Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BIOS,memory,mbr , infected

Started by Sangoino , Feb 13 2013 08:28 AM

  • Please log in to reply

#1
Sangoino
Posted 13 February 2013 - 08:28 AM

Sangoino

    Member

  • Member
  • PipPip
  • 40 posts
hello , I am pretty sure, I Am infected
When I Formate my computer, I Have some services added on automatique

I cant make a /SFC Scannow because something is connected to computer
I Cant have access to the website phoenix ( bios website for bios)
I Cant boot on any cd/dvd
when I connect into my wifi , I have a /!\, and it remove to normal
sometime, internet is out


I Think, it's a virus memory, bios, or mbr

I Have tried to remove cmos , waiting, installing cmos, and reinstalled but infected... Help me ...

Edited by Sangoino, 13 February 2013 - 10:08 AM.

  • 0

Advertisements

#2
Sangoino
Posted 13 February 2013 - 09:16 AM

Sangoino

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OTL logfile created on: 13/02/2013 15:59:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\phil\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,75 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 62,70% Memory free
5,50 Gb Paging File | 4,15 Gb Available in Paging File | 75,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 215,96 Gb Free Space | 92,77% Space Free | Partition Type: NTFS

Computer Name: PHIL-PC | User Name: phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe (Adobe Systems, Inc.)
PRC - C:\Users\phil\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO Internet Security\cis.exe (COMODO)
PRC - C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (COMODO)
PRC - C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Ltd)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\Comodo\GeekBuddy\unit_manager.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
PRC - C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
PRC - C:\Program Files\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\PC Tools\PC Tools Security\SpamMonitor\SMPlugin.dll ()
MOD - C:\Program Files\PC Tools\PC Tools Security\pctui\PCTUI.DLL ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (cmdvirth) -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe (COMODO)
SRV - (CLPSLauncher) -- C:\Program Files\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
SRV - (DragonUpdater) -- C:\Program Files\Comodo\Dragon\dragon_updater.exe ()
SRV - (GeekBuddyRSP) -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (sdCoreService) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (sdAuxService) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (Browser Defender Update Service) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (iusb3hcs) -- C:\Windows\System32\drivers\iusb3hcs.sys (Intel Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (Partizan) -- C:\Windows\System32\drivers\Partizan.sys (Greatis Software)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdguard.sys (COMODO)
DRV - (cmderd) -- C:\Windows\System32\drivers\cmderd.sys (COMODO)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (pctplfw) -- C:\Windows\System32\drivers\pctplfw.sys (PC Tools)
DRV - (pctplsm) -- C:\Windows\System32\drivers\pctplsm.sys (PC Tools)
DRV - (pctplsg) -- C:\Windows\System32\drivers\pctplsg.sys (PC Tools)
DRV - (PCTSD) -- C:\Windows\System32\drivers\PCTSD.sys (PC Tools)
DRV - (pctgntdi) -- C:\Windows\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (PCTBD) -- C:\Windows\System32\drivers\PCTBD.sys (PC Tools)
DRV - (PCTCore) -- C:\Windows\System32\drivers\PCTCore.sys (PC Tools)
DRV - (PCTAppEvent) -- C:\Windows\System32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (pctNdisLW) -- C:\Windows\System32\drivers\pctNdisLW.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (CFRMD) -- C:\Windows\System32\drivers\CFRMD.sys (Windows ® Win 7 DDK provider)
DRV - (pctDS) -- C:\Windows\System32\drivers\pctDS.sys (PC Tools)
DRV - (AntiLog32) -- C:\Windows\System32\drivers\AntiLog32.sys (Zemana Ltd.)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 9E 33 1A 96 09 CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr/"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2013/02/13 09:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/12 15:58:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/02/12 15:58:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phil\AppData\Roaming\mozilla\Extensions
[2013/02/13 04:10:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\phil\AppData\Roaming\mozilla\Firefox\Profiles\krngak3h.default\extensions
[2013/02/13 04:09:51 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\phil\AppData\Roaming\mozilla\firefox\profiles\krngak3h.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/13 04:10:16 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\phil\AppData\Roaming\mozilla\firefox\profiles\krngak3h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/02/12 15:58:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2013/02/01 19:21:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/02/01 20:18:09 | 000,001,609 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2013/02/01 20:18:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/01 20:18:09 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2013/02/01 20:18:09 | 000,001,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2013/02/01 20:18:09 | 000,001,399 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2013/02/01 20:18:09 | 000,001,169 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4 - HKLM..\Run: [gbrspcontrol] C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1D3689F-46BD-4FE0-B67B-6BA907E93430}: NameServer = 109.0.66.10,109.0.66.20
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (ount)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/13 15:02:31 | 000,000,000 | ---D | C] -- C:\SwSetup
[2013/02/13 14:33:01 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Roaming\WinRAR
[2013/02/13 14:33:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/02/13 14:33:00 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/02/13 14:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/02/13 11:34:18 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Roaming\PC Tools
[2013/02/13 11:34:13 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Roaming\Spam Monitor
[2013/02/13 09:34:46 | 000,062,688 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTBD.sys
