Taskbar disappeared, Safe Mode doesn't work etc...

P

Piloto de Fuga

New Member
Hello,

I use Windows XP and a few days ago, the taskbar and the desktop icons disappeared. Also, the system restarts on the logon screen when I try to reboot in Safe Mode.

This is my post telling about the problem, please read it to see what I've already tried:
http://www.computerforum.com/84278-taskbar-desktop-icons-disapeared.html

They told me to come here since VundoFix has found some infections. But when the program is trying to remove the Vundos, the system crashes on a blue screen.

Here is the ComboFix log:

Pedro - 07-05-09 21:59:21,95 Service Pack 2
ComboFix 06.11.9 - Running from: "D:\Samir\Outros\Progamas de Seguran‡a"

((((((((((((((((((((((((((((((( Files Created from 2007-04-09 to 2007-05-09 ))))))))))))))))))))))))))))))))))


2007-05-09 20:08 616,578 ---hs---- C:\WINDOWS\system32\srutv.bak2
2007-05-09 20:00 3,935 ---hs---- C:\WINDOWS\system32\srutv.ini2
2007-05-09 15:11 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-05-07 19:53 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-05-07 19:53 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-05-05 19:20 284,756 --------- C:\WINDOWS\system32\vturs.dll
2007-05-05 19:20 0 --a------ C:\WINDOWS\system32\gebyv.dll
2007-05-05 12:03 284,756 --ahs---- C:\WINDOWS\system32\ddcca.dll
2007-05-04 11:50 545,766 --ahs---- C:\WINDOWS\system32\srqss.bak1
2007-05-04 11:49 284,756 --ahs---- C:\WINDOWS\system32\ssqrs.dll
2007-04-30 18:29 225,483 --a------ C:\WINDOWS\system32\vtsqn.dll
2007-04-23 13:23 507,120 --ahs---- C:\WINDOWS\system32\pqstv.ini2
2007-04-22 19:51 43,584 --a------ C:\WINDOWS\system32\drivers\avipbb.sys
2007-04-22 19:51 28,352 --a------ C:\WINDOWS\system32\drivers\ssmdrv.sys
2007-04-22 12:11 176,235 --a------ C:\WINDOWS\system32\Primomonnt.dll
2007-04-19 21:27 527,381 --ahs---- C:\WINDOWS\system32\pqstv.bak2
2007-04-18 21:54 501,444 --ahs---- C:\WINDOWS\system32\pqstv.bak1
2007-04-18 20:13 26,694 --------- C:\WINDOWS\system32\hggfeca.dll
2007-04-16 20:56 513,152 --a------ C:\WINDOWS\system32\drivers\WmaCDriverV32.sys
2007-04-16 20:48 573,440 --a------ C:\WINDOWS\system32\NCTAudioInformation2.dll
2007-04-16 20:48 491,520 --a------ C:\WINDOWS\system32\NCTAudioFile.dll
2007-04-16 20:48 290,816 --a------ C:\WINDOWS\system32\NCTWMAFile.dll
2007-04-16 20:48 282,624 --a------ C:\WINDOWS\system32\NCTAudioVisualization.dll
2007-04-16 20:48 274,432 --a------ C:\WINDOWS\system32\NCTAudioRecord.dll
2007-04-16 20:48 168,448 --a------ C:\WINDOWS\system32\NCTAudioPlayer.dll
2007-04-16 20:48 120,832 --a------ C:\WINDOWS\system32\lame_enc.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-09 21:33 -------- d-------- C:\Arquivos de programas\Mozilla Firefox
2007-05-09 21:09 -------- d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\Free Download Manager
2007-05-09 19:38 -------- d-------- C:\Arquivos de programas\Discador itelefonica
2007-05-08 18:28 -------- d-------- C:\Arquivos de programas\Arquivos comuns\Adobe
2007-05-08 14:05 -------- d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\Babylon
2007-05-07 20:08 -------- d-------- C:\Arquivos de programas\Windows Media Player
2007-05-07 20:05 -------- d-------- C:\Arquivos de programas\Outlook Express
2007-05-07 20:05 -------- d-------- C:\Arquivos de programas\Internet Explorer
2007-05-07 20:05 -------- d-------- C:\Arquivos de programas\Arquivos comuns\System
2007-05-07 20:04 -------- d-------- C:\Arquivos de programas\Messenger
2007-05-06 21:56 -------- d-------- C:\Arquivos de programas\eMule
2007-05-06 20:57 -------- d-------- C:\Arquivos de programas\nLite
2007-05-06 11:15 -------- d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\AVG7
2007-05-06 10:19 -------- d-------- C:\Arquivos de programas\DAEMON Tools
2007-05-05 22:38 -------- d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\Lavasoft
2007-05-05 22:37 -------- d-------- C:\Arquivos de programas\Lavasoft
2007-05-05 20:45 -------- d-------- C:\Arquivos de programas\WMAConvert
2007-05-05 20:45 -------- d-------- C:\Arquivos de programas\SpeedBit Video Accelerator
2007-05-05 20:45 -------- d-------- C:\Arquivos de programas\Nox
2007-05-05 20:45 -------- d-------- C:\Arquivos de programas\Mafia
2007-05-05 20:45 -------- d-------- C:\Arquivos de programas\Driver Magician
2007-05-05 20:45 -------- d-------- C:\Arquivos de programas\Chrome
2007-05-05 20:45 -------- d-------- C:\Arquivos de programas\AntiVir PersonalEdition Classic
2007-05-05 20:30 -------- d-------- C:\Arquivos de programas\TuneUp Utilities 2007
2007-05-04 19:55 -------- d-------- C:\Arquivos de programas\Free Download Manager
2007-05-04 18:15 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2007-05-04 18:10 -------- d-------- C:\Arquivos de programas\BitComet Acceleration Patch
2007-05-04 18:09 -------- d-------- C:\Arquivos de programas\BitComet
2007-05-04 18:02 -------- d-------- C:\Arquivos de programas\Dr Windows
2007-04-30 23:57 -------- d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\Bitdefender
2007-04-30 23:32 -------- d-------- C:\Arquivos de programas\Softwin
2007-04-30 23:32 -------- d-------- C:\Arquivos de programas\Arquivos comuns\Softwin
2007-04-30 23:30 -------- d-------- C:\Arquivos de programas\Arquivos comuns
2007-04-28 20:00 -------- d-------- C:\Arquivos de programas\Project64 1.6
2007-04-27 22:34 -------- d-------- C:\Arquivos de programas\Puxa R pido
2007-04-27 20:03 -------- d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\MXPLAY
2007-04-27 19:57 -------- d-------- C:\Arquivos de programas\MXPLAY
2007-04-27 19:56 -------- d--h----- C:\Arquivos de programas\InstallShield Installation Information
2007-04-27 19:55 -------- d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\InstallShield
2007-04-27 14:10 -------- d-------- C:\Arquivos de programas\RenomearTudo
2007-04-27 13:06 777984 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-04-26 21:47 -------- d-------- C:\Arquivos de programas\Last.fm
2007-04-26 20:47 -------- d---s---- C:\Documents and Settings\Pedro\Dados de aplicativos\Microsoft
2007-04-25 22:03 -------- d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\Adobe
2007-04-23 20:54 -------- d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\Opera
2007-04-23 14:07 -------- d-------- C:\Arquivos de programas\Adobe
2007-04-22 12:11 -------- d-------- C:\Arquivos de programas\PrimoPDF
2007-04-21 18:08 -------- d-------- C:\Arquivos de programas\SystemRequirementsLab
2007-04-20 14:22 19840 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-04-19 18:27 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-18 20:07 -------- d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\Publish Providers
2007-04-18 19:18 -------- d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\Sony
2007-04-18 19:10 -------- d-------- C:\Arquivos de programas\Sound Forge 9.0
2007-04-18 19:10 -------- d-------- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared
2007-04-18 13:53 -------- d-------- C:\Arquivos de programas\Free Video to Mp3 Converter
2007-04-16 21:54 720896 --a------ C:\WINDOWS\iun6002ev.exe
2007-04-16 21:45 -------- d-------- C:\Arquivos de programas\Eidos
2007-04-09 19:51 -------- d-------- C:\Arquivos de programas\LimeWire
2007-04-06 19:24 -------- d-------- C:\Arquivos de programas\Realtek
2007-04-06 19:23 315392 --a------ C:\WINDOWS\HideWin.exe
2007-04-06 18:41 -------- d-------- C:\Arquivos de programas\The KMPlayer
2007-04-06 12:09 34308 --a------ C:\WINDOWS\system32\BASSMOD.dll
2007-03-31 21:23 -------- d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\Screenshot Sender
2007-03-29 19:01 -------- d-------- C:\Arquivos de programas\Microsoft Games
2007-03-25 13:05 -------- d-------- C:\Arquivos de programas\SigmaTel
2007-03-24 14:01 -------- d-------- C:\Arquivos de programas\X-Micro
2007-03-19 13:57 98304 --a------ C:\WINDOWS\system32\CddbLangNL.dll
2007-03-19 13:57 98304 --a------ C:\WINDOWS\system32\CddbLangFR.dll
2007-03-19 13:57 98304 --a------ C:\WINDOWS\system32\CddbLangES.dll
2007-03-19 13:57 98304 --a------ C:\WINDOWS\system32\CddbLangDE.dll
2007-03-19 13:57 77824 --a------ C:\WINDOWS\system32\CddbLangJA.dll
2007-03-19 13:57 765952 --a------ C:\WINDOWS\system32\CDDBUI.dll
2007-03-19 13:57 655360 --a------ C:\WINDOWS\system32\CDDBControl.dll
2007-03-19 13:57 102400 --a------ C:\WINDOWS\system32\CddbLangIT.dll
2007-03-18 10:53 -------- d-------- C:\Documents and Settings\Pedro\Dados de aplicativos\Mp3tag
2007-03-18 10:52 -------- d-------- C:\Arquivos de programas\Mp3tag
2007-03-18 10:22 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-03-11 21:39 -------- d-------- C:\Arquivos de programas\Winamp
2007-03-11 12:53 -------- d-------- C:\Arquivos de programas\WinAVIVideoConverter
2007-03-10 21:26 -------- d-------- C:\Arquivos de programas\MSN Messenger
2007-03-10 21:26 -------- d-------- C:\Arquivos de programas\Messenger Plus! Live
2007-03-08 12:36 578048 --a------ C:\WINDOWS\system32\Backup user32.dll
2007-02-18 23:55 737280 --a------ C:\WINDOWS\iun6002.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpybotSD TeaTimer"="C:\\Arquivos de programas\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\ARQUIV~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"avgnt"="\"C:\\Arquivos de programas\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Minha página inicial atual"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\ARQUIV~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\ARQUIV~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-carregador Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon de cache de categorias de componente"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=""
"{6148028B-D532-4417-8C0B-5A4A0B745393}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoDispSettingsPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoSizeChoice"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LockTaskbar"=dword:00000000
"NoBandCustomize"=dword:00000000
"NoMovingBands"=dword:00000000
"NoCloseDragDropBands"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoToolbarsOnTaskbar"=dword:00000000
"NoActiveDesktop"=dword:00000000
"ClassicShell"=dword:00000000
"NoSMBalloonTip"=dword:00000001
"NoSaveSettings"=dword:00000000
"NoRecentDocsHistory"=dword:00000001
"CDRAutoRun"=dword:00000000
"NoDriveTypeAutoRun"=dword:00000095
"NoLowDiskSpaceChecks"=dword:00000001
"MemCheckBoxInRunDlg"=dword:00000000
"NoClose"=dword:00000000
"NoAutoTrayNotify"=dword:00000000
"NoResolveTrack"=dword:00000000
"NoResolveSearch"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000001
"NoStartBanner"=hex:01,00,00,00
"NoWelcomeScreen"=dword:00000001
"NoRecentDocsNetHood"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoSharedDocuments"=dword:00000001
"NoThemesTab"=dword:00000000
"NoToolbarCustomize"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"NoInternetOpenWith"=dword:00000000
"RunStartupScriptSync"=dword:00000000
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000
"DisableCAD"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=dword:00000001
"NoStrCmpLogical"=dword:00000001
"NoClose"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\ARQUIV~1\\Adobe\\Reader 8.0\\Reader\\reader_sl.exe "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Synchronizer.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\ARQUIV~1\\Adobe\\Reader 8.0\\Reader\\AdobeCollabSync.exe "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Pedro^Menu Iniciar^Programas^Inicializar^BitComet Acceleration Patch.lnk]
"backup"="C:\\WINDOWS\\pss\\BitComet Acceleration Patch.lnkStartup"
"location"="Startup"
"command"="C:\\ARQUIV~1\\BitComet Acceleration Patch\\BitComet Acceleration Patch.exe "
"item"="BitComet Acceleration Patch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Atualizador - Puxa Rápido]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Atualiza"
"hkey"="HKLM"
"command"="C:\\Arquivos de programas\\Puxa Rápido\\Atualiza.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ashDisp"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Babylon"
"hkey"="HKLM"
"command"="C:\\Arquivos de programas\\Babylon\\Babylon-Pro\\Babylon.exe -AutoStart"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bdagent"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\Softwin\\BitDefender10\\bdagent.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDMCon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bdmcon"
"hkey"="HKLM"
"command"="C:\\ARQUIV~1\\Softwin\\BitDefender10\\bdmcon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CTFMON"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSave_Installer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DaemonTools_WhenUSave_Installer"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="%systemroot%\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~1"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RTHDCPL"
"hkey"="HKLM"
"command"="RTHDCPL.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="S3trayp"
"hkey"="HKLM"
"command"="S3trayp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SkyTel"
"hkey"="HKLM"
"command"="SkyTel.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sm56hlpr"
"hkey"="HKLM"
"command"="sm56hlpr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Arquivos de programas\\Java\\jre1.5.0_07\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTTimer"
"hkey"="HKLM"
"command"="VTTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Winampa"
"hkey"="HKLM"
"command"="\"C:\\Arquivos de programas\\Winamp\\Winampa.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"XCOMM"=dword:00000002
"VSSERV"=dword:00000002
"LIVESRV"=dword:00000002
"bdss"=dword:00000002
"VundoFixSvc"=dword:00000003
"usnjsvc"=dword:00000003
"RichVideo"=dword:00000002
"ose"=dword:00000003
"IDriverT"=dword:00000003

