Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Mozilla Overhauls Content Blocking Settings in Firefox 65

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

Photo

BSOD's, Unable to install programs via downloaded .exe's

Started by a vague blur , Feb 17 2016 11:09 PM

  • Please log in to reply
21 replies to this topic

#1 a vague blur

a vague blur

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:11:18 AM

Posted 17 February 2016 - 11:09 PM

Hello, I've been having a few issues with my computer lately, and as this forum has often saved my hide a few times in the past, I figured I'd come back and beg for some more mercy.

 

First off, the operating system I'm running is Windows Vista Home Premium. This computer was given to me by a friend a few years back, and though not the best computer, it does MOST of what I need it to. After receiving the computer, I did a factory reset, and have had no problems for well over a year, until a day or two ago.

 

Now for the problems! My mother was on the computer the other day, saying she took a picture and was trying to put it on the computer to show me. She then proceeded to tell me that something was installed, and after trying to decipher a computer illiterate person's description of what had happened, I eventually just went about my day. A few hours later, while playing a game online, I got a BSOD saying something like "BAD_POOL_blahblah", can't remember the last part. I chalked that up to a hardware failure, and went back on the computer and resumed what I was doing.

 

Later that day, I tried to install CCleaner to help tidy some things up, and when I attempted to install the .EXE, nothing happened. I tried again, and again, the same thing. And by nothing happened, I mean I double-clicked the .EXE, and literally NOTHING HAPPENED AT ALL. I also downloaded another .EXE for uTorrent, and was met with the same problem.

 

About an hour ago, I was attempting to manually repair my Registry via a tutorial on restoring the ability to install .EXE's where I was met with another BSOD. After that, I decided it's best to come to the pros, and see if you guys can point me in the right direction. 

 

Thanks in advance for your help,

James


BC AdBot (Login to Remove)

 

#2 a vague blur

a vague blur
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:11:18 AM

Posted 17 February 2016 - 11:17 PM

Oh joy, one more thing I just noticed, it seems that whatever I just did to the registry, when I right-click an .EXE file to install, the first option says ""%1" %*" instead of "Run...".


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:18 AM

Posted 18 February 2016 - 07:59 AM

Hi a vague blur :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Winsock Entries;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      OQmAcqS.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.

#4 a vague blur

a vague blur
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:11:18 AM

Posted 18 February 2016 - 12:02 PM

Thanks for your reply, Aura! Here is the log you requested:
 
MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by James (administrator) on 18-02-2016 at 11:59:42
Running from "C:\Users\James\Downloads"
Microsoft® Windows Vista™ Home Premium   (X86)
Model: GV344AA-ABA SR5262NX Manufacturer: Compaq-Presario
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================
 
150Mbps Wireless 802.11b/g/n Nano USB Adapter = Wireless Network Connection (Connected)
Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0) = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set interface luid=ethernet_4 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=loopback_0 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
set interface luid=wireless_0 forwarding=disabled advertise=disabled mtu=0 metric=0 metric=0 nud=disabled basereachabletime=0 retransmittime=0 routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : James-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : 150Mbps Wireless 802.11b/g/n Nano USB Adapter
   Physical Address. . . . . . . . . : 74-DA-38-42-63-4E
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b475:a0c6:92d6:c0f9%9(Preferred) 
   IPv4 Address. . . . . . . . . . . : 172.20.20.20(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, February 18, 2016 10:53:26 AM
   Lease Expires . . . . . . . . . . : Thursday, February 18, 2016 12:01:37 PM
   Default Gateway . . . . . . . . . : 172.20.20.1
   DHCP Server . . . . . . . . . . . : 172.20.20.1
   DHCPv6 IAID . . . . . . . . . . . : 225761848
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
   Physical Address. . . . . . . . . : 00-1D-60-12-A8-A7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 6:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{66D33798-47C6-44D6-8E05-509506CD34CB}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 7:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : isatap.{704575F5-FADA-44D1-9BB6-013F2566789D}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:172.20.20.20%11(Preferred) 
   Default Gateway . . . . . . . . . : 
   DNS Servers . . . . . . . . . . . : 75.75.75.75
                                       75.75.76.76
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  cdns01.comcast.net
Address:  75.75.75.75:53
 
Name:    google.com
Addresses:  173.194.204.102, 173.194.204.113, 173.194.204.139, 173.194.204.101
 173.194.204.100, 173.194.204.138
 
 
 
Pinging google.com [173.194.205.102] with 32 bytes of data:
 
 
 
Reply from 173.194.205.102: bytes=32 time=42ms TTL=45
 
Reply from 173.194.205.102: bytes=32 time=41ms TTL=45
 
 
 
Ping statistics for 173.194.205.102:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 41ms, Maximum = 42ms, Average = 41ms
 
Server:  cdns01.comcast.net
Address:  75.75.75.75:53
 
Name:    yahoo.com
Addresses:  98.139.183.24, 206.190.36.45, 98.138.253.109
 
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
 
 
 
Reply from 206.190.36.45: bytes=32 time=117ms TTL=51
 
Reply from 206.190.36.45: bytes=32 time=113ms TTL=51
 
 
 
Ping statistics for 206.190.36.45:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 113ms, Maximum = 117ms, Average = 115ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time=15ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time=4ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 4ms, Maximum = 15ms, Average = 9ms
 
===========================================================================
Interface List
  9 ...74 da 38 42 63 4e ...... 150Mbps Wireless 802.11b/g/n Nano USB Adapter
  8 ...00 1d 60 12 a8 a7 ...... Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
  1 ........................... Software Loopback Interface 1
 10 ...00 00 00 00 00 00 00 e0  isatap.{66D33798-47C6-44D6-8E05-509506CD34CB}
 11 ...00 00 00 00 00 00 00 e0  isatap.{704575F5-FADA-44D1-9BB6-013F2566789D}
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.20.20.1     172.20.20.20     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      172.20.20.0    255.255.255.0         On-link      172.20.20.20    281
     172.20.20.20  255.255.255.255         On-link      172.20.20.20    281
    172.20.20.255  255.255.255.255         On-link      172.20.20.20    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      172.20.20.20    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      172.20.20.20    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  9    281 fe80::/64                On-link
 11    286 fe80::5efe:172.20.20.20/128
                                    On-link
  9    281 fe80::b475:a0c6:92d6:c0f9/128
                                    On-link
  1    306 ff00::/8                 On-link
  9    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [227328] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/17/2016 11:54:13 PM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/17/2016 10:52:43 PM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/17/2016 10:42:55 PM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/17/2016 03:51:04 PM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/17/2016 12:08:30 PM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/17/2016 07:35:09 AM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/16/2016 11:51:10 AM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/15/2016 10:59:10 AM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/14/2016 11:55:38 AM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
Error: (02/13/2016 11:37:18 AM) (Source: WerSvc) (User: )
Description: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
 
 
System errors:
=============
Error: (02/18/2016 10:53:24 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.20.20.20 on the Network Card with network address 74DA3842634E.
 
Error: (02/18/2016 08:21:42 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.20.20.20 on the Network Card with network address 74DA3842634E.
 
Error: (02/18/2016 07:58:27 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.20.20.20 on the Network Card with network address 74DA3842634E.
 
Error: (02/18/2016 07:53:26 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.20.20.20 on the Network Card with network address 74DA3842634E.
 
Error: (02/18/2016 07:34:33 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.20.20.20 on the Network Card with network address 74DA3842634E.
 
Error: (02/18/2016 07:07:38 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.20.20.20 on the Network Card with network address 74DA3842634E.
 
Error: (02/18/2016 07:02:34 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.20.20.20 on the Network Card with network address 74DA3842634E.
 
Error: (02/18/2016 06:57:33 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.20.20.20 on the Network Card with network address 74DA3842634E.
 
Error: (02/18/2016 06:52:20 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.20.20.20 on the Network Card with network address 74DA3842634E.
 
Error: (02/18/2016 06:46:24 AM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 172.20.20.20 on the Network Card with network address 74DA3842634E.
 
 
Microsoft Office Sessions:
=========================
Error: (02/09/2016 11:59:35 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4089 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-02-17 18:42:58.483
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 18:42:58.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 18:42:58.358
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 18:42:58.327
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 18:42:58.296
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 18:42:58.264
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 18:42:58.155
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 18:42:58.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 18:42:58.046
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 18:42:57.999
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0.1 - Microsoft Corporation) Hidden
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.45.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A81000000003}) (Version: 8.1.0 - Adobe Systems Incorporated)
Colossus Addon Mod 1.0 (HKLM\...\Colossus Addon Mod) (Version: 1.0 - The BSC)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Diablo (HKCU\...\Diablo) (Version:  - )
Diablo (HKLM\...\Diablo) (Version:  - )
Edimax Wireless LAN (HKLM\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0205.2 - Edimax Technology Co.)
Fallout 2 (HKLM\...\GOGPACKFALLOUT2_is1) (Version: 2.0.0.10 - GOG.com)
Fallout Tactics (HKLM\...\GOGPACKFALLOUTTACTICS_is1) (Version: 2.0.0.8 - GOG.com)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4558.05 - PC-Doctor, Inc.)
Hewlett-Packard Active Check (HKLM\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 1.1.7.0 - Hewlett-Packard) Hidden
Hewlett-Packard Asset Agent for Health Check (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 2.0.59.5 - HP) Hidden
HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.2.0.2296 - Hewlett-Packard)
HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.2.0.2304 - Hewlett-Packard)
HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version:  - Hewlett-Packard)
HP Photosmart Essential 2.01 (HKLM\...\HP Photosmart Essential) (Version: 2.01 - HP)
HP Total Care Advisor (HKLM\...\{0DDA7620-4F8B-43B3-8828-CA5EE292FA3B}) (Version: 1.2.13 - Hewlett-Packard)
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.005.007 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java Auto Updater (HKLM\...\{4A03706F-666A-4037-7777-5F2748764D10}) (Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216045FF}) (Version: 6.0.450 - Oracle)
Java™ 7 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
Java™ SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
LightScribe  1.6.45.1 (HKLM\...\{B6ADA0E4-9451-43EB-B86E-878AD9E68D4F}) (Version: 1.6.45.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 1.65.0.1400 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.65.0.1400 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50501 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Morrowind (HKLM\...\{C6934B4D-A20D-4A19-A360-D0F3CED9EE12}) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
muvee autoProducer 6.0 (HKLM\...\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}) (Version: 6.00.050 - muvee Technologies)
OpenAL (HKLM\...\OpenAL) (Version:  - )
PDF Settings CS6 (HKLM\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PSSWCORE (HKLM\...\{F72E2DDC-3DB8-4190-A21D-63883D955FE7}) (Version: 2.01.0000 - Hewlett-Packard) Hidden
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5444 - Realtek Semiconductor Corp.)
Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)
Rosetta Stone Version 3 (HKLM\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Roxio Activation Module (HKLM\...\{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}) (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.572 - Roxio)
RPG MAKER VX Ace (HKLM\...\RPGVXAce_E_is1) (Version: 1.01a - Enterbrain)
RPG MAKER VX Ace RTP (HKLM\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
RTKXI (HKCU\...\InstallShield_{64893225-ADBA-469E-B114-F3B2C1FBBA77}) (Version: 1.00.0000 - Koei)
RTKXI (HKLM\...\{64893225-ADBA-469E-B114-F3B2C1FBBA77}) (Version: 1.00.0000 - Koei) Hidden
Shovel Knight (HKLM\...\Shovel Knight_is1) (Version:  - )
Sid Meier's Civilization 4 - Beyond the Sword (HKCU\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.03 - Firaxis Games)
Sid Meier's Civilization 4 - Warlords (HKCU\...\{3E4B349F-10B5-4586-9D99-489A90A8B228}) (Version: 2.13 - Firaxis Games)
Sid Meier's Civilization 4 (HKCU\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (HKLM\...\{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}) (Version: 1.00.0000 - Firaxis Games) Hidden
SimCity 4 Deluxe (HKLM\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.)
Snapfish Picture Mover (HKLM\...\{029B5901-1F27-4347-9923-E8ACC8F54E15}) (Version: 1.9.0.16 - HP Snapfish)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - Conexant Systems)
TES3 Tribunal (HKLM\...\{FA5BADE5-C1B9-4930-970F-A18CDD4AC7A7}) (Version:  - )
The Elder Scrolls I: Arena, ArenaSetup 1.6 (HKLM\...\ArenaSetup_is1) (Version:  - Bethesda Softworks)
The Elder Scrolls II: Daggerfall, DaggerfallSetup 2.10a (HKLM\...\DaggerfallSetup_is1) (Version:  - Bethesda Softworks)
Tibia (HKLM\...\Tibia_is1) (Version: 10.90 - CipSoft GmbH)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.5.1 - Tweaking.com)
Update for Office 2007 (KB934528) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{2B939677-2FFD-48F6-9075-7BF48CB87C80}) (Version:  - )
Update for Office System 2007 Setup (KB929722) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{D8E9BEBD-655F-467D-8176-CA9959C140A3}) (Version:  - )
VideoToolkit01 (HKLM\...\{824D3839-DAA1-4315-A822-7AE3E620E528}) (Version: 90.0.146.000 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WeatherBug Gadget (HKLM\...\{209CDA54-D390-46A2-A97C-7BF61734418D}) (Version: 1.0.0.6 - AWS Convergence Technologies) Hidden
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zezenia Online (HKLM\...\Zezenia) (Version: 5.6.2 - Zezenia Online)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 56%
Total physical RAM: 2038.75 MB
Available physical RAM: 895.24 MB
Total Virtual: 4310.8 MB
Available Virtual: 2824.48 MB
 
========================= Partitions: =====================================
 
1 Drive c: (COMPAQ) (Fixed) (Total:289.39 GB) (Free:39.32 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:8.7 GB) (Free:0.09 GB) NTFS
8 Drive y: (DIABLO) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\JAMES-PC
 
Administrator            Guest                    James                    
Ma Dukes                 
 
 
**** End of log ****

#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:18 AM

Posted 18 February 2016 - 12:07 PM

Please uninstall the following programs.
  • Adobe Flash Player ActiveX - Outdated and vulnerable;
  • Adobe Reader 8.1.0 - Outdated and vulnerable;
  • Java 6 Update 45 - Outdated and vulnerable;
  • Java 7 Update 5 - Outdated and vulnerable;
  • Java SE Runtime Environment 6 Update 1 - Outdated and vulnerable;
  • Malwarebytes Anti-Malware - Outdated, I'll link you to right version to install in the steps below;
Once done, follow the instructions below please.

lv0mVRW.pngJunkware Removal Tool (JRT)
  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits : BleepingComputer.com
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Cleaning button. This will kill all the active processes;
    CfdTLN1.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply;
aOpBoaQ.pngMalwarebytes Anti-Malware - Clean Mode
  • Download and install the free version of Malwarebytes Anti-Malware
    Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point;
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the Update Now button;
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan;
  • Let the scan run, the time required to complete the scan depends of your system and computer specs;
  • Once the scan is complete, make sure that the checkbox by Threat is checked (it means that every item detected is checked), then click on the Remove Selected button;
    L9PN4j1.png
  • Click on Save Results after the deletion (in the bottom-right corner) and select Copy to clipboard. Paste the content in your next reply;
Your next reply(ies) should therefore contain:
  • Copy/pasted JRT log;
  • Copy/pasted AdwCleaner clean log;
  • Copy/pasted Malwarebytes clean log;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.

#6 a vague blur

a vague blur
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:11:18 AM

Posted 18 February 2016 - 12:37 PM

JRT log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows Vista ™ Home Premium x86 
Ran by James (Administrator) on Thu 02/18/2016 at 12:33:23.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal (File) 
Successfully deleted: C:\Users\James\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/18/2016 at 12:35:36.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#7 a vague blur

a vague blur
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:11:18 AM

Posted 18 February 2016 - 12:55 PM

ADwCleaner Log:

 

# AdwCleaner v5.034 - Logfile created 18/02/2016 at 12:46:03

# Updated 16/02/2016 by Xplode
# Database : 2016-02-16.2 [Server]
# Operating system : Windows Vista ™ Home Premium  (x86)
# Username : James - JAMES-PC
# Running from : C:\Users\James\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Ma Dukes\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Ma Dukes\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1493 bytes] ##########

