Author Topic: [Resolved K]Blue screen of death  (Read 6279 times)

0 Members and 1 Guest are viewing this topic.

Offline patm233

  • Bronze Member
  • Posts: 121
Re: [Resolved K]Blue screen of death
« Reply #15 on: March 16, 2012, 08:05:21 am »
Attatchment.

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7347
Re: [Resolved K]Blue screen of death
« Reply #16 on: March 16, 2012, 01:48:59 pm »
Re-Run   by double left click, Vista and Widows 7 users right click and select Run as Administrator.

  • Under the box at the bottom, paste in the following

Code: [Select]
:OTL
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
O2:[b]64bit:[/b] - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:[b]64bit:[/b] - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED File not found
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\viprotocol - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found
O33 - MountPoints2\{55a6342c-29b0-11e1-95d9-5404a624efe9}\Shell - "" = AutoRun
O33 - MountPoints2\{55a6342c-29b0-11e1-95d9-5404a624efe9}\Shell\AutoRun\command - "" = D:\LaunchU3.exe
[2012/03/05 21:55:50 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\{EDD30241-892C-4EAD-844F-AB4028A195BA}
[2012/03/05 21:55:38 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\{99715F07-6B5E-4D13-BBA8-3B2BE8E92751}
[2012/03/04 14:49:38 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\{DD82CDAA-785D-4494-9F5E-CD4A7DFB28BF}
[2012/03/04 14:49:26 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\{7A2428B3-3BBD-4DC5-AFF8-9E22AABE38D0}
[2012/02/25 01:15:12 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\{EC97C676-A64F-4E6A-8E32-53365BCA4A84}
[2012/02/25 01:14:57 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\{5DA976DD-04C6-4A46-8862-97AEB996F220}
@Alternate Data Stream - 237 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:7C8AA9A6
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6896CCCE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:443E07A5
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2


:Files
ipconfig /flushdns /c
C:\Users\Pat\AppData\Roaming\uTorrent
:Commands
[emptytemp]
[Reboot]
  • Then click button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Let me see that log, also give update on any remaining issues or concerns..

Kevin

Offline patm233

  • Bronze Member
  • Posts: 121
Re: [Resolved K]Blue screen of death
« Reply #17 on: March 16, 2012, 07:01:15 pm »
No issues or concerns.


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55a6342c-29b0-11e1-95d9-5404a624efe9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55a6342c-29b0-11e1-95d9-5404a624efe9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55a6342c-29b0-11e1-95d9-5404a624efe9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55a6342c-29b0-11e1-95d9-5404a624efe9}\ not found.
File D:\LaunchU3.exe not found.
C:\Users\Pat\AppData\Local\{EDD30241-892C-4EAD-844F-AB4028A195BA} folder moved successfully.
C:\Users\Pat\AppData\Local\{99715F07-6B5E-4D13-BBA8-3B2BE8E92751} folder moved successfully.
C:\Users\Pat\AppData\Local\{DD82CDAA-785D-4494-9F5E-CD4A7DFB28BF} folder moved successfully.
C:\Users\Pat\AppData\Local\{7A2428B3-3BBD-4DC5-AFF8-9E22AABE38D0} folder moved successfully.
C:\Users\Pat\AppData\Local\{EC97C676-A64F-4E6A-8E32-53365BCA4A84} folder moved successfully.
C:\Users\Pat\AppData\Local\{5DA976DD-04C6-4A46-8862-97AEB996F220} folder moved successfully.
ADS C:\ProgramData\Temp:E8B61305 deleted successfully.
ADS C:\ProgramData\Temp:7C8AA9A6 deleted successfully.
ADS C:\ProgramData\Temp:6896CCCE deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
ADS C:\ProgramData\Temp:443E07A5 deleted successfully.
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Pat\Desktop\cmd.bat deleted successfully.
C:\Users\Pat\Desktop\cmd.txt deleted successfully.
C:\Users\Pat\AppData\Roaming\uTorrent\ie folder moved successfully.
C:\Users\Pat\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Pat\AppData\Roaming\uTorrent\Cache folder moved successfully.
C:\Users\Pat\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Pat\AppData\Roaming\uTorrent folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mcx1-PAT-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Pat
->Temp folder emptied: 24322 bytes
->Temporary Internet Files folder emptied: 40007 bytes
->Java cache emptied: 1863954 bytes
->FireFox cache emptied: 6075335 bytes
->Google Chrome cache emptied: 69678801 bytes
->Flash cache emptied: 4497 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77850 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 715918136 bytes
 
Total Files Cleaned = 757.00 mb
 
 
OTL by OldTimer - Version 3.2.37.0 log created on 03162012_205629

Files\Folders moved on Reboot...
C:\Users\Pat\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7347
Re: [Resolved K]Blue screen of death
« Reply #18 on: March 17, 2012, 01:05:43 am »
Good to hear that you have no issues, do the following:

Step 1

  • Download OTC by OldTimer and save it to your desktop. Alternative mirror
  • Double click icon to start the program.
    If you are using Vista or Windows 7, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begining Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  • This will remove tools we have used and itself. Any tools/logs remaining on the Desktop can be deleted.
  • Keep TFC This an excellent tool for removing temporary files etc from you system. Always remember to re-boot after a run.
Step 2

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by Secunia, available Here   Before clicking the Start scan  button, please check the box for the option Enable thorough system inspection. Just below the "Scan Options:" section, you'll see the status of what's currently processing....
...when the scan completes, the message "Detection completed successfully" will appear in the Programs/Result section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

Other than that you should be good to go, here are some tips to reduce the potential for malware infection in the future:

Make proper use of your antivirus and firewall

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, NEVER turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use WinPatrol  This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained Here

Use a safer web browser

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:
 
Firefox,

Opera, and

Chrome.
 
All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial HERE which will help you to make IE MUCH safer.

These browser add-ons will help to make your browser safer:

Web of Trust warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for Firefox and Internet Explorer.

Green to go,
Yellow for caution, and
Red to stop.


Available for Firefox only. NoScript helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at THIS article.

Here a couple of links by two security experts that will give some excellent tips and advice.

So how did I get infected in the first place by Tony Klein

How to prevent Malware by Miekiemoes

Finally this link HERE will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

Let me know when you`re OK to close out your thread,

Take care,

Kevin

Offline patm233

  • Bronze Member
  • Posts: 121
Re: [Resolved K]Blue screen of death
« Reply #19 on: March 17, 2012, 04:28:01 pm »
Thanks for all your time, I greatly appreciate it! I'm good to go!

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 7347
Re: [Resolved K]Blue screen of death
« Reply #20 on: March 17, 2012, 05:05:04 pm »
Since this issue appears to be resolved the topic has been closed. Glad we could help. :t

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.