iobserve Posted November 27, 2012 ID:617583 Share Posted November 27, 2012 Hi,I'm using the 14 day trial version of MBAM on Windows 7 64bit with G Data AntiVirus 2013.When I use uTorrent at the same time, I constantly get blue screens of death.I posted here yesterday and got the reply I'm probably infected and should post here again.Attached are the two log files. BTW, when I scan my system with G Data AntiVirus 2013, nothing is found. When I scan my system with MBAM Trial version (without uTorrent active), nothing is found. Only when uTorrent and MBAM are active at the same time, I get (at seemingly random times) blue screens of death. Thank you for looking into this, I'm considering buying MBAM pro after the trial, but need to make sure all is ok.Cheers, iobserveattach.txtdds.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 27, 2012 ID:617621 Share Posted November 27, 2012 HelloPlease download this program Blue Screen Viewer and unzip "Bluescreen View.exe" to your desktop.Next, Select Start > Right click on "Computer" and select "Properties" select "Advanced System Settings" then "Advanced" tab. From the "Start up and Recovery" section select "settings" make sure the default folder is "%SystemRoot%\Minidump".Go back to your desktop and double click on Bluescreen Viewer to run it, if there is any info available the program will grab the most recent. Choose save from the Toolbar and copy paste to your next reply. If there is no information available try and re-create the BSOD and try again with the tool to collect the information.and welcome,Next,Please download RogueKiller to your desktop Quit all running programs For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe Wait until Prescan has finished... Click on ScanPost the log that is saved to your Desktop...Kevin. Link to post Share on other sites More sharing options...
iobserve Posted November 27, 2012 Author ID:617769 Share Posted November 27, 2012 Thanks, attached are the requested logs.Curious about the outcome...Cheers, iobservedumpfile.txtdumpfile2.txtRKreport1_S_11272012_02d2122.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 27, 2012 ID:617782 Share Posted November 27, 2012 Re-run RogueKiller again, when the scan is completed select the delete tab. copy paste that log to your reply, will be on the Desktop.Next,Uninstall uTorrent, Re-Boot your system.Next,Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste sfc /scannow > then tap enter.When finished type exit Tap enter, re-boot your PC.***Note the space between sfc and /scannow.Next,Open elevated command prompt again, get report for sfc as follows:Either type the following at the command prompt or highlight the text, right click copy, then at the command prompt right click paste.findstr /c:"[sR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt Type exit when finished, hit enter. The log should be on your Desktop.Post that log and log from RK....Thanks,Kevin... Link to post Share on other sites More sharing options...
iobserve Posted November 28, 2012 Author ID:617956 Share Posted November 28, 2012 Done. Attached are the 2 requested logs.RKreport3_D_11282012_02d0812.txtsfcdetails.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 28, 2012 ID:617988 Share Posted November 28, 2012 What is the status of your PC now, are you still experiencing BSOD....Run the following:Please download AdwCleaner by Xplode onto your Desktop. Please close all open programs and internet browsers. Double click on Adwcleaner.exe to run the tool. Click on Delete. Confirm each time with OK. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply. You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.Please post the log.Next,Download OTL from any of the following links and save to your desktop.Link 1Link 2 Link 3Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert) When the window appears, underneath Output at the top, make sure Standard output is selected. Select Scan all users Under the Extra Registry section, check Use SafeList In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check". Click Run Scan and let the program run uninterrupted. When the scan is complete, two text files will be created on your Desktop. OTL.Txt <- this one will be opened Extras.txt <- this one will be minimizedCopy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.Post those logs, also let me know if you have any remaining issues or concerns..Kevin Link to post Share on other sites More sharing options...
iobserve Posted November 28, 2012 Author ID:618062 Share Posted November 28, 2012 When I click to download AdwCleaner fromhttp://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleanerMy G Data AntiVirus says:Virus: Trojan.Generic.8239223 (Engine A)Bestand: Unconfirmed 69383.crdownloadMap: E:\Users\Koen\DownloadsProces: chrome.exeAre you sure it is safe?The status of my PC is now fine, no blue screens anymore, because you asked me to uninstall uTorrent. I never had blue screens, until I installed MBAM... Link to post Share on other sites More sharing options...
