Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

KMS Activator - The culprit


  • Please log in to reply
19 replies to this topic

#1 Tonybologna69

Tonybologna69

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 17 September 2017 - 10:27 PM

So I tried to crack windows office 2010 using KMS Activator. I didn't work and my Comodo Internet Security went crazy with alerts. I noticed it installed randomly named programs, temp files and folders. I've deleted them except 2 folders that have access denied. The virus made it so no antivirus or antiwalware could be started. Internet access is locked out.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 AM

Posted 18 September 2017 - 01:39 PM

Try too connect
.Please click Start > Run, type inetcpl.cpl in the runbox and press enter.
Click the Connections tab and click the LAN settings option.
Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.
Now check if the internet is working again.

OR

Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.


Try to run these Turn Off Comodo for now if necessary.

Proxy Settings
  • List content of Hosts
  • List IP conf[iguration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • [/list]

  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
  • [/list] SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • And finally I'd like us to scan your machine with ESET OnlineScan:
  • Please download and run ESET Online Scanner
  • Check qy7AMI8.jpg (if available) and click on the ePL5oyv.jpg button.
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
  • c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
  • Enable detection of potentially unsafe applications
    Enable detection of suspicious applications
    Scan archives
    Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
  • yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • 8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
  • imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Tonybologna69

Tonybologna69
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 18 September 2017 - 07:09 PM

I tried resetting all the internet options within all browsers, checked the LAN proxy, uninstalled all the malware installed under programs, and tried the cmd you posted. The network still is not connecting. Below I added the information I could find. How would I get the other information for you? Is it safe to use a USB between two PCs?

 

IPconfig

Host Name UncleTony-PC

Primary DNS blank

Node Type Hybrid

IP Routing Enabled No

WINS Proxy Enabled No

 

Hosts File Contents:

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 lmlicenses.wip4.adobe.com

127.0.0.1 lm.licenses.wip4.adobe.com

127.0.0.1 lm.licenses.adobe.com

127.0.0.1 userarea.d16.pl

127.0.0.1 beatskillz-prod.us-west-1.elasticbeanstalk.com

127.0.0.1 stagecraft-prod.us-west-1.elasticbeanstalk.com

127.0.0.1 polyversemusic.com

127.0.0.1 auth.cycling74.com

127.0.0.1 auth64.cycling74.com

127.0.0.1 api.beatskillz.com

127.0.0.1 www.r2rdownload.com

127.0.0.1 www.elephantafiles.com



#4 Tonybologna69

Tonybologna69
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 18 September 2017 - 07:20 PM

https://imgur.com/a/RUlnN

Also I restarted the PC and it BSOD right before shutting down. 



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 AM

Posted 19 September 2017 - 01:48 PM

Yes, but hold down SHIFT key while inserting. This will prevent .exe files from running.
TRy to run the tools from the USB after getting them off another PC.. Obviously not ESET.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Tonybologna69

Tonybologna69
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 19 September 2017 - 05:01 PM

Some things I forgot to mention; I uninstalled Office 2010, KMS injects itself into virtual disk upon restarting. So I uninstalled Daemon tools. There are two folders in my appdata/local folder caled vmtlrgo and vmtpcsu. Both were created around the time of the infection. Both have access denied and cannot be deleted. In the processes, I see a NVDisplay.container.exe that has no file location and cannot be stopped. But also a nvcontainer.exe that does have a file location and seems to be the legitimate Nvidia container. Theres also a csrss.exe that has no file location and cannot be stopped. 

 

# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 19 21:30:03 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 7 Ultimate (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: 56721fdae678648d60cff59c59e38dcc
 
 
***** [ Folders ] *****
 
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
Deleted: C:\ProgramData\EmailNotifier
Deleted: C:\ProgramData\Application Data\EmailNotifier
Deleted: C:\Users\All Users\EmailNotifier
Deleted: C:\Users\Uncle Tony\AppData\Roaming\Yahoo!\Companion
Deleted: C:\ProgramData\apn
Deleted: C:\ProgramData\Application Data\apn
Deleted: C:\Users\All Users\apn
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted: iorrt
 
 
***** [ Registry ] *****
 
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A3394E43-3D48-44A8-B250-37959680527A}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F806864C-1AF1-4B32-A40A-AA274AC73012}
Deleted: [Key] - HKU\.DEFAULT\Software\ImInstaller
Deleted: [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\ImInstaller
Deleted: [Key] - HKU\S-1-5-18\Software\ImInstaller
Deleted: [Key] - HKCU\Software\ImInstaller
Deleted: [Key] - HKLM\SOFTWARE\StrongSignal
Deleted: [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\BI
Deleted: [Key] - HKCU\Software\BI
Deleted: [Key] - HKLM\SOFTWARE\Email Notifier
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKLM\SOFTWARE\MPC
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4EB3FC20-7158-4DD5-A08E-707541E9341C}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Classes\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}
Deleted: [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\Classes\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKCU\Software\Classes\MIME\Database\Content Type\application\x-pokkidownloadhelper
Deleted: [Key] - HKCU\Software\Classes\AppID\npPokkiDownloadHelper.dll
Deleted: [Key] - HKCU\Software\MozillaPlugins\pokki.com\PokkiDownloadHelper
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing|bProtectShowTabsWelcome
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{5A83D7C9-4A14-4000-BC05-389268238753}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: Vapecrawler - vapecrawler.com
SearchProvider deleted: Ask Search - ask search
SearchProvider deleted: Vapecrawler - vapecrawler.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [6134 B] - [2017/9/19 21:27:4]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x64 
Ran by Uncle Tony (Administrator) on Tue 09/19/2017 at 14:39:55.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 13 
 
Successfully deleted: C:\Users\Uncle Tony\Documents\add-in express (Folder) 
Successfully deleted: C:\Users\Uncle Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X98Z1LP (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Uncle Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LDEELU2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Uncle Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F4NKA4YM (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Uncle Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPP777H7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Uncle Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJB172XW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Uncle Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9LUPDA2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4X98Z1LP (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9LDEELU2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F4NKA4YM (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPP777H7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TJB172XW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9LUPDA2 (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully repaired: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\APPINIT_DLLs (Registry Value)
Successfully repaired: HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\APPINIT_DLLs (Registry Value)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/19/2017 at 14:41:15.63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#7 Tonybologna69

Tonybologna69
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 19 September 2017 - 05:30 PM

This might be important to know. The JRT.exe didn't have access to create file clean_shortcut.vbs in local\temp. I used 7zip and opened the exe to manually extract the contents into the temp folder. Doing so allowed JRT to run.

 

Here are all the logs for ADW. Scans and cleans with a final scan and no restart. 

 

 

# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 19 21:27:04 2017

# Updated on 2017/29/08 by Malwarebytes 
# Database: 08-29-2017.2
# Running on Windows 7 Ultimate (X64)
# Mode: scan
 
***** [ Services ] *****
 
PUP.Adware.Heuristic, 56721fdae678648d60cff59c59e38dcc
 
 
***** [ Folders ] *****
 
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
PUP.Optional.Legacy, C:\ProgramData\EmailNotifier
PUP.Optional.Legacy, C:\ProgramData\Application Data\EmailNotifier
PUP.Optional.Legacy, C:\Users\All Users\EmailNotifier
PUP.Optional.Legacy, C:\Users\Uncle Tony\AppData\Roaming\Yahoo!\Companion
Rogue.ForcedExtension, C:\ProgramData\apn
Rogue.ForcedExtension, C:\ProgramData\Application Data\apn
Rogue.ForcedExtension, C:\Users\All Users\apn
 
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
PUP.Optional.Legacy, iorrt
 
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A3394E43-3D48-44A8-B250-37959680527A}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F806864C-1AF1-4B32-A40A-AA274AC73012}
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\ImInstaller
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\ImInstaller
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\ImInstaller
PUP.Optional.Legacy, [Key] - HKCU\Software\ImInstaller
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\StrongSignal
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\BI
PUP.Optional.Legacy, [Key] - HKCU\Software\BI
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Email Notifier
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKCU\Software\Yahoo\YFriendsBar
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MPC
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4EB3FC20-7158-4DD5-A08E-707541E9341C}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\Classes\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\MIME\Database\Content Type\application\x-pokkidownloadhelper
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\AppID\npPokkiDownloadHelper.dll
PUP.Optional.Legacy, [Key] - HKCU\Software\MozillaPlugins\pokki.com\PokkiDownloadHelper
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin
PUP.Optional.BProtect, [Value] - HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing | bProtectShowTabsWelcome
PUP.Optional.NeoBar.A, [Key] - HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
PUP.Optional.NeoBar.A, [Key] - HKLM\SOFTWARE\Classes\TypeLib\{5A83D7C9-4A14-4000-BC05-389268238753}
PUP.Optional.NeoBar.A, [Key] - HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
PUP.Optional.Legacy, SearchProvider found: Vapecrawler - vapecrawler.com
PUP.Optional.Legacy, SearchProvider found: Ask Search - ask search
PUP.Optional.Legacy, SearchProvider found: Vapecrawler - vapecrawler.com
 
/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271 
 
 
*************************
 
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 19 21:30:03 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 7 Ultimate (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: 56721fdae678648d60cff59c59e38dcc
 
 
***** [ Folders ] *****
 
Deleted: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Application Updater
Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Application Updater
Deleted: C:\ProgramData\EmailNotifier
Deleted: C:\ProgramData\Application Data\EmailNotifier
Deleted: C:\Users\All Users\EmailNotifier
Deleted: C:\Users\Uncle Tony\AppData\Roaming\Yahoo!\Companion
Deleted: C:\ProgramData\apn
Deleted: C:\ProgramData\Application Data\apn
Deleted: C:\Users\All Users\apn
 
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
Deleted: iorrt
 
 
***** [ Registry ] *****
 
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A3394E43-3D48-44A8-B250-37959680527A}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F806864C-1AF1-4B32-A40A-AA274AC73012}
Deleted: [Key] - HKU\.DEFAULT\Software\ImInstaller
Deleted: [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\ImInstaller
Deleted: [Key] - HKU\S-1-5-18\Software\ImInstaller
Deleted: [Key] - HKCU\Software\ImInstaller
Deleted: [Key] - HKLM\SOFTWARE\StrongSignal
Deleted: [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\BI
Deleted: [Key] - HKCU\Software\BI
Deleted: [Key] - HKLM\SOFTWARE\Email Notifier
Deleted: [Key] - HKLM\SOFTWARE\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\Yahoo\Companion
Deleted: [Key] - HKCU\Software\AppDataLow\Software\Yahoo\Companion
Deleted: [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKCU\Software\Yahoo\YFriendsBar
Deleted: [Key] - HKLM\SOFTWARE\MPC
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4EB3FC20-7158-4DD5-A08E-707541E9341C}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Deleted: [Key] - HKCU\Software\Classes\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}
Deleted: [Key] - HKU\S-1-5-21-687147385-3789069006-3929115864-1000\Software\Classes\TypeLib\{39B1EC90-428D-4033-9E32-ED28D02FF588}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{22848257-6A2D-4D2A-8D56-C886D25B8B58}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Deleted: [Key] - HKLM\SOFTWARE\Classes\SOFTWARE\Classes\CLSID\{03AE1B7B-A9E7-4D5A-9D34-89999C31B659}
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKCU\Software\Classes\MIME\Database\Content Type\application\x-pokkidownloadhelper
Deleted: [Key] - HKCU\Software\Classes\AppID\npPokkiDownloadHelper.dll
Deleted: [Key] - HKCU\Software\MozillaPlugins\pokki.com\PokkiDownloadHelper
Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Deleted: [Key] - HKLM\SOFTWARE\MozillaPlugins\@pandonetworks.com\PandoWebPlugin
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\TabbedBrowsing|bProtectShowTabsWelcome
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{5A83D7C9-4A14-4000-BC05-389268238753}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
SearchProvider deleted: Vapecrawler - vapecrawler.com
SearchProvider deleted: Ask Search - ask search
SearchProvider deleted: Vapecrawler - vapecrawler.com
 
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[S0].txt - [6134 B] - [2017/9/19 21:27:4]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########
 
 
# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 19 22:14:19 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 08-29-2017.2
# Running on Windows 7 Ultimate (X64)
# Mode: scan
 
***** [ Services ] *****
 
PUP.Adware.Heuristic, 56721fdae678648d60cff59c59e38dcc
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A3394E43-3D48-44A8-B250-37959680527A}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F806864C-1AF1-4B32-A40A-AA274AC73012}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.NeoBar.A, [Key] - HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
PUP.Optional.NeoBar.A, [Key] - HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [5441 B] - [2017/9/19 21:30:3]
C:/AdwCleaner/AdwCleaner[S0].txt - [6134 B] - [2017/9/19 21:27:4]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########
 
# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 19 22:16:57 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 7 Ultimate (X64)
# Mode: clean
 
***** [ Services ] *****
 
Deleted: 56721fdae678648d60cff59c59e38dcc
 
 
***** [ Folders ] *****
 
No malicious folders deleted.
 
***** [ Files ] *****
 
No malicious files deleted.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks deleted.
 
***** [ Registry ] *****
 
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{A3394E43-3D48-44A8-B250-37959680527A}
Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F806864C-1AF1-4B32-A40A-AA274AC73012}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
Deleted: [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{80B3B43F-7508-4627-BE66-00FB9AE5EE72}
Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{357D32FC-F0AE-4B37-B36F-D44AA31496F5}
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries deleted.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries deleted.
 
*************************
 
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
 
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [5441 B] - [2017/9/19 21:30:3]
C:/AdwCleaner/AdwCleaner[S0].txt - [6134 B] - [2017/9/19 21:27:4]
C:/AdwCleaner/AdwCleaner[S1].txt - [1891 B] - [2017/9/19 22:14:19]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########
 
# AdwCleaner 7.0.2.1 - Logfile created on Tue Sep 19 22:24:25 2017
# Updated on 2017/29/08 by Malwarebytes 
# Database: 08-29-2017.2
# Running on Windows 7 Ultimate (X64)
# Mode: scan
 
***** [ Services ] *****
 
PUP.Adware.Heuristic, 56721fdae678648d60cff59c59e38dcc
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
***** [ Files ] *****
 
No malicious files found.
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
No malicious tasks found.
 
***** [ Registry ] *****
 
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {A3394E43-3D48-44A8-B250-37959680527A}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F806864C-1AF1-4B32-A40A-AA274AC73012}
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
 
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries.
 
*************************
 
C:/AdwCleaner/AdwCleaner[C0].txt - [5441 B] - [2017/9/19 21:30:3]
C:/AdwCleaner/AdwCleaner[C1].txt - [1969 B] - [2017/9/19 22:16:57]
C:/AdwCleaner/AdwCleaner[S0].txt - [6134 B] - [2017/9/19 21:27:4]
C:/AdwCleaner/AdwCleaner[S1].txt - [1891 B] - [2017/9/19 22:14:19]
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt ##########


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 AM

Posted 19 September 2017 - 07:42 PM

Good ..can you run ESET yet?

If not Run Malwarebytes off the flash drive.


51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware
  • Download MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
    • If no threats were found, click View detailed log.
      • Click Export and save the log as a .txt file on your Desktop or another location.
    • If the scan detected any threats, click Apply Actions.
      • To complete any actions taken you will be prompted to restart your computer...click on Yes.
      • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
      • Check the box next to Scan Log. Choose the most current scan and click View.
      • Click Export and save the log as a .txt file on your Desktop or another location.
  • Providing the MalwareBytes' Anti-Malware log file
    • Attach the log file you just saved to your next reply for further review.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Tonybologna69

Tonybologna69
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 20 September 2017 - 12:02 PM

Still no network connection. TDS still is not running or opening when double clicked. And Malwarebytes did not ask to restart after the quarantine.
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 9/20/17
Scan Time: 9:50 AM
Log File: d30f5aa4-9e23-11e7-a263-000000000000.json
Administrator: Yes
 
-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.188
Update Package Version: 1.0.2826
License: Expired
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: UncleTony-PC\Uncle Tony
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 460569
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 5 min, 59 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
Adware.DNSUnlocker.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xZualCFARzj3 Updater, Quarantined, [2247], [372679],1.0.2826
 
Registry Value: 1
Adware.DNSUnlocker.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xZualCFARzj3 Updater|IMAGEPATH, Quarantined, [2247], [372679],1.0.2826
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

Edited by Tonybologna69, 20 September 2017 - 12:08 PM.


#10 Tonybologna69

Tonybologna69
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 20 September 2017 - 12:25 PM

I ran the adwcleaner.exe and it cleaned 5 files, it required a restart and got another BSOD. Once it booted (with no internet still) it said windows has recovered with links to 2 files that describe the problem. How can I upload a .dmp and .xml for you? Also, my IPv4 DNS was changed to 82.163.143.174 and 82.163.143.176. I disabled them for now, but they seem to swap back every restart. 



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 AM

Posted 20 September 2017 - 01:12 PM

I am getting help n the connection.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 AM

Posted 20 September 2017 - 02:59 PM

Unfortunately the cracks you used have probably corrupted files..

I can suggest this.


Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Tonybologna69

Tonybologna69
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 20 September 2017 - 07:56 PM

My computer doesn't have a optical drive. Is there a way to do this with a Windows 7 USB? Also, I am still getting the same BSOD on every restart.  I have to press F8 on startup and disable "restart after system failure" to get the computer to shut down. Otherwise while trying to shut down it BSOD (same as above) and turns back on.


Edited by Tonybologna69, 20 September 2017 - 08:07 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:20 AM

Posted 21 September 2017 - 10:25 AM

I have no other options than a reinstall.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Tonybologna69

Tonybologna69
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:08:20 AM

Posted 21 September 2017 - 01:14 PM

I swapped out a hard drive for an optical. I'm having trouble finding valid and legitimate information on making a windows 7 disc. Do you have a reliable download for the ISO? I have another PC i can burn a disk on. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users