A spyware remains... (part 2) - Lavasoft Support Forums

IPB

Terms of Service

Welcome Guest ( Log In | Register )

Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs

Reply to this topic

Start new topic

A spyware remains... (part 2)

malvadon View Member Profile	Sep 14 2006, 03:38 PM Post #1
Newbie Group: Members Posts: 7 Joined: 14-September 06 Member No.: 11,494	The spyware is killed... I am sorry. I was wrong. The spyware come back... HijackThis Log is on "A spyware remains... (part 2)".

malvadon View Member Profile	Sep 14 2006, 11:54 PM Post #2
Newbie Group: Members Posts: 7 Joined: 14-September 06 Member No.: 11,494	I need help to kill that. Regards. ArchiveData(auto-quarantine- 2006-09-14 18-47-17.bckp) Referencefile : SE1R123 14.09.2006 ====================================================== ADWARE.FUNWEB »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» obj[0]=Regkey : clsid\{014da6c9-189f-421a-88cd-07cfe51cff10} Logfile of HijackThis v1.99.1 Scan saved at 18:50:59, on 14/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\ARQUIV~1\Grisoft\AVG7\avgfwsrv.exe C:\Arquivos de programas\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Ahead\InCD\InCD.exe C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe C:\Arquivos de programas\MSI\Live Update 3\LMonitor.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\Rundll32.exe C:\Arquivos de programas\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe C:\Arquivos de programas\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\LightSurf\Common\IconMgr.exe C:\Arquivos de programas\LightSurf\Colorific\hgcctl95.exe C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe C:\Arquivos de programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Arquivos de programas\LightSurf\Color Indicator\TICIcon.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktopOE.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\Arquivos de programas\Hijackthis\HijackThis.exe O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Arquivos de programas\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [type32] "C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [LiveMonitor] C:\Arquivos de programas\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [CTSysVol] C:\Arquivos de programas\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Google Desktop Search] "C:\Arquivos de programas\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [AWMON] "C:\Arquivos de programas\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" O4 - HKCU\..\Run: [Creative Detector] C:\Arquivos de programas\Creative\MediaSource\Detector\CTDetect.exe /R O4 - Startup: Adobe Gamma.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: LightSurf.lnk = C:\Arquivos de programas\LightSurf\Common\IconMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: &Search - http://speedbar.myway.com/menusearch.html?p=MG2 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

LS CalamityJane View Member Profile	Sep 19 2006, 10:54 PM Post #3
Lavasoft Staff Group: Administrators Posts: 8,751 Joined: 19-April 06 From: Central Florida, USA Member No.: 65	Apologies for the late reply, we've been quite swamped in here as you can probably see. I've merged your two topics into one Are you still needing help? I'm now subscribed to this topic so I will receive a notice from the board as soon as you reply, so I can be here much more quickly than it has taken to get to your new topic. If you still need help we need two things: 1. Your Adaware Scan log with the latest reference file update. Please make sure that you are using Ad-aware SE Build 106r1 Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link. [if not Uninstall your old Ad-aware first then install SE] Then use the WebUpDate to get the latest Definition file SE1R124 19.09.2006 To do this Open Ad-aware Click the WebUpDate button at the top right hand side of the Ad-aware screen (The world globe). Click "Connect" Ad-aware will then download the latest Definition file for you. To make sure it is updated , look at the main Ad-aware screen, and look under "Initialization Status" It should say the Latest Definition file. then scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature . As Logs are stored in : C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\. An easy way to get there is to click Start, click Run And type in and press ENTER: %appdata% then click Lavasoft then Ad-Aware and then Logs. scroll down to find the latest one that you have (by date & time) and open it right Click select all copy and then paste the contents of it here. (Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all) ............... 2. A fresh HijackThis log for review to see where you are now. -------------------- Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum. Look for the New Topic Button near the top right when viewing the forums. Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation! Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance: Support Center Microsoft MVP/Windows - Security 2003-2009

