\FRAPS\FRAPS.EXE
O4 - Startup: OpenOffice.org 3.2.lnk = E:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Clean Access Agent.lnk = E:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4773767714
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: TPSvc - TPSvc.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - E:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - E:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - E:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe

End of file - 9210 bytes

If I could get some help in being able to get this fixed I would greatly appreciate it.
Posts: 1
Joined: Sun Jul 31, 2011 2:55 am

Re: HJT Log

Postby patrik » Wed Aug 03, 2011 2:59 pm

Hello, welcome to the Myantispyware forum.

Run HijackThis. Click "Do a system scan only" button.
Now select the following entries by placing a tick in the left hand check box, if still present:
Code: Select all
O2 - BHO: (no name) - {00DE9E64-A591-454B-8449-FE491EDCC5F0} - E:\WINDOWS\system32\ati2edxx32.dll
O2 - BHO: (no name) - {015CF382-7303-4A6D-A981-5FA78BA1AD85} - E:\WINDOWS\system32\ati2edxx32.dll
O2 - BHO: (no name) - {01BD3CC9-A591-454B-8449-FE491EDCC5F0} - E:\WINDOWS\system32\ati2edxx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - e:\program files\stopzilla!\sziebho.dll (file missing)

Once you have selected all entries, close all running programs then click once on the "fix checked" button.
Reboot your computer.

If you have previously downloaded ComboFix, please delete that version now.
Download Combofix from here. Close any open browsers. Double click on combofix.exe and follow the prompts.
When the tool is finished, it will produce a log for you.If the log does not automatically open, then it can be found at %systemdrive%\combofix.txt (typically C:\combofix.txt).

If ComboFix will not run, please rename it to myapp.exe and try again!

Post back with combofix log.
Site Admin
Posts: 9313
Joined: Sun Jan 08, 2006 1:11 pm

Return to Spyware Removal

Who is online

Users browsing this forum: No registered users and 4 guests