kevinf80 Posted November 28, 2012 ID:618071 Share Posted November 28, 2012 AdwCleaner is very safe, it will not harm your system in any way, the action from your security app is typical because of what AdwCleaner has included in its database...AdwCleaner is a program that searches for and deletes Adware, Suspicious Toolbars, Potentially Unwanted Programs (PUP), Also certain types of browser Hijackers from your computer. AdwCleaner has the ability to enhance your browsing experience and make your PC safer.The types of programs that AdwCleaner targets are typically bundled with free extras that you may have downloaded from the web. In many cases when you download and install a program, the install will state that certain extras may be included. Unless you perform a Custom install, these unwanted extras will automatically be installed on your computer leaving you with extra browser toolbars, adware, and other unwanted additions. AdwCleaner is designed to search for and remove these typically unwanted additions.I was just progressing incase your system needed a bit of spring cleaning, AdwCleaner can remove a lot of unwanted dross, OTL intial scan is purely diagnostic. If you are happy your system is OK, I guess we can close out, its your call. Let me know how you want to continue...If you wish to close Delete the following from your Desktop:BlueScreenViewer - plus any logsRogueKiller - plus this folder - RK_Quarantine - also any logs.Thank you,Kevin... Link to post Share on other sites More sharing options...
iobserve Posted November 30, 2012 Author ID:618596 Share Posted November 30, 2012 Hi Kevin,Attached are the 3 requested logs.I really hope this can be resolved. I'd like to use something like MBAM, and also be able to use uTorrent at the same time. I have 8 days left in my MBAM trial...Thank you for looking into this matter.AdwCleanerS1.txtExtras.TxtOTL.Txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 30, 2012 ID:618603 Share Posted November 30, 2012 Re-Run by double left click, Vista and Widows 7 users accept UAC alert.Under the box at the bottom, paste in the following:OTLO3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value foundO33 - MountPoints2\F\Shell - "" = AutoRunO33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\F\Shell\install\command - "" = F:\SETUP.EXE:Filesipconfig /flushdns /c:Commands[emptytemp][CREATERESTOREPOINT]Then click button at the topLet the program run unhindered, when done it will say "Fix Complete press ok to open the log"Please post that log in your next reply.Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.Next,Eset Online Scanner**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as adminGo Eset web page http://www.eset.com/...online-scanner/ to run an online scanner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanclick on the Run ESET Online Scanner buttonTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the add/on to be installedClick StartMake sure that the option Remove found threats is untickedClick on Advanced Settings, ensure the optionsScan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click Scanwait for the virus definitions to be downloadedWait for the scan to finishWhen the scan is completeIf no threats were foundput a checkmark in "Uninstall application on close"close programreport to me that nothing was foundIf threats were foundclick on "list of threats found"click on "export to text file" and save it as ESET SCAN and save to the desktopClick on backput a checkmark in "Uninstall application on close"click on finishclose programcopy and paste the report here Link to post Share on other sites More sharing options...
iobserve Posted December 1, 2012 Author ID:618765 Share Posted December 1, 2012 Hi,Attached are the two logs.Notice OTL didn't find setup.exe in F:\. Should that be the Windows install CD? I purchased my Samsung laptop with windows pre-installed, I don't have a Windows install CD. Any advice?ESET found one thread.Cheers, iobserve12012012_093341.logESET.txt Link to post Share on other sites More sharing options...
kevinf80 Posted December 1, 2012 ID:618783 Share Posted December 1, 2012 Thats fine about the mount points, ok remove file that was flagged by ESET AS FOLLOWS...Copy all text in the code box (below)...to Notepad.@echo offdel /f /s /q "E:\Users\Koen\Downloads\dexpot_164_r2186.exe"del %0Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"It should look like this: <--XP <--vistaDouble click on delfile.bat to execute it.A black CMD window will flash, then disappear...this is normal.The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.What is the status of your system now, is it responding ok? Regarding issues with uTorrent, I do not recomment that you should use any type of P2P Application, the risks are just not worth it...Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them, such as cracks or Key Generators. Some further readings on this subject available Here or HereKevin.... Link to post Share on other sites More sharing options...
kevinf80 Posted December 4, 2012 ID:619788 Share Posted December 4, 2012 Do you still need help/advice? Link to post Share on other sites More sharing options...
LDTate Posted December 5, 2012 ID:620186 Share Posted December 5, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts