[mikoal]

Hi there, im new here, and i never used Hijackthis, so im sorry if im asking stupid questions or that im doing something that has already been fixed or is obvious. This problem is very annoying and it seems like i've scanned my computer a lot of times already even in safe mode with ad-aware SE personal, bazooka, spyware doctor, spywareblaster,advanced spyware remover,avg,CCleaner,pconpoint,stinger,spyware begone, spybot search and destroy, V3 pro and xoftspy, im sure theres others too.

I've read the sticky and i THINK ive done everything i need to do, had all those boxes checked and scanned, so im going to download hijack this and use it, it wont be on desktop nor a temp file.

The problem that ive been getting is the annying popups and ebay popups, i've gotten rid of party poker popups i believe, the other popups are saying that i need spyware programs, and i get screensaver/wallpaper popups, things that popup up lby outerinfo and my internet exploere always crashes when i try closing it. "Internet exploere has encountered a problem and needs to close. We are sorry for the inconvenience.

Ok just finished Hijackthis this is what i got...

Logfile of HijackThis v1.99.1
Scan saved at 12:05:54 PM, on 28/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {34916D2E-A666-4018-A6CB-DCB2006CD8DC} - C:\WINDOWS\system32\sstqp.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows Automatical Updater] dcz.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Iibcedf] C:\PROGRA~1\COMMON~1\TSKS~1\EXPLOR~1.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\RunServices: [NeroFilter] NeroFilterCheck.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.....cab?refid=1123
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://workfromhome.mmm.com/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{88E4B327-6E46-4FA8-AC80-2068B1E68196}: NameServer = 142.161.130.155 142.161.2.155
O20 - Winlogon Notify: sstqp - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winuqw32 - winuqw32.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe








-------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:14:15 PM 27/06/2006

+ Scan result:



C:\System Volume Information\_restore{0BE0E30A-25D8-4CF4-82C2-723AB2ADADC1}\RP376\A0048767.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
HKU\S-1-5-21-1229272821-1292428093-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\Program Files\AhnLab\V3\Temp\V3000001.BIN -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Program Files\AhnLab\V3\Temp\V3000036.BIN -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Program Files\AhnLab\V3\Temp\V3000074.BIN -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Program Files\AhnLab\V3\Temp\V30000CB.BIN -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Program Files\AhnLab\V3\Temp\V3000103.BIN -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Program Files\AhnLab\V3\Temp\V3000158.BIN -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Program Files\AhnLab\V3\Temp\V300016D.BIN -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Program Files\AhnLab\V3\Temp\V30001D6.BIN -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Program Files\AhnLab\V3\Temp\V30002BA.BIN -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Program Files\AhnLab\V3\Temp\V30002C4.BIN -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\WINDOWS\system32\S?mantec\services.exe -> Downloader.PurityScan.cr : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE0E30A-25D8-4CF4-82C2-723AB2ADADC1}\RP376\A0048766.tlb -> Downloader.Zlob.ne : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE0E30A-25D8-4CF4-82C2-723AB2ADADC1}\RP376\A0048764.exe -> Downloader.Zlob.th : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\E345M7OP\send_ocx_sof[2].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YZ49Q5GX\send_ocx_sof[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{0BE0E30A-25D8-4CF4-82C2-723AB2ADADC1}\RP365\A0047153.dll -> Not-A-Virus.Hoax.Win32.Renos.dp : Cleaned with backup (quarantined).
C:\Documents and Settings\mj\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\WINDOWS\mm3.exe -> Trojan.Agent.de : Cleaned with backup (quarantined).
C:\WINDOWS\system32\atmclk.exe -> Trojan.Small : Cleaned with backup (quarantined).


::Report end




Incident Status Location

Adware:Adware/PurityScan Not disinfected c:\progra~1\common~1\tsks~1\explor~1.exe
Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\program files\WinAntiVirus Pro 2006
Adware:adware/yazzle Not disinfected Windows Registry
Spyware:Cookie/Advnt Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\system@rn11[2].txt
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\mj\Local Settings\Temporary Internet Files\Content.IE5\R3QHPI5I\!update-3895[1].0000
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\mj\Cookies\mj@atdmt[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\mj\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\mj\Cookies\mj@mediaplex[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\mj\Cookies\mj@apmebf[2].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\mj\Cookies\mj@qksrv[2].txt
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\T?sks\?explore.exe












thanks for your help and patience.

Mike

Edited by mikoal, 28 June 2006 - 11:09 AM.