My PC is acting very strange

[DR M]

Hm...

Click on Advanced Options > Troubleshoot > Advanced Options > Command Prompt

Once you're in the command prompt window, copy/paste the following commands in the same sequence, followed by Enter each time:

bootrec.exe /rebuildbcd

bootrec.exe /fixmbr

bootrec.exe /fixboot

Try to start up and let us know the result.

 

[crystald3w]

Done...until the third one... shows "Access is denied."

 

[DR M]

Have you tried to restart?

 

[crystald3w]

Yes just restarted now...im finally out of the loop thank you!
So i uninstalled a program and created a new folder on my desktop then restarted again to check for any changes, still the same problem..the program's back and the new folder disappeared.

 

[DR M]

Before I ask you to do something else, I have to make sure:

Did you sign in with the Administrator account instead of Ayesha? <<< IMPORTANT

 

[crystald3w]

Didnt get any option for that... It just logged me in like usual

 

[DR M]

Just to confirm what is happening:

Go to post #10 again and follow the instructions to enable the built-in Administrator account.

Restart and let me know if you have the option to log in as Administrator instead of Ayesha.

 

[crystald3w]

Did it again...still logs me in as Ayesha without any option to choose from.

 

[DR M]

Right. So... the computer doesn't keep/remember the action again.

I would like to see some