Blue screen + AVG not working + webcam not working + unknown USB software

[tperesf]

So, here's what happened: I was using the computer, browsing through some random (probably not very safe) websites. I was also on a webcam call.
Suddenly there was a blue screen saying Windows was shutting down to avoid loss of system files. It restarted and I ran system recovery from Safe Mode. When system recovery was complete there was an error window about my webcam software, an my antivirus software (Free AVG) just didn't exist anymore. The system was also trying to install an unknown USB software but windows was blocking it from completing the installation (nothing was connected on USB). So I downloaded AVG again but when trying to install it there was an error message saying a system file was missing (I didn't note it's name then and now I cannot find it, sorry. But I remember it had an unusual extension (not .exe .dll. sys or anything like it).

Anyway, I followed all your steps: Antivirus (though I could not install AVG, Avast worked without any problems), Firewall, Add or Remove Programs, House Cleaning, SUPERAntiSpyware, MBAM, JRE, HijackThis.

Now I tried re-runing all programs I had problems with and apparently everything is okay. Webcam is working, the device manager does not say anything about the unknown USB device, and I also tried to uninstall Avast and install AVG and this time I didn't have any problems with the intallation.
So I would like to say thank you very much to all volunteers and to ask whether there is still anything for me to worry about.

These are my logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/26/2011 at 08:59 AM

Application Version : 4.48.1000

Core Rules Database Version : 6277
Trace Rules Database Version: 4089

Scan type       : Complete Scan
Total Scan Time : 01:36:48

Memory items scanned      : 698
Memory threats detected   : 0
Registry items scanned    : 12728
Registry threats detected : 0
File items scanned        : 138643
File threats detected     : 16

Adware.Tracking Cookie
   cdn.eyewonder.com [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   cdn5.specificclick.net [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   core.insightexpressai.com [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   ia.media-imdb.com [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   media.kompolt.com [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   media.mtvnservices.com [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   media.oprah.com [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   media.scanscout.com [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   media.theonion.com [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   richmedia247.com [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   s0.2mdn.net [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   secure-us.imrworldwide.com [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   sexy-twinks.net [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   stat.easydate.biz [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   www.gotgayporn.com [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]
   www.naiadsystems.com [ C:\Users\Thi Peres\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\AXM6PYJU ]

[tperesf]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5611

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

26/01/2011 18:58:03
mbam-log-2011-01-26 (18-58-03).txt

Scan type: Quick scan
Objects scanned: 160492
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[tperesf]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:07:36, on 26/01/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Windows\ZSSnp211.exe
C:\Windows\Domino.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14055 bytes

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[tperesf]

Thank you. Please see below the requested logs.

COMBOFIX



ComboFix 11-01-28.03 - Thi Peres 29/01/2011  14:27:47.1.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.55.1033.18.3894.2949 [GMT -2:00]
Executando de: c:\users\Thi Peres\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys

.
((((((((((((((((   Arquivos/Ficheiros criados de 2010-12-28 to 2011-01-29  ))))))))))))))))))))))))))))
.

2011-01-29 16:32 . 2011-01-29 16:32   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-01-26 21:35 . 2011-01-26 21:35   --------   d-----w-   c:\users\Thi Peres\AppData\Roaming\AVG10
2011-01-26 21:06 . 2011-01-26 21:06   388096   ----a-r-   c:\users\Thi Peres\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-26 21:06 . 2011-01-26 21:06   --------   d-----w-   c:\program files (x86)\Trend Micro
2011-01-26 21:01 . 2011-01-26 21:01   --------   d-----w-   c:\program files (x86)\Common Files\Java
2011-01-26 21:01 . 2010-11-12 20:53   472808   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2011-01-26 21:01 . 2010-11-12 20:53   472808   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-26 20:53 . 2011-01-26 20:53   --------   d-----w-   c:\users\Thi Peres\AppData\Roaming\Malwarebytes
2011-01-26 20:53 . 2010-12-20 20:09   38224   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-26 20:53 . 2011-01-26 20:53   --------   d-----w-   c:\programdata\Malwarebytes
2011-01-26 20:53 . 2011-01-26 20:53   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-26 20:53 . 2010-12-20 20:08   24152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-01-26 09:16 . 2011-01-26 09:16   --------   d-----w-   c:\users\Thi Peres\AppData\Roaming\SUPERAntiSpyware.com
2011-01-26 09:16 . 2011-01-26 09:16   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-01-26 09:16 . 2011-01-26 09:16   --------   d-----w-   c:\programdata\!SASCORE
2011-01-26 09:16 . 2011-01-26 09:16   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-01-26 09:03 . 2011-01-26 09:03   --------   d-----w-   c:\program files\CCleaner
2011-01-26 08:53 . 2011-01-26 08:54   --------   d-----w-   c:\users\Thi Peres\AppData\Roaming\PCToolsFirewallPlus
2011-01-26 08:53 . 2010-03-29 13:06   233488   ----a-w-   c:\windows\system32\drivers\PCTCore64.sys
2011-01-26 08:53 . 2010-11-17 12:20   331368   ----a-w-   c:\windows\system32\drivers\pctgntdi64.sys
2011-01-26 08:53 . 2010-11-17 12:20   136168   ----a-w-   c:\windows\system32\drivers\pctwfpfilter64.sys
2011-01-26 08:53 . 2011-01-26 08:53   --------   d-----w-   c:\program files (x86)\Common Files\PC Tools
2011-01-26 08:53 . 2010-11-24 11:18   119688   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter64.sys
2011-01-26 08:53 . 2010-07-08 11:49   79000   ----a-w-   c:\windows\system32\drivers\pctNdis64.sys
2011-01-26 08:53 . 2010-02-05 11:26   42968   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS64.sys
2011-01-26 08:53 . 2010-11-25 12:42   179464   ----a-w-   c:\windows\system32\drivers\pctplfw64.sys
2011-01-26 08:53 . 2011-01-26 08:54   --------   d-----w-   c:\program files (x86)\PC Tools Firewall Plus
2011-01-26 05:37 . 2011-01-13 08:47   237168   ----a-w-   c:\windows\system32\aswBoot.exe
2011-01-26 05:37 . 2011-01-26 21:21   --------   d-----w-   c:\programdata\Alwil Software
2011-01-26 05:37 . 2011-01-26 05:37   --------   d-----w-   c:\program files\Alwil Software
2011-01-26 05:25 . 2011-01-13 10:20   7844688   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{413E9C74-8AF4-4642-93DD-168CD5D3DD6A}\mpengine.dll
2011-01-23 01:36 . 2011-01-23 01:36   --------   d-----w-   c:\users\Thi Peres\AppData\Local\Apps
2011-01-22 22:55 . 2011-01-26 05:16   --------   d-----w-   c:\program files (x86)\McAfee Security Scan
2011-01-22 06:06 . 2011-01-22 06:06   --------   d-----w-   C:\$AVG
2011-01-22 05:17 . 2011-01-22 05:17   --------   d--h--w-   c:\programdata\Common Files
2011-01-22 05:16 . 2011-01-29 16:25   --------   d-----w-   c:\programdata\AVG10
2011-01-22 05:16 . 2011-01-26 05:14   --------   d-----w-   c:\program files (x86)\AVG
2011-01-22 05:05 . 2011-01-26 21:22   --------   d-----w-   c:\programdata\MFAData
2011-01-22 05:00 . 2011-01-26 05:14   --------   d-----w-   c:\program files (x86)\Common Files\Adobe
2011-01-22 04:44 . 2011-01-22 04:44   --------   d-----w-   c:\programdata\TOSHIBA Tempro
2011-01-22 04:41 . 2011-01-22 04:41   --------   d-----w-   c:\windows\en
2011-01-22 04:38 . 2011-01-26 05:14   --------   d-----w-   c:\program files\Windows Live
2011-01-22 04:37 . 2009-09-04 19:44   69464   ----a-w-   c:\windows\SysWow64\XAPOFX1_3.dll
2011-01-22 04:37 . 2009-09-04 19:44   515416   ----a-w-   c:\windows\SysWow64\XAudio2_5.dll
2011-01-22 04:37 . 2009-09-04 19:29   453456   ----a-w-   c:\windows\SysWow64\d3dx10_42.dll
2011-01-22 04:37 . 2009-09-04 19:29   523088   ----a-w-   c:\windows\system32\d3dx10_42.dll
2011-01-21 23:07 . 2010-10-16 05:17   720896   ----a-w-   c:\windows\system32\odbc32.dll
2011-01-21 23:07 . 2010-10-16 05:16   1425408   ----a-w-   c:\program files\Common Files\System\ado\msado15.dll
2011-01-21 23:07 . 2010-10-16 04:34   573440   ----a-w-   c:\windows\SysWow64\odbc32.dll
2011-01-21 23:07 . 2010-10-16 05:16   495616   ----a-w-   c:\program files\Common Files\System\ado\msadox.dll
2011-01-21 23:07 . 2010-10-16 05:16   466944   ----a-w-   c:\program files\Common Files\System\ado\msadomd.dll
2011-01-21 23:07 . 2010-10-16 05:16   258048   ----a-w-   c:\program files\Common Files\System\msadc\msadco.dll
2011-01-21 23:07 . 2010-10-16 04:33   372736   ----a-w-   c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-21 23:07 . 2010-10-16 04:33   352256   ----a-w-   c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-21 23:07 . 2010-10-16 04:33   987136   ----a-w-   c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-21 23:07 . 2010-10-16 04:33   208896   ----a-w-   c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-20 23:41 . 2011-01-20 23:41   --------   d-----w-   c:\programdata\Zylom
2011-01-14 11:35 . 2011-01-14 11:35   --------   d-----w-   c:\users\Thi Peres\AppData\Roaming\PlayFirst
2011-01-06 17:47 . 2011-01-06 17:47   --------   d-----w-   c:\users\Thi Peres\AppData\Local\ElevatedDiagnostics
2011-01-06 17:21 . 2011-01-26 05:14   --------   d-----w-   C:\ACCLAIM
2011-01-06 17:11 . 2011-01-06 17:38   --------   d-----w-   c:\program files (x86)\DOSBox-0.72
2011-01-06 13:43 . 1997-07-15 01:42   314880   ----a-w-   c:\windows\IsUninst.exe
2011-01-06 13:19 . 2011-01-26 05:14   --------   d-----w-   c:\windows\EffectResources
2011-01-06 13:19 . 2007-04-06 19:06   57344   ----a-w-   c:\windows\ZSSnp211.exe
2011-01-06 13:19 . 2006-08-19 00:58   49152   ----a-w-   c:\windows\Domino.exe
2011-01-06 13:19 . 2007-12-11 23:12   188416   ----a-w-   c:\windows\SysWow64\VvftPrpav211.ax
2011-01-06 13:19 . 2007-12-11 02:15   308224   ----a-w-   c:\windows\system32\drivers\vvftav211.sys
2011-01-06 13:19 . 2007-04-13 07:00   94208   ----a-w-   c:\windows\SysWow64\VvFtCtrl.dll
2011-01-06 13:19 . 2007-12-13 18:22   1491712   ----a-w-   c:\windows\system32\drivers\ZS211.sys
2011-01-06 13:19 . 2006-08-10 01:37   81920   ----a-w-   c:\windows\system32\ZS211STI.dll
2011-01-06 13:19 . 2011-01-26 05:14   --------   d-----w-   c:\program files (x86)\Vimicro
2011-01-06 13:19 . 2007-09-21 00:08   335872   ----a-w-   c:\windows\SysWow64\ZS211Prp.Ax
2011-01-06 13:19 . 2007-04-06 22:21   77824   ----a-w-   c:\windows\ZS211Cap.exe
2011-01-06 13:19 . 2006-03-14 22:28   172032   ----a-w-   c:\windows\amcap.exe
2011-01-06 13:18 . 2011-01-06 13:18   --------   d-----w-   c:\users\Thi Peres\AppData\Roaming\InstallShield

.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 19:38 . 2010-11-29 19:38   94208   ----a-w-   c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 19:38 . 2010-11-29 19:38   69632   ----a-w-   c:\windows\SysWow64\QuickTime.qts
2010-11-04 06:35 . 2010-12-15 08:13   1194496   ----a-w-   c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-15 08:13   57856   ----a-w-   c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-15 08:13   978944   ----a-w-   c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-15 08:13   44544   ----a-w-   c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-15 08:13   482816   ----a-w-   c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-15 08:13   386048   ----a-w-   c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-15 08:13   1638912   ----a-w-   c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-15 08:13   1638912   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-15 08:13   524288   ----a-w-   c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-15 08:13   473600   ----a-w-   c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-15 08:13   1169408   ----a-w-   c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-15 08:13   1114624   ----a-w-   c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-15 08:13   464384   ----a-w-   c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-15 08:13   285696   ----a-w-   c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-15 08:13   496128   ----a-w-   c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-15 08:13   305152   ----a-w-   c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-15 08:13   192000   ----a-w-   c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-15 08:13   179712   ----a-w-   c:\windows\SysWow64\schtasks.exe
.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-03 39408]
"Free Download Manager"="c:\program files (x86)\Free Download Manager\fdm.exe" [2010-09-08 3788847]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-21 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-12-08 421888]
"BigDogPath"="c:\windows\ZSSnp211.exe" [2007-04-06 57344]
"Domino"="c:\windows\Domino.exe" [2006-08-19 49152]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2010-11-29 2676696]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"AvgUninstallURL"="start http:" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""

R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2010-11-17 331368]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 135664]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-10-26 124368]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [2010-11-24 119688]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [2010-11-25 179464]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-22 225280]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [2007-12-11 308224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-24 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys [2007-12-13 1491712]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys

S4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys

.
Conteúdo da pasta 'Tarefas Agendadas'

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 20:35]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-18 20:35]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-10-26 1050072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-06 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-06 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-06 408600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2009-08-25 134032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEH&bmod=TSEH
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Baixar com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Baixar tudo com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Baixar vídeo com o Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download selecionado pelo Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Thi Peres\AppData\Roaming\Mozilla\Firefox\Profiles\phkdo4e4.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
- - - - ORFÃOS REMOVIDOS - - - -

Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-TosNC - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmartFaceVWatcher - %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - %ProgramFiles%\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe


.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-3242578883-1063118381-1102855256-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"

[HKEY_USERS\S-1-5-21-3242578883-1063118381-1102855256-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2011-01-29  14:33:47
ComboFix-quarantined-files.txt  2011-01-29 16:33

Pré-execução: 55.665.750.016 bytes free
Pós execução: 55.226.163.200 bytes free

- - End Of File - - A8A846F8FA993B157E50F127E68C871C


HIJACK THIS




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:34:34, on 29/01/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Safe mode

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\ZSSnp211.exe
O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avgbrasil.com.br/br-pt.special-uninstallation-feedback-appf?lic=NFVIMlctM1NYM0UtR0hHWDktQUZISjMtUFcyUU4tWjlLSDQ"&"inst=NzctNTM1MDg3NjM5"&"prod=90"&"ver=10.0.1204
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar tudo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12283 bytes

[SuperDave]

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The

log will be saved automatically in the same folder Sysprot.exe was
extracted to. Open the text file and copy/paste the log here.
[/list]

[tperesf]

Sorry, this may be a very stupid question, but I had some problems running SysProt. There is an error message right after clicking on the Create Log button. It says "Failed to start service. SysProt AntiRootkit needs to be run with Admin priviledges!"

The thing is, I AM running it with my Admin account (which is the only active account, btw). I tried to right click the program and open it with the "Run as Administrator" option but I had the same problem. Restarting the computer on safe mode also did not work.
I have checked my account settings on control panel and right clicked both the SysProt folder and programme to check Properties > Security, and it does say I have full control. So I don't know what's wrong.

Anyway, despite the error a log file was generated, but I don't think the scan was performed. I have the log below:


SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
No Hidden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

[SuperDave]

That happens sometimes. Let's try another.

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

[tperesf]

Again there was a problem. When trying to execute RootRepeal I get the message: Error - RootRepeal does not support 64-bit OSs!

I tried running it with the "troubleshoot compatibility" option, trying both Windows Vista and Windows XP and I got the same message

=/

[SuperDave]

RootRepeal does not support 64-bit OSs!

Oops! I forgot about the 64 bit machine.

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[tperesf]

GREAAAAT! Now it worked! Thanks...

So, here's the log.



Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7600)
[32_bits] - Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.7600.16385
Mozilla Firefox 3.6.4 (pt-BR)
.
C:\  [Fixed-NTFS] .. ( Total:149 Go - Free:51 Go )
D:\  [Fixed-NTFS] .. ( Total:148 Go - Free:121 Go )
E:\  [CD_Rom]
.
Scan : 23:17.17
Path : C:\Users\Thi Peres\Downloads\Rooter.exe
User : Thi Peres ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (328)
Locked avgchsva.exe (460)
Locked csrss.exe (692)
Locked wininit.exe (756)
Locked csrss.exe (784)
Locked services.exe (816)
Locked lsass.exe (844)
Locked lsm.exe (852)
Locked svchost.exe (948)
Locked svchost.exe (288)
Locked winlogon.exe (628)
Locked svchost.exe (708)
Locked svchost.exe (640)
Locked svchost.exe (768)
Locked svchost.exe (1148)
Locked svchost.exe (1236)
Locked spoolsv.exe (1500)
Locked svchost.exe (1532)
Locked SASCore64.exe (1772)
Locked avgwdsvc.exe (1792)
Locked svchost.exe (1860)
Locked LMS.exe (1904)
Locked FWService.exe (1960)
Locked svchost.exe (1196)
Locked TemproSvc.exe (1460)
______ ???L??? (1312)
______ ???L??? (1928)
______ ???L??? (2168)
Locked avgnsa.exe (2500)
Locked avgemca.exe (2632)
Locked conhost.exe (2660)
______ ???L??? (3060)
______ ???L??? (2136)
______ ???L??? (2112)
______ ???L??? (2096)
______ ???L??? (2188)
______ ???L??? (1816)
______ ???L??? (2668)
______ ???L??? (2800)
______ ???L??? (3244)
Locked TODDSrv.exe (3296)
______ ???L??? (3348)
______ ???L??? (3356)
______ ???L??? (3384)
______ ???L??? (3420)
Locked GoogleToolbarNotifier.exe (3452)
______ C:\Program Files (x86)\Free Download Manager\fdm.exe (3476)
______ ???L??? (3544)
Locked TosCoSrv.exe (3688)
______ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (3708)
Locked TecoService.exe (3804)
Locked WLIDSVC.EXE (3960)
______ ???L??? (3108)
Locked AVGIDSAgent.exe (3604)
______ ???L??? (3668)
______ C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (3892)
Locked IAStorDataMgrSvc.exe (2972)
Locked WLIDSVCM.EXE (3832)
Locked SearchIndexer.exe (4816)
______ C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (5268)
Locked SynTPHelper.exe (5500)
Locked KeNotify.exe (5508)
______ C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (5524)
Locked svchost.exe (5640)
______ ???L??? (5764)
Locked wmpnetwk.exe (5868)
______ C:\Windows\ZSSnp211.exe (5904)
______ C:\Windows\Domino.exe (5924)
______ C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe (5336)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4940)
______ C:\Program Files (x86)\AVG\AVG10\avgtray.exe (5312)
Locked svchost.exe (5836)
______ C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe (7156)
______ ???L??? (6152)
Locked dllhost.exe (4732)
Locked TosSmartSrv.exe (5552)
______ ???L??? (5584)
Locked TPCHSrv.exe (7004)
______ ???L??? (7140)
Locked TMachInfo.exe (5108)
Locked PresentationFontCache.exe (5164)
Locked CFIWmxSvcs64.exe (6816)
Locked CFSvcs.exe (5308)
Locked UNS.exe (6468)
Locked avgrsa.exe (4128)
Locked avgcsrva.exe (4924)
______ ???L??? (5864)
Locked audiodg.exe (7132)
Locked SearchProtocolHost.exe (4504)
Locked SearchFilterHost.exe (5692)
______ C:\Users\Thi Peres\Downloads\Rooter.exe (1876)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:419430400)
\Device\Harddisk0\Partition2 (Start_Offset:420478976 | Length:160035766272)
\Device\Harddisk0\Partition3 (Start_Offset:160456245248 | Length:159616335872)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:17.30
.
C:\Rooter$\Rooter_1.txt - (31/01/2011 | 23:17.30)

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[tperesf]

Hey, I did the scan
but the "list of found threats" button didn't show up... actually after the scan it said that "no threats were found"


This is the scan, btw...


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=11a2a8f8be50284ca8b77a1bb3c274b5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-02 01:27:44
# local_time=2011-02-01 11:27:44 (-0300, E. South America Daylight Time)
# country="Brazil"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777213 100 86 0 38963533 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 48152591 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=159356
# found=0
# cleaned=0
# scan_time=4523



So, am I good?

[SuperDave]

Ok. That looks good. Let's do some cleanup.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*****************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[tperesf]

thank you