http://www.geekstogo...showtopic=93542
I followed all steps in that Topic but couldn’t solve my problem.
I don’t agree with Antartic-Boy when he said (in the last reply in that topic) that the popup described are legit, because I am getting popups even if my IE is not running, as I use just Firefox.
The worst thing is that I am having the popups when I am using Google. For example, if I type “adware” in Google, I get a popup with links for commercial softwares related do adwares.
Please anyone, give me some idea to solve my problem.
My log:
Logfile of HijackThis v1.99.1
Scan saved at 20:46:32, on 25/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Apache Group\Apache\Apache.exe
C:\Arquivos de programas\Miramar\PC MACLAN\ATMsg.exe
C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Apache Group\Apache\Apache.exe
C:\Arquivos de programas\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\crypserv.exe
C:\Arquivos de programas\Miramar\PC MACLAN\ATSERVER.EXE
C:\Arquivos de programas\Miramar\PC MACLAN\ATSPOOL.EXE
C:\websites\mysql\bin\mysqld-nt.exe
C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Arquivos de programas\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Google\Google Talk\googletalk.exe
C:\Arquivos de programas\ScanSoft\OmniPage15.0\OpAgent.exe
C:\Arquivos de programas\Bluetooth Software\BTTray.exe
C:\Arquivos de programas\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
C:\Arquivos de programas\Launchy\Launchy.exe
C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Arquivos de programas\Google\Web Accelerator\googlewebaccclient.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Arquivos de programas\_the little ones\RegSeeker\RegSeeker.exe
C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe
C:\Arquivos de programas\Adobe\Photoshop CS\Photoshop.exe
C:\DOCUME~1\alefe\CONFIG~1\Temp\~e5d141.tmp
C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\alefe\CONFIG~1\Temp\~e5d141.tmp
C:\Arquivos de programas\HP\Digital Imaging\bin\hpqscnvw.exe
C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Arquivos de programas\Hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Arquivos de programas\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\ARQUIV~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O2 - BHO: G-Buster Browser Defense Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Arquivos de programas\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Arquivos de programas\Zend\ZendStudioClient-4.0.2\bin\ZendIEToolbar.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Arquivos de programas\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Arquivos de programas\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [OpAgent] "C:\Arquivos de programas\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global Startup: Launchy.lnk = C:\Arquivos de programas\Launchy\Launchy.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccWarden.exe
O4 - Global User Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global User Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global User Startup: BTTray.lnk = ?
O4 - Global User Startup: Google Updater.lnk = C:\Arquivos de programas\Google\Google Updater\1.1.454.29157\GoogleUpdater.exe
O4 - Global User Startup: Launchy.lnk = C:\Arquivos de programas\Launchy\Launchy.exe
O4 - Global User Startup: Run Google Web Accelerator.lnk = C:\Arquivos de programas\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Arquivos de programas\Offline Explorer\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Arquivos de programas\Offline Explorer\Add_AllO.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Arquivos de programas\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Arquivos de programas\Zend\ZendStudioClient-4.0.2\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Arquivos de programas\Zend\ZendStudioClient-4.0.2\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\ARQUIV~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O15 - Trusted Zone: http://www.lyricshosting.com
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: {0075546E-5D3D-11D2-A3E5-0060971304D8} (WTX_Installer Class) - http://www.webtrends...t/wtx_setup.dll
O16 - DPF: {10B80396-96A7-11D3-B7A6-00A0C94C6AE0} (ParallelGraphics Cortona VRML 1.0 to VRML 2.0 convertor) - http://www.parallelg.../cortvrml10.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifes...ll/pinstall.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelg...in/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsec...GbPluginABN.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancob.../GbPluginBb.cab
O16 - DPF: {F551F1D7-53FA-416B-8B25-58A85D8F97A0} (GrabMailAddresses Class) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{304249D4-2739-4902-BC2A-F91AC309AAE2}: NameServer = 200.215.1.44,200.215.1.43
O17 - HKLM\System\CS1\Services\Tcpip\..\{304249D4-2739-4902-BC2A-F91AC309AAE2}: NameServer = 200.215.1.44,200.215.1.43
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARQUIV~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - AppInit_DLLs: C:\ARQUIV~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache - Unknown owner - C:\Arquivos de programas\Apache Group\Apache\Apache.exe" --ntservice (file missing)
O23 - Service: AppleTalk Messenger (ATMsg) - Miramar Systems Inc. - C:\Arquivos de programas\Miramar\PC MACLAN\ATMsg.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Arquivos de programas\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Btpnp6 - Broadcom Corporation - (no file)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Arquivos de programas\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Arquivos de programas\ewido anti-malware\ewidoctrl.exe
O23 - Service: Fastsdk_api - ewido networks - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Arquivos de programas\Arquivos comuns\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Miramar AppleTalk File Server - Miramar Systems Inc. - C:\Arquivos de programas\Miramar\PC MACLAN\ATSERVER.EXE
O23 - Service: Miramar AppleTalk Print Server - Miramar Systems Inc. - C:\Arquivos de programas\Miramar\PC MACLAN\ATSPOOL.EXE
O23 - Service: MySQL - Unknown owner - C:\websites\mysql\bin\mysqld-nt".exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Arquivos de programas\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARQUIV~1\ARQUIV~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Arquivos de programas\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\SPBBC\SPBBCSvc.exe