Alot of BSOD's


  1. Windowsprobleem
    Posts : 5
    Windows 7 Ultimate x86
       New #1

    Alot of BSOD's


    It all start 2 nights ago.. i was watching 12 angry men and when the movie was finished i decided to go to bed. Next morning i get up turn on my pc... go downstairs to get a drink. I get back to my pc and see its barely started up yet so i was like Hmm normally this doesnt take so long.. Found out it was just looping around because everytime it got onto my Desktop alot of Popups were coming up saying "Your pc is in bad shape click here for a scan!" or "Critical Error!Windows couldnt find any hard drive space!" Alot of fake Windows popups.. and 5/10 seconds later my screen would go weird and it crashes..
    Booted up into safemode(with network) and everything worked like a charm.. Decided to download Ad-Aware/Spyware doctor. Couldnt install ad-aware because because i didnt had .net framework 4.0.. and Spyware doctor found like 14 threats but couldnt remove them because i didnt had it registered. So i "bought" some keys and some keys failed. and it said so in a pop up box that i entered the serial key wrong.. But i tested some keys with a friend of mine.. and found some keys which worked... Everytime i filled in 1 of the working keys my pc BSOD... instantly.. fill in the key.. press Register! and bam BSOD now after a couple of times of booting into safe mode i realised i couldnt get onto the internet anymore.. Apparently i had a Temporary account.. All the folders in Program files(x86) were empty...(all the files were hidden) Folder Options was removed aswell(so was Task Manager)and i couldnt acces the folders of my own account anymore(c:/Users/username
    Anyway after making a new admin account and disabling alot of stuff in msconfig services etc i managed to boot up into normal mode(with no graphics card drivers) problem now is.. i cant install anything.. if i try to install mumble.exe(voice over ip program) it says Windows Installer isnt working.. I cant uninstall programs from the program list either.. I did however run an ESET Online Scan and it found like 15 threats and removed them. I cant open my dump files either.. i went to my dump files and made myself owner.. opened up windows debugging tools but its still saying i dont have access..

    here are my system specs:
    Intel E8400 3.0ghz
    XFX ATI HD4870 XXX 1GB
    2GB Corsair XMS2
    #1Hard drive: Samsunt spinpoint f1 1TB
    #1Hard Drive: Samsung 160GB
    Asus P5QL Motherboard

    uploading my dump files etc now!
      My Computer
    Quote Quote

  3. yowanvista
    Posts : 8,383
    Windows 10 Pro x64, Arch Linux
       New #2

    "Your pc is in bad shape click here for a scan!" or "Critical Error!Windows couldnt find any hard drive space!" Alot of fake Windows popups.. and 5/10 seconds later my screen would go weird and it crashes..
    Your PC has a malware infection
    Boot in safemode with networking and download Malwarebytes
    Update it and run a full scan

    Do a System Restore if issues persists

    If nothing works a Repair Install will be the only solution
      My Computer
    Quote Quote

  4. Windowsprobleem
    Posts : 5
    Windows 7 Ultimate x86
    Thread Starter
       New #3

    Just ran a full scan of MalwareBytes, ill paste the log here!

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes

    Databaseversie: 6360

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    14-Apr-11 14:16:32
    mbam-log-2011-04-14 (14-16-32).txt

    Scantype: Volledige scan (C:\|D:\|)
    Objecten gescand: 373890
    Verstreken tijd: 54 minuut/minuten, 13 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 32
    Registerwaarden geïnfecteerd: 2
    Registerdata geïnfecteerd: 3
    Mappen geïnfecteerd: 1
    Bestanden geïnfecteerd: 12

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\W5E7SH31DG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\WHMDNR9LKK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.

    Registerdata geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPap er (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Mappen geïnfecteerd:
    c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    c:\Users\Koen\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Koen\AppData\Local\Temp\ldr8748.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Koen\Desktop\newsleecher_3.9_final_uw_fta\newsleecher 3.9 final uw@fta\Keygen\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
    c:\Windows\System32\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
    c:\program files (x86)\windows media player\run.exe (Trojan.CryptRun) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.


    As you can see it got rid of the taskmanager disablers etc. After the scan malwarebytes wanted to do a reboot so i did.. got under the shower for 20/30 minutes and came back to see another BSOD!

    Probleemhandtekening:
    Gebeurtenisnaam van probleem: BlueScreen
    Versie van besturingssysteem: 6.1.7600.2.0.0.256.1
    Landinstelling-id: 1033

    Aanvullende informatie over dit probleem:
    BCCode: 3b
    BCP1: 00000000C0000005
    BCP2: 0000000000000200
    BCP3: FFFFF88004876D40
    BCP4: 0000000000000000
    OS Version: 6_1_7600
    Service Pack: 0_0
    Product: 256_1


    thats the code

    and i dont have the windows CD anymore
      My Computer
    Quote Quote

  6. Shootist
    Posts : 578
    Windows 7 Pro x64
       New #4

    I'm sorry, I don't understand.
    You don't have the Windows CD anymore?????

    Why is that?

    I have Windows CDs, DVD, Floppy disks going back to Windows 3.11WFW.
    The only one I don't have is Windows ME. Never owned a copy.
      My Computer
    Quote Quote

  7. Windowsprobleem
    Posts : 5
    Windows 7 Ultimate x86
    Thread Starter
       New #5

    Shootist said:
    I'm sorry, I don't understand.
    You don't have the Windows CD anymore?????

    Why is that?

    I have Windows CDs, DVD, Floppy disks going back to Windows 3.11WFW.
    The only one I don't have is Windows ME. Never owned a copy.
    haha if you see my room you'd understand(A) im sure its somewhere in the house just cant find it
      My Computer
    Quote Quote

  8. yowanvista
    Posts : 8,383
    Windows 10 Pro x64, Arch Linux
       New #6

    Windowsprobleem said:
    Just ran a full scan of MalwareBytes, ill paste the log here!

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes

    Databaseversie: 6360

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    14-Apr-11 14:16:32
    mbam-log-2011-04-14 (14-16-32).txt

    Scantype: Volledige scan (C:\|D:\|)
    Objecten gescand: 373890
    Verstreken tijd: 54 minuut/minuten, 13 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 32
    Registerwaarden geïnfecteerd: 2
    Registerdata geïnfecteerd: 3
    Mappen geïnfecteerd: 1
    Bestanden geïnfecteerd: 12

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\W5E7SH31DG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\WHMDNR9LKK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.

    Registerdata geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPap er (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Mappen geïnfecteerd:
    c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    c:\Users\Koen\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Koen\AppData\Local\Temp\ldr8748.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Koen\Desktop\newsleecher_3.9_final_uw_fta\newsleecher 3.9 final uw@fta\Keygen\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
    c:\Windows\System32\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
    c:\program files (x86)\windows media player\run.exe (Trojan.CryptRun) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.


    As you can see it got rid of the taskmanager disablers etc. After the scan malwarebytes wanted to do a reboot so i did.. got under the shower for 20/30 minutes and came back to see another BSOD!

    Probleemhandtekening:
    Gebeurtenisnaam van probleem: BlueScreen
    Versie van besturingssysteem: 6.1.7600.2.0.0.256.1
    Landinstelling-id: 1033

    Aanvullende informatie over dit probleem:
    BCCode: 3b
    BCP1: 00000000C0000005
    BCP2: 0000000000000200
    BCP3: FFFFF88004876D40
    BCP4: 0000000000000000
    OS Version: 6_1_7600
    Service Pack: 0_0
    Product: 256_1


    thats the code

    and i dont have the windows CD anymore
    Do the system restore
      My Computer
    Quote Quote

  10. Windowsprobleem
    Posts : 5
    Windows 7 Ultimate x86
    Thread Starter
       New #7

    yowanvista said:
    Windowsprobleem said:
    Just ran a full scan of MalwareBytes, ill paste the log here!

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes

    Databaseversie: 6360

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    14-Apr-11 14:16:32
    mbam-log-2011-04-14 (14-16-32).txt

    Scantype: Volledige scan (C:\|D:\|)
    Objecten gescand: 373890
    Verstreken tijd: 54 minuut/minuten, 13 seconde(n)

    Geheugenprocessen geïnfecteerd: 0
    Geheugenmodulen geïnfecteerd: 0
    Registersleutels geïnfecteerd: 32
    Registerwaarden geïnfecteerd: 2
    Registerdata geïnfecteerd: 3
    Mappen geïnfecteerd: 1
    Bestanden geïnfecteerd: 12

    Geheugenprocessen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen geïnfecteerd:
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels geïnfecteerd:
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\W5E7SH31DG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\WHMDNR9LKK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registerwaarden geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.