#8 a vague blur

a vague blur
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:11:18 AM

Posted 18 February 2016 - 01:19 PM

MWBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2/18/2016
Scan Time: 1:02:29 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.02.18.03
Rootkit Database: v2016.02.17.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista
CPU: x86
File System: NTFS
User: James
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 351256
Time Elapsed: 12 min, 50 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
HackTool.Sniffer.WpePro, C:\$RECYCLE.BIN\S-1-5-21-1258222873-755793932-3585661604-1000\$RE19264.zip, Quarantined, [a289e37f2772d95dad62678e0afae41c], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:18 AM

Posted 18 February 2016 - 01:33 PM

Alright :) Follow the instructions below please.

zImGw67.pngWindows Repair All-In-One
NOTE: Before following to step below, please disable your Antivirus software or any other real-time security software that you have enabled.
  • Boot in Safe Mode with Networking;
  • Download the portable version of Windows Repair All-In-One;
  • Move the file (archive) on your Desktop, and extract it there;
  • Go in the tweaking.com_windows_repair_aio folder, then Tweaking.com - Windows Repair folder, right-click on Repair_Windows.exe and select Run as Administrator;
  • From there, click on the Next button until you are presented with an Open Repairs button and click on it;
  • Let the Registry back up complete, and move on to the check-list window;
  • Click on the Unselect All button at the bottom, then check the following items:
    • Repair File Associations - Make sure that all the options are checked underneat;
  • Once done, click on the Start Repairs button and let the scan execute;
  • If you are being prompted with a Security Warning, allow it to go through;
  • Once the repair is complete, it'll ask you to restart your computer, please do it;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.

#10 a vague blur

a vague blur
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:11:18 AM

Posted 19 February 2016 - 11:46 AM

When I downloaded the portable version of Windows-All-In-One, extracted it to the desktop, I didn't see a "tweaking.com_windows_repair_aio" folder. The main folder was "Tweaking.com - Windows Repair", I opened that, and in that folder was the "Repair_Windows.exe" you referred to. Is this okay?


#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:18 AM

Posted 19 February 2016 - 11:58 AM

Yes sorry, the file might have changed name since I wrote this canned a while ago. Launch Repair_Windows.exe, yes.

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.

#12 a vague blur

a vague blur
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:11:18 AM

Posted 19 February 2016 - 12:08 PM

I've run the Windows Repair All-In-One and followed your instructions. Just finished restarting. Is there anything else?


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:18 AM

Posted 19 February 2016 - 12:10 PM

Now are you able to install CCleaner if you download it from the link below?

https://www.piriform.com/ccleaner/download/standard2

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.

#14 a vague blur

a vague blur
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
    •  
  • Local time:11:18 AM

Posted 19 February 2016 - 03:19 PM

Yes, I can download and install .exe's now. Is there anyway I can fix the problem where when I right-click a program, it says "%1" %* instead of "Run..."?


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:18 AM

Posted 19 February 2016 - 03:24 PM

Yes. Follow the instructions below please.
  • On Windows Vista & 7, click on the Windows Start Menu, then enter cmd in the search box, right-click on the cmd icon and select Run as Administrator
  • On Windows 8, drag your cursor in the bottom-left corner, and right-click on the metro menu preview, then select Command Prompt (Admin);
  • On Windows 8.1, right click on the Windows logo in the bottom-left corner and select Command Prompt (Admin);
  • Enter the following commands, one after the other. You'll know when you're ready to input the next command when a new line with a blinking cursor will appear under the precedent one:
    Note: You can copy and paste these commands instead of typing them. To copy a command inside the command prompt, move your mouse over the blinking cursor, right-click and select Paste. You must have copied the command prior to that (via Ctrl + C or left-click and Copy).
    reg query HKEY_CLASSES_ROOT\exefile /s > "%userprofile%\Desktop\HKCR_exe.txt"
reg query HKEY_CLASSES_ROOT\exefile\shell\open /s > "%userprofile%\Desktop\HKCR_exe_shell.txt"
  • Once you're done running the commands, two files will have appeared on your desktop:
    • HKCR_exe.txt
    • HKCR_exe_shell.txt
  • Open both of them, and copy/paste their content in your next reply;

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.

Back to Am I infected? What do I do?


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·