Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Alot of BSOD's

14 Apr 2011   #1
Windowsprobleem

Windows 7 Ultimate x86
 
 
Alot of BSOD's

It all start 2 nights ago.. i was watching 12 angry men and when the movie was finished i decided to go to bed. Next morning i get up turn on my pc... go downstairs to get a drink. I get back to my pc and see its barely started up yet so i was like Hmm normally this doesnt take so long.. Found out it was just looping around because everytime it got onto my Desktop alot of Popups were coming up saying "Your pc is in bad shape click here for a scan!" or "Critical Error!Windows couldnt find any hard drive space!" Alot of fake Windows popups.. and 5/10 seconds later my screen would go weird and it crashes..
Booted up into safemode(with network) and everything worked like a charm.. Decided to download Ad-Aware/Spyware doctor. Couldnt install ad-aware because because i didnt had .net framework 4.0.. and Spyware doctor found like 14 threats but couldnt remove them because i didnt had it registered. So i "bought" some keys and some keys failed. and it said so in a pop up box that i entered the serial key wrong.. But i tested some keys with a friend of mine.. and found some keys which worked... Everytime i filled in 1 of the working keys my pc BSOD... instantly.. fill in the key.. press Register! and bam BSOD now after a couple of times of booting into safe mode i realised i couldnt get onto the internet anymore.. Apparently i had a Temporary account.. All the folders in Program files(x86) were empty...(all the files were hidden) Folder Options was removed aswell(so was Task Manager)and i couldnt acces the folders of my own account anymore(c:/Users/username
Anyway after making a new admin account and disabling alot of stuff in msconfig services etc i managed to boot up into normal mode(with no graphics card drivers) problem now is.. i cant install anything.. if i try to install mumble.exe(voice over ip program) it says Windows Installer isnt working.. I cant uninstall programs from the program list either.. I did however run an ESET Online Scan and it found like 15 threats and removed them. I cant open my dump files either.. i went to my dump files and made myself owner.. opened up windows debugging tools but its still saying i dont have access..

here are my system specs:
Intel E8400 3.0ghz
XFX ATI HD4870 XXX 1GB
2GB Corsair XMS2
#1Hard drive: Samsunt spinpoint f1 1TB
#1Hard Drive: Samsung 160GB
Asus P5QL Motherboard

uploading my dump files etc now!


My System SpecsSystem Spec
.

14 Apr 2011   #2
yowanvista

Windows 10 Pro x64
 
 

Quote:
"Your pc is in bad shape click here for a scan!" or "Critical Error!Windows couldnt find any hard drive space!" Alot of fake Windows popups.. and 5/10 seconds later my screen would go weird and it crashes..
Your PC has a malware infection
Boot in safemode with networking and download Malwarebytes
Update it and run a full scan

Do a System Restore if issues persists

If nothing works a Repair Install will be the only solution
My System SpecsSystem Spec
14 Apr 2011   #3
Windowsprobleem

Windows 7 Ultimate x86
 
 

Just ran a full scan of MalwareBytes, ill paste the log here!

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Databaseversie: 6360

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14-Apr-11 14:16:32
mbam-log-2011-04-14 (14-16-32).txt

Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 373890
Verstreken tijd: 54 minuut/minuten, 13 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 32
Registerwaarden ge´nfecteerd: 2
Registerdata ge´nfecteerd: 3
Mappen ge´nfecteerd: 1
Bestanden ge´nfecteerd: 12

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\W5E7SH31DG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WHMDNR9LKK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerwaarden ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.

Registerdata ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPap er (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen ge´nfecteerd:
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Bestanden ge´nfecteerd:
c:\Users\Koen\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Local\Temp\ldr8748.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Koen\Desktop\newsleecher_3.9_final_uw_fta\newsleecher 3.9 final uw@fta\Keygen\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
c:\program files (x86)\windows media player\run.exe (Trojan.CryptRun) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.


As you can see it got rid of the taskmanager disablers etc. After the scan malwarebytes wanted to do a reboot so i did.. got under the shower for 20/30 minutes and came back to see another BSOD!

Probleemhandtekening:
Gebeurtenisnaam van probleem: BlueScreen
Versie van besturingssysteem: 6.1.7600.2.0.0.256.1
Landinstelling-id: 1033

Aanvullende informatie over dit probleem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: 0000000000000200
BCP3: FFFFF88004876D40
BCP4: 0000000000000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1


thats the code

and i dont have the windows CD anymore
My System SpecsSystem Spec
.


14 Apr 2011   #4
Shootist

Windows 7 Pro x64
 
 

I'm sorry, I don't understand.
You don't have the Windows CD anymore?????

Why is that?

I have Windows CDs, DVD, Floppy disks going back to Windows 3.11WFW.
The only one I don't have is Windows ME. Never owned a copy.
My System SpecsSystem Spec
14 Apr 2011   #5
Windowsprobleem

Windows 7 Ultimate x86
 
 

Quote   Quote: Originally Posted by Shootist View Post
I'm sorry, I don't understand.
You don't have the Windows CD anymore?????

Why is that?

I have Windows CDs, DVD, Floppy disks going back to Windows 3.11WFW.
The only one I don't have is Windows ME. Never owned a copy.
haha if you see my room you'd understand(A) im sure its somewhere in the house just cant find it
My System SpecsSystem Spec
14 Apr 2011   #6
yowanvista

Windows 10 Pro x64
 
 

Quote   Quote: Originally Posted by Windowsprobleem View Post
Just ran a full scan of MalwareBytes, ill paste the log here!

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Databaseversie: 6360

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14-Apr-11 14:16:32
mbam-log-2011-04-14 (14-16-32).txt

Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 373890
Verstreken tijd: 54 minuut/minuten, 13 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 32
Registerwaarden ge´nfecteerd: 2
Registerdata ge´nfecteerd: 3
Mappen ge´nfecteerd: 1
Bestanden ge´nfecteerd: 12

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\W5E7SH31DG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WHMDNR9LKK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerwaarden ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.

Registerdata ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPap er (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen ge´nfecteerd:
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Bestanden ge´nfecteerd:
c:\Users\Koen\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Local\Temp\ldr8748.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Koen\Desktop\newsleecher_3.9_final_uw_fta\newsleecher 3.9 final uw@fta\Keygen\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
c:\program files (x86)\windows media player\run.exe (Trojan.CryptRun) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.


As you can see it got rid of the taskmanager disablers etc. After the scan malwarebytes wanted to do a reboot so i did.. got under the shower for 20/30 minutes and came back to see another BSOD!

Probleemhandtekening:
Gebeurtenisnaam van probleem: BlueScreen
Versie van besturingssysteem: 6.1.7600.2.0.0.256.1
Landinstelling-id: 1033

Aanvullende informatie over dit probleem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: 0000000000000200
BCP3: FFFFF88004876D40
BCP4: 0000000000000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1


thats the code

and i dont have the windows CD anymore
Do the system restore
My System SpecsSystem Spec
14 Apr 2011   #7
Windowsprobleem

Windows 7 Ultimate x86
 
 

Quote   Quote: Originally Posted by yowanvista View Post
Quote   Quote: Originally Posted by Windowsprobleem View Post
Just ran a full scan of MalwareBytes, ill paste the log here!

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Databaseversie: 6360

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14-Apr-11 14:16:32
mbam-log-2011-04-14 (14-16-32).txt

Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 373890
Verstreken tijd: 54 minuut/minuten, 13 seconde(n)

Geheugenprocessen ge´nfecteerd: 0
Geheugenmodulen ge´nfecteerd: 0
Registersleutels ge´nfecteerd: 32
Registerwaarden ge´nfecteerd: 2
Registerdata ge´nfecteerd: 3
Mappen ge´nfecteerd: 1
Bestanden ge´nfecteerd: 12

Geheugenprocessen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen ge´nfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels ge´nfecteerd:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\W5E7SH31DG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WHMDNR9LKK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerwaarden ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.

Registerdata ge´nfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPap er (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen ge´nfecteerd:
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Bestanden ge´nfecteerd:
c:\Users\Koen\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Local\Temp\ldr8748.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Koen\Desktop\newsleecher_3.9_final_uw_fta\newsleecher 3.9 final uw@fta\Keygen\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
c:\program files (x86)\windows media player\run.exe (Trojan.CryptRun) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.


As you can see it got rid of the taskmanager disablers etc. After the scan malwarebytes wanted to do a reboot so i did.. got under the shower for 20/30 minutes and came back to see another BSOD!

Probleemhandtekening:
Gebeurtenisnaam van probleem: BlueScreen
Versie van besturingssysteem: 6.1.7600.2.0.0.256.1
Landinstelling-id: 1033

Aanvullende informatie over dit probleem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: 0000000000000200
BCP3: FFFFF88004876D40
BCP4: 0000000000000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1


thats the code

and i dont have the windows CD anymore
Do the system restore
well the "start system restore" button is greyed out.. and if i go to advanced system restore i need a backup which i havent made before
My System SpecsSystem Spec
14 Apr 2011   #8
Windowsprobleem

Windows 7 Ultimate x86
 
 

Hmm found a way to re-enable the System restore Function.

Go to Start>Run, key in gpedit.msc and hit ENTER. Under Computer
Configuration, expand Administrative Templates, expand System, then click on
the System Restore folder. In the right-hand pane, double-click on Turn off
Configuration and, under the Setting tab, click in the radio button beside
Not Configured. Click on Apply then OK.

i just did that and i can finally open system restore now... But there are no system restore points?! i thought it made those automatically?
My System SpecsSystem Spec
15 Apr 2011   #9
yowanvista

Windows 10 Pro x64
 
 

Quote   Quote: Originally Posted by Windowsprobleem View Post
Hmm found a way to re-enable the System restore Function.

Go to Start>Run, key in gpedit.msc and hit ENTER. Under Computer
Configuration, expand Administrative Templates, expand System, then click on
the System Restore folder. In the right-hand pane, double-click on Turn off
Configuration and, under the Setting tab, click in the radio button beside
Not Configured. Click on Apply then OK.

i just did that and i can finally open system restore now... But there are no system restore points?! i thought it made those automatically?
Restore points are deleted by other system cleanup applications such as Disk Cleanup, ccleaner etc
My System SpecsSystem Spec
Reply

 Alot of BSOD's




Thread Tools





Similar help and support threads
Thread Forum
I'm getting alot of BSOD errors.
Hi, Dump files attached to thread, I wasn't able to upload health check wouldn't let me :s My specs: Is Windows 7 . . . - x86 (32-bit) or x64 ? x64 - the original installed OS on the system? Yes - an OEM or full retail version? OEM
BSOD Help and Support
Alot of BSOD's
Ive got a custom made pc : specs: amd phenom II x6 1055T Asus M4A88T-M/USB3 Ati radeon hd 5770 4GB Ram (hyper x) Win 7 home premium 32bit When I first got my pc it worked great and I had no problems at all but after 2 months or so suddenly I began to get...
BSOD Help and Support
Getting alot of BSOD's lately...
Hello, as the title says, my computer randomly freezes and get's blue screen. I've tried to reinstall Windows 7 Proffesional x64. What can i do to stop this? I'm attaching my dxdiag if it's any help
BSOD Help and Support
Getting BSOD alot while in game.
Well just randomly started happening few weeks ago while in game BSOD pops up stays for about 5-7 secs and then restarts computer my computer is custom built i bought it used it has worked good for about 3 months untell now i have been getting many BSOD i counted 6 different stop errors i can name...
BSOD Help and Support
BSOD alot
Win 7 Home Premium 64 bit retail version All the hardware is brand new, bought the pieces and put it together myself. Problem often happens when browsing, and using windows programs in general. Newer happened in a game - yet... I have tried running memtest86. Once i did it right after a...
BSOD Help and Support
Bsod alot
First off, Hello all. Starting yesterday afternoon after running Ad-Aware and CCleaner. I ran those because I noticed my Avast was Unsecured and I couldnt get it to come back on. I started getting the BSOD. It would happen on start up most of the time. I was able to keep it running long enough...
BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

ę Designer Media Ltd

All times are GMT -5. The time now is 23:42.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App