0

Hi. I´m new here. This looks like a great place to be.

My problem is that once in a while when I´m surfing the internet, I open a link and get a google page with a porn search. Also, sometimes I get a page full of porn pics instead of a google search... This thing is making me nuts. Do you know how to fix it? I´ve tried Panda, Trendmicro, Spyware Nuker, True Sword, and some others also, but none of those can fix it. So, I was searching for a better way to deal with this and found this forum and HijackThis software. I´ve done a log, but I can´t understand anything. I´m not really a tech guy. So, it woyuld be great if someone could have a look at this thing for me. Here it is, my LOG:


Logfile of HijackThis v1.99.1
Scan saved at 10:39:03 PM, on 7/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\SFP\app\bin\sfp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\msg32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Nuker\swnxt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\rafael\Utilitários\hijackthis\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll
O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\WINDOWS\Downloaded Program Files\gbiehabn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [InitPulsar] C:/SFP/app/bin/sfp.exe -s
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EW Message Server] msg32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01CC8C7C-020A-46F0-A44F-89A39F342679}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{032305AF-7F28-467D-ABEB-E5BFCE126A42}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{1131E3A7-F69D-44FC-A8DF-10EE73808566}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E5E7D37-975F-4D2D-827C-FC701B47DA45}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{3BA55F2E-850D-4A14-BCAE-6BEDF407B570}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{4045CA39-43F8-476B-A7EB-D06893D97631}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{505A5578-BB5F-46C8-8CA8-196437A109FC}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{57EAEDA6-A348-4568-9F36-EB82F1D652FA}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{7182A64B-9A3B-4FCB-B342-AB9E8B9077D3}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{7FB8705C-0D83-4B49-A049-33A39F2179BE}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{83F0D986-1C03-4085-813E-1F2FAC99986F}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{890C21B8-518D-4178-BC69-80A83EEBD78D}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{973E54D3-B942-417D-9A60-C9430E72E529}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4A80550-AFF3-4C66-AC8A-D985B43FF6EE}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{B5429E8C-2882-43FE-9EA2-C947783211DC}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB37DBE1-1AC1-4069-8A51-452E6443DE49}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC370BC9-3B8D-4DCD-B3BD-8870B5201EFD}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{D090C04C-8D6B-49EA-9E49-F5D1544688FE}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{D63250CB-9EE0-4549-BADA-3EC5BD7DB46C}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCABB817-9567-4C58-BD50-1B397843FA5B}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDC2ECF5-3F5E-42EB-AEBE-6714AB499EAC}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{DEE7E954-F2C9-4118-AA62-FA1E81EB69EA}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{F190ADE7-713C-4C39-9D50-2DB2233EA41C}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CCS\Services\Tcpip\..\{F64E6F0D-5611-48FF-A6DC-3E26CDCB43D6}: NameServer = 85.255.113.196,85.255.112.118
O17 - HKLM\System\CS1\Services\Tcpip\..\{01CC8C7C-020A-46F0-A44F-89A39F342679}: NameServer = 85.255.113.196,85.255.112.118
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

Thanks a lot for reading my thread!

Rafa

1
Contributor
1
Reply
2
Views
11 Years
Discussion Span
Last Post by rafafreddy
0

Tried many things more with no success. Please, guys, someone help!

BUMP!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.