Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BSOD when logging with administrative privileges!


  • This topic is locked This topic is locked
10 replies to this topic

#1 Guest_liubomirwm_*

Guest_liubomirwm_*

  • Guests
  • OFFLINE
  •  

Posted 15 April 2013 - 10:38 AM

For 3rd time in the last 2 months i see black screen of death when i try to login into an account of administrator. For daily use i login as a standard user with UAC enabled, but today i tried to login because i was planning to use a Microsoft Fix IT application. I use Bitdefender antivirus free edition (which autoscan the computer every day and no virus was detected), Privatefirewall, Secunia PSI and fully updated Windows 7 Ultimate 32-bit. I have run a quick scan with OTL(no settings canged except that i have checked the option scan all users)- log file posted below.

 

 

 

OTL logfile created on: 15.4.2013 г. 18:24:24 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000402 | Country: ÐÑлгаÑÐ¸Ñ | Language: BGR | Date Format: d.M.yyyy 'г.'
 
2,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 39,48% Memory free
5,99 Gb Paging File | 3,51 Gb Available in Paging File | 58,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 75,04 Gb Total Space | 44,39 Gb Free Space | 59,15% Space Free | Partition Type: NTFS
Drive D: | 388,62 Gb Total Space | 374,51 Gb Free Space | 96,37% Space Free | Partition Type: NTFS
Drive F: | 1,99 Gb Total Space | 1,98 Gb Free Space | 99,61% Space Free | Partition Type: FAT32
 
Computer Name: SUPER-PC | User Name: bojanka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.15 18:21:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2013.04.09 11:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013.03.21 12:53:54 | 012,250,424 | ---- | M] (Zemana Ltd.) -- C:\Program Files\Zemana AntiLogger Free\AntiLogger Free.exe
PRC - [2013.02.08 10:03:23 | 000,235,728 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
PRC - [2013.02.08 10:03:23 | 000,027,136 | ---- | M] (Bitdefender) -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
PRC - [2013.02.06 17:46:16 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013.01.14 23:16:42 | 003,011,400 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
PRC - [2013.01.14 23:16:42 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
PRC - [2013.01.08 09:59:20 | 000,228,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2012.12.21 18:56:44 | 001,090,040 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.12.19 10:49:22 | 000,179,176 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.12.19 10:49:12 | 000,149,480 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012.12.16 14:25:22 | 000,026,896 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SandboxieRpcSs.exe
PRC - [2012.12.16 14:25:22 | 000,019,216 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
PRC - [2012.12.16 14:25:22 | 000,016,144 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SandboxieCrypto.exe
PRC - [2012.12.16 14:25:20 | 000,545,552 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012.12.16 14:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012.11.26 17:09:22 | 001,225,312 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\PSIA.exe
PRC - [2012.11.26 17:09:20 | 000,573,024 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012.11.23 05:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.03.23 09:25:10 | 000,125,504 | ---- | M] () -- C:\Program Files\INet\BackgroundService\ModemListener.exe
PRC - [2012.03.14 12:05:10 | 000,053,312 | ---- | M] () -- C:\Program Files\INet\BackgroundService\ServiceManager.exe
PRC - [2012.01.20 22:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011.09.15 18:12:24 | 000,397,312 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.09.15 18:12:02 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.04.11 11:55:58 | 000,024,384 | ---- | M] (BitDefender) -- C:\Program Files\BitDefender\TrafficLight\bsserv.exe
PRC - [2011.02.25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.06.17 00:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2009.07.14 04:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009.07.14 04:14:19 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAuthn.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.09 11:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013.04.09 11:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013.04.09 11:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 11:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 11:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 11:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013.02.16 18:42:27 | 001,641,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationUI\5937c4ad4f0f3429787650f89d22a9a9\PresentationUI.ni.dll
MOD - [2013.02.13 18:30:44 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013.01.18 18:41:25 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\00b3e4fe5239ad310594f6a6ea0951da\UIAutomationTypes.ni.dll
MOD - [2013.01.18 18:41:25 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\a1b65a602c75409c0c1ce7fa1f2a0983\UIAutomationProvider.ni.dll
MOD - [2013.01.18 18:41:12 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.18 18:40:25 | 000,044,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Accessibility\e290208a6d4ea4451ac118f1e0c3b488\Accessibility.ni.dll
MOD - [2013.01.11 08:29:29 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013.01.11 08:29:08 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013.01.11 08:28:52 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.11 08:28:49 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013.01.11 08:28:42 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.11 08:28:35 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.11 08:28:30 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.11 08:28:27 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.11 08:28:18 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012.12.21 18:57:44 | 000,276,984 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.12.21 18:57:44 | 000,093,176 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\qjson.dll
MOD - [2012.12.21 18:57:28 | 002,653,176 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.12.21 18:57:28 | 000,364,536 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.12.21 18:57:26 | 011,166,712 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.12.21 18:57:24 | 000,206,328 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.12.21 18:57:22 | 001,347,064 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.12.21 18:57:22 | 001,014,776 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.12.21 18:57:22 | 000,720,888 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.12.21 18:57:20 | 008,507,384 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.12.21 18:57:20 | 000,520,696 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.12.21 18:57:18 | 002,481,144 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.12.21 18:57:18 | 002,354,168 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.12.21 18:57:14 | 000,446,456 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.12.21 18:57:10 | 000,207,352 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
MOD - [2012.12.21 18:57:10 | 000,035,832 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
MOD - [2012.12.21 18:57:08 | 000,033,272 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
MOD - [2012.12.21 18:56:40 | 000,438,264 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012.12.21 18:56:00 | 000,606,200 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.12.21 16:29:52 | 000,391,600 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.12.21 16:29:52 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.12.21 16:29:14 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2012.07.17 07:45:13 | 000,508,136 | ---- | M] () -- C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