[2013/02/13 09:34:45 | 002,280,568 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2013/02/13 09:34:45 | 001,690,744 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2013/02/13 09:34:45 | 000,150,648 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2013/02/13 09:33:58 | 000,909,728 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2013/02/13 09:33:58 | 000,342,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2013/02/13 09:33:57 | 000,260,760 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2013/02/13 09:33:57 | 000,178,584 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2013/02/13 09:33:55 | 000,368,616 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2013/02/13 09:33:55 | 000,163,288 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2013/02/13 09:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2013/02/13 09:33:53 | 000,202,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2013/02/13 09:33:53 | 000,019,464 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctBTFix.sys
[2013/02/13 09:33:52 | 000,577,176 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2013/02/13 09:33:52 | 000,055,008 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2013/02/13 09:33:52 | 000,036,456 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2013/02/13 09:33:43 | 000,128,024 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2013/02/13 09:33:43 | 000,092,608 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2013/02/13 09:33:43 | 000,060,128 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdisLW.sys
[2013/02/13 09:33:43 | 000,033,512 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2013/02/13 09:33:41 | 000,071,752 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2013/02/13 09:33:41 | 000,068,272 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsm.sys
[2013/02/13 09:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2013/02/13 09:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2013/02/13 09:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/02/13 09:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013/02/13 09:20:17 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Roaming\TestApp
[2013/02/13 09:02:25 | 000,032,032 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2013/02/13 09:02:25 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2013/02/13 09:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013/02/13 09:02:13 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Roaming\TuneUp Software
[2013/02/13 09:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2013
[2013/02/13 09:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013/02/13 09:01:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/02/13 09:01:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/02/13 08:52:05 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/02/13 08:45:07 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\phil\Desktop\tdsskiller.exe
[2013/02/13 07:01:44 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\ElevatedDiagnostics
[2013/02/13 06:59:10 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\Diagnostics
[2013/02/13 06:43:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/02/13 06:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/02/13 06:35:45 | 000,000,000 | --SD | C] -- C:\ProgramData\Shared Space
[2013/02/13 06:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2013/02/13 06:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Comodo
[2013/02/13 06:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013/02/13 06:34:06 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\Comodo
[2013/02/13 06:34:04 | 000,042,760 | ---- | C] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2013/02/13 06:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2013/02/13 06:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013/02/13 06:28:23 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Roaming\Macromedia
[2013/02/13 06:28:23 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Local\Macromedia
[2013/02/13 06:28:23 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Roaming\Adobe
[2013/02/13 06:28:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2013/02/13 05:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIDA32 - Personal System Information
[2013/02/13 05:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\AIDA32 - Personal System Information
[2013/02/13 05:44:59 | 000,000,000 | ---D | C] -- C:\Users\phil\Desktop\Tgl0beSCRIPT
[2013/02/13 05:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/02/13 05:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/02/13 05:10:04 | 003,078,656 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2013/02/13 04:58:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\sda
[2013/02/13 04:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2013/02/13 04:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013/02/13 04:46:44 | 000,000,000 | ---D | C] -- C:\Users\phil\AppData\Roaming\Uniblue
[2013/02/13 04:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013/02/13 04:10:47 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\phil\Desktop\TFC.exe
[2013/02/13 04:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
[2013/02/13 04:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPDiag
[2013/02/13 03:59:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/13 03:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/02/13 03:59:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\phil\Desktop\OTL.exe
[2013/02/13 03:58:18 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/02/13 03:58:08 | 000,000,000 | ---D | C] -- C:\ZHP
[2013/02/13 03:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHPFix 1.3
[2013/02/13 03:57:37 | 000,000,000 | ---D | C] -- C:\Program Files\ZHPFix
[2013/02/13 03:55:21 | 000,124,928 | ---- | C] (Tigzy) -- C:\Users\phil\Desktop\LogAnalyzer.exe
[2013/02/13 03:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2013/02/13 03:38:40 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2013/02/13 03:38:39 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2013/02/13 03:38:34 | 000,000,000 | ---D | C] -- C:\Users\phil\Documents\RegRun2
[2013/02/13 03:38:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2013/02/13 03:38:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2013/02/13 03:38:32 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2013/02/13 03:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2013/02/13 03:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/02/13 03:31:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2013/01/24 22:43:02 | 000,354,752 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
[2013/01/24 22:43:02 | 000,035,488 | ---- | C] (COMODO) -- C:\Windows\System32\cmdcsr.dll
[2013/01/24 22:42:50 | 000,263,888 | ---- | C] (COMODO) -- C:\Windows\System32\cmdvrt32.dll
[2013/01/24 22:42:50 | 000,040,656 | ---- | C] (COMODO) -- C:\Windows\System32\cmdkbd32.dll
[2013/01/16 19:51:44 | 000,084,416 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2013/01/16 19:51:44 | 000,043,728 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2013/01/16 19:51:42 | 000,576,768 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2013/01/16 19:51:42 | 000,020,072 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys

========== Files - Modified Within 30 Days ==========

[2013/02/13 15:58:53 | 001,072,881 | ---- | M] () -- C:\Windows\System32\drivers\sfi.dat
[2013/02/13 15:46:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/13 15:16:12 | 000,031,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 15:16:12 | 000,031,312 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/13 15:15:01 | 000,704,480 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2013/02/13 15:15:01 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/13 15:15:01 | 000,130,754 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2013/02/13 15:15:01 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/13 15:09:40 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\dsmonitor.job
[2013/02/13 15:08:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/13 15:08:42 | 2213,351,424 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/13 09:33:54 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2013/02/13 09:02:23 | 000,002,171 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Maintenance en 1 clic.lnk
[2013/02/13 09:02:23 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013/02/13 08:45:19 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\phil\Desktop\tdsskiller.exe
[2013/02/13 06:53:42 | 000,268,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/13 06:43:39 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/13 06:36:10 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
[2013/02/13 06:36:10 | 000,001,838 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/02/13 06:36:10 | 000,000,593 | ---- | M] () -- C:\Users\Public\Desktop\Shared Space.lnk
[2013/02/13 06:34:15 | 000,002,017 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
[2013/02/13 06:34:15 | 000,002,013 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/02/13 06:34:15 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013/02/13 06:34:07 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/02/13 06:34:04 | 000,042,760 | ---- | M] (COMODO CA Limited) -- C:\Windows\System32\certsentry.dll
[2013/02/13 05:57:36 | 000,001,041 | ---- | M] () -- C:\Users\phil\Desktop\AIDA32.lnk
[2013/02/13 05:14:20 | 000,013,153 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2013/02/13 05:10:04 | 003,078,656 | ---- | M] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2013/02/13 05:09:10 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013/02/13 04:46:46 | 000,001,171 | ---- | M] () -- C:\Users\phil\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/02/13 04:46:46 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2013/02/13 04:10:48 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\phil\Desktop\TFC.exe
[2013/02/13 04:07:32 | 000,000,000 | ---- | M] () -- C:\Users\phil\Desktop\LogAnalyZer.ini
[2013/02/13 04:05:07 | 000,000,512 | ---- | M] () -- C:\PhysicalDisk0_MBR.bin
[2013/02/13 04:03:38 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2013/02/13 04:03:38 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2013/02/13 04:03:38 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2013/02/13 03:59:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\phil\Desktop\OTL.exe
[2013/02/13 03:58:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2013/02/13 03:55:22 | 000,124,928 | ---- | M] (Tigzy) -- C:\Users\phil\Desktop\LogAnalyzer.exe
[2013/02/13 03:38:39 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2013/02/13 03:38:36 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/02/13 03:38:36 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2013/02/13 03:38:36 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2013/02/13 03:38:34 | 000,000,913 | ---- | M] () -- C:\Users\phil\Desktop\UnHackMe.lnk
[2013/02/13 03:09:49 | 000,001,036 | ---- | M] () -- C:\Users\phil\Desktop\BiosAgent Plus.lnk
[2013/02/12 14:06:22 | 000,012,800 | ---- | M] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2013/01/31 10:52:14 | 000,032,032 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2013/01/31 10:52:10 | 000,021,792 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2013/01/24 22:43:02 | 000,354,752 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2013/01/24 22:43:02 | 000,035,488 | ---- | M] (COMODO) -- C:\Windows\System32\cmdcsr.dll
[2013/01/24 22:42:50 | 000,263,888 | ---- | M] (COMODO) -- C:\Windows\System32\cmdvrt32.dll
[2013/01/24 22:42:50 | 000,040,656 | ---- | M] (COMODO) -- C:\Windows\System32\cmdkbd32.dll
[2013/01/16 19:51:44 | 000,084,416 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2013/01/16 19:51:44 | 000,043,728 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2013/01/16 19:51:42 | 000,576,768 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2013/01/16 19:51:42 | 000,020,072 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmderd.sys

========== Files Created - No Company Name ==========

[2013/02/13 09:34:45 | 000,769,144 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2013/02/13 09:34:45 | 000,003,488 | ---- | C] () -- C:\Windows\UDB.zip
[2013/02/13 09:34:45 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2013/02/13 09:34:45 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2013/02/13 09:34:45 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2013/02/13 09:33:54 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Internet Security.lnk
[2013/02/13 09:02:23 | 000,002,171 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Maintenance en 1 clic.lnk
[2013/02/13 09:02:23 | 000,002,135 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013/02/13 09:02:22 | 000,002,147 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013/02/13 06:53:24 | 000,268,256 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/13 06:43:39 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/13 06:36:10 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Virtual Comodo Dragon.lnk
[2013/02/13 06:36:10 | 000,001,838 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2013/02/13 06:36:09 | 000,000,593 | ---- | C] () -- C:\Users\Public\Desktop\Shared Space.lnk
[2013/02/13 06:36:04 | 001,072,881 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2013/02/13 06:34:15 | 000,002,017 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk
[2013/02/13 06:34:15 | 000,002,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013/02/13 06:34:15 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013/02/13 06:34:07 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2013/02/13 06:28:01 | 000,001,002 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/13 05:57:36 | 000,001,041 | ---- | C] () -- C:\Users\phil\Desktop\AIDA32.lnk
[2013/02/13 05:14:20 | 000,013,153 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013/02/13 05:09:10 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013/02/13 04:46:48 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\dsmonitor.job
[2013/02/13 04:46:46 | 000,001,171 | ---- | C] () -- C:\Users\phil\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/02/13 04:46:46 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2013/02/13 04:05:07 | 000,000,512 | ---- | C] () -- C:\PhysicalDisk0_MBR.bin
[2013/02/13 04:03:38 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\MBRCheck.lnk
[2013/02/13 04:03:38 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\ZHPDiag.lnk
[2013/02/13 03:59:40 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2013/02/13 03:58:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2013/02/13 03:57:38 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\ZHPFix.lnk
[2013/02/13 03:55:50 | 000,000,000 | ---- | C] () -- C:\Users\phil\Desktop\LogAnalyZer.ini
[2013/02/13 03:38:36 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2013/02/13 03:38:34 | 000,000,913 | ---- | C] () -- C:\Users\phil\Desktop\UnHackMe.lnk
[2013/02/13 03:09:49 | 000,001,036 | ---- | C] () -- C:\Users\phil\Desktop\BiosAgent Plus.lnk
[2013/02/13 03:08:18 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/02/13 03:07:36 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2011/04/12 02:35:45 | 000,704,480 | ---- | C] () -- C:\Windows\System32\perfh00C.dat
[2011/04/12 02:35:45 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat
[2011/04/12 02:35:45 | 000,130,754 | ---- | C] () -- C:\Windows\System32\perfc00C.dat
[2011/04/12 02:35:45 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/13 11:34:13 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\Spam Monitor
[2013/02/13 09:20:17 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\TestApp
[2013/02/13 09:02:13 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\TuneUp Software
[2013/02/13 04:46:44 | 000,000,000 | ---D | M] -- C:\Users\phil\AppData\Roaming\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >
  • 0

#3
Sangoino
Posted 13 February 2013 - 09:16 AM

Sangoino

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OTL Extras logfile created on: 13/02/2013 15:59:10 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\phil\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 0000040c | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,75 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 62,70% Memory free
5,50 Gb Paging File | 4,15 Gb Available in Paging File | 75,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 215,96 Gb Free Space | 92,77% Space Free | Partition Type: NTFS

Computer Name: PHIL-PC | User Name: phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{43C0CACD-F9A8-4F17-A84C-0A203B2BAE6D}" = GeekBuddy
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{BCC0552D-76C0-4130-BFBD-49BE49ACC594}" = COMODO Internet Security
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = DriverScanner
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CCD96AE0-7A64-431F-ADEF-4AC02C82DBF2}" = TuneUp Utilities Language Pack (fr-FR)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIDA32_is1" = AIDA32 v3.93
"AntiLogger" = AntiLogger
"Browser Defender_is1" = Browser Guard 4.0
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Comodo Dragon" = Comodo Dragon
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"Mozilla Firefox 18.0.2 (x86 fr)" = Mozilla Firefox 18.0.2 (x86 fr)
"NVIDIA Drivers" = NVIDIA Drivers
"Spyware Doctor" = PC Tools Internet Security 9.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"UnHackMe_is1" = UnHackMe 5.99 release
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"ZHPDiag_is1" = ZHPDiag 1.3.5
"ZHPFix_is1" = ZHPFix 1.3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 13/02/2013 03:54:57 | Computer Name = phil-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante unit.exe, version : 4.0.0.0, horodatage
: 0x50d17002 Nom du module défaillant : AutorunsWrapper.dll, version : 1.0.0.1,
horodatage : 0x508e773c Code d’exception : 0xc0000417 Décalage d’erreur : 0x00143d3a
ID
du processus défaillant : 0xbbc Heure de début de l’application défaillante : 0x01ce09bf5d06cf70
Chemin
d’accès de l’application défaillante : C:\Program Files\Comodo\GeekBuddy\unit.exe
Chemin
d’accès du module défaillant: C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-3\AutorunsWrapper.dll
ID
de rapport : a854fa10-75b2-11e2-8a78-00226972a432

Error - 13/02/2013 03:55:16 | Computer Name = phil-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/02/2013 04:07:00 | Computer Name = phil-PC | Source = VSS | ID = 8193
Description =

Error - 13/02/2013 04:08:36 | Computer Name = phil-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/02/2013 04:33:11 | Computer Name = phil-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/02/2013 06:31:33 | Computer Name = phil-PC | Source = VSS | ID = 8193
Description =

Error - 13/02/2013 06:33:12 | Computer Name = phil-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/02/2013 10:08:47 | Computer Name = phil-PC | Source = VSS | ID = 8193
Description =

Error - 13/02/2013 10:10:26 | Computer Name = phil-PC | Source = WinMgmt | ID = 10
Description =

Error - 13/02/2013 10:10:35 | Computer Name = phil-PC | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante unit.exe, version : 4.0.0.0, horodatage
: 0x50d17002 Nom du module défaillant : AutorunsWrapper.dll, version : 1.0.0.1,
horodatage : 0x508e773c Code d’exception : 0xc0000417 Décalage d’erreur : 0x00143d3a
ID
du processus défaillant : 0xe90 Heure de début de l’application défaillante : 0x01ce09f3c9c050d0
Chemin
d’accès de l’application défaillante : C:\Program Files\Comodo\GeekBuddy\unit.exe
Chemin
d’accès du module défaillant: C:\Program Files\COMODO\GeekBuddy\lps-cspm\components\core\component-3\AutorunsWrapper.dll
ID
de rapport : 2269f240-75e7-11e2-b304-e241478f0880

[ System Events ]
Error - 13/02/2013 04:32:52 | Computer Name = phil-PC | Source = Service Control Manager | ID = 7003
Description = Le service Fournisseur HomeGroup dépend du service suivant : fdphost.
Ce dernier n’est peut-être pas installé.

Error - 13/02/2013 04:33:32 | Computer Name = phil-PC | Source = DCOM | ID = 10005
Description =

Error - 13/02/2013 06:31:34 | Computer Name = phil-PC | Source = Service Control Manager | ID = 7024
Description = Le service Pare-feu Windows s’est arrêté avec l’erreur service particulière
%%5.

Error - 13/02/2013 06:31:35 | Computer Name = phil-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 20
Description = Une erreur matérielle irrécupérable s’est produite. Composant : AMD
Northbridge Source de l’erreur : 3 Type d’erreur : 11 ID du processeur : 0 Pour plus
d’informations, consultez les détails de cette entrée.

Error - 13/02/2013 06:33:18 | Computer Name = phil-PC | Source = Service Control Manager | ID = 7003
Description = Le service Fournisseur HomeGroup dépend du service suivant : fdphost.
Ce dernier n’est peut-être pas installé.

Error - 13/02/2013 06:49:32 | Computer Name = phil-PC | Source = PCTCore | ID = 327960
Description = The item store is corrupted: @5644.

Error - 13/02/2013 08:58:17 | Computer Name = phil-PC | Source = Service Control Manager | ID = 7003
Description = Le service Fournisseur HomeGroup dépend du service suivant : fdphost.
Ce dernier n’est peut-être pas installé.

Error - 13/02/2013 10:05:30 | Computer Name = phil-PC | Source = DCOM | ID = 10010
Description =

Error - 13/02/2013 10:08:48 | Computer Name = phil-PC | Source = Service Control Manager | ID = 7024
Description = Le service Pare-feu Windows s’est arrêté avec l’erreur service particulière
%%5.

Error - 13/02/2013 10:10:10 | Computer Name = phil-PC | Source = Service Control Manager | ID = 7003
Description = Le service Fournisseur HomeGroup dépend du service suivant : fdphost.
Ce dernier n’est peut-être pas installé.


< End of report >
  • 0

#4
Sangoino
Posted 13 February 2013 - 10:00 AM

Sangoino

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 32-bit
Base Board Manufacturer: Wistron
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: Compaq Presario CQ50 Notebook PC
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 168):
0x82A54000 \SystemRoot\system32\ntkrnlpa.exe
0x82A1D000 \SystemRoot\system32\halmacpi.dll
0x80BAA000 \SystemRoot\system32\kdcom.dll
0x8A41A000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x8A425000 \SystemRoot\system32\PSHED.dll
0x8A436000 \SystemRoot\system32\BOOTVID.dll
0x8A43E000 \SystemRoot\system32\CLFS.SYS
0x8A480000 \SystemRoot\system32\CI.dll
0x8A52B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A5AC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8A5BA000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A5EE000 \SystemRoot\system32\drivers\Partizan.sys
0x8A601000 \SystemRoot\system32\drivers\ACPI.sys
0x8A649000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8A652000 \SystemRoot\system32\drivers\msisadrv.sys
0x8A65A000 \SystemRoot\system32\drivers\pci.sys
0x8A684000 \SystemRoot\system32\drivers\vdrvroot.sys
0x8A68F000 \SystemRoot\system32\DRIVERS\iusb3hcs.sys
0x8A696000 \SystemRoot\System32\drivers\partmgr.sys
0x8A6A7000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8A6AF000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8A6BA000 \SystemRoot\system32\drivers\volmgr.sys
0x8A6CA000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A715000 \SystemRoot\system32\drivers\pciide.sys
0x8A71C000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8A72A000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A740000 \SystemRoot\system32\drivers\atapi.sys
0x8A749000 \SystemRoot\system32\drivers\ataport.SYS
0x8A76C000 \SystemRoot\system32\drivers\amdxata.sys
0x8A775000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A786000 \SystemRoot\system32\drivers\pctDS.sys
0x8A83A000 \SystemRoot\system32\drivers\PCTCore.sys
0x8A896000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A9C5000 \SystemRoot\System32\Drivers\msrpc.sys
0x8A800000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AA20000 \SystemRoot\System32\Drivers\cng.sys
0x8AA7D000 \SystemRoot\System32\drivers\pcw.sys
0x8AA8B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8AA94000 \SystemRoot\system32\drivers\ndis.sys
0x8AB4B000 \SystemRoot\system32\drivers\NETIO.SYS
0x8AB89000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8AC0D000 \SystemRoot\System32\drivers\tcpip.sys
0x8AD59000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AD8A000 \SystemRoot\system32\drivers\vmstorfl.sys
0x8AD93000 \SystemRoot\system32\drivers\volsnap.sys
0x8ADD2000 \SystemRoot\System32\Drivers\spldr.sys
0x8ABAE000 \SystemRoot\System32\drivers\rdyboost.sys
0x8ADDA000 \SystemRoot\System32\Drivers\mup.sys
0x8ADEA000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8AE2D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8AE5F000 \SystemRoot\system32\drivers\disk.sys
0x8AE70000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8AEC7000 \SystemRoot\System32\DRIVERS\cmderd.sys
0x8AECF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AEEE000 \SystemRoot\system32\DRIVERS\cmdguard.sys
0x8AF7F000 \SystemRoot\system32\DRIVERS\CFRMD.sys
0x8AF8A000 \SystemRoot\System32\Drivers\Null.SYS
0x8AF91000 \SystemRoot\System32\Drivers\Beep.SYS
0x8AF98000 \SystemRoot\System32\drivers\vga.sys
0x8AFA4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AFC5000 \SystemRoot\System32\drivers\watchdog.sys
0x8AFD2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8AFDA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8AFE2000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8AFEA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8AE00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8AE0E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8ADF2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8F805000 \??\C:\Windows\System32\drivers\pctgntdi.sys
0x8F843000 \Device\Harddisk0\Partition2\Windows\system32\drivers\PctWfpFilter.sys
0x8F873000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x8F87F000 \SystemRoot\system32\drivers\afd.sys
0x8F8D9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8F90B000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8F912000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8F931000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x8F942000 \SystemRoot\system32\DRIVERS\inspect.sys
0x8F958000 \SystemRoot\system32\DRIVERS\pctNdisLW.sys
0x8F969000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8F977000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8F98A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8F99B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90006000 \SystemRoot\System32\Drivers\PCTSD.sys
0x9003B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90045000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x9004F000 \SystemRoot\System32\drivers\discache.sys
0x9005B000 \SystemRoot\system32\drivers\csc.sys
0x900BF000 \SystemRoot\System32\Drivers\dfsc.sys
0x900D7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x900E5000 \??\C:\Windows\system32\drivers\AntiLog32.sys
0x9010B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x9012C000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x9013D000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90146000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x9015E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9016B000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x9019B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9019D000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x901AA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x901AE000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x9020C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x90257000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90266000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90285000 \SystemRoot\system32\DRIVERS\nvmf6232.sys
0x90E38000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x916D5000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x916D7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x9178E000 \SystemRoot\System32\drivers\dxgmms1.sys
0x90615000 \SystemRoot\system32\DRIVERS\athr.sys
0x90916000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x90920000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9092D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x9093F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90957000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90962000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90984000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9099C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x909B3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x909CA000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x909D4000 \SystemRoot\system32\DRIVERS\swenum.sys
0x917C7000 \SystemRoot\system32\DRIVERS\ks.sys
0x909D6000 \SystemRoot\system32\DRIVERS\umbus.sys
0x902CD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x909E4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90311000 \SystemRoot\system32\drivers\CHDRT32.sys
0x90E00000 \SystemRoot\system32\drivers\portcls.sys
0x9034C000 \SystemRoot\system32\drivers\drmk.sys
0x90365000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x91814000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x91916000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x919CB000 \SystemRoot\system32\drivers\modem.sys
0x919D8000 \SystemRoot\system32\drivers\nvhda32v.sys
0x903A2000 \SystemRoot\System32\Drivers\RtsUStor.sys
0x94C90000 \SystemRoot\System32\win32k.sys
0x91800000 \SystemRoot\System32\drivers\Dxapi.sys
0x90600000 \SystemRoot\System32\Drivers\crashdmp.sys
0x909F5000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9180A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x903D4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x903E5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94F00000 \SystemRoot\System32\TSDDD.dll
0x94F30000 \SystemRoot\System32\cdd.dll
0x901B8000 \SystemRoot\system32\drivers\luafv.sys
0x901D3000 \SystemRoot\system32\drivers\WudfPf.sys
0x903F0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9702A000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x97070000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x97080000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97093000 \SystemRoot\System32\drivers\mpsdrv.sys
0x970BD000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x970C1000 \??\C:\Windows\system32\drivers\PCTAppEvent.sys
0x970E7000 \SystemRoot\system32\drivers\peauth.sys
0x9717E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x97188000 \SystemRoot\System32\drivers\tcpipreg.sys
0x97195000 \SystemRoot\system32\DRIVERS\XAudio32.sys
0x9719D000 \??\C:\Windows\system32\drivers\pctNdis-PacketFilter.sys
0x971B2000 \??\C:\Windows\System32\drivers\pctplfw.sys
0x971D0000 \??\C:\Windows\System32\drivers\pctplsg.sys
0x971E0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x971EB000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x97000000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x97007000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x97012000 \??\C:\Windows\System32\drivers\pctplsm.sys
0x97021000 \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
0x970A5000 \SystemRoot\System32\Drivers\PCTBD.sys
0x77080000 \Windows\System32\ntdll.dll
0x48320000 \Windows\System32\smss.exe
0x772C0000 \Windows\System32\apisetschema.dll

Processes (total 56):
0 System Idle Process
4 System
368 C:\Windows\System32\smss.exe
492 csrss.exe
568 C:\Windows\System32\wininit.exe
580 csrss.exe
628 C:\Windows\System32\services.exe
644 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\winlogon.exe
800 C:\Windows\System32\svchost.exe
864 C:\Program Files\Common Files\Comodo\launcher_service.exe
884 C:\Windows\System32\nvvsvc.exe
924 C:\Windows\System32\svchost.exe
972 C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
1056 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\svchost.exe
1364 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1372 C:\Windows\System32\nvvsvc.exe
1672 C:\Windows\System32\svchost.exe
1760 C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
1792 C:\Program Files\Comodo\Dragon\dragon_updater.exe
1836 C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
1868 C:\Windows\System32\svchost.exe
1980 C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
2028 C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
464 C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
908 cavwp.exe
2828 C:\Windows\System32\taskhost.exe
2892 C:\Windows\System32\taskeng.exe
2900 C:\Windows\System32\dwm.exe
2960 C:\Windows\explorer.exe
3004 C:\Program Files\UnHackMe\hackmon.exe
3016 C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
3052 C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
3112 C:\Program Files\AntiLogger\AntiLogger.exe
3120 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3136 C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
3152 C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
3232 C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe
3552 C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
3644 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2760 C:\Program Files\Comodo\COMODO Internet Security\cis.exe
1012 C:\Windows\System32\SearchIndexer.exe
4244 C:\Program Files\Mozilla Firefox\firefox.exe
4480 C:\Windows\System32\svchost.exe
7084 WmiPrvSE.exe
13616 C:\Users\phil\Desktop\OTL.exe
19356 C:\Windows\System32\SearchProtocolHost.exe
19656 C:\Windows\System32\SearchFilterHost.exe
17632 C:\Windows\System32\audiodg.exe
20752 C:\Users\phil\Downloads\MBRCheck.exe
20764 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK2552GSX, Rev: LV011C

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP