Inactive Windows vista only in safe mode

F

FlaviusCoi

Posts: 6   +0
Today my laptop froze and ever since I have been unable to start windows unless im in safe mode, networking is still working, windows does not start, it just gets to the loading screen. When I restart the computer and try again I get a message saying windows failed to start and then it goes into a 'repair windows screen' which never works because after the repair is complete I still cant get into normal windows.

I cant run Avast because the program just freezes at start.

Malware and
DDS logs :

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.27.05

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
fpcoimbra :: NOTE_VAIO270AE [administrator]

Protection: Disabled

27/03/2013 12:02:44
mbam-log-2013-03-27 (12-02-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223232
Time elapsed: 6 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


dds:

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2
Run by fpcoimbra at 12:11:43 on 2013-03-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1046.18.3068.2145 [GMT -3:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Users\fpcoimbra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\fpcoimbra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\fpcoimbra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
uDefault_Page_URL = hxxp://vaio.sony-latin.com/
mDefault_Page_URL = hxxp://vaio.sony-latin.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: HistoryTriggerBHO Class: {21A88CB9-84D2-4020-A2D1-B25A21034884} - c:\program files\lg electronics\lg pc suite iv\linkair\LinkAirBrowserHelper.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - c:\program files\gbplugin\gbieh.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [LG LinkAir] <no file>
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [VAIOSurvey] "c:\program files\sony\vaio survey\VAIO Sat Survey.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AML] c:\program files\sony\vaio launcher\AML.exe InitApp
mRun: [Unattend0000000001{41F28451-E4E7-4801-A14F-DFFCFFCBB052}] c:\program files\sony\first experience\VAIOWelcome.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Skytel] Skytel.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Windows Mobile Device Center] c:\windows\windowsmobile\wmdc.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [B2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe
mRun: [CertificateRegistration] aetcrss1.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: c:\users\fpcoim~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Trusted Zone: corel.com
Trusted Zone: intervideo.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 201.82.0.56 201.82.0.69
TCP: Interfaces\{1C3199D4-2D78-487C-80D7-B41424C05F60} : DHCPNameServer = 201.82.0.56 201.82.0.69
TCP: Interfaces\{8215A104-D569-49C6-96B0-2496C9CEA20D} : DHCPNameServer = 201.82.0.64 201.82.0.51
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: GbPluginBb - c:\program files\gbplugin\gbieh.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - c:\program files\gbplugin\gbieh.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fpcoimbra\appdata\roaming\mozilla\firefox\profiles\5edyymgi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - component: c:\program files\mozilla firefox\components\SiteVacuumXPCOM.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nokia\nokia suite\npNokiaSuiteEnabler.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\fpcoimbra\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\users\fpcoimbra\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\fpcoimbra\appdata\roaming\mozilla\firefox\profiles\5edyymgi.default\extensions\{000f1ea4-5e08-4564-a29b-29076f63a37a}\plugins\npsoe.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-08-29 16:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-3-15 49248]
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2011-8-30 46440]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
R3 NETw5v32;Driver do Adaptador Intel(R) Wireless WiFi Link para Windows Vista 32 bits;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-9-17 9344]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-13 765736]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-8-28 368176]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-28 29816]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-8-28 66336]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-10 45248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Serviço de Cache de Fontes do Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 GbpSv;Gbp Service;c:\progra~1\gbplugin\GbpSv.exe [2011-8-30 280168]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-27 398184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-27 682344]
S2 ogmservice;Online Games Manager;c:\program files\online games manager\ogmservice.exe [2013-3-12 559168]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-9-17 104992]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-I visual effects\uCamMonitor.exe [2008-10-2 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-9-17 411488]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2010-12-7 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2010-12-7 20736]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2010-12-7 20096]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2010-12-7 25088]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-10-2 17408]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-3-15 164736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-9-17 29736]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2009-8-10 89600]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
S3 libusb0;LibUsb-Win32 - Kernel Driver 07/07/2009, 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [2009-7-7 28160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-27 21104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-11-9 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2012-11-9 8576]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-10-2 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-10-2 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-10-2 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-10-2 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-10-2 83232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2013-03-27 15:01:39--------d-----w-c:\programdata\Comodo
2013-03-27 15:01:37--------d-----w-c:\programdata\Comodo Downloader
2013-03-27 13:12:49--------d-----w-c:\users\fpcoimbra\appdata\roaming\Malwarebytes
2013-03-27 13:12:18--------d-----w-c:\programdata\Malwarebytes
2013-03-27 13:12:1721104----a-w-c:\windows\system32\drivers\mbam.sys
2013-03-27 13:12:17--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-03-25 12:02:196954968----a-w-c:\programdata\microsoft\windows defender\definition updates\{cc4322ae-cf13-4a53-938c-5a17b8a19bed}\mpengine.dll
2013-03-15 10:58:47164736----a-w-c:\windows\system32\drivers\aswVmm.sys
2013-03-15 10:58:4649248----a-w-c:\windows\system32\drivers\aswRvrt.sys
2013-03-05 21:12:2594112----a-w-c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-03-14 02:37:0873432----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-14 02:37:08693976----a-w-c:\windows\system32\FlashPlayerApp.exe
2013-03-06 23:33:24765736----a-w-c:\windows\system32\drivers\aswSnx.sys
2013-03-06 23:33:2366336----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2013-03-06 23:32:5141664----a-w-c:\windows\avastSS.scr
2013-03-05 21:12:11861088----a-w-c:\windows\system32\npdeployJava1.dll
2013-03-05 21:12:10782240----a-w-c:\windows\system32\deployJava1.dll
2013-02-02 03:38:351800704----a-w-c:\windows\system32\jscript9.dll
2013-02-02 03:30:321427968----a-w-c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:211129472----a-w-c:\windows\system32\wininet.dll
2013-02-02 03:26:47142848----a-w-c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21420864----a-w-c:\windows\system32\vbscript.dll
2013-02-02 03:23:282382848----a-w-c:\windows\system32\mshtml.tlb
2013-01-17 04:28:58232336----a-w-c:\windows\system32\MpSigStub.exe
2013-01-05 05:26:013602808----a-w-c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:26:013550072----a-w-c:\windows\system32\ntoskrnl.exe
2013-01-04 11:28:18905576----a-w-c:\windows\system32\drivers\tcpip.sys
2013-01-04 01:38:502048512----a-w-c:\windows\system32\win32k.sys
2006-12-29 10:15:423100672----a-w-c:\program files\common files\sapxlhelper.dll
2006-12-29 10:15:40626688----a-w-c:\program files\common files\sapconsaccess.dll
2006-12-29 10:15:4040960----a-w-c:\program files\common files\DigitalSignature.ocx
2006-12-29 10:15:40192512----a-w-c:\program files\common files\sapconsr3.dll
.
============= FINISH: 12:12:56,17 ===============