MOD - [2012.03.23 09:25:10 | 000,125,504 | ---- | M] () -- C:\Program Files\INet\BackgroundService\ModemListener.exe
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010.06.17 00:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.08 10:03:23 | 000,027,136 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe -- (gzserv)
SRV - [2013.01.14 23:16:42 | 000,374,600 | ---- | M] (Privacyware/PWI, Inc.) [Auto | Running] -- C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe -- (PFNet)
SRV - [2012.12.19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.12.16 14:25:18 | 000,085,776 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.12.11 20:33:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.11.26 17:09:22 | 001,225,312 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.11.26 17:09:20 | 000,659,040 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.09.20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.03.14 12:05:10 | 000,053,312 | ---- | M] () [Auto | Running] -- C:\Program Files\INet\BackgroundService\ServiceManager.exe -- (Alcatel Limo Modem Device Helper)
SRV - [2011.09.15 18:12:02 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.04.11 11:55:58 | 000,024,384 | ---- | M] (BitDefender) [Auto | Running] -- C:\Program Files\BitDefender\TrafficLight\bsserv.exe -- (bsserv)
SRV - [2009.07.14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\BitDefender\TrafficLight\bdselfpr.sys -- (bdselfpr)
DRV - File not found [Kernel | System | Running] -- C:\Windows\system32\drivers\AntiLog32.sys -- (AntiLog32)
DRV - [2013.03.21 12:53:52 | 000,023,736 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KeyCrypt32.sys -- (keycrypt)
DRV - [2013.03.15 20:30:30 | 000,188,176 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2013.03.15 20:30:06 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2013.03.15 20:30:06 | 000,094,480 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2013.03.15 20:29:12 | 000,115,984 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2013.02.08 17:45:32 | 000,031,360 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2013.01.26 17:37:28 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012.12.25 20:08:42 | 000,128,672 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\pwipf6.sys -- (pwipf6)
DRV - [2012.12.16 14:25:16 | 000,157,776 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012.11.28 20:49:00 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2012.11.09 16:33:32 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2012.11.09 16:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.11.09 16:33:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2012.11.09 16:33:30 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.11.09 16:33:30 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.10.31 12:13:10 | 000,343,456 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\trufos.sys -- (trufos)
DRV - [2012.10.31 01:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012.10.29 14:23:45 | 000,093,648 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys -- (bdfwfpf)
DRV - [2012.10.17 14:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.10.10 14:00:04 | 000,622,616 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avc3.sys -- (avc3)
DRV - [2012.10.04 13:30:05 | 000,162,976 | ---- | M] (BitDefender LLC) [File_System | System | Running] -- C:\Windows\System32\drivers\gzflt.sys -- (gzflt)
DRV - [2012.08.23 17:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 17:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.08.01 21:13:42 | 000,035,560 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\hssdrv6.sys -- (HssDRV6)
DRV - [2012.08.01 21:13:40 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2012.06.20 09:43:02 | 002,957,312 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2012.04.04 17:52:56 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.02.17 15:45:12 | 000,447,208 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\avckf.sys -- (avckf)
DRV - [2011.09.15 18:49:58 | 008,598,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.09.15 17:38:26 | 000,257,024 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.06.20 09:00:46 | 000,118,272 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AlcatelOTUsbnet.sys -- (AlcatelOTnet)
DRV - [2011.06.20 09:00:46 | 000,106,112 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jrdusbser.sys -- (jrdusbser)
DRV - [2011.02.25 15:38:54 | 000,090,704 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\BitDefender\TrafficLight\bdfwfpf.sys -- (bdfwfpf_bs)
DRV - [2010.11.20 15:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 15:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 15:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 12:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 12:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.01 11:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.07.14 02:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\bojanka\Desktop\downloads
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 05 51 D7 6E 99 CD 01  [binary data]
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No CLSID value found
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\..\URLSearchHook: {da30eff8-ccc6-4162-a20d-67402a26a215} - No CLSID value found
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = D:\downloads
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = bg-BG
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 39 41 35 63 C1 CD 01  [binary data]
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..\SearchScopes,bProtectorDefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..\SearchScopes,BrowserMngrDefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com?fr=fp-comodo"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-comodo"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-comodo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
 
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ntfdsaftsfdfdxx@mozilla.org: C:\Users\user\AppData\Roaming\iPumper\extension_firefox.xpi
 
[2012.09.03 18:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bojanka\AppData\Roaming\mozilla\Extensions
[2012.11.12 19:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bojanka\AppData\Roaming\mozilla\Firefox\Profiles\xufoh5eo.default\extensions
[2012.09.24 17:39:28 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\bojanka\AppData\Roaming\mozilla\Firefox\Profiles\xufoh5eo.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012.09.17 15:48:47 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\bojanka\AppData\Roaming\mozilla\Firefox\Profiles\xufoh5eo.default\extensions\ffxtlbr@incredibar.com
[2012.09.17 17:01:35 | 000,002,223 | ---- | M] () -- C:\Users\bojanka\AppData\Roaming\mozilla\firefox\profiles\xufoh5eo.default\searchplugins\BabylonMngr.xml
[2012.11.03 14:44:51 | 000,002,536 | ---- | M] () -- C:\Users\bojanka\AppData\Roaming\mozilla\firefox\profiles\xufoh5eo.default\searchplugins\browsemngr.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\bojanka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\nplastpass.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - Extension: LastPass = C:\Users\bojanka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.24_0\
 
O1 HOSTS File: ([2013.02.02 20:11:14 | 000,000,867 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll ()
O3 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..\Toolbar\WebBrowser: (no name) - {DA30EFF8-CCC6-4162-A20D-67402A26A215} - No CLSID value found.
O3 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Alcatel Limo ModemListener] C:\Program Files\INet\BackgroundService\ModemListener.exe ()
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Privatefirewall] C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe (Privacyware/PWI, Inc.)
O4 - HKLM..\Run: [ZALFree] C:\Program Files\Zemana AntiLogger Free\AntiLogger Free.exe (Zemana Ltd.)
O4 - HKU\S-1-5-21-3413393324-4158200969-766036720-1000..\Run: []  File not found
O4 - HKU\S-1-5-21-3413393324-4158200969-766036720-1000..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-3413393324-4158200969-766036720-1000..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-3413393324-4158200969-766036720-1000..\Run: [uTorrent] C:\Program Files\Utorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ÐзÑÑзване на екÑан и ÑÑаÑÑиÑане на OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3413393324-4158200969-766036720-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Sandbox_user_DefaultBox\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &ÐкÑпоÑÑиÑане кÑм Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &ÐзпÑаÑи кÑм OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: LastPass - file://C:\Users\user\AppData\LocalLow\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass попÑлване на ÑоÑми - file://C:\Users\user\AppData\LocalLow\LastPass\context.html?cmd=fillforms File not found
O9 - Extra Button: ÐзпÑаÑи кÑм OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &ÐзпÑаÑи кÑм OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra Button: &СвÑÑзани бележки на OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &СвÑÑзани бележки на OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..Trusted Domains: microsoft.com ([*.update] http in Ðадеждни ÑайÑове)
O15 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..Trusted Domains: microsoft.com ([*.update] https in Ðадеждни ÑайÑове)
O15 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..Trusted Domains: microsoft.com ([update] http in Ðадеждни ÑайÑове)
O15 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..Trusted Domains: microsoft.com ([update] https in Ðадеждни ÑайÑове)
O15 - HKU\S-1-5-21-3413393324-4158200969-766036720-1001\..Trusted Domains: windowsupdate.com ([download] http in Ðадеждни ÑайÑове)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1FA0FDC3-A796-4295-95AF-7CC6BED9A1CE}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7266B77B-60A3-4358-9E74-F158F50E0BD9}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A01061AE-D600-4CAF-B0FD-9279B78CB546}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A01061AE-D600-4CAF-B0FD-9279B78CB546}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLL) - C:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLL (Zemana Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{76194870-fe51-11e1-a835-446d5714f1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{76194870-fe51-11e1-a835-446d5714f1f1}\Shell\AutoRun\command - "" = H:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.15 15:56:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
[2013.04.15 15:56:40 | 000,023,736 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\drivers\KeyCrypt32.sys
[2013.04.15 15:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\KeyCryptSDK
[2013.04.15 15:56:38 | 000,000,000 | ---D | C] -- C:\Program Files\Zemana AntiLogger Free
[2013.04.15 08:33:42 | 000,241,992 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013.04.11 17:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitDefender TrafficLight
[2013.04.09 22:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
[2013.04.09 22:38:13 | 000,622,616 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avc3.sys
[2013.04.09 22:38:13 | 000,447,208 | ---- | C] (BitDefender) -- C:\Windows\System32\drivers\avckf.sys
[2013.04.09 22:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bitdefender
[2013.04.09 22:26:49 | 000,343,456 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\trufos.sys
[2013.04.09 22:26:48 | 000,162,976 | ---- | C] (BitDefender LLC) -- C:\Windows\System32\drivers\gzflt.sys
[2013.04.07 22:32:03 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2013.04.07 14:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.04.01 12:45:53 | 000,000,000 | ---D | C] -- C:\Users\bojanka\AppData\Roaming\uTorrent
[2013.04.01 12:45:53 | 000,000,000 | ---D | C] -- C:\Program Files\Utorrent
[2013.03.31 22:51:53 | 000,000,000 | ---D | C] -- C:\Users\bojanka\Desktop\Zemana Antilogger v1.9.3.181
[2013.03.31 22:36:08 | 000,000,000 | ---D | C] -- C:\Users\bojanka\AppData\Local\Zemana
[2013.03.31 22:36:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2013.03.23 18:48:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2013.03.22 22:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\GZ
[2013.03.22 20:58:06 | 000,000,000 | ---D | C] -- C:\Users\bojanka\AppData\Roaming\PC Suite
[2013.03.22 18:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013.03.22 13:44:37 | 000,000,000 | ---D | C] -- C:\Users\bojanka\AppData\Local\Nokia
[2013.03.22 13:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2013.03.22 13:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2013.03.22 13:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2013.03.22 13:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2013.03.22 13:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.03.22 13:42:26 | 000,019,072 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2013.03.22 13:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2013.03.22 13:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2013.03.22 13:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2013.03.21 02:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2013.03.20 22:44:02 | 000,000,000 | ---D | C] -- C:\Users\bojanka\AppData\Roaming\Progpro
[2013.03.19 19:30:15 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.03.17 15:48:38 | 000,000,000 | ---D | C] -- C:\Users\bojanka\AppData\Local\Privatefirewall
[2013.03.17 11:43:44 | 000,128,672 | ---- | C] (Privacyware/PWI, Inc.) -- C:\Windows\System32\drivers\pwipf6.sys
[2013.03.17 11:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privatefirewall 7.0
[2013.03.17 11:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Privacyware
[2012.12.22 12:35:36 | 011,004,488 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.15 17:51:01 | 000,000,988 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.15 17:23:22 | 000,034,752 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 17:23:22 | 000,034,752 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 16:51:00 | 000,000,984 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.15 15:56:44 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\AntiLogger Free.lnk
[2013.04.15 15:19:00 | 000,625,330 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.15 15:19:00 | 000,112,358 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.15 15:14:16 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.04.15 15:13:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.15 15:13:42 | 2410,733,568 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.15 08:33:42 | 000,241,992 | ---- | M] (BitDefender) -- C:\Windows\System32\drivers\avchv.sys
[2013.04.14 12:53:49 | 000,007,662 | ---- | M] () -- C:\Users\bojanka\AppData\Local\Resmon.ResmonCfg
[2013.04.12 19:47:42 | 000,002,626 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013.04.10 20:05:37 | 000,409,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.09 22:54:08 | 000,384,674 | ---- | M] () -- C:\ProgramData\1365532597.bdinstall.bin
[2013.04.09 19:29:33 | 000,076,543 | ---- | M] () -- C:\ProgramData\1365524788.bdinstall.bin
[2013.04.09 19:26:28 | 000,022,661 | ---- | M] () -- C:\ProgramData\1365524784.bdinstall.bin
[2013.04.09 18:17:55 | 000,149,896 | ---- | M] () -- C:\ProgramData\1365520394.bdinstall.bin
[2013.04.09 18:13:14 | 000,021,559 | ---- | M] () -- C:\ProgramData\1365520385.bdinstall.bin
[2013.04.06 18:07:45 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.04.03 02:52:33 | 000,141,520 | ---- | M] () -- C:\ProgramData\1364946634.bdinstall.bin
[2013.04.03 02:50:33 | 000,022,734 | ---- | M] () -- C:\ProgramData\1364946630.bdinstall.bin
[2013.04.03 02:25:14 | 000,024,899 | ---- | M] () -- C:\ProgramData\1364945069.bdinstall.bin
[2013.04.03 02:24:28 | 000,022,735 | ---- | M] () -- C:\ProgramData\1364945061.bdinstall.bin
[2013.04.01 12:45:53 | 000,000,937 | ---- | M] () -- C:\Users\bojanka\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013.04.01 12:45:53 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013.04.01 12:22:52 | 000,000,333 | ---- | M] () -- C:\Users\bojanka\Documents\Zemana AntiLogger Activation.url
[2013.03.23 18:48:55 | 000,000,617 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013.03.22 20:58:04 | 000,000,664 | RHS- | M] () -- C:\Users\bojanka\ntuser.pol
[2013.03.22 13:46:26 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2013.03.22 13:43:41 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2013.03.21 12:53:52 | 000,023,736 | ---- | M] (Zemana Ltd.) -- C:\Windows\System32\drivers\KeyCrypt32.sys
[2013.03.21 02:49:19 | 000,001,915 | ---- | M] () -- C:\Users\bojanka\Desktop\Update Checker.lnk
[2013.03.20 23:13:01 | 000,728,884 | ---- | M] () -- C:\Users\bojanka\Desktop\AppLocker.Setup.1.3.zip
[2013.03.20 16:16:33 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.03.18 19:43:42 | 000,023,915 | ---- | M] () -- C:\ProgramData\1363625007.bdinstall.bin
[2013.03.18 19:43:26 | 000,022,734 | ---- | M] () -- C:\ProgramData\1363624999.bdinstall.bin
[2013.03.18 19:41:39 | 000,081,532 | ---- | M] () -- C:\Users\bojanka\Desktop\cc_20130318_184123.reg
[2013.03.18 18:03:27 | 000,160,011 | ---- | M] () -- C:\ProgramData\1363618566.bdinstall.bin
[2013.03.18 17:55:27 | 000,172,651 | ---- | M] () -- C:\ProgramData\1363616956.bdinstall.bin
[2013.03.18 17:21:29 | 000,082,798 | ---- | M] () -- C:\ProgramData\1363616431.bdinstall.bin
[2013.03.18 17:14:53 | 000,002,186 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.03.18 09:07:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.03.17 23:29:27 | 000,000,335 | ---- | M] () -- C:\ProgramData\1363552141.2952.bin
[2013.03.17 23:29:23 | 000,002,062 | ---- | M] () -- C:\ProgramData\1363552141.3528.bin
[2013.03.17 23:29:15 | 000,024,288 | ---- | M] () -- C:\ProgramData\1363552141.3520.bin
[2013.03.17 11:43:37 | 000,000,146 | ---- | M] () -- C:\Windows\ODBC.INI
 
========== Files Created - No Company Name ==========
 
[2013.04.15 15:56:44 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\AntiLogger Free.lnk
[2013.04.09 22:54:08 | 000,384,674 | ---- | C] () -- C:\ProgramData\1365532597.bdinstall.bin
[2013.04.09 19:29:33 | 000,076,543 | ---- | C] () -- C:\ProgramData\1365524788.bdinstall.bin
[2013.04.09 19:26:28 | 000,022,661 | ---- | C] () -- C:\ProgramData\1365524784.bdinstall.bin
[2013.04.09 18:17:55 | 000,149,896 | ---- | C] () -- C:\ProgramData\1365520394.bdinstall.bin
[2013.04.09 18:13:14 | 000,021,559 | ---- | C] () -- C:\ProgramData\1365520385.bdinstall.bin
[2013.04.06 18:07:45 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013.04.03 02:52:33 | 000,141,520 | ---- | C] () -- C:\ProgramData\1364946634.bdinstall.bin
[2013.04.03 02:50:33 | 000,022,734 | ---- | C] () -- C:\ProgramData\1364946630.bdinstall.bin
[2013.04.03 02:25:14 | 000,024,899 | ---- | C] () -- C:\ProgramData\1364945069.bdinstall.bin
[2013.04.03 02:24:28 | 000,022,735 | ---- | C] () -- C:\ProgramData\1364945061.bdinstall.bin
[2013.04.01 12:45:53 | 000,000,937 | ---- | C] () -- C:\Users\bojanka\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2013.04.01 12:45:53 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2013.03.31 22:48:07 | 000,000,333 | ---- | C] () -- C:\Users\bojanka\Documents\Zemana AntiLogger Activation.url
[2013.03.23 18:48:55 | 000,000,617 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013.03.22 13:46:26 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2013.03.22 13:43:41 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Suite.lnk
[2013.03.21 02:49:19 | 000,001,945 | ---- | C] () -- C:\Users\bojanka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2013.03.21 02:49:19 | 000,001,915 | ---- | C] () -- C:\Users\bojanka\Desktop\Update Checker.lnk
[2013.03.20 23:11:13 | 000,728,884 | ---- | C] () -- C:\Users\bojanka\Desktop\AppLocker.Setup.1.3.zip
[2013.03.18 19:43:42 | 000,023,915 | ---- | C] () -- C:\ProgramData\1363625007.bdinstall.bin
[2013.03.18 19:43:26 | 000,022,734 | ---- | C] () -- C:\ProgramData\1363624999.bdinstall.bin
[2013.03.18 19:41:29 | 000,081,532 | ---- | C] () -- C:\Users\bojanka\Desktop\cc_20130318_184123.reg
[2013.03.18 18:03:27 | 000,160,011 | ---- | C] () -- C:\ProgramData\1363618566.bdinstall.bin
[2013.03.18 17:55:27 | 000,172,651 | ---- | C] () -- C:\ProgramData\1363616956.bdinstall.bin
[2013.03.18 17:21:29 | 000,082,798 | ---- | C] () -- C:\ProgramData\1363616431.bdinstall.bin
[2013.03.17 23:29:13 | 000,000,335 | ---- | C] () -- C:\ProgramData\1363552141.2952.bin
[2013.03.17 23:29:12 | 000,002,062 | ---- | C] () -- C:\ProgramData\1363552141.3528.bin
[2013.03.17 23:29:01 | 000,024,288 | ---- | C] () -- C:\ProgramData\1363552141.3520.bin
[2013.03.14 19:00:56 | 000,000,058 | ---- | C] () -- C:\Windows\System32\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2013.03.10 17:52:51 | 000,000,146 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.02.28 09:11:59 | 000,075,425 | ---- | C] () -- C:\ProgramData\1362031707.bdinstall.bin
[2013.02.28 09:08:26 | 000,022,733 | ---- | C] () -- C:\ProgramData\1362031703.bdinstall.bin
[2013.02.27 21:02:56 | 000,178,455 | ---- | C] () -- C:\ProgramData\1361987723.bdinstall.bin
[2013.02.20 18:23:24 | 000,002,626 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.02.07 21:46:05 | 000,000,739 | ---- | C] () -- C:\ProgramData\1360262728.5536.bin
[2013.02.07 21:46:05 | 000,000,739 | ---- | C] () -- C:\ProgramData\1360262728.5136.bin
[2013.02.07 21:45:33 | 000,137,187 | ---- | C] () -- C:\ProgramData\1360262728.5196.bin
[2013.02.07 21:45:31 | 000,021,014 | ---- | C] () -- C:\ProgramData\1360262728.3864.bin
[2013.02.07 21:45:31 | 000,003,793 | ---- | C] () -- C:\ProgramData\1360262728.5892.bin
[2013.02.07 21:45:28 | 000,087,854 | ---- | C] () -- C:\ProgramData\1360262728.4316.bin
[2013.02.02 14:30:15 | 000,007,662 | ---- | C] () -- C:\Users\bojanka\AppData\Local\Resmon.ResmonCfg
[2013.01.22 18:01:26 | 000,000,236 | ---- | C] () -- C:\Users\bojanka\SecurityKISSTunnel.config
[2012.12.24 19:12:41 | 000,000,000 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2012.12.23 21:30:50 | 000,961,559 | ---- | C] () -- C:\ProgramData\1356286421.bdinstall.bin
[2012.12.20 20:10:36 | 000,777,616 | ---- | C] () -- C:\ProgramData\1356021859.bdinstall.bin
[2012.12.20 19:40:19 | 000,055,661 | ---- | C] () -- C:\ProgramData\1356021603.bdinstall.bin
[2012.12.20 19:29:16 | 006,357,935 | ---- | C] () -- C:\ProgramData\1356005773.bdinstall.bin
[2012.12.19 20:48:56 | 000,073,268 | ---- | C] () -- C:\ProgramData\1355933320.1672.bin
[2012.12.19 20:02:22 | 000,001,700 | ---- | C] () -- C:\ProgramData\1355933320.3648.bin
[2012.12.19 19:08:55 | 000,129,557 | ---- | C] () -- C:\ProgramData\1355933320.4040.bin
[2012.12.19 19:08:55 | 000,015,263 | ---- | C] () -- C:\ProgramData\1355933320.1132.bin
[2012.12.19 19:08:55 | 000,009,723 | ---- | C] () -- C:\ProgramData\1355933320.1900.bin
[2012.12.19 19:08:55 | 000,007,852 | ---- | C] () -- C:\ProgramData\1355933320.3696.bin
[2012.12.19 19:08:55 | 000,003,042 | ---- | C] () -- C:\ProgramData\1355933320.1376.bin
[2012.12.19 19:08:55 | 000,001,090 | ---- | C] () -- C:\ProgramData\1355933320.3336.bin
[2012.12.19 19:08:55 | 000,001,090 | ---- | C] () -- C:\ProgramData\1355933320.2192.bin
[2012.12.19 19:08:46 | 001,037,423 | ---- | C] () -- C:\ProgramData\1355933320.3356.bin
[2012.12.19 19:08:46 | 000,015,358 | ---- | C] () -- C:\ProgramData\1355933320.3292.bin
[2012.12.19 19:08:40 | 001,340,560 | ---- | C] () -- C:\ProgramData\1355933320.2892.bin
[2012.12.19 16:59:47 | 001,879,249 | ---- | C] () -- C:\ProgramData\1355921684.bdinstall.bin
[2012.12.19 15:50:34 | 000,055,661 | ---- | C] () -- C:\ProgramData\1355921408.bdinstall.bin
[2012.12.19 15:42:15 | 006,048,621 | ---- | C] () -- C:\ProgramData\1355841664.bdinstall.bin
[2012.12.16 19:02:11 | 000,000,739 | ---- | C] () -- C:\ProgramData\1355673687.4964.bin
[2012.12.16 19:02:11 | 000,000,739 | ---- | C] () -- C:\ProgramData\1355673687.2024.bin
[2012.12.16 19:01:38 | 000,132,692 | ---- | C] () -- C:\ProgramData\1355673687.1564.bin
[2012.12.16 19:01:31 | 000,278,246 | ---- | C] () -- C:\ProgramData\1355673687.1016.bin
[2012.12.16 19:01:31 | 000,003,765 | ---- | C] () -- C:\ProgramData\1355673687.5944.bin
[2012.12.16 19:01:27 | 000,087,645 | ---- | C] () -- C:\ProgramData\1355673687.2032.bin
[2012.12.06 22:32:57 | 008,660,323 | ---- | C] () -- C:\ProgramData\1354732143.bdinstall.bin
[2012.11.25 21:53:10 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BOJANKA-PC-Microsoft-Windows-7-Ultimate-(32-bit).dat
[2012.11.25 20:54:04 | 000,222,978 | ---- | C] () -- C:\ProgramData\1353865960.bdinstall.bin
[2012.11.25 18:56:25 | 007,163,604 | ---- | C] () -- C:\ProgramData\1353841945.bdinstall.bin
[2012.11.24 16:47:59 | 000,001,700 | ---- | C] () -- C:\ProgramData\1353764615.3316.bin
[2012.11.24 16:44:23 | 000,208,219 | ---- | C] () -- C:\ProgramData\1353764615.3580.bin
[2012.11.24 16:44:23 | 000,015,263 | ---- | C] () -- C:\ProgramData\1353764615.3576.bin
[2012.11.24 16:44:23 | 000,010,107 | ---- | C] () -- C:\ProgramData\1353764615.988.bin
[2012.11.24 16:44:23 | 000,007,850 | ---- | C] () -- C:\ProgramData\1353764615.3612.bin
[2012.11.24 16:44:23 | 000,001,090 | ---- | C] () -- C:\ProgramData\1353764615.3796.bin
[2012.11.24 16:44:23 | 000,001,090 | ---- | C] () -- C:\ProgramData\1353764615.3592.bin
[2012.11.24 16:44:01 | 000,003,041 | ---- | C] () -- C:\ProgramData\1353764615.620.bin
[2012.11.24 16:43:37 | 000,176,597 | ---- | C] () -- C:\ProgramData\1353764615.3712.bin
[2012.11.24 16:43:36 | 000,039,980 | ---- | C] () -- C:\ProgramData\1353764615.3716.bin
[2012.11.24 16:43:35 | 000,376,223 | ---- | C] () -- C:\ProgramData\1353764615.3684.bin
[2012.11.03 18:06:38 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.11.03 18:06:38 | 000,022,328 | ---- | C] () -- C:\Users\bojanka\AppData\Roaming\PnkBstrK.sys
[2012.11.03 18:06:09 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.11.03 18:05:51 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.09.15 14:47:40 | 000,000,664 | RHS- | C] () -- C:\Users\bojanka\ntuser.pol
[2012.09.03 22:14:36 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.09.03 22:13:24 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.09.03 19:36:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.03 18:05:33 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.08.17 19:48:44 | 000,237,701 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.08.23 13:14:48 | 000,084,991 | ---- | C] () -- C:\ProgramData\1282558474.bdinstall.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 07:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\system32\wbem\fastprox.dll -- [2010.11.20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\Windows\system32\wbem\wbemess.dll -- [2009.07.14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.10 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\AVG
[2013.03.06 17:32:44 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\Babylon
[2012.12.24 17:15:08 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\Boredom Software
[2012.09.13 19:40:58 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\COWON
[2013.02.15 16:50:41 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\DAEMON Tools Lite
[2013.02.20 20:42:27 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\DAEMON Tools Pro
[2012.11.25 14:53:05 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\liQeNSoft
[2013.03.10 12:03:35 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\OpenDNS Updater
[2013.03.22 20:58:06 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\PC Suite
[2013.03.20 22:44:02 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\Progpro
[2013.03.09 18:55:56 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\QFX Software
[2012.11.24 16:46:54 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\QuickScan
[2012.11.02 20:56:16 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\TechCheck
[2012.11.23 20:51:18 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\TuneUp Software
[2013.04.01 12:58:25 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\uTorrent
[2012.10.21 19:26:44 | 000,000,000 | ---D | M] -- C:\Users\bojanka\AppData\Roaming\wargaming.net
[2012.09.11 18:11:32 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\COWON
[2012.11.28 23:10:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BlackBox Password Manager
[2012.12.22 20:14:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Boredom Software
[2013.01.21 18:37:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Child Defender
[2013.03.14 19:35:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ColorCop
[2012.09.13 19:38:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\COWON
[2013.02.20 19:18:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2013.02.20 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Pro
[2012.11.03 15:47:19 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\dll-files.com
[2013.03.14 19:00:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DonationCoder
[2013.02.15 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FileZilla
[2013.01.15 19:52:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Hotspot Shield
[2013.01.03 18:14:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\iPumper
[2012.11.28 20:46:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\KC Softwares
[2013.03.22 15:50:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia
[2013.03.22 15:50:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia Suite
[2013.03.10 12:03:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenDNS Updater
[2013.04.06 18:11:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite
[2012.10.31 19:53:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PowerISO
[2013.03.20 22:37:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Progpro
[2013.03.09 18:58:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\QFX Software
[2012.12.05 19:21:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\QuickScan
[2013.01.18 20:11:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2012.12.16 21:18:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2013.02.21 20:39:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Unity
[2013.04.15 17:43:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2012.09.22 16:55:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
 
