I got rid of the toolbar and the dll files for them but am still getting popups hijack this log included

Logfile of HijackThis v1.99.1
Scan saved at 12:08:00 AM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\acs.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\108Mbps Wireless LAN Adapter\WLANPRO.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\MSN Messenger\usnsvc.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Downloaded Apps\hijackthis_sfx.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {337C54C9-80C1-4de2-93CD-AAA510834074} - D:\WINDOWS\system32

\laf66A.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1

\SDHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - D:\Program Files\Internet

Security\isadd.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program

files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program

files\google\googletoolbar2.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - D:\Program

Files\Internet Security\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef

/Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462

\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0

\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0

\Reader\AdobeCollabSync.exe
O4 - Global Startup: Reg.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2

\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2

\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?

1172286427821
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?

1172286475860
O17 - HKLM\System\CCS\Services\Tcpip\..\{1503E966-1FB0-4EAC-8C67-BA50A68BC398}: NameServer =

85.255.114.9,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CF9131F-A770-43E7-BDF9-4B48F3DFB120}: NameServer =

85.255.114.9,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{8CB3C40F-78B2-42D0-AEBE-E051F9012C9A}: NameServer =

85.255.114.9,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D52DB62-5780-48E1-AB90-9C517B9E3105}: NameServer =

85.255.114.9,85.255.112.204
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.9 85.255.112.204
O17 - HKLM\System\CS1\Services\Tcpip\..\{1503E966-1FB0-4EAC-8C67-BA50A68BC398}: NameServer =

85.255.114.9,85.255.112.204
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.9 85.255.112.204
O17 - HKLM\System\CS2\Services\Tcpip\..\{1503E966-1FB0-4EAC-8C67-BA50A68BC398}: NameServer =

85.255.114.9,85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.9 85.255.112.204
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1

\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1

\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: didynamia - {8329660f-e248-4872-98cc-fb9c4fec7ba8} - D:\WINDOWS\system32

\xkrdk.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - D:\WINDOWS\system32

\acs.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Windows Management Service - Unknown owner - D:\WINDOWS\system32\dmmbk.exe

Welcome to the forum, if you still need help and are not receiving it elsewhere, it appears you have missed some important instructions our administrator has posted at the top of the forum,
especially this: "BEFORE you POST" -Preliminary Steps
http://forums.spybot.info/showthread.php?t=288
Please read and follow all instructions and post all required logs or reports, anything less will slow your process.
Use "Post Reply" to post the information in the instructions and stay in the same topic.

You can hold the online scan unless I ask for it, but I can not use this HJT log. Be sure you follow the rest of the directions, especially this one:

Note: In notepad under Format, uncheck "Word Wrap" Produce all HJT logs like this, single spaced.
It is preferable, and the log easier to read, if you do not use the [code] or [php] options.
You have been hijacked by these folks: http://whois.domaintools.com/85.255.114.9
You might want to keep this computer offline as much as possible, the hackers do have access when online.

Post a HJT log I can use and we can get started kicking out the Ukrainians.

Thanks

My HJT log was included in the post!

If you want help, then I would appreciate it if you would read and follow the directions.

"BEFORE you POST" -Preliminary Steps
http://forums.spybot.info/showthread.php?t=288


Be sure you follow the rest of the directions, especially this one:

Note: In notepad under Format, uncheck "Word Wrap" Produce all HJT logs like this, single spaced.
It is preferable, and the log easier to read, if you do not use the [code] or [php] optionsThank you

This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.