I download a lot of programs, and no one remove this... when I visit pages, open a popups with ad.creadi.com/XXXX and later a mercadolivre.com or others sites...

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:04, on 16/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe
C:\Arquivos de programas\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe
D:\Programas\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Arquivos de programas\Prevx2\PXConsole.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programas\NetLimiter\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Prevx2\PXAgent.exe
C:\Programas\NetLimiter\NLClient.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\MSN Messenger\usnsvc.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\WISPTIS.EXE
C:\Arquivos de programas\Winamp\winamp.exe
C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programas\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\pxbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\system32\tvT201PL.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IntelliPoint] "c:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "c:\Arquivos de programas\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] "D:\Programas\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrevxOne] "C:\Arquivos de programas\Prevx2\PXConsole.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Arquivos de programas\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Programas\NetLimiter\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PREVXAgent - Prevx - C:\Arquivos de programas\Prevx2\PXAgent.exe

--
End of file - 6331 bytes

KASPERSKY ONLINE SCANNER REPORT
Sunday, September 16, 2007 1:39:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 16/09/2007
Kaspersky Anti-Virus database records: 419317


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 33987
Number of viruses found 4
Number of infected objects 10
Number of suspicious objects 0
Duration of the scan process 00:43:49

Infected Object Name Virus Name Last Action
C:\Arquivos de programas\Prevx2\lclbrk.cache Object is locked skipped

C:\Arquivos de programas\Prevx2\log\px-log.txt Object is locked skipped

C:\Arquivos de programas\Prevx2\paws.cache Object is locked skipped

C:\Arquivos de programas\Prevx2\prevx.cache Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_EV-00.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_EV-Index.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_FP-00.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_FP-01.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_FP-02.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_FP-Index.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_GX-00.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_GX-01.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_GX-02.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_GX-Index.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_PX-00.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_PX-01.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_PX-02.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_PX-03.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_PX-Index.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_RG-00.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_RG-Index.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_TG-00.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_TG-Index.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_VX-00.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\LDB_VX-Index.dat Object is locked skipped

C:\Documents and Settings\All Users\Dados de aplicativos\Prevx\Local.dat Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Dados de aplicativos\Microsoft\Messenger\guilepoa@gmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Dados de aplicativos\Microsoft\Messenger\guilepoa@gmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Dados de aplicativos\Microsoft\Messenger\guilepoa@gmail.com\SharingMetadata\Working\database_6A40_7628_4075_FAE1\dfsr.db Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Dados de aplicativos\Microsoft\Messenger\guilepoa@gmail.com\SharingMetadata\Working\database_6A40_7628_4075_FAE1\fsr.log Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Dados de aplicativos\Microsoft\Messenger\guilepoa@gmail.com\SharingMetadata\Working\database_6A40_7628_4075_FAE1\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Dados de aplicativos\Microsoft\Messenger\guilepoa@gmail.com\SharingMetadata\Working\database_6A40_7628_4075_FAE1\tmp.edb Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\guilepoa@gmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Dados de aplicativos\Microsoft\Windows Live Contacts\guilepoa@gmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Temp\~DF3375.tmp Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Temp\~DF33A7.tmp Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Temp\~DF5FBA.tmp Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Temp\~DF6042.tmp Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Temp\~ROMFN_00000DBC Object is locked skipped

C:\Documents and Settings\Gui\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Gui\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Gui\Dados de aplicativos\Prevx\proc.cat Object is locked skipped

C:\Documents and Settings\Gui\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Gui\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{0466DDA7-9A95-46B8-9B82-30AB86A29078}\RP29\A0003723.exe/WISE0105.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped

C:\System Volume Information\_restore{0466DDA7-9A95-46B8-9B82-30AB86A29078}\RP29\A0003723.exe/WISE0105.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped

C:\System Volume Information\_restore{0466DDA7-9A95-46B8-9B82-30AB86A29078}\RP29\A0003723.exe/WISE0105.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped

C:\System Volume Information\_restore{0466DDA7-9A95-46B8-9B82-30AB86A29078}\RP29\A0003723.exe WiseSFX: infected - 3 skipped

C:\System Volume Information\_restore{0466DDA7-9A95-46B8-9B82-30AB86A29078}\RP29\A0003723.exe WiseSFX Dropper: infected - 3 skipped

C:\System Volume Information\_restore{0466DDA7-9A95-46B8-9B82-30AB86A29078}\RP37\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SCA84A127.tmp Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\0Bb5Oyju.dll Infected: not-a-virus:AdWare.Win32.BHO.fd skipped

C:\WINDOWS\system32\1hAjlFTf.dll Infected: not-a-virus:AdWare.Win32.BHO.fd skipped

C:\WINDOWS\system32\3uWvss4n.dll Infected: not-a-virus:AdWare.Win32.BHO.fd skipped

C:\WINDOWS\system32\Ab4L5ujH.dll Infected: not-a-virus:AdWare.Win32.BHO.fb skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\NetLimit.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\Cvg6jtXj.exe Infected: Backdoor.Win32.Agent.bbp skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

Hello and sorry for the delay.

We do have this sticky topic:
The Waiting Room: Post here if waiting for help longer than four days (http://forums.spybot.info/forumdisplay.php?f=37)

However if members waiting for assistance do not post there, their topic is archived.

If you need the thread re-opened, please send me a private message (pm) and provide a link.