.
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=================================

I don't actually see anything malicious there but let's see if we can help with your issue.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Farbar txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 14 days old)
Ran by fpcoimbra at 27-03-2013 13:51:14
Running from G:\
Service Pack 2 (X86) OS Language: Portuguese Brazilian
Attention: Could not load system hive.
ERRO: O arquivo j est sendo usado por outro processo.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-03-27 13:51 - 2013-03-27 13:51 - 00000000 ____D C:\FRST
2013-03-27 12:14 - 2013-03-27 12:14 - 00012975 ____A C:\Users\fpcoimbra\Desktop\attach.txt
2013-03-27 12:14 - 2013-03-27 12:12 - 00020493 ____A C:\Users\fpcoimbra\Desktop\dds.txt
2013-03-27 12:01 - 2013-03-27 12:01 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-03-27 12:01 - 2013-03-27 12:01 - 00000000 ____D C:\ProgramData\Comodo
2013-03-27 10:12 - 2013-03-27 10:12 - 00000924 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-27 10:12 - 2013-03-27 10:12 - 00000000 ____D C:\Users\fpcoimbra\AppData\Roaming\Malwarebytes
2013-03-27 10:12 - 2013-03-27 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-27 10:12 - 2013-03-27 10:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-03-27 10:12 - 2012-12-14 16:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-03-25 01:18 - 2013-03-25 01:18 - 00142440 ____A C:\Windows\Minidump\Mini032513-01.dmp
2013-03-15 07:58 - 2013-03-06 20:33 - 00164736 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-03-15 07:58 - 2013-03-06 20:33 - 00049248 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-03-14 03:01 - 2013-02-02 01:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-14 03:01 - 2013-02-02 00:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-14 03:01 - 2013-02-02 00:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-14 03:01 - 2013-02-02 00:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-14 03:01 - 2013-02-02 00:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-14 03:01 - 2013-02-02 00:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-14 03:01 - 2013-02-02 00:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-14 03:01 - 2013-02-02 00:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-14 03:01 - 2013-02-02 00:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-14 03:01 - 2013-02-02 00:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-14 03:01 - 2013-02-02 00:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-14 03:01 - 2013-02-02 00:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-14 03:01 - 2013-02-02 00:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-14 03:01 - 2013-02-02 00:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-14 03:01 - 2013-02-02 00:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-14 03:01 - 2013-02-02 00:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-05 18:12 - 2013-03-05 18:12 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-03-05 18:12 - 2013-03-05 18:12 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-03-05 18:12 - 2013-03-05 18:12 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-03-05 18:12 - 2013-03-05 18:12 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-03-05 18:08 - 2013-03-05 18:08 - 00896928 ____A (Oracle Corporation) C:\Users\fpcoimbra\Downloads\chromeinstall-7u17.exe
2013-03-04 17:01 - 2013-03-04 17:01 - 00000405 ____A C:\Users\fpcoimbra\Desktop\bolo iogurte.txt

==================== One Month Modified Files and Folders ========

2013-03-27 13:30 - 2010-01-12 10:53 - 00001356 ____A C:\Users\fpcoimbra\AppData\Local\d3d9caps.dat
2013-03-27 12:14 - 2013-03-27 12:14 - 00012975 ____A C:\Users\fpcoimbra\Desktop\attach.txt
2013-03-27 12:12 - 2013-03-27 12:14 - 00020493 ____A C:\Users\fpcoimbra\Desktop\dds.txt
2013-03-27 12:01 - 2013-03-27 12:01 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-03-27 12:01 - 2013-03-27 12:01 - 00000000 ____D C:\ProgramData\Comodo
2013-03-27 10:30 - 2008-01-20 23:47 - 00052678 ____A C:\Windows\PFRO.log
2013-03-27 10:30 - 2006-11-02 10:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-27 10:30 - 2006-11-02 09:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-27 10:30 - 2006-11-02 09:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-27 10:13 - 2009-08-27 23:40 - 00000000 ____D C:\Flávio
2013-03-27 10:12 - 2013-03-27 10:12 - 00000924 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-27 10:12 - 2013-03-27 10:12 - 00000000 ____D C:\Users\fpcoimbra\AppData\Roaming\Malwarebytes
2013-03-27 10:12 - 2013-03-27 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-27 10:12 - 2013-03-27 10:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-03-27 09:53 - 2009-08-27 23:20 - 01751707 ____A C:\Windows\WindowsUpdate.log
2013-03-27 09:40 - 2010-09-08 22:09 - 00000000 ____D C:\Gabriel
2013-03-27 09:35 - 2008-01-21 02:27 - 01469864 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-27 09:35 - 2008-01-21 02:26 - 00643090 ____A C:\Windows\System32\prfh0416.dat
2013-03-27 09:35 - 2008-01-21 02:26 - 00124594 ____A C:\Windows\System32\prfc0416.dat
2013-03-25 15:49 - 2010-02-05 22:09 - 00001052 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-25 08:31 - 2006-11-02 09:47 - 00033792 _____ C:\Windows\System32\umstartup.etl
2013-03-25 01:18 - 2013-03-25 01:18 - 00142440 ____A C:\Windows\Minidump\Mini032513-01.dmp
2013-03-25 01:18 - 2011-06-16 08:20 - 279480546 ____A C:\Windows\MEMORY.DMP
2013-03-25 01:18 - 2009-12-06 23:24 - 00000000 ____D C:\Windows\Minidump
2013-03-25 00:18 - 2010-08-10 14:30 - 00001840 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-03-25 00:17 - 2006-11-02 07:23 - 00002577 ____A C:\Windows\System32\config.nt
2013-03-25 00:11 - 2011-05-02 14:28 - 00000000 ____D C:\Program Files\DivX
2013-03-25 00:11 - 2011-05-02 14:24 - 00000000 ____D C:\ProgramData\DivX
2013-03-25 00:11 - 2009-08-28 00:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-03-25 00:11 - 2009-08-27 23:25 - 00000000 ____D C:\users\fpcoimbra
2013-03-25 00:11 - 2008-10-02 15:38 - 00000000 ____D C:\Program Files\Google
2013-03-25 00:11 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\System32\spool
2013-03-25 00:11 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-03-25 00:11 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\registration
2013-03-25 00:11 - 2006-11-02 07:22 - 62128128 ____A C:\Windows\System32\config\software_previous
2013-03-25 00:11 - 2006-11-02 07:22 - 48758784 ____A C:\Windows\System32\config\system_previous
2013-03-25 00:11 - 2006-11-02 07:22 - 43778048 ____A C:\Windows\System32\config\components_previous
2013-03-25 00:11 - 2006-11-02 07:22 - 00524288 ____A C:\Windows\System32\config\default_previous
2013-03-25 00:11 - 2006-11-02 07:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-03-25 00:11 - 2006-11-02 07:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-03-25 00:10 - 2010-06-07 21:29 - 00000000 ____D C:\ProgramData\Real
2013-03-23 20:05 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\System32\LogFiles
2013-03-15 20:28 - 2010-02-05 22:09 - 00001056 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-15 20:22 - 2010-01-06 02:26 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682164387-3572074850-493945710-1000UA.job
2013-03-15 19:36 - 2012-04-15 00:08 - 00000902 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-15 19:15 - 2008-09-17 13:10 - 00004268 ____A C:\Windows\bthservsdp.dat
2013-03-15 19:15 - 2006-11-02 10:01 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-03-14 23:22 - 2010-01-06 02:26 - 00001042 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682164387-3572074850-493945710-1000Core.job
2013-03-14 03:24 - 2010-08-25 22:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-14 03:05 - 2008-10-02 15:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-14 03:05 - 2006-11-02 07:24 - 69796088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-03-13 23:37 - 2012-04-15 00:08 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-03-13 23:37 - 2011-05-14 18:44 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-03-13 08:18 - 2010-09-16 20:06 - 00000000 ____D C:\Beatriz
2013-03-06 20:33 - 2013-03-15 07:58 - 00164736 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-03-06 20:33 - 2013-03-15 07:58 - 00049248 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-03-06 20:33 - 2011-03-13 02:23 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-03-06 20:33 - 2009-08-28 00:55 - 00368176 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-03-06 20:33 - 2009-08-28 00:55 - 00062376 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-03-06 20:33 - 2009-08-28 00:55 - 00049760 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2013-03-06 20:33 - 2009-08-28 00:55 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-03-06 20:33 - 2009-08-28 00:54 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-03-06 20:32 - 2010-08-10 14:29 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-03-06 20:32 - 2009-08-28 00:54 - 00228600 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-03-05 18:13 - 2008-09-17 13:55 - 00000000 ____D C:\Program Files\Common Files\Java
2013-03-05 18:12 - 2013-03-05 18:12 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-03-05 18:12 - 2013-03-05 18:12 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-03-05 18:12 - 2013-03-05 18:12 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-03-05 18:12 - 2013-03-05 18:12 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-03-05 18:12 - 2012-07-12 12:44 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-03-05 18:12 - 2010-08-04 09:31 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-03-05 18:08 - 2013-03-05 18:08 - 00896928 ____A (Oracle Corporation) C:\Users\fpcoimbra\Downloads\chromeinstall-7u17.exe
2013-03-05 14:29 - 2011-09-27 04:53 - 00000000 ____D C:\Users\fpcoimbra\AppData\Roaming\Skype
2013-03-05 13:29 - 2009-09-29 14:03 - 00007954 ____A C:\Users\fpcoimbra\Desktop\Anotações.txt
2013-03-04 22:44 - 2009-11-08 15:47 - 00000000 ____D C:\Users\fpcoimbra\AppData\Roaming\Apple Computer
2013-03-04 17:01 - 2013-03-04 17:01 - 00000405 ____A C:\Users\fpcoimbra\Desktop\bolo iogurte.txt
2013-02-26 17:18 - 2006-11-02 09:52 - 00142156 ____A C:\Windows\setupact.log


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-12 09:19] - [2012-08-21 08:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3068.3 MB
Available physical RAM: 2588.96 MB
Total Pagefile: 6337.58 MB
Available Pagefile: 6055.49 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.8 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:288.12 GB) (Free:102.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
5 Drive g: () (Removable) (Total:1.84 GB) (Free:0.62 GB) FAT

Disco No. Status Tamanho Livre Din Gpt
--------- ---------- ------- ------- --- ---
Disco 0 Online 298 GB 0 B
Disco 1 Nenhuma m¡ 0 B 0 B
Disco 2 Nenhuma m¡ 0 B 0 B
Disco 3 Online 1886 MB 0 B

Partitions of Disk 0:
===============

O disco 0 ‚ o disco selecionado.

Parti‡Æo No. Tipo Tamanho Deslocamento
------------- ---------------- ------- ------------
Parti‡Æo 1 OEM 10 GB 1024 KB
Parti‡Æo 2 Prim rio 288 GB 10 GB

=========================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

1 ‚ a parti‡Æo selecionada.

Parti‡Æo 1
Tipo : 27
Oculto: Sim
Ativo : NÆo

NÆo h um volume associado … parti‡Æo.

=========================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

2 ‚ a parti‡Æo selecionada.

Parti‡Æo 2
Tipo : 07
Oculto: NÆo
Ativo : Sim

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Parti‡Æo 288 GB Öntegro Sistema

=========================================================

Partitions of Disk 3:
===============

O disco 3 ‚ o disco selecionado.

Parti‡Æo No. Tipo Tamanho Deslocamento
------------- ---------------- ------- ------------
Parti‡Æo 1 Prim rio 1884 MB 68 KB

=========================================================

Disk: 3
O disco 3 ‚ o disco selecionado.

1 ‚ a parti‡Æo selecionada.

Parti‡Æo 1
Tipo : 06
Oculto: NÆo
Ativo : NÆo

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Remov¡vel 1884 MB Öntegro

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 3464320C

Partition 1:
=========
Hex: 0020210027FEFFFF0008000000183F01
Active: NO
Type: 27
Size: 10 GB

Partition 2:
=========
Hex: 80FEFFFF07FEFFFF00203F01B0C20324
Active: YES
Type: 07 (NTFS)
Size: 288 GB

==============================
Partitions of Disk 3:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 00020A00063FFFBC8700000039E03A00
Active: NO
Type: 06
Size: 2 GB


Last Boot: 2013-03-27 12:11

==================== End Of Log ============================
 
That won't work.
You ran the tool from within Windows.
Please re-read my instructions.
 
I am sorry about my mistake.

frst log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 14 days old)
Ran by SYSTEM at 27-03-2013 14:13:51
Running from F:\
Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: Portuguese Brazilian
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe [122880 2008-02-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe" [385024 2008-07-25] ()
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe InitApp [1097728 2008-06-13] (Sony)
HKLM\...\Run: [Unattend0000000001{41F28451-E4E7-4801-A14F-DFFCFFCBB052}] %PROGRAMFILES%\Sony\First Experience\VAIOWelcome.exe [x]
HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1037736 2007-08-31] (Microsoft Corporation)
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4767304 2013-03-06] (AVAST Software)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM\...\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe [404568 2012-03-28] (LG Electronics)
HKLM\...\Run: [CertificateRegistration] aetcrss1.exe [x]
HKLM\...\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [295072 2013-01-12] (RealNetworks, Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\fpcoimbra\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\fpcoimbra\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\fpcoimbra\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
HKU\fpcoimbra\...\Run: [LG LinkAir] [x]
HKU\fpcoimbra\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-08-29] (Google Inc.)
HKU\fpcoimbra\...\Run: [Google Update] "C:\Users\fpcoimbra\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2010-01-06] (Google Inc.)
HKU\fpcoimbra\...\Run: [] [x]
HKU\fpcoimbra\...\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe -tray [1090040 2012-12-21] (Nokia)
HKU\fpcoimbra\...\Run: [Memory Improve Master] C:\Program Files\Memory Improve Master\MemoryImproveMaster.exe /autorun [5095424 2009-03-16] (Memory Improve Master Studio)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [512360 2012-12-14] (Malwarebytes Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1091432 2012-12-14] (Malwarebytes Corporation)
Winlogon\Notify\ GbPluginBb: C:\Program Files\GbPlugin\gbieh.dll [X]
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
Tcpip\Parameters: [DhcpNameServer] 201.82.0.56 201.82.0.69
Startup: C:\ProgramData\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\fpcoimbra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk
ShortcutTarget: Recorte de tela e Iniciador do OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 AdobeActiveFileMonitor6.0; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-11] ()
2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [45248 2013-03-06] (AVAST Software)
2 GbpSv; C:\PROGRA~1\GbPlugin\GbpSv.exe [280168 2012-10-09] ( )
2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 ogmservice; "C:\Program Files\Online Games Manager\ogmservice.exe" --service-run [559168 2013-03-12] (RealNetworks, Inc.)
2 RealNetworks Downloader Resolver Service; "C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe" [38608 2012-11-29] ()
3 SOHCImp; "C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe" [103712 2008-05-20] (Sony Corporation)
3 SOHDms; "C:\Program Files\Sony\VAIO Media plus\SOHDms.exe" [353568 2008-05-20] (Sony Corporation)
3 SOHDs; "C:\Program Files\Sony\VAIO Media plus\SOHDs.exe" [62752 2008-05-20] (Sony Corporation)
3 SPTISRV; "C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe" [77824 2008-05-20] (Sony Corporation)
2 uCamMonitor; C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe [104960 2008-03-25] (ArcSoft, Inc.)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [73728 2008-05-22] (Sony Corporation)
2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation)
2 VCFw; "C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [415744 2008-06-20] (Sony Corporation)
3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [337184 2008-06-11] (Sony Corporation)
3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [279848 2008-06-19] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [192512 2008-05-22] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2010-12-07] (LG Electronics Inc.)
3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2010-12-07] (LG Electronics Inc.)
3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2010-12-07] (LG Electronics Inc.)
3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2010-12-07] (LG Electronics Inc.)
3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17408 2008-01-30] (ArcSoft, Inc.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-03-06] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-03-06] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [49760 2013-03-06] (AVAST Software)
0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49248 2013-03-06] ()
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-03-06] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368176 2013-03-06] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [62376 2013-03-06] (AVAST Software)
3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [164736 2013-03-06] ()
0 GbpKm; C:\Windows\System32\drivers\gbpkm.sys [46440 2012-10-09] (GAS Tecnologia)
3 GemCCID; C:\Windows\System32\Drivers\GemCCID.sys [89600 2009-08-10] (Gemalto)
3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtport.sys [12160 2009-09-29] (LG Electronics Inc.)
3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbus.sys [10496 2009-09-29] (LG Electronics Inc.)
3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmodem.sys [12928 2009-09-29] (LG Electronics Inc.)
3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [28160 2009-07-07] (http://libusb-win32.sourceforge.net)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
3 nmwcdnsu; C:\Windows\System32\drivers\nmwcdnsu.sys [137600 2012-11-09] (Nokia)
3 nmwcdnsuc; C:\Windows\System32\drivers\nmwcdnsuc.sys [8576 2012-11-09] (Nokia)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
2 regi; \??\C:\Windows\system32\drivers\regi.sys [11032 2007-04-17] (InterVideo)
3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [143328 2008-06-27] (Realtek Semiconductor Corp.)
2 Secdrv; \??\C:\Windows\system32\drivers\SECDRV.SYS [12464 2010-05-10] (Macrovision Europe Ltd)
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
4 UIUSys; C:\Windows\System32\DRIVERS\UIUSYS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-03-27 13:51 - 2013-03-27 13:51 - 00000000 ____D C:\FRST
2013-03-27 12:14 - 2013-03-27 12:14 - 00012975 ____A C:\Users\fpcoimbra\Desktop\attach.txt
2013-03-27 12:14 - 2013-03-27 12:12 - 00020493 ____A C:\Users\fpcoimbra\Desktop\dds.txt
2013-03-27 12:01 - 2013-03-27 12:01 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-03-27 12:01 - 2013-03-27 12:01 - 00000000 ____D C:\ProgramData\Comodo
2013-03-27 10:12 - 2013-03-27 10:12 - 00000924 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-27 10:12 - 2013-03-27 10:12 - 00000000 ____D C:\Users\fpcoimbra\AppData\Roaming\Malwarebytes
2013-03-27 10:12 - 2013-03-27 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-27 10:12 - 2013-03-27 10:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-03-27 10:12 - 2012-12-14 16:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-03-25 01:18 - 2013-03-25 01:18 - 00142440 ____A C:\Windows\Minidump\Mini032513-01.dmp
2013-03-15 07:58 - 2013-03-06 20:33 - 00164736 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-03-15 07:58 - 2013-03-06 20:33 - 00049248 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-03-14 03:01 - 2013-02-02 01:09 - 12321792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-14 03:01 - 2013-02-02 00:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-14 03:01 - 2013-02-02 00:38 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-03-14 03:01 - 2013-02-02 00:31 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-14 03:01 - 2013-02-02 00:30 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-03-14 03:01 - 2013-02-02 00:30 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-14 03:01 - 2013-02-02 00:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-14 03:01 - 2013-02-02 00:27 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-14 03:01 - 2013-02-02 00:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-03-14 03:01 - 2013-02-02 00:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-03-14 03:01 - 2013-02-02 00:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-03-14 03:01 - 2013-02-02 00:25 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-14 03:01 - 2013-02-02 00:23 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-14 03:01 - 2013-02-02 00:23 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-14 03:01 - 2013-02-02 00:23 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-14 03:01 - 2013-02-02 00:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-05 18:12 - 2013-03-05 18:12 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-03-05 18:12 - 2013-03-05 18:12 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-03-05 18:12 - 2013-03-05 18:12 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-03-05 18:12 - 2013-03-05 18:12 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-03-05 18:08 - 2013-03-05 18:08 - 00896928 ____A (Oracle Corporation) C:\Users\fpcoimbra\Downloads\chromeinstall-7u17.exe
2013-03-04 17:01 - 2013-03-04 17:01 - 00000405 ____A C:\Users\fpcoimbra\Desktop\bolo iogurte.txt

==================== One Month Modified Files and Folders ========

2013-03-27 14:09 - 2010-01-12 10:53 - 00001356 ____A C:\Users\fpcoimbra\AppData\Local\d3d9caps.dat
2013-03-27 14:00 - 2010-02-05 22:09 - 00001052 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-27 13:59 - 2006-11-02 10:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-27 13:59 - 2006-11-02 09:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-27 13:59 - 2006-11-02 09:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-27 13:51 - 2013-03-27 13:51 - 00000000 ____D C:\FRST
2013-03-27 12:14 - 2013-03-27 12:14 - 00012975 ____A C:\Users\fpcoimbra\Desktop\attach.txt
2013-03-27 12:12 - 2013-03-27 12:14 - 00020493 ____A C:\Users\fpcoimbra\Desktop\dds.txt
2013-03-27 12:01 - 2013-03-27 12:01 - 00000000 ____D C:\ProgramData\Comodo Downloader
2013-03-27 12:01 - 2013-03-27 12:01 - 00000000 ____D C:\ProgramData\Comodo
2013-03-27 10:30 - 2008-01-20 23:47 - 00052678 ____A C:\Windows\PFRO.log
2013-03-27 10:13 - 2009-08-27 23:40 - 00000000 ____D C:\Flávio
2013-03-27 10:12 - 2013-03-27 10:12 - 00000924 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-27 10:12 - 2013-03-27 10:12 - 00000000 ____D C:\Users\fpcoimbra\AppData\Roaming\Malwarebytes
2013-03-27 10:12 - 2013-03-27 10:12 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-03-27 10:12 - 2013-03-27 10:12 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-03-27 09:53 - 2009-08-27 23:20 - 01751707 ____A C:\Windows\WindowsUpdate.log
2013-03-27 09:40 - 2010-09-08 22:09 - 00000000 ____D C:\Gabriel
2013-03-27 09:35 - 2008-01-21 02:27 - 01469864 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-27 09:35 - 2008-01-21 02:26 - 00643090 ____A C:\Windows\System32\prfh0416.dat
2013-03-27 09:35 - 2008-01-21 02:26 - 00124594 ____A C:\Windows\System32\prfc0416.dat
2013-03-25 08:31 - 2006-11-02 09:47 - 00033792 _____ C:\Windows\System32\umstartup.etl
2013-03-25 01:18 - 2013-03-25 01:18 - 00142440 ____A C:\Windows\Minidump\Mini032513-01.dmp
2013-03-25 01:18 - 2011-06-16 08:20 - 279480546 ____A C:\Windows\MEMORY.DMP
2013-03-25 01:18 - 2009-12-06 23:24 - 00000000 ____D C:\Windows\Minidump
2013-03-25 00:18 - 2010-08-10 14:30 - 00001840 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-03-25 00:17 - 2006-11-02 07:23 - 00002577 ____A C:\Windows\System32\config.nt
2013-03-25 00:11 - 2011-05-02 14:28 - 00000000 ____D C:\Program Files\DivX
2013-03-25 00:11 - 2011-05-02 14:24 - 00000000 ____D C:\ProgramData\DivX
2013-03-25 00:11 - 2009-08-28 00:12 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-03-25 00:11 - 2009-08-27 23:25 - 00000000 ____D C:\users\fpcoimbra
2013-03-25 00:11 - 2008-10-02 15:38 - 00000000 ____D C:\Program Files\Google
2013-03-25 00:11 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\System32\spool
2013-03-25 00:11 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-03-25 00:11 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\registration
2013-03-25 00:11 - 2006-11-02 07:22 - 62128128 ____A C:\Windows\System32\config\software_previous
2013-03-25 00:11 - 2006-11-02 07:22 - 48758784 ____A C:\Windows\System32\config\system_previous
2013-03-25 00:11 - 2006-11-02 07:22 - 43778048 ____A C:\Windows\System32\config\components_previous
2013-03-25 00:11 - 2006-11-02 07:22 - 00524288 ____A C:\Windows\System32\config\default_previous
2013-03-25 00:11 - 2006-11-02 07:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-03-25 00:11 - 2006-11-02 07:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-03-25 00:10 - 2010-06-07 21:29 - 00000000 ____D C:\ProgramData\Real
2013-03-23 20:05 - 2006-11-02 08:18 - 00000000 ____D C:\Windows\System32\LogFiles
2013-03-15 20:28 - 2010-02-05 22:09 - 00001056 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-15 20:22 - 2010-01-06 02:26 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682164387-3572074850-493945710-1000UA.job
2013-03-15 19:36 - 2012-04-15 00:08 - 00000902 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-03-15 19:15 - 2008-09-17 13:10 - 00004268 ____A C:\Windows\bthservsdp.dat
2013-03-15 19:15 - 2006-11-02 10:01 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-03-14 23:22 - 2010-01-06 02:26 - 00001042 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682164387-3572074850-493945710-1000Core.job
2013-03-14 03:24 - 2010-08-25 22:17 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-14 03:05 - 2008-10-02 15:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-03-14 03:05 - 2006-11-02 07:24 - 69796088 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-03-13 23:37 - 2012-04-15 00:08 - 00693976 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-03-13 23:37 - 2011-05-14 18:44 - 00073432 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-03-13 08:18 - 2010-09-16 20:06 - 00000000 ____D C:\Beatriz
2013-03-06 20:33 - 2013-03-15 07:58 - 00164736 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-03-06 20:33 - 2013-03-15 07:58 - 00049248 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-03-06 20:33 - 2011-03-13 02:23 - 00765736 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-03-06 20:33 - 2009-08-28 00:55 - 00368176 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-03-06 20:33 - 2009-08-28 00:55 - 00062376 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-03-06 20:33 - 2009-08-28 00:55 - 00049760 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2013-03-06 20:33 - 2009-08-28 00:55 - 00029816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-03-06 20:33 - 2009-08-28 00:54 - 00066336 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-03-06 20:32 - 2010-08-10 14:29 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-03-06 20:32 - 2009-08-28 00:54 - 00228600 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-03-05 18:13 - 2008-09-17 13:55 - 00000000 ____D C:\Program Files\Common Files\Java
2013-03-05 18:12 - 2013-03-05 18:12 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-03-05 18:12 - 2013-03-05 18:12 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-03-05 18:12 - 2013-03-05 18:12 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-03-05 18:12 - 2013-03-05 18:12 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-03-05 18:12 - 2012-07-12 12:44 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npdeployJava1.dll
2013-03-05 18:12 - 2010-08-04 09:31 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-03-05 18:08 - 2013-03-05 18:08 - 00896928 ____A (Oracle Corporation) C:\Users\fpcoimbra\Downloads\chromeinstall-7u17.exe
2013-03-05 14:29 - 2011-09-27 04:53 - 00000000 ____D C:\Users\fpcoimbra\AppData\Roaming\Skype
2013-03-05 13:29 - 2009-09-29 14:03 - 00007954 ____A C:\Users\fpcoimbra\Desktop\Anotações.txt
2013-03-04 22:44 - 2009-11-08 15:47 - 00000000 ____D C:\Users\fpcoimbra\AppData\Roaming\Apple Computer
2013-03-04 17:01 - 2013-03-04 17:01 - 00000405 ____A C:\Users\fpcoimbra\Desktop\bolo iogurte.txt
2013-02-26 17:18 - 2006-11-02 09:52 - 00142156 ____A C:\Windows\setupact.log


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2012-12-12 09:19] - [2012-08-21 08:47] - 0224640 ____A (Microsoft Corporation) 786DB5771F05EF300390399F626BF30A


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-05 18:11:07
Restore point made on: 2013-03-05 18:11:57
Restore point made on: 2013-03-06 23:59:58
Restore point made on: 2013-03-08 08:10:10
Restore point made on: 2013-03-09 00:00:24
Restore point made on: 2013-03-10 00:00:24
Restore point made on: 2013-03-11 18:25:33
Restore point made on: 2013-03-12 12:13:11
Restore point made on: 2013-03-14 03:01:11
Restore point made on: 2013-03-15 00:29:00
Restore point made on: 2013-03-15 20:30:33
Restore point made on: 2013-03-17 03:00:51
Restore point made on: 2013-03-19 15:55:35
Restore point made on: 2013-03-21 04:15:48
Restore point made on: 2013-03-22 01:01:23
Restore point made on: 2013-03-22 12:55:51

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3068.3 MB
Available physical RAM: 2624.39 MB
Total Pagefile: 2854.01 MB
Available Pagefile: 2713.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.92 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:288.12 GB) (Free:101.93 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
3 Drive e: (Recovery) (Fixed) (Total:9.97 GB) (Free:0.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:1.84 GB) (Free:0.62 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS

Disco No. Status Tamanho Livre Din Gpt
--------- ---------- ------- ------- --- ---
Disco 0 Online 298 GB 0 B
Disco 1 Online 1886 MB 0 B

Partitions of Disk 0:
===============

O disco 0 ‚ o disco selecionado.

Parti‡Æo No. Tipo Tamanho Deslocamento
------------- ---------------- ------- ------------
Parti‡Æo 1 OEM 10 GB 1024 KB
Parti‡Æo 2 Prim rio 288 GB 10 GB

=========================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

1 ‚ a parti‡Æo selecionada.

Parti‡Æo 1
Tipo : 27
Oculto: Sim
Ativo : NÆo

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Parti‡Æo 10 GB Öntegro Oculto

=========================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

2 ‚ a parti‡Æo selecionada.

Parti‡Æo 2
Tipo : 07
Oculto: NÆo
Ativo : Sim

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Parti‡Æo 288 GB Öntegro

=========================================================

Partitions of Disk 1:
===============

O disco 1 ‚ o disco selecionado.

Parti‡Æo No. Tipo Tamanho Deslocamento
------------- ---------------- ------- ------------
Parti‡Æo 1 Prim rio 1884 MB 68 KB

=========================================================

Disk: 1
O disco 1 ‚ o disco selecionado.

1 ‚ a parti‡Æo selecionada.

Parti‡Æo 1
Tipo : 06
Oculto: NÆo
Ativo : NÆo

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 F FAT Remov¡vel 1884 MB Öntegro

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 3464320C

Partition 1:
=========
Hex: 0020210027FEFFFF0008000000183F01
Active: NO
Type: 27
Size: 10 GB

Partition 2:
=========
Hex: 80FEFFFF07FEFFFF00203F01B0C20324
Active: YES
Type: 07 (NTFS)
Size: 288 GB

==============================
Partitions of Disk 1:
===============
Disk ID: 00000000

Partition 1:
=========
Hex: 00020A00063FFFBC8700000039E03A00
Active: NO
Type: 06
Size: 2 GB


Last Boot: 2013-03-27 12:11

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot normally.
 

Attachments

  • fixlist.txt
    27 bytes · Views: 2
The computer could not boot properly, it freezes after logon

fixlist:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2013
Ran by SYSTEM at 2013-03-27 15:35:43 Run:1
Running from F:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====
 
So far I don't see anything malicious but let's run couple more scans...

redtarget.gif
Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
The computer could not boot properly yet, it freezes after logon

RogueKiller V8.5.4 [Mar 18 2013] Por Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Site : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Sistema Operacional : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Iniciado em : Modo de Segurança com rede
Usuario : fpcoimbra [Privilegios de Admnistrador]
Modo : Remover -- Data : 03/27/2013 17:41:16
| ARK || FAK || MBR |

¤¤¤ Entradas ruins : 0 ¤¤¤

¤¤¤ Entradas do Registro : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> SUBSTITUIDO (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> SUBSTITUIDO (0)

¤¤¤ Arquivos / Pastas Pessoais: ¤¤¤

¤¤¤ Driver : [Não Carregado] ¤¤¤

¤¤¤ Arquivo de Hosts: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ Verificaçao do MBR: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3252GSX +++++
--- User ---
[MBR] fcf355e06753d258945ad89da1487d24
[BSP] a89e6840b2475507dc8d592053eca201 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10211 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20914176 | Size: 295032 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Concluido : << RKreport[2]_D_03272013_02d1741.txt >>
RKreport[1]_S_03272013_02d1739.txt ; RKreport[2]_D_03272013_02d1741.txt


Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.27.10

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
fpcoimbra :: NOTE_VAIO270AE [administrator]

27/03/2013 17:59:05
mbar-log-2013-03-27 (17-59-05).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30950
Time elapsed: 14 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.260000 GHz
Memory total: 3217350656, free: 2554499072

------------ Kernel report ------------
03/27/2013 17:43:51
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\gbpkm.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\NETw5v32.sys
\SystemRoot\system32\DRIVERS\yk60x86.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\risdptsk.sys
\SystemRoot\system32\DRIVERS\rimsptsk.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\SFEP.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\lgbtbus.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\NuidFltr.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\point32k.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff87bad4d0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff8af49028
Lower Device Driver Name: \Driver\rimsptsk\
Driver name found: rimsptsk
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a3ca1e0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000006b\
Lower Device Object: 0xffffffff87baa950
Lower Device Driver Name: \Driver\risdptsk\
Driver name found: risdptsk
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8759c4b0
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff86b68028
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.27.10
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8759c4b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8759c198, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8759c4b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86b528c8, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff86b68028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0xffffffffabc29388, 0xffffffff8759c4b0, 0xffffffff8b2168b0
Lower DeviceData: 0xffffffffa903cd30, 0xffffffff86b68028, 0xffffffff8b4ec270
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3464320C

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 20912128

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 20914176 Numsec = 604226224
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a3ca1e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff87bb0d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a3ca1e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87baa950, DeviceName: \Device\0000006b\, DriverName: \Driver\risdptsk\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff87bad4d0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a3cad18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87bad4d0, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8af49028, DeviceName: \Device\0000006c\, DriverName: \Driver\rimsptsk\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

 
Nothing there...

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Good luck :)
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back