Alot of BSOD's

Windowsprobleem

New member
Local time
11:50 AM
Messages
5
It all start 2 nights ago.. i was watching 12 angry men and when the movie was finished i decided to go to bed. Next morning i get up turn on my pc... go downstairs to get a drink. I get back to my pc and see its barely started up yet so i was like Hmm normally this doesnt take so long.. Found out it was just looping around because everytime it got onto my Desktop alot of Popups were coming up saying "Your pc is in bad shape click here for a scan!" or "Critical Error!Windows couldnt find any hard drive space!" Alot of fake Windows popups.. and 5/10 seconds later my screen would go weird and it crashes..
Booted up into safemode(with network) and everything worked like a charm.. Decided to download Ad-Aware/Spyware doctor. Couldnt install ad-aware because because i didnt had .net framework 4.0.. and Spyware doctor found like 14 threats but couldnt remove them because i didnt had it registered. So i "bought" some keys and some keys failed. and it said so in a pop up box that i entered the serial key wrong.. But i tested some keys with a friend of mine.. and found some keys which worked... Everytime i filled in 1 of the working keys my pc BSOD... instantly.. fill in the key.. press Register! and bam BSOD now after a couple of times of booting into safe mode i realised i couldnt get onto the internet anymore.. Apparently i had a Temporary account.. All the folders in Program files(x86) were empty...(all the files were hidden) Folder Options was removed aswell(so was Task Manager)and i couldnt acces the folders of my own account anymore(c:/Users/username
Anyway after making a new admin account and disabling alot of stuff in msconfig services etc i managed to boot up into normal mode(with no graphics card drivers) problem now is.. i cant install anything.. if i try to install mumble.exe(voice over ip program) it says Windows Installer isnt working.. I cant uninstall programs from the program list either.. I did however run an ESET Online Scan and it found like 15 threats and removed them. I cant open my dump files either.. i went to my dump files and made myself owner.. opened up windows debugging tools but its still saying i dont have access..

here are my system specs:
Intel E8400 3.0ghz
XFX ATI HD4870 XXX 1GB
2GB Corsair XMS2
#1Hard drive: Samsunt spinpoint f1 1TB
#1Hard Drive: Samsung 160GB
Asus P5QL Motherboard

uploading my dump files etc now!
 

My Computer My Computer

At a glance

Windows 7 Ultimate x86
OS
Windows 7 Ultimate x86
"Your pc is in bad shape click here for a scan!" or "Critical Error!Windows couldnt find any hard drive space!" Alot of fake Windows popups.. and 5/10 seconds later my screen would go weird and it crashes..
Your PC has a malware infection
Boot in safemode with networking and download Malwarebytes
Update it and run a full scan

Do a http://www.sevenforums.com/tutorials/700-system-restore.html if issues persists

If nothing works a http://www.sevenforums.com/tutorials/3413-repair-install.html will be the only solution
 

My Computer My Computer

At a glance

Windows 10 Pro x64, Arch LinuxIntel Core 2 Quad Q8200 OC'd 3.08GHz8GB DDR2 900MhzMSI GT730 2GB GDDR5 (Kepler)
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 10 Pro x64, Arch Linux
CPU
Intel Core 2 Quad Q8200 OC'd 3.08GHz
Motherboard
Asus Rampage formula LGA775
Memory
8GB DDR2 900Mhz
Graphics Card(s)
MSI GT730 2GB GDDR5 (Kepler)
Sound Card
Supreme FX2
Monitor(s) Displays
Samsung LS22F350 LED
Screen Resolution
1080P
Hard Drives
Kingston SSDNow UV400 120GB, 500GB Hitachi, 2TB Samsung, 500GB Seagate FreeAgent, 640GB Samsung, 160GB Toshiba (Arch)
PSU
AeroCool 500W Bronze
Cooling
Cooler Master V6 + 3X fans
Keyboard
Prolink keyboard
Mouse
Logitech M705
Internet Speed
1MiB/s
Browser
Chrome Beta
Just ran a full scan of MalwareBytes, ill paste the log here!

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Databaseversie: 6360

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14-Apr-11 14:16:32
mbam-log-2011-04-14 (14-16-32).txt

Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 373890
Verstreken tijd: 54 minuut/minuten, 13 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 32
Registerwaarden geïnfecteerd: 2
Registerdata geïnfecteerd: 3
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 12

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\W5E7SH31DG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WHMDNR9LKK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
c:\Users\Koen\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Local\Temp\ldr8748.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Koen\Desktop\newsleecher_3.9_final_uw_fta\newsleecher 3.9 final uw@fta\Keygen\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
c:\program files (x86)\windows media player\run.exe (Trojan.CryptRun) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.