malvadon View Member Profile	Sep 20 2006, 01:04 AM Post #4
Newbie Group: Members Posts: 7 Joined: 14-September 06 Member No.: 11,494	Ad-Aware SE Build 1.06r1 Logfile Created on:terça-feira, 19 de setembro de 2006 20:43:24 Using definitions file:SE1R124 19.09.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.FunWeb(TAC index:5):1 total references MRU List(TAC index:0):11 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Ignore spanned files when scanning cab archives Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Block pop-ups aggressively Set : Automatically select problematic objects in results lists Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Show splash screen Set : Show detail tooltips in results lists Set : Backup current definitions file before updating 19-9-2006 20:43:24 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Robinson\recent Description : list of recently opened documents MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-220523388-1644491937-839522115-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-220523388-1644491937-839522115-1004\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-220523388-1644491937-839522115-1004\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-220523388-1644491937-839522115-1004\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-220523388-1644491937-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-220523388-1644491937-839522115-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-220523388-1644491937-839522115-1004\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 480 ThreadCreationTime : 19-9-2006 23:33:11 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 528 ThreadCreationTime : 19-9-2006 23:33:13 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 556 ThreadCreationTime : 19-9-2006 23:33:14 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 604 ThreadCreationTime : 19-9-2006 23:33:15 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Sistema operacional Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Aplicativo de serviços e controle InternalName : services.exe LegalCopyright : © Microsoft Corporation. Todos os direitos reservados. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 616 ThreadCreationTime : 19-9-2006 23:33:15 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 780 ThreadCreationTime : 19-9-2006 23:33:16 BasePriority : Normal FileVersion : 6.14.10.4129 ProductVersion : 6.14.10.4129.01 ProductName : ATI External Event Utility for WindowsNT and Windows9X CompanyName : ATI Technologies Inc. FileDescription : ATI External Event Utility EXE Module InternalName : ATI2EVXX.EXE LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc. OriginalFilename : ATI2EVXX.EXE #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 800 ThreadCreationTime : 19-9-2006 23:33:16 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 856 ThreadCreationTime : 19-9-2006 23:33:16 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 924 ThreadCreationTime : 19-9-2006 23:33:16 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [incdsrv.exe] FilePath : C:\Arquivos de programas\Ahead\InCD\ ProcessID : 944 ThreadCreationTime : 19-9-2006 23:33:16 BasePriority : Normal FileVersion : 4, 2, 12, 1 ProductVersion : 4, 2, 12, 1 ProductName : Ahead Software AG incdsrv CompanyName : Ahead Software AG FileDescription : incdsrv InternalName : incdsrv LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved. LegalTrademarks : InCD is a trademark of Ahead Software AG OriginalFilename : incdsrv.exe #:11 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1036 ThreadCreationTime : 19-9-2006 23:33:17 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1108 ThreadCreationTime : 19-9-2006 23:33:17 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:13 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1308 ThreadCreationTime : 19-9-2006 23:33:18 BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [avgamsvr.exe] FilePath : C:\ARQUIV~1\Grisoft\AVG7\ ProcessID : 1428 ThreadCreationTime : 19-9-2006 23:33:18 BasePriority : Normal FileVersion : 7,1,0,364 ProductVersion : 7.1.0.364 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE #:15 [avgupsvc.exe] FilePath : C:\ARQUIV~1\Grisoft\AVG7\ ProcessID : 1448 ThreadCreationTime : 19-9-2006 23:33:18 BasePriority : Normal FileVersion : 7,0,0,346 ProductVersion : 7.0.0.346 ProductName : AVG 7.0 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2005, GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:16 [avgemc.exe] FilePath : C:\ARQUIV~1\Grisoft\AVG7\ ProcessID : 1468 ThreadCreationTime : 19-9-2006 23:33:18 BasePriority : Normal FileVersion : 7,1,0,398 ProductVersion : 7.1.0.398 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG E-Mail Scanner InternalName : avgemc LegalCopyright : Copyright © 2006, GRISOFT, s.r.o. OriginalFilename : avgemc.exe #:17 [ctsvccda.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1480 ThreadCreationTime : 19-9-2006 23:33:18 BasePriority : Normal FileVersion : 1.0.1.0 ProductVersion : 1.0.0.0 ProductName : Creative Service for CDROM Access CompanyName : Creative Technology Ltd FileDescription : Creative Service for CDROM Access InternalName : CTsvcCDAEXE LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved. OriginalFilename : CTsvcCDA.EXE #:18 [mdm.exe] FilePath : C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\ ProcessID : 1568 ThreadCreationTime : 19-9-2006 23:33:19 BasePriority : Normal FileVersion : 7.00.9064.9150 ProductVersion : 7.00.9064.9150 ProductName : Microsoft Development Environment CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : Copyright © Microsoft Corp. 1997-2000 OriginalFilename : mdm.exe #:19 [smagent.exe] FilePath : C:\Arquivos de programas\Analog Devices\SoundMAX\ ProcessID : 1676 ThreadCreationTime : 19-9-2006 23:33:19 BasePriority : Normal FileVersion : 3, 2, 6, 0 ProductVersion : 3, 2, 6, 0 ProductName : SoundMAX service agent CompanyName : Analog Devices, Inc. FileDescription : SoundMAX service agent component InternalName : SMAgent LegalCopyright : Copyright © 2002 OriginalFilename : SMAgent.exe #:20 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1696 ThreadCreationTime : 19-9-2006 23:33:19 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:21 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1760 ThreadCreationTime : 19-9-2006 23:33:19 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:22 [mspmspsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1856 ThreadCreationTime : 19-9-2006 23:33:19 BasePriority : Normal FileVersion : 7.00.00.1954 ProductVersion : 7.00.00.1954 ProductName : Microsoft ® DRM CompanyName : Microsoft Corporation FileDescription : WMDM PMSP Service InternalName : MSPMSPSV.EXE LegalCopyright : Copyright © Microsoft Corp. 1981-2000 OriginalFilename : MSPMSPSV.EXE #:23 [avgfwsrv.exe] FilePath : C:\ARQUIV~1\Grisoft\AVG7\ ProcessID : 1900 ThreadCreationTime : 19-9-2006 23:33:20 BasePriority : Normal FileVersion : 7,1,0,406 ProductVersion : 7.1.0.406 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Firewall Service InternalName : avgfwsrv LegalCopyright : Copyright © 2006, GRISOFT, s.r.o. OriginalFilename : avgfwsrv.exe #:24 [calmain.exe] FilePath : C:\Arquivos de programas\Canon\CAL\ ProcessID : 2004 ThreadCreationTime : 19-9-2006 23:33:20 BasePriority : Normal FileVersion : 8, 0, 0, 21 ProductVersion : 8, 0, 0, 21 CompanyName : Canon Inc. FileDescription : Canon Camera Access Library 8 LegalCopyright : Copyright © Canon Inc. OriginalFilename : CALMAIN.exe #:25 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 372 ThreadCreationTime : 19-9-2006 23:33:20 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:26 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1648 ThreadCreationTime : 19-9-2006 23:33:28 BasePriority : Normal FileVersion : 6.14.10.4129 ProductVersion : 6.14.10.4129.01 ProductName : ATI External Event Utility for WindowsNT and Windows9X CompanyName : ATI Technologies Inc. FileDescription : ATI External Event Utility EXE Module InternalName : ATI2EVXX.EXE LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc. OriginalFilename : ATI2EVXX.EXE #:27 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 2144 ThreadCreationTime : 19-9-2006 23:33:29 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Sistema operacional Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Todos os direitos reservados. OriginalFilename : EXPLORER.EXE #:28 [wmiprvse.exe] FilePath : C:\WINDOWS\system32\wbem\ ProcessID : 2164 ThreadCreationTime : 19-9-2006 23:33:29 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe #:29 [smtray.exe] FilePath : C:\Arquivos de programas\Analog Devices\SoundMAX\ ProcessID : 2436 ThreadCreationTime : 19-9-2006 23:33:32 BasePriority : Normal FileVersion : 3, 2, 17, 0 ProductVersion : 3, 2, 0, 0 ProductName : SoundMAX Integrated Digital Audio CompanyName : Analog Devices, Inc. FileDescription : SoundMAX System Tray InternalName : SMTray LegalCopyright : Copyright © 2003 Analog Devices OriginalFilename : SMTray.exe #:30 [asusprob.exe] FilePath : C:\Program Files\ASUS\Probe\ ProcessID : 2452 ThreadCreationTime : 19-9-2006 23:33:32 BasePriority : Normal #:31 [atiptaxx.exe] FilePath : C:\Arquivos de programas\ATI Technologies\ATI Control Panel\ ProcessID : 2460 ThreadCreationTime : 19-9-2006 23:33:32 BasePriority : Normal FileVersion : 6.14.10.5113 ProductVersion : 6.14.10.5113 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:32 [type32.exe] FilePath : C:\Arquivos de programas\Microsoft IntelliType Pro\ ProcessID : 2484 ThreadCreationTime : 19-9-2006 23:33:35 BasePriority : Normal #:33 [avgcc.exe] FilePath : C:\ARQUIV~1\Grisoft\AVG7\ ProcessID : 2524 ThreadCreationTime : 19-9-2006 23:33:35 BasePriority : Normal FileVersion : 7,1,0,404 ProductVersion : 7.1.0.404 ProductName : AVG Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2006, GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE #:34 [qttask.exe] FilePath : C:\Arquivos de programas\QuickTime\ ProcessID : 2540 ThreadCreationTime : 19-9-2006 23:33:35 BasePriority : Normal FileVersion : 7.1.3 ProductVersion : QuickTime 7.1.3 ProductName : QuickTime CompanyName : Apple Computer, Inc. FileDescription : QuickTime Task InternalName : QuickTime Task LegalCopyright : Copyright Apple Computer, Inc. 1989-2006 OriginalFilename : QTTask.exe #:35 [pdvdserv.exe] FilePath : C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\ ProcessID : 2556 ThreadCreationTime : 19-9-2006 23:33:36 BasePriority : Normal FileVersion : 5.00.0000 ProductVersion : 5.00.0000 ProductName : PowerDVD CompanyName : Cyberlink Corp. FileDescription : PowerDVD RC Service InternalName : PowerDVD RC Service LegalCopyright : Copyright © CyberLink Corp. 1997-2002 OriginalFilename : PDVDSERV.EXE #:36 [incd.exe] FilePath : C:\Arquivos de programas\Ahead\InCD\ ProcessID : 2568 ThreadCreationTime : 19-9-2006 23:33:36 BasePriority : Normal FileVersion : 4, 2, 12, 1 ProductVersion : 4, 2, 12, 1 ProductName : Ahead Software AG InCD CompanyName : Ahead Software AG FileDescription : InCD InternalName : InCD LegalCopyright : Copyright 1995-2004 Ahead Software AG and its licensors. All Rights Reserved. LegalTrademarks : InCD is a trademark of Ahead Software AG OriginalFilename : InCD.exe #:37 [jusched.exe] FilePath : C:\Arquivos de programas\Java\jre1.5.0_06\bin\ ProcessID : 2608 ThreadCreationTime : 19-9-2006 23:33:36 BasePriority : Normal #:38 [lmonitor.exe] FilePath : C:\Arquivos de programas\MSI\Live Update 3\ ProcessID : 2640 ThreadCreationTime : 19-9-2006 23:33:36 BasePriority : Normal FileVersion : 1, 0, 0, 3 ProductVersion : 1, 0, 0, 3 ProductName : UpdateMonitor Application FileDescription : UpdateMonitor MFC Application InternalName : UpdateMonitor LegalCopyright : Copyright © 2001 OriginalFilename : UpdateMonitor.EXE #:39 [hpwuschd2.exe] FilePath : C:\Arquivos de programas\HP\HP Software Update\ ProcessID : 2652 ThreadCreationTime : 19-9-2006 23:33:36 BasePriority : Normal FileVersion : 50.0.146.000 ProductVersion : 050.000.146.