    Registerdata geïnfecteerd:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPap er (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Mappen geïnfecteerd:
    c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Bestanden geïnfecteerd:
    c:\Users\Koen\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Koen\AppData\Local\Temp\ldr8748.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Koen\Desktop\newsleecher_3.9_final_uw_fta\newsleecher 3.9 final uw@fta\Keygen\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
    c:\Windows\System32\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
    c:\Windows\SysWOW64\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
    c:\program files (x86)\windows media player\run.exe (Trojan.CryptRun) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.


    As you can see it got rid of the taskmanager disablers etc. After the scan malwarebytes wanted to do a reboot so i did.. got under the shower for 20/30 minutes and came back to see another BSOD!

    Probleemhandtekening:
    Gebeurtenisnaam van probleem: BlueScreen
    Versie van besturingssysteem: 6.1.7600.2.0.0.256.1
    Landinstelling-id: 1033

    Aanvullende informatie over dit probleem:
    BCCode: 3b
    BCP1: 00000000C0000005
    BCP2: 0000000000000200
    BCP3: FFFFF88004876D40
    BCP4: 0000000000000000
    OS Version: 6_1_7600
    Service Pack: 0_0
    Product: 256_1


    thats the code

    and i dont have the windows CD anymore
    Do the system restore
    well the "start system restore" button is greyed out.. and if i go to advanced system restore i need a backup which i havent made before
      My Computer
    Quote Quote

  11. Windowsprobleem
    Posts : 5
    Windows 7 Ultimate x86
    Thread Starter
       New #8

    Hmm found a way to re-enable the System restore Function.

    Go to Start>Run, key in gpedit.msc and hit ENTER. Under Computer
    Configuration, expand Administrative Templates, expand System, then click on
    the System Restore folder. In the right-hand pane, double-click on Turn off
    Configuration and, under the Setting tab, click in the radio button beside
    Not Configured. Click on Apply then OK.

    i just did that and i can finally open system restore now... But there are no system restore points?! i thought it made those automatically?
      My Computer
    Quote Quote

  12. yowanvista
    Posts : 8,383
    Windows 10 Pro x64, Arch Linux
       New #9

    Windowsprobleem said:
    Hmm found a way to re-enable the System restore Function.

    Go to Start>Run, key in gpedit.msc and hit ENTER. Under Computer
    Configuration, expand Administrative Templates, expand System, then click on
    the System Restore folder. In the right-hand pane, double-click on Turn off
    Configuration and, under the Setting tab, click in the radio button beside
    Not Configured. Click on Apply then OK.

    i just did that and i can finally open system restore now... But there are no system restore points?! i thought it made those automatically?
    Restore points are deleted by other system cleanup applications such as Disk Cleanup, ccleaner etc
      My Computer
    Quote Quote

 

  Related Discussions
I'm getting alot of BSOD errors.
in BSOD Help and Support

Hi, Dump files attached to thread, I wasn't able to upload health check wouldn't let me :s My specs: Is Windows 7 . . . - x86 (32-bit) or x64 ? x64 - the original installed OS on the system? Yes - an OEM or full retail version? OEM
Alot of BSOD's
in BSOD Help and Support

Ive got a custom made pc : specs: amd phenom II x6 1055T Asus M4A88T-M/USB3 Ati radeon hd 5770 4GB Ram (hyper x) Win 7 home premium 32bit When I first got my pc it worked great and I had no problems at all but after 2 months or so suddenly I began to get...
Getting alot of BSOD's lately...
in BSOD Help and Support

Hello, as the title says, my computer randomly freezes and get's blue screen. I've tried to reinstall Windows 7 Proffesional x64. What can i do to stop this? I'm attaching my dxdiag if it's any help 94246
BSOD alot
in BSOD Help and Support

Win 7 Home Premium 64 bit retail version All the hardware is brand new, bought the pieces and put it together myself. Problem often happens when browsing, and using windows programs in general. Newer happened in a game - yet... I have tried running memtest86. Once i did it right after a...
Bsod alot
in BSOD Help and Support

First off, Hello all. Starting yesterday afternoon after running Ad-Aware and CCleaner. I ran those because I noticed my Avast was Unsecured and I couldnt get it to come back on. I started getting the BSOD. It would happen on start up most of the time. I was able to keep it running long enough...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 17:32.
Find Us