As you can see it got rid of the taskmanager disablers etc. After the scan malwarebytes wanted to do a reboot so i did.. got under the shower for 20/30 minutes and came back to see another BSOD!

Probleemhandtekening:
Gebeurtenisnaam van probleem: BlueScreen
Versie van besturingssysteem: 6.1.7600.2.0.0.256.1
Landinstelling-id: 1033

Aanvullende informatie over dit probleem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: 0000000000000200
BCP3: FFFFF88004876D40
BCP4: 0000000000000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1


thats the code :(

and i dont have the windows CD anymore:(
 

My Computer My Computer

At a glance

Windows 7 Ultimate x86
OS
Windows 7 Ultimate x86
I'm sorry, I don't understand.
You don't have the Windows CD anymore?????

Why is that?

I have Windows CDs, DVD, Floppy disks going back to Windows 3.11WFW.
The only one I don't have is Windows ME. Never owned a copy.
 

My Computer My Computer

At a glance

Windows 7 Pro x64i5 76016GBNvidia GTS450
Computer Manufacturer/Model Number
Built be Me
OS
Windows 7 Pro x64
CPU
i5 760
Motherboard
Asus P7P55D-E Pro
Memory
16GB
Graphics Card(s)
Nvidia GTS450
Sound Card
On board
Monitor(s) Displays
Dell 2007WFP Dell 1800FP
Screen Resolution
1680x1050 1280x1024
Hard Drives
Seagate 250GB & 750GB
WD 1TB
PSU
Antec 750
Case
In Win
Cooling
Cooler Master Hyper 212+
Keyboard
IBM
Mouse
MS
I'm sorry, I don't understand.
You don't have the Windows CD anymore?????

Why is that?

I have Windows CDs, DVD, Floppy disks going back to Windows 3.11WFW.
The only one I don't have is Windows ME. Never owned a copy.
haha if you see my room you'd understand(A) im sure its somewhere in the house just cant find it :(
 

My Computer My Computer

At a glance

Windows 7 Ultimate x86
OS
Windows 7 Ultimate x86
Just ran a full scan of MalwareBytes, ill paste the log here!

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Databaseversie: 6360

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14-Apr-11 14:16:32
mbam-log-2011-04-14 (14-16-32).txt

Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 373890
Verstreken tijd: 54 minuut/minuten, 13 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 32
Registerwaarden geïnfecteerd: 2
Registerdata geïnfecteerd: 3
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 12

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\W5E7SH31DG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WHMDNR9LKK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
c:\Users\Koen\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Local\Temp\ldr8748.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Koen\Desktop\newsleecher_3.9_final_uw_fta\newsleecher 3.9 final uw@fta\Keygen\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
c:\program files (x86)\windows media player\run.exe (Trojan.CryptRun) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.


As you can see it got rid of the taskmanager disablers etc. After the scan malwarebytes wanted to do a reboot so i did.. got under the shower for 20/30 minutes and came back to see another BSOD!

Probleemhandtekening:
Gebeurtenisnaam van probleem: BlueScreen
Versie van besturingssysteem: 6.1.7600.2.0.0.256.1
Landinstelling-id: 1033

Aanvullende informatie over dit probleem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: 0000000000000200
BCP3: FFFFF88004876D40
BCP4: 0000000000000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1


thats the code :(

and i dont have the windows CD anymore:(
Do the system restore
 

My Computer My Computer

At a glance

Windows 10 Pro x64, Arch LinuxIntel Core 2 Quad Q8200 OC'd 3.08GHz8GB DDR2 900MhzMSI GT730 2GB GDDR5 (Kepler)
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 10 Pro x64, Arch Linux
CPU
Intel Core 2 Quad Q8200 OC'd 3.08GHz
Motherboard
Asus Rampage formula LGA775
Memory
8GB DDR2 900Mhz
Graphics Card(s)
MSI GT730 2GB GDDR5 (Kepler)
Sound Card
Supreme FX2
Monitor(s) Displays
Samsung LS22F350 LED
Screen Resolution
1080P
Hard Drives
Kingston SSDNow UV400 120GB, 500GB Hitachi, 2TB Samsung, 500GB Seagate FreeAgent, 640GB Samsung, 160GB Toshiba (Arch)
PSU
AeroCool 500W Bronze
Cooling
Cooler Master V6 + 3X fans
Keyboard
Prolink keyboard
Mouse
Logitech M705
Internet Speed
1MiB/s
Browser
Chrome Beta
Just ran a full scan of MalwareBytes, ill paste the log here!