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : Hewlett-Packard Product Assistant InternalName : hpwuSchd2 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004 OriginalFilename : hpwuSchd2.exe Comments : Hewlett-Packard Product Assistant #:40 [rundll32.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2660 ThreadCreationTime : 19-9-2006 23:33:36 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Sistema operacional Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Executa uma DLL como um aplicativo InternalName : rundll LegalCopyright : © Microsoft Corporation. Todos os direitos reservados. OriginalFilename : RUNDLL.EXE #:41 [ctsysvol.exe] FilePath : C:\Arquivos de programas\Creative\SBAudigy\Surround Mixer\ ProcessID : 2676 ThreadCreationTime : 19-9-2006 23:33:37 BasePriority : Normal FileVersion : 1.4.2.0 ProductVersion : 1.0.0.0 ProductName : Creative Volume Control CompanyName : Creative Technology Ltd FileDescription : CTSysVol.exe LegalCopyright : Copyright © Creative Technology Ltd., 2002-2003. All rights reserved. OriginalFilename : CTSysVol.exe #:42 [hpcmpmgr.exe] FilePath : C:\Arquivos de programas\HP\hpcoretech\ ProcessID : 2692 ThreadCreationTime : 19-9-2006 23:33:37 BasePriority : Normal FileVersion : 2.1.1.0 ProductVersion : 2.1.5 ProductName : hp coretech (COmponent REuse TECHnology) CompanyName : Hewlett-Packard Company FileDescription : HP Framework Component Manager Service InternalName : HPComponentManagerService module LegalCopyright : Copyright © Hewlett-Packard. 2002-2004 OriginalFilename : HpCmpMgr.exe #:43 [ituneshelper.exe] FilePath : C:\Arquivos de programas\iTunes\ ProcessID : 2720 ThreadCreationTime : 19-9-2006 23:33:37 BasePriority : Normal FileVersion : 7.0.0.70 ProductVersion : 7.0.0.70 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:44 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2728 ThreadCreationTime : 19-9-2006 23:33:40 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:45 [nmbgmonitor.exe] FilePath : C:\Arquivos de programas\Arquivos comuns\Ahead\lib\ ProcessID : 2744 ThreadCreationTime : 19-9-2006 23:33:40 BasePriority : Normal #:46 [msmsgs.exe] FilePath : C:\Arquivos de programas\Messenger\ ProcessID : 2756 ThreadCreationTime : 19-9-2006 23:33:40 BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright © Microsoft Corporation 2004 LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:47 [ad-watch.exe] FilePath : C:\ARQUIV~1\Lavasoft\AD-AWA~1\ ProcessID : 2764 ThreadCreationTime : 19-9-2006 23:33:40 BasePriority : High FileVersion : 3.1.2.17 ProductVersion : 3.2 ProductName : Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Watch System Protector InternalName : Ad-Watch.exe LegalCopyright : 1999-2004 Team Lavasoft OriginalFilename : Ad-Watch.exe #:48 [googletoolbarnotifier.exe] FilePath : C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\ ProcessID : 2776 ThreadCreationTime : 19-9-2006 23:33:40 BasePriority : Normal FileVersion : 1, 0, 720, 3640 ProductVersion : 1, 0, 720, 3640 ProductName : GoogleToolbarNotifier CompanyName : Google Inc. FileDescription : GoogleToolbarNotifier LegalCopyright : Copyright © 2005-2006 OriginalFilename : GoogleToolbarNotifier.exe #:49 [acrotray.exe] FilePath : C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\ ProcessID : 2808 ThreadCreationTime : 19-9-2006 23:33:41 BasePriority : Normal FileVersion : 6.0.1.2003102300 ProductVersion : 6.0.1.2003102300 ProductName : AcroTray - Adobe Acrobat Distiller helper application. CompanyName : Adobe Systems Inc. FileDescription : AcroTray InternalName : AcroTray LegalCopyright : Copyright 1984-2003 Adobe Systems Incorporated and its licensors. All rights reserved. OriginalFilename : AcroTray.exe #:50 [hpqtra08.exe] FilePath : C:\Arquivos de programas\HP\Digital Imaging\bin\ ProcessID : 2880 ThreadCreationTime : 19-9-2006 23:33:41 BasePriority : Normal FileVersion : 43.1.5.000 ProductVersion : 043.001.005.000 ProductName : hp digital imaging - hp all-in-one series CompanyName : Hewlett-Packard Co. FileDescription : HP Digital Imaging Monitor (CUE) InternalName : HPQTRA00 LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004 OriginalFilename : HPQTRA00.EXE Comments : HP Digital Imaging Monitor (CUE) #:51 [iconmgr.exe] FilePath : C:\Arquivos de programas\LightSurf\Common\ ProcessID : 2932 ThreadCreationTime : 19-9-2006 23:33:42 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : IconMgr CompanyName : LightSurf Technologies, Inc. FileDescription : IconMgr InternalName : IconMgr LegalCopyright : Copyright ©2002, LightSurf Technologies, Inc. OriginalFilename : IconMgr.exe #:52 [plauto.exe] FilePath : C:\Arquivos de programas\CASIO\Photo Loader\ ProcessID : 2960 ThreadCreationTime : 19-9-2006 23:33:43 BasePriority : Normal FileVersion : 2.3E ProductVersion : 2.3E ProductName : Photo Loader CompanyName : CASIO COMPUTER CO.,LTD. FileDescription : Watcher for Photo Loader InternalName : Plauto LegalCopyright : Copyright © 2002 CASIO COMPUTER CO., LTD OriginalFilename : PLAUTO.EXE #:53 [hgcctl95.exe] FilePath : C:\Arquivos de programas\LightSurf\Colorific\ ProcessID : 2992 ThreadCreationTime : 19-9-2006 23:33:43 BasePriority : Normal FileVersion : 99, 50, 0, 3 ProductVersion : 99.50 ProductName : Colorific ® (Windows) CompanyName : LightSurf Technologies, Inc. FileDescription : Colorific Control Panel InternalName : HGCCTL95 LegalCopyright : Copyright © 1995-2002, LightSurf