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggfeca
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: 07-05-09 22:00:40.51
C:\ComboFix.txt ... 07-05-09 22:00
C:\ComboFix2.txt ... 07-05-09 13:46
C:\ComboFix3.txt ... 07-05-08 19:18

====================================================

VundoFix V6.3.21

Checking Java version...

Sun Java not detected
Scan started at 22:02:02 9/5/2007

Listing files found while scanning....

C:\WINDOWS\system32\hggfeca.dll
C:\WINDOWS\system32\srutv.bak2
C:\WINDOWS\system32\srutv.ini
C:\WINDOWS\system32\srutv.ini2
C:\WINDOWS\system32\srutv.tmp
C:\WINDOWS\system32\vturs.dll

Beginning removal...


As you can see, Vundo didn't finish the removal, because the system crashed.

But it found something, that might have caused the taskbar problem. How do I remove them?

Thanks in advance.

Regards,
Piloto
 
Last edited:
Oh hoo...

You're very wise man ;D
This way HijackThis found some interesting stuff. Here we go:

Logfile of HijackThis v1.99.1
Scan saved at 13:13:34, on 10/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe
C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe
C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe
C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE
D:\Samir\Outros\Progamas de Segurança\Scanner.exe

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6148028B-D532-4417-8C0B-5A4A0B745393} - C:\WINDOWS\system32\hggfeca.dll
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98484659-E2AF-46CE-9585-7CCDAE26E90C} - (no file)
O2 - BHO: (no name) - {9C6177F2-470F-43D5-A48D-88F6F5CFACDD} - C:\WINDOWS\system32\vturs.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar selecionadas com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Baixar tudo com Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E342B29-F22A-40C9-B675-660AB2852C9A}: NameServer = 200.204.0.138 200.204.0.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: hggfeca - C:\WINDOWS\SYSTEM32\hggfeca.dll
O20 - Winlogon Notify: vtsqp - C:\WINDOWS\system32\vtsqp.dll (file missing)
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Arquivos de programas\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe


What should I do now?
Thanks for your help.

P.S.: BTW, why HijackThis didn't work with its real name? Was there something blocking it?
 
Last edited:
There seems to be more than Vundo going on here. Run these scans and post the reports.

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Then run an online scan with Kaspersky.
http://www.kaspersky.com/virusscanner
Save the report and post it here.
 
Okk...

I'll tell you what I've done.

I needed the taskbar here immediately. So I used HijackThis to fix those Vundos. But didn't work. I tried Killbox, without success. The last thing to try was to delete the files using the Recover Console. I've done it and the taskbar and the desktop icons appeared. I removed what I thought was a malware.

But I still think that my PC is infected, because the system still restarts when I try to boot in the safe mode. So I've done what you've said.



Here is the GMER log:

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-11 12:54:56
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys ZwClose
SSDT \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys ZwCreateKey
SSDT \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys ZwDeleteKey
SSDT \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys ZwDeleteValueKey
SSDT \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys ZwEnumerateKey
SSDT \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys ZwEnumerateValueKey
SSDT \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys ZwFlushKey
SSDT \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys ZwLoadKey
SSDT \??\C:\Arquivos de programas\Softwin\BitDefender10\bdfsdrv.sys ZwOpenFile
SSDT \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys ZwOpenKey
SSDT \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys ZwQueryKey
SSDT \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys ZwQueryValueKey
SSDT \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys ZwSetValueKey
SSDT \??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys ZwUnloadKey

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\system32\DRIVERS\update.sys

---- User code sections - GMER 1.0.12 ----

.text C:\WINDOWS\explorer.exe[1264] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 51981CE2 C:\ARQUIV~1\DVDREG~1\DVDShell.dll
.text C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe[1752] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe[1752] WS2_32.dll!sendto 71A72C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe[1752] WS2_32.dll!recvfrom 71A72D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe[1752] WS2_32.dll!bind 71A73E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe[1752] WS2_32.dll!connect 71A7406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe[1752] WS2_32.dll!send 71A7428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe[1752] WS2_32.dll!gethostbyname 71A74FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe[1752] WS2_32.dll!listen 71A788D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe[1752] WS2_32.dll!closesocket 71A79639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe[1752] WS2_32.dll!accept 71A81028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\ARQUIV~1\MOZILL~1\firefox.exe[2236] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\ARQUIV~1\MOZILL~1\firefox.exe[2236] WS2_32.dll!sendto 71A72C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\ARQUIV~1\MOZILL~1\firefox.exe[2236] WS2_32.dll!recvfrom 71A72D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\ARQUIV~1\MOZILL~1\firefox.exe[2236] WS2_32.dll!bind 71A73E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\ARQUIV~1\MOZILL~1\firefox.exe[2236] WS2_32.dll!connect 71A7406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\ARQUIV~1\MOZILL~1\firefox.exe[2236] WS2_32.dll!send 71A7428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\ARQUIV~1\MOZILL~1\firefox.exe[2236] WS2_32.dll!gethostbyname 71A74FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\ARQUIV~1\MOZILL~1\firefox.exe[2236] WS2_32.dll!listen 71A788D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\ARQUIV~1\MOZILL~1\firefox.exe[2236] WS2_32.dll!closesocket 71A79639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\ARQUIV~1\MOZILL~1\firefox.exe[2236] WS2_32.dll!accept 71A81028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2508] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2508] WS2_32.dll!sendto 71A72C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2508] WS2_32.dll!recvfrom 71A72D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2508] WS2_32.dll!bind 71A73E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2508] WS2_32.dll!connect 71A7406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2508] WS2_32.dll!send 71A7428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2508] WS2_32.dll!gethostbyname 71A74FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2508] WS2_32.dll!listen 71A788D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2508] WS2_32.dll!closesocket 71A79639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\WINDOWS\system32\wuauclt.exe[2508] WS2_32.dll!accept 71A81028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Free Download Manager\fdm.exe[2560] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Free Download Manager\fdm.exe[2560] WS2_32.dll!sendto 71A72C69 5 Bytes JMP 10002D10 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Free Download Manager\fdm.exe[2560] WS2_32.dll!recvfrom 71A72D0F 5 Bytes JMP 10002CA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Free Download Manager\fdm.exe[2560] WS2_32.dll!bind 71A73E00 5 Bytes JMP 10003020 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Free Download Manager\fdm.exe[2560] WS2_32.dll!connect 71A7406A 5 Bytes JMP 10002DA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Free Download Manager\fdm.exe[2560] WS2_32.dll!send 71A7428A 5 Bytes JMP 10002AA0 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Free Download Manager\fdm.exe[2560] WS2_32.dll!gethostbyname 71A74FD4 5 Bytes JMP 10002D70 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Free Download Manager\fdm.exe[2560] WS2_32.dll!listen 71A788D3 5 Bytes JMP 10002A60 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Free Download Manager\fdm.exe[2560] WS2_32.dll!closesocket 71A79639 5 Bytes JMP 10003060 C:\WINDOWS\system32\sockspy.dll
.text C:\Arquivos de programas\Free Download Manager\fdm.exe[2560] WS2_32.dll!accept 71A81028 5 Bytes JMP 10002F30 C:\WINDOWS\system32\sockspy.dll
.text C:\Documents and Settings\Pedro\Desktop\gmer.exe[2680] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10003090 C:\WINDOWS\system32\sockspy.dll

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA [F47C6CD7] sbbotdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA [F47C6CD7] sbbotdi.sys

---- EOF - GMER 1.0.12 ----
 
Here's the Kaspersky log (I've just scanned C:\):

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, May 11, 2007 2:43:14 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/05/2007
Kaspersky Anti-Virus database records: 298434
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\

Scan Statistics:
Total number of scanned objects: 57906
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:08:40

Infected Object Name / Virus Name / Last Action
C:\Arquivos de programas\Winamp\Plugins\AudioScrobbler.log.txt Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Dados de aplicativos\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Histórico\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Histórico\History.IE5\MSHist012007051120070512\index.dat Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Temp\Free Download Manager\tic13.tmp Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Temp\~DF3016.tmp Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Temp\~DF6C1.tmp Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Temp\~DF753F.tmp Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Temp\~DF988D.tmp Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Temp\~ROMFN_00000C04 Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Temp\~WRF0000.tmp Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Temp\~WRS0001.tmp Object is locked skipped
C:\Documents and Settings\Pedro\Configurações locais\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Pedro\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Pedro\Dados de aplicativos\Babylon\log_file.txt Object is locked skipped
C:\Documents and Settings\Pedro\Dados de aplicativos\Microsoft\Modelos\Normal.dot Object is locked skipped
C:\Documents and Settings\Pedro\Dados de aplicativos\Microsoft\Word\Salvamento de AutoRecuperação de Entrevista com Christopher Robin Taylor.asd Object is locked skipped
C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cert8.db Object is locked skipped
C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\history.dat Object is locked skipped
C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\key3.db Object is locked skipped
C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\parent.lock Object is locked skipped
C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Pedro\Meus documentos\Os Meus Registos\maio 2007\[email protected] Object is locked skipped
C:\Documents and Settings\Pedro\ntuser.dat Object is locked skipped
C:\Documents and Settings\Pedro\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{F7107133-9B91-4679-9BDD-A31514486774}\RP2\A0004802.dll Object is locked skipped
C:\System Volume Information\_restore{F7107133-9B91-4679-9BDD-A31514486774}\RP8\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_Intel 537EP Speakerphone Modem.txt Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{559887ED-D75E-40F8-A7D9-197B8E326A53}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{9B7BE45F-204D-487E-893F-1CD96B5EC110}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\bdss.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp00005d1f\tmp00000000 Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

========================================================

And here's the HijackThis Log (just to check):


Logfile of HijackThis v1.99.1
Scan saved at 12:53:55, on 11/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe
C:\ARQUIV~1\Softwin\BitDefender10\bdmcon.exe
C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe
C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe
C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe
C:\Arquivos de programas\Discador itelefonica\DiscadorCompitelefonica.exe
C:\ARQUIV~1\Softwin\BitDefender10\bdlite.exe
C:\ARQUIV~1\MOZILL~1\FIREFOX.EXE
C:\Arquivos de programas\Free Download Manager\fdm.exe
C:\Documents and Settings\Pedro\Desktop\gmer.exe
C:\Arquivos de programas\Winamp\winamp.exe
C:\Arquivos de programas\MSN Messenger\msnmsgr.exe
C:\Arquivos de programas\Last.fm\LastFM.exe
D:\Samir\Outros\Progamas de Segurança\Scanner.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6EF05952-B48D-4944-AA91-57A6A1A48EF8} - C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Arquivos de programas\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [BDMCon] C:\ARQUIV~1\Softwin\BitDefender10\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar selecionadas com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Baixar tudo com Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E342B29-F22A-40C9-B675-660AB2852C9A}: NameServer = 200.204.0.138 200.204.0.10
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

=====================================================

VundoFix didn't found anything suspicious this time, nor BitDefender.

BTW, what is the SystemVolumeInformation folder?

Thanks a lot.
 
System Volume Information is part of Windows, nothing to worry about.

Do you have Speedbit installed? It's known to cause problems.

The Hijackthis log is clean, just some leftovers to take care of.

Run Hijackthis and select "Do a system scan only", place a check by the following entries.

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1678F7E1-C422-11D0-AD7D-00400515CAAA} - (no file)

Close all open windows and browsers, and hit "Fix Checked".

As long as those entries are gone on reboot, I don't need to see another log (you might need to turn Spybot's TeaTimer off).

We might need to try a repair install of Windows, but try this first.

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Download, install, update and run a full scan with AVG Antispyware.
http://downloads.grisoft.cz/softw/70/filedir/inst/avgas-setup-7.5.0.50.exe
Delete all it finds, save the report and post the report in your next reply.
 
I have SpeedBit Video Accelerator, but I can't uninstall it, cause when I try to it says 'Couldn't open Install.log file!'.

I've fixed those entries (I had to turn TeaTimer off) and the log is ok. Can I turn TeaTimer on again or it will block the changes?

Here's the AVG AS log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created: 14:58:05 12/5/2007

+ Scan Result:



:mozilla.141:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.103:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.95:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.96:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.97:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.98:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.72:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.73:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.74:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.23:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.55:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.82:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.83:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.84:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.85:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.43:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.27:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.28:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.29:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.30:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.31:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.300:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.301:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.104:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.192:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.204:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.92:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.273:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.274:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.135:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.136:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.137:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.138:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.127:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.267:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.278:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.40:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.41:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.42:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.43:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.44:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.45:C:\Documents and Settings\Pedro\Dados de aplicativos\Mozilla\Firefox\Profiles\p01pg5ul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Arquivos de programas\Marcos Velasco Security\MV RegClean 4.0\Skins\02.skn -> Trojan.Delf.mg : Cleaned with backup (Quarenten).


::Report end



Thanks!
 
Last edited:
Yes, turn TeaTimer back on.

The Speedbit thing was a long shot, it's not affecting normal mode, so I think it's ok.

Download System Repair Engineer from this link.
http://www.kztechs.com/eng/download.html

Open the program and select "System Repair" on the left.
Go to the "Advanced Repair" tab.
Choose the "Repair Safe Mode" option and follow the prompts.

Then try booting in safemode.
 
Didn't work. The system reboots on the logon screen.
But this program gave me some warning messages. When I open the program, a message appears telling that the LoadLibraryA has been modified to abnormal values (I guess it's shown below in the log). And when I click on the 'Boot Itens' section, another error message appears, with the following:
Warning! The AppInit_DLLs value in Registry has changed to a abnormal value (Default value is blank). Please check virus in your computer.

I thought that the log of the smart scan would be useful, so here we go:
(I didn't fix anything besides the safe mode (what you said me to do))



Code: 
2007-05-13,11:13:59

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <NextSTART><; C:\Arquivos de programas\Winstep\nextstart.exe autostart>  [N/A]
    <SpybotSD TeaTimer><C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe>  [(Verified)Safer Networking Ltd.]
    <CTFMON.EXE><; C:\WINDOWS\system32\CTFMON.EXE>  [(Verified)Microsoft Windows Publisher]
    <Workshelf><; C:\Arquivos de programas\Winstep\workshelf.exe autostart>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <BDMCon><C:\ARQUIV~1\Softwin\BitDefender10\bdmcon.exe>  [SOFTWIN S.R.L.]
    <BDAgent><"C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe">  [SOFTWIN S.R.L.]
    <!AVG Anti-Spyware><"C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
    <Alcmtr><; ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Atualizador - Puxa Rápido><; C:\Arquivos de programas\Puxa Rápido\Atualiza.exe>  []
    <avast!><; >  [N/A]
    <Babylon Client><; C:\Arquivos de programas\Babylon\Babylon-Pro\Babylon.exe -AutoStart>  [(Verified)Babylon Ltd.]
    <DAEMON Tools><; "C:\Arquivos de programas\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
    <DaemonTools_WhenUSave_Installer><; >  [N/A]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <NeroFilterCheck><; C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe>  [(Verified)Nero AG]
    <New.net Startup><; >  [N/A]
    <QuickTime Task><; >  [N/A]
    <RTHDCPL><; RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <S3Trayp><; S3trayp.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SkyTel><; SkyTel.EXE>  [(Verified)Microsoft Windows Publisher]
    <SMSERIAL><; sm56hlpr.exe>  [N/A]
    <SunJavaUpdateSched><; C:\Arquivos de programas\Java\jre1.5.0_07\bin\jusched.exe>  [Sun Microsystems, Inc.]
    <VTTimer><; VTTimer.exe>  [(Verified)Microsoft Windows Publisher]
    <WinampAgent><; "C:\Arquivos de programas\Winamp\Winampa.exe">  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><sockspy.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{93994DE8-8239-4655-B1D1-5F4E91300429}><C:\ARQUIV~1\DVDREG~1\DVDShell.dll>  [Fengtao Software Inc.]
    <{6148028B-D532-4417-8C0B-5A4A0B745393}><>  [N/A]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]

==================================
Startup Folders
N/A

==================================
Services
[Adobe LM Service / Adobe LM Service][Stopped/Disabled]
  <"C:\Arquivos de programas\Arquivos comuns\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[BitDefender Scan Server / bdss][Running/Auto Start]
  <"C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Scan Server\bdss.exe" /service><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Disabled]
  <"C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[BitDefender Desktop Update Service / LIVESRV][Running/Auto Start]
  <"C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Update Service\livesrv.exe" /service><SOFTWIN S.R.L.>
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
  <"C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe"><Nero AG>
[Cyberlink RichVideo Service(CRVS) / RichVideo][Stopped/Disabled]
  <"C:\Arquivos de programas\CyberLink\Shared Files\RichVideo.exe"><>
[VideoAcceleratorEngine / VideoAcceleratorEngine][Stopped/Disabled]
  <><N/A>
[BitDefender Virus Shield / VSSERV][Running/Auto Start]
  <"C:\Arquivos de programas\Softwin\BitDefender10\vsserv.exe" /service><SOFTWIN S.R.L.>
[VundoFix Service / VundoFixSvc][Stopped/Disabled]
  <VundoFixSVC.exe><Atribune.org>
[BitDefender Communicator / XCOMM][Running/Auto Start]
  <"C:\Arquivos de programas\Arquivos comuns\Softwin\BitDefender Communicator\xcommsvr.exe" /service><SOFTWIN S.R.L>

==================================
Drivers
[AMD Processor Driver / AmdK8][Running/System Start]
  <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[bdfdll / bdfdll][Running/Manual Start]
  <\??\C:\Arquivos de programas\Softwin\BitDefender10\bdfdll.sys><N/A>
[BDFSDRV / BDFSDRV][Running/Manual Start]
  <\??\C:\Arquivos de programas\Softwin\BitDefender10\bdfsdrv.sys><N/A>
[bdpredir / bdpredir][Running/System Start]
  <\??\C:\Arquivos de programas\Softwin\BitDefender10\bdpredir.sys><Softwin SRL>
[BDRSDRV / BDRSDRV][Running/Auto Start]
  <\??\C:\Arquivos de programas\Softwin\BitDefender10\bdrsdrv.sys><N/A>
[VIA Rhine-Family Fast-Ethernet Adapter Driver Service / FET5X86V][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><N/A>
[gmer / gmer][Stopped/Manual Start]
  <System32\DRIVERS\gmer.sys><GMER>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[imagedrv / imagedrv][Running/Boot Start]
  <\SystemRoot\System32\Drivers\imagedrv.sys><Ahead Software AG>
[imagesrv / imagesrv][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\imagesrv.sys><Ahead Software AG>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ASACPI.sys><>
[Profos / Profos][Stopped/Manual Start]
  <\??\C:\ARQUIV~1\Softwin\BitDefender10\profos.sys><N/A>
[Driver de link paralelo direto / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[S3G700 / S3G700][Stopped/Manual Start]
  <system32\DRIVERS\S3G700m.sys><S3 Graphics Co., Ltd.>
[S3GIGP / S3GIGP][Running/Manual Start]
  <system32\DRIVERS\S3gIGPm.sys><S3 Graphics Co., Ltd.>
[sbbotdi / sbbotdi][Running/Auto Start]
  <\??\C:\ARQUIV~1\SpeedBit Video Accelerator\sbbotdi.sys><SpeedBit Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smserial / smserial][Running/Manual Start]
  <system32\DRIVERS\smserial.sys><N/A>
[sptd / sptd][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><Duplex Secure Ltd.>
[Trufos / Trufos][Stopped/Manual Start]
  <\??\C:\ARQUIV~1\Softwin\BitDefender10\trufos.sys><N/A>
[videX32 / videX32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[VIA USB Host Controller Lower Filter / vulfnths][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>
[WmaCDriverV32 / WmaCDriverV32][Stopped/Manual Start]
  <system32\drivers\WmaCDriverV32.sys><Windows (R) 2000/XP>
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>

==================================
Browser Add-ons
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.3.28.dll, BitComet>
[]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\ARQUIV~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[]
  {6EF05952-B48D-4944-AA91-57A6A1A48EF8} <C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL, N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[FDMIECookiesBHO Class]
  {CC59E0F9-7E43-44FA-9FAA-8377850BF205} <C:\Arquivos de programas\Free Download Manager\iefdmcks.dll, N/A>
[Java Plug-in]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[&Pesquisar]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Arquivos de programas\Messenger\msmsgs.exe, Microsoft Corporation>
[Java Plug-in]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
  {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} <C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_07]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Arquivos de programas\Java\jre1.5.0_07\bin\npjpi150_07.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Arquivos de programas\BitComet\tools\BitCometBHO_1.1.3.28.dll, BitComet>
[]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\ARQUIV~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[CKAVReportCtrl Object]
  {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[]
  {6EF05952-B48D-4944-AA91-57A6A1A48EF8} <C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL, N/A>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Arquivos de programas\Java\jre1.5.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[Navegador da Web da Microsoft]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Arquivos de programas\Arquivos comuns\System\msadc\msadco.dll, Microsoft Corporation>
[FDMIECookiesBHO Class]
  {CC59E0F9-7E43-44FA-9FAA-8377850BF205} <C:\Arquivos de programas\Free Download Manager\iefdmcks.dll, N/A>
[Windows Live Sign-in Control]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[Baixar com o Free Download Manager]
  <file://C:\Arquivos de programas\Free Download Manager\dllink.htm, N/A>
[Baixar selecionadas com o Free Download Manager]
  <file://C:\Arquivos de programas\Free Download Manager\dlselected.htm, N/A>
[Baixar tudo com Free Download Manager]
  <file://C:\Arquivos de programas\Free Download Manager\dlall.htm, N/A>
[E&xportar para o Microsoft Excel]
  <, N/A>

==================================
Running Processes
[PID: 608][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1348][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ARQUIV~1\SPYBOT~1\SDHelper.dll]  [Safer Networking Limited, 1, 4, 0, 0]
    [C:\Arquivos de programas\Puxa Rápido\IEBHO.DLL]  [N/A, ]
    [C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\Arquivos de programas\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.PTB]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\ARQUIV~1\DVDREG~1\DVDShell.dll]  [Fengtao Software Inc., 5, 5, 0, 8]
    [C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
[PID: 1884][C:\ARQUIV~1\Softwin\BitDefender10\bdmcon.exe]  [SOFTWIN S.R.L., 10, 2, 0, 15]
    [C:\WINDOWS\system32\XCOMM.dll]  [Softwin, 1, 8, 12, 0]
    [C:\ARQUIV~1\Softwin\BitDefender10\procinf.dll]  [SOFTWIN S.R.L., 10, 2, 0, 7]
    [C:\ARQUIV~1\Softwin\BitDefender10\TxTools.dll]  [SOFTWIN S.R.L, 10, 2, 0, 0]
    [C:\ARQUIV~1\Softwin\BitDefender10\BDGUICtl.dll]  [Softwin, 10, 2, 0, 22]
    [C:\ARQUIV~1\Softwin\BitDefender10\bdutils.dll]  [, 10, 2, 0, 9]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\ARQUIV~1\Softwin\BitDefender10\txmlx.dll]  [Softwin, 10, 2, 0, 1]
    [C:\ARQUIV~1\Softwin\BitDefender10\bdch.dll]  [SOFTWIN, 1, 1, 300]
    [C:\ARQUIV~1\Softwin\BitDefender10\bdsubmit.dll]  [SOFTWIN, 1,2,0, 200]
    [C:\ARQUIV~1\Softwin\BitDefender10\NAG.dll]  [SOFTWIN S.R.L., 10.2.0.0]
    [C:\ARQUIV~1\Softwin\BitDefender10\popup.dll]  [SOFTWIN S.R.L., 10, 0, 0, 9]
    [C:\ARQUIV~1\Softwin\BitDefender10\agentreg.dll]  [TODO: <Company name>, 10.2.0.3]
    [C:\ARQUIV~1\Softwin\BitDefender10\getfile.dll]  [N/A, ]
    [C:\ARQUIV~1\Softwin\BitDefender10\WSLib.dll]  [N/A, ]
    [C:\ARQUIV~1\Softwin\BitDefender10\bdusers.dll]  [TODO: <Company name>, 10.1.0.0]
    [C:\ARQUIV~1\Softwin\BitDefender10\main.dll]  [SOFTWIN S.R.L., 10, 3, 0, 35]
    [C:\ARQUIV~1\Softwin\BitDefender10\antivirus.dll]  [SOFTWIN S.R.L., 10, 1, 0, 24]
    [C:\ARQUIV~1\Softwin\BitDefender10\antispy.dll]  [SOFTWIN S.R.L., 10, 1, 0, 29]
    [C:\ARQUIV~1\Softwin\BitDefender10\live.dll]  [SOFTWIN S.R.L., 10, 2, 0, 21]
    [C:\ARQUIV~1\Softwin\BitDefender10\vshield.dll]  [SOFTWIN S.R.L., 10, 2, 1, 129]
    [C:\ARQUIV~1\Softwin\BitDefender10\vscan.dll]  [SOFTWIN S.R.L., 10, 1, 0, 34]
    [C:\ARQUIV~1\Softwin\BitDefender10\quar.dll]  [SOFTWIN S.R.L., 10, 2, 1, 18]
    [C:\ARQUIV~1\Softwin\BitDefender10\quarcore.dll]  [SOFTWIN S.R.L., 10, 2, 1, 16]
    [C:\ARQUIV~1\Softwin\BitDefender10\NTTools.dll]  [SOFTWIN S.R.L., 10, 1, 0, 7]
    [C:\ARQUIV~1\Softwin\BitDefender10\ashield.dll]  [SOFTWIN S.R.L., 10, 2, 0, 92]
    [C:\ARQUIV~1\Softwin\BitDefender10\Wizards.dll]  [SOFTWIN S.R.L., 10, 3, 0, 0]
    [C:\ARQUIV~1\Softwin\BitDefender10\privintf.dll]  [SOFTWIN S.R.L., 10, 2, 0, 25]
    [C:\ARQUIV~1\Softwin\BitDefender10\sysinfo.dll]  [SOFTWIN S.R.L., 10, 2, 0, 1057]
    [C:\ARQUIV~1\Softwin\BitDefender10\BDElev.DLL]  [SOFTWIN S.R.L., 1.0.0.1]
[PID: 1892][C:\Arquivos de programas\Softwin\BitDefender10\bdagent.exe]  [SOFTWIN S.R.L., 10, 2, 0, 16]
    [C:\Arquivos de programas\Softwin\BitDefender10\bdch.dll]  [SOFTWIN, 1, 1, 300]
    [C:\Arquivos de programas\Softwin\BitDefender10\bdsubmit.dll]  [SOFTWIN, 1,2,0, 200]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Arquivos de programas\Softwin\BitDefender10\bdutils.dll]  [, 10, 2, 0, 9]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\XCOMM.dll]  [Softwin, 1, 8, 12, 0]
    [C:\Arquivos de programas\Softwin\BitDefender10\procinf.dll]  [SOFTWIN S.R.L., 10, 2, 0, 7]
    [C:\Arquivos de programas\Softwin\BitDefender10\BDGUICtl.dll]  [Softwin, 10, 2, 0, 22]
    [C:\Arquivos de programas\Softwin\BitDefender10\txmlx.dll]  [Softwin, 10, 2, 0, 1]
[PID: 1900][C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
    [C:\Arquivos de programas\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 1928][C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe]  [Safer Networking Limited, 1, 4, 0, 2]
    [C:\Arquivos de programas\Spybot - Search & Destroy\advcheck.dll]  [Safer Networking Limited, 1, 5, 1, 0]
[PID: 2108][C:\Documents and Settings\Pedro\Desktop\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\sockspy.dll]  [N/A, ]
    [C:\Documents and Settings\Pedro\Desktop\sreng2\Plugins\NWMON.SRE]  [Smallfrogs Studio, 1, 0, 0, 8]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
API HOOK
Entrypoint Error: LoadLibraryA (Dangerous Level: Generic,  Hooked by Module: C:\WINDOWS\system32\sockspy.dll)

==================================
Hidden Process
N/A

==================================


Thanks!
 
Last edited:
You must log in or register to reply here.
Back
Top