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Databaseversie: 6360

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

14-Apr-11 14:16:32
mbam-log-2011-04-14 (14-16-32).txt

Scantype: Volledige scan (C:\|D:\|)
Objecten gescand: 373890
Verstreken tijd: 54 minuut/minuten, 13 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 32
Registerwaarden geïnfecteerd: 2
Registerdata geïnfecteerd: 3
Mappen geïnfecteerd: 1
Bestanden geïnfecteerd: 12

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1B220C1-A500-99BD-F110-04B53A2C8952} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\W5E7SH31DG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WHMDNR9LKK (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registerwaarden geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Mappen geïnfecteerd:
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Bestanden geïnfecteerd:
c:\Users\Koen\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Local\Temp\ldr8748.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Koen\Desktop\newsleecher_3.9_final_uw_fta\newsleecher 3.9 final uw@fta\Keygen\Keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
c:\Windows\System32\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\drivers\svcrootx.exe851 (Malware.Gen) -> Quarantined and deleted successfully.
c:\program files (x86)\windows media player\run.exe (Trojan.CryptRun) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\uninstall windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Koen\AppData\Roaming\microsoft\Windows\start menu\Programs\windows restore\windows restore.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.


As you can see it got rid of the taskmanager disablers etc. After the scan malwarebytes wanted to do a reboot so i did.. got under the shower for 20/30 minutes and came back to see another BSOD!

Probleemhandtekening:
Gebeurtenisnaam van probleem: BlueScreen
Versie van besturingssysteem: 6.1.7600.2.0.0.256.1
Landinstelling-id: 1033

Aanvullende informatie over dit probleem:
BCCode: 3b
BCP1: 00000000C0000005
BCP2: 0000000000000200
BCP3: FFFFF88004876D40
BCP4: 0000000000000000
OS Version: 6_1_7600
Service Pack: 0_0
Product: 256_1


thats the code :(

and i dont have the windows CD anymore:(
Do the system restore

well the "start system restore" button is greyed out.. and if i go to advanced system restore i need a backup which i havent made before:(
 

My Computer My Computer

At a glance

Windows 7 Ultimate x86
OS
Windows 7 Ultimate x86
Hmm found a way to re-enable the System restore Function.

Go to Start>Run, key in gpedit.msc and hit ENTER. Under Computer
Configuration, expand Administrative Templates, expand System, then click on
the System Restore folder. In the right-hand pane, double-click on Turn off
Configuration and, under the Setting tab, click in the radio button beside
Not Configured. Click on Apply then OK.

i just did that and i can finally open system restore now... But there are no system restore points?! i thought it made those automatically?
 

My Computer My Computer

At a glance

Windows 7 Ultimate x86
OS
Windows 7 Ultimate x86
Hmm found a way to re-enable the System restore Function.

Go to Start>Run, key in gpedit.msc and hit ENTER. Under Computer
Configuration, expand Administrative Templates, expand System, then click on
the System Restore folder. In the right-hand pane, double-click on Turn off
Configuration and, under the Setting tab, click in the radio button beside
Not Configured. Click on Apply then OK.

i just did that and i can finally open system restore now... But there are no system restore points?! i thought it made those automatically?
Restore points are deleted by other system cleanup applications such as Disk Cleanup, ccleaner etc
 

My Computer My Computer

At a glance

Windows 10 Pro x64, Arch LinuxIntel Core 2 Quad Q8200 OC'd 3.08GHz8GB DDR2 900MhzMSI GT730 2GB GDDR5 (Kepler)
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 10 Pro x64, Arch Linux
CPU
Intel Core 2 Quad Q8200 OC'd 3.08GHz
Motherboard
Asus Rampage formula LGA775
Memory
8GB DDR2 900Mhz
Graphics Card(s)
MSI GT730 2GB GDDR5 (Kepler)
Sound Card
Supreme FX2
Monitor(s) Displays
Samsung LS22F350 LED
Screen Resolution
1080P
Hard Drives
Kingston SSDNow UV400 120GB, 500GB Hitachi, 2TB Samsung, 500GB Seagate FreeAgent, 640GB Samsung, 160GB Toshiba (Arch)
PSU
AeroCool 500W Bronze
Cooling
Cooler Master V6 + 3X fans
Keyboard
Prolink keyboard
Mouse
Logitech M705
Internet Speed
1MiB/s
Browser
Chrome Beta
Back
Top