Technologies, Inc. OriginalFilename : HGCCTL95.EXE #:54 [ipodservice.exe] FilePath : C:\Arquivos de programas\iPod\bin\ ProcessID : 3000 ThreadCreationTime : 19-9-2006 23:33:43 BasePriority : Normal FileVersion : 7.0.0.70 ProductVersion : 7.0.0.70 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:55 [pclescheduler.exe] FilePath : C:\Arquivos de programas\Pinnacle\Shared Files\Programs\Scheduler\ ProcessID : 3012 ThreadCreationTime : 19-9-2006 23:33:43 BasePriority : Normal FileVersion : 1.0.1.6 ProductVersion : 1.0.1.1 ProductName : Scheduler CompanyName : Pinnacle Systems GmbH, Braunschweig FileDescription : Pinnacle Scheduler Application InternalName : PCLEScheduler LegalCopyright : Copyright © 2002 - 2003 OriginalFilename : PCLEScheduler.exe #:56 [hpqgalry.exe] FilePath : C:\Arquivos de programas\HP\Digital Imaging\bin\ ProcessID : 3212 ThreadCreationTime : 19-9-2006 23:33:45 BasePriority : Normal #:57 [ticicon.exe] FilePath : C:\Arquivos de programas\LightSurf\Color Indicator\ ProcessID : 3280 ThreadCreationTime : 19-9-2006 23:33:45 BasePriority : Normal FileVersion : 2, 2, 0, 3 ProductVersion : 2, 2, 0, 0 ProductName : Color Indicator system tray application CompanyName : LightSurf Technologies, Inc. FileDescription : TICIcon.exe InternalName : TICIcon.exe LegalCopyright : Copyright© 1999-2002 LightSurf Technologies, Inc. LegalTrademarks : All rights reserved OriginalFilename : TICIcon.exe Comments : Color Indicator system tray application #:58 [iexplore.exe] FilePath : C:\Arquivos de programas\Internet Explorer\ ProcessID : 3728 ThreadCreationTime : 19-9-2006 23:35:45 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Sistema operacional Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Todos os direitos reservados. OriginalFilename : IEXPLORE.EXE #:59 [ad-aware.exe] FilePath : C:\Arquivos de programas\Lavasoft\Ad-Aware SE Plus\ ProcessID : 1120 ThreadCreationTime : 19-9-2006 23:43:10 BasePriority : Normal FileVersion : 6.2.0.237 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 11 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adware.FunWeb Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Adware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{014da6c9-189f-421a-88cd-07cfe51cff10} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 12 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Deep scanning and examining files (D:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Deep scanning and examining files (E:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for E:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 12 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 20:58:21 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:14:56.469 Objects scanned:213191 Objects identified:1 Objects ignored:0 New critical objects:1 Logfile of HijackThis v1.99.1 Scan saved at 21:02:25, on 19/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\ARQUIV~1\Grisoft\AVG7\avgfwsrv.exe C:\Arquivos de programas\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe C:\Arquivos de programas\Ahead\InCD\InCD.exe C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe C:\Arquivos de programas\MSI\Live Update 3\LMonitor.exe C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\Rundll32.exe C:\Arquivos de programas\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe C:\Arquivos de programas\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\ARQUIV~1\Lavasoft\AD-AWA~1\Ad-Watch.exe C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe C:\Arquivos de programas\LightSurf\Common\IconMgr.exe C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe C:\Arquivos de programas\LightSurf\Colorific\hgcctl95.exe C:\Arquivos de programas\iPod\bin\iPodService.exe C:\Arquivos de programas\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgalry.exe C:\Arquivos de programas\LightSurf\Color Indicator\TICIcon.exe C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE C:\Arquivos de programas\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe C:\Arquivos de programas\Hijackthis\HijackThis.exe O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Arquivos de programas\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\arquivos de programas\google\googletoolbar1.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\Downloaded Program Files\gbieh.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\arquivos de programas\google\googletoolbar1.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Smapp] C:\Arquivos de programas\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [type32] "C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [InCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe O4 - HKLM\..\Run: [LiveMonitor] C:\Arquivos de programas\MSI\Live Update 3\LMonitor.exe O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [CTSysVol] C:\Arquivos de programas\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [HP Component Manager] "C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [AWMON] "C:\ARQUIV~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" O4 - HKCU\..\Run: [swg] C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Inicialização rápida do HP Image Zone.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: LightSurf.lnk = C:\Arquivos de programas\LightSurf\Common\IconMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Photo Loader supervisory.lnk = C:\Arquivos de programas\CASIO\Photo Loader\Plauto.exe O4 - Global Startup: Pinnacle Scheduler.lnk = ? O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancobrasil.com.br/plugin/GbPluginBb.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Arquivos de programas\Canon\CAL\CALMAIN.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Arquivos de programas\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

LS CalamityJane View Member Profile	Sep 20 2006, 02:57 PM Post #5
Lavasoft Staff Group: Administrators Posts: 8,751 Joined: 19-April 06 From: Central Florida, USA Member No.: 65	I don't know why Ad-Aware can't remove that permanently. It has correctly identified a registry key. That item is the MyWay Search bar that comes pre-installed on some Dell computers among other things and is not particularly harmful to your computer, however, it is an unwanted program (searchbar) that some users do not want on their system. The best way to remove it is actually by going to your Control Panel and look in Add/Remove programs. If there is any entry listed as: MyWay (Searchbar or speedbar) You can highlight it and choose *remove. Then reboot your PC. Scan with HijackThis and if this entry is still present, checkmark it and press fix checked* O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Arquivos de programas\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL And reboot your computer. NOTE:Make sure that you do not have Ad-Watch set on "Automatic" and accept any changes it may alert you about because that is a BHO that Ad-watch will alert you trying to make the changes above. If you block them, the removal will not take. This to Disable AdWatch temporarily to make your fix Open AdAware SE. 1. Right click on the Ad-Watch icon in the system tray and select "Restore Ad-Watch". 2. At the bottom of the screen there will be two checkable items called "Active" and "Automatic". Active: Switches Monitoring On or Off without closing Automatic: Switches Automatic Blocking On or Off 3. Uncheck (red X) both items. After you have removed the MyWay Searchbar, you can then re-enable your Ad-watch settings. -------------------- Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum. Look for the New Topic Button near the top right when viewing the forums. Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation! Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance: Support Center Microsoft MVP/Windows - Security 2003-2009