< End of report >
 


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK

Posted 19 April 2013 - 08:10 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:


Posted Image
m0le is a proud member of UNITE

#3 Guest_liubomirwm_*

Guest_liubomirwm_*

  • Guests
  • OFFLINE
  •  

Posted 20 April 2013 - 02:55 AM

Hi m0le and thank you for the reply,

First i want to inform you that i don't see BSOD every time when i logon as administrator, but sometimes. Second, i'm not sure that i am infected( i hope you will help me to find out this). :hello:



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:15 AM

Posted 20 April 2013 - 05:25 AM

I don't think you're infected either but let's just check that

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
And

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Posted Image
m0le is a proud member of UNITE

#5 Guest_liubomirwm_*

Guest_liubomirwm_*

  • Guests
  • OFFLINE
  •  

Posted 20 April 2013 - 08:07 AM

Here are the logs:

 

This is the aswMBR log:

 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-20 13:41:55
-----------------------------
13:41:55.930    OS Version: Windows 6.1.7601 Service Pack 1
13:41:55.931    Number of processors: 2 586 0x100
13:41:55.932    ComputerName: SUPER-PC  UserName: bojanka
13:42:03.025    Initialize success
15:37:52.102    AVAST engine defs: 13041901
15:42:27.751    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:42:27.757    Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OCA1G Size: 476940MB BusType: 11
15:42:27.761    Disk 0 MBR read successfully
15:42:27.765    Disk 0 MBR scan
15:42:27.893    Disk 0 Windows 7 default MBR code
15:42:27.910    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:42:27.972    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        76838 MB offset 206848
15:42:27.994    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       397944 MB offset 157571072
15:42:28.034    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0     2048 MB offset 972560384
15:42:28.060    Disk 0 scanning sectors +976754688
15:42:28.153    Disk 0 scanning C:\Windows\system32\drivers
15:42:59.238    Service scanning
15:43:05.487    Service bdfwfpf C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys **LOCKED** 5
15:43:30.883    Service pwipf6 C:\Windows\system32\DRIVERS\pwipf6.sys **LOCKED** 32
15:43:51.158    Modules scanning
15:44:00.511    Disk 0 trace - called modules:
15:44:00.552    ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8628e1f8]<<
15:44:00.562    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8681d810]
15:44:00.570    3 CLASSPNP.SYS[8bb9959e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86733030]
15:44:00.579    \Driver\atapi[0x86715ac0] -> IRP_MJ_CREATE -> 0x8628e1f8
15:44:02.175    AVAST engine scan C:\Windows
15:44:06.145    AVAST engine scan C:\Windows\system32
15:50:11.484    AVAST engine scan C:\Windows\system32\drivers
15:50:34.541    AVAST engine scan C:\Users\bojanka
15:52:32.181    AVAST engine scan C:\ProgramData
15:53:14.691    Scan finished successfully
15:55:01.848    Disk 0 MBR has been saved successfully to "C:\Users\bojanka\Desktop\MBR.dat"
15:55:01.862    The log file has been saved successfully to "C:\Users\bojanka\Desktop\aswMBR.txt"
 

This is the adwcleaner log:

 

 

# AdwCleaner v2.200 - Logfile created 04/20/2013 at 16:02:10
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : bojanka - SUPER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option [Search]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\Users\bojanka\AppData\Local\SwvUpdater
Folder Found : C:\Users\bojanka\AppData\Roaming\Babylon
 
***** [Registry] *****
 
Key Found : HKCU\Software\5357d8d8e03def14
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Found : HKLM\SOFTWARE\Software
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
[OK] Registry is clean.
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\bojanka\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [1575 octets] - [20/04/2013 16:02:10]
 
########## EOF - \AdwCleaner[R1].txt - [1635 octets] ##########
 

 



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK

Posted 20 April 2013 - 08:28 PM

There's something to check in aswMBR but first please rerun adwcleaner
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Posted Image
m0le is a proud member of UNITE

#7 Guest_liubomirwm_*

Guest_liubomirwm_*

  • Guests
  • OFFLINE
  •  

Posted 21 April 2013 - 06:03 AM

This is the adwCleaner log:

 

 

# AdwCleaner v2.200 - Logfile created 04/21/2013 at 13:49:29
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : bojanka - SUPER-PC
# Boot Mode : Normal
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\bojanka\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\bojanka\AppData\Roaming\Babylon
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\5357d8d8e03def14
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Software
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
[OK] Registry is clean.
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\bojanka\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [1605 octets] - [21/04/2013 13:49:29]
 
########## EOF - \AdwCleaner[S1].txt - [1665 octets] ##########


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:15 AM

Posted 21 April 2013 - 07:03 PM

I don't think that is going to do much for the BSOD. Try this:
  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:
    advancedoptions.png
  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
    bsod_c.jpg
Please post me the error(s).
Posted Image
m0le is a proud member of UNITE

#9 Guest_liubomirwm_*

Guest_liubomirwm_*

  • Guests
  • OFFLINE
  •  

Posted 22 April 2013 - 12:13 AM

It's not like you think. I see some kind of unclear blue(and i think some red) lines then i see the safe mode boot options and the option for normal boot in a black page. "Windows restart to protect your data"( or it was computer don't know). So i can't see the error. If i see the error i will report.



#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK

Posted 22 April 2013 - 02:21 PM

This looks like a hardware issue. Please don't waste any more time looking for malware and post a request on the Windows 7 forum here.

I will close this topic in five days, if you want to contact me after that then PM me
Posted Image
m0le is a proud member of UNITE

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:15 AM

Posted 28 April 2013 - 07:54 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users