malvadon View Member Profile	Sep 21 2006, 01:43 AM Post #6
Newbie Group: Members Posts: 7 Joined: 14-September 06 Member No.: 11,494	Dear LS CalamityJane, Ad-Watch is ative just to block popuds. Thanks a lot for your assistance!!! P.S. are you married???

LS CalamityJane View Member Profile	Sep 21 2006, 02:10 AM Post #7
Lavasoft Staff Group: Administrators Posts: 8,751 Joined: 19-April 06 From: Central Florida, USA Member No.: 65	Yes, I'm married Did you do those steps? Is your problem resolved? -------------------- Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum. Look for the New Topic Button near the top right when viewing the forums. Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation! Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance: Support Center Microsoft MVP/Windows - Security 2003-2009

malvadon View Member Profile	Sep 21 2006, 01:48 PM Post #8
Newbie Group: Members Posts: 7 Joined: 14-September 06 Member No.: 11,494	Dear Mrs. LS CalamityJane, No I didn't because I do not use PC alone. How you said that is not particularly harmful to computer, I am not worried anymore. I am much obliged to you. Thanks a lot!!! God bless you and all your family!!!

LS CalamityJane View Member Profile	Sep 21 2006, 06:00 PM Post #9
Lavasoft Staff Group: Administrators Posts: 8,751 Joined: 19-April 06 From: Central Florida, USA Member No.: 65	You're welcome Since your issues seem to be resolved, I'll go ahead and archive this topic in the "Resolved" section (read only). If you should have any further issues, please feel free to start a new topic. -------------------- Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum. Look for the New Topic Button near the top right when viewing the forums. Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation! Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance: Support Center Microsoft MVP/Windows - Security 2003-2009

« Next Oldest · Resolved/Inactive HijackThis Logs · Next Newest »

Reply to this topic

Start new topic

2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st November 2009 - 09:21 AM

Powered By IP.Board © 2009 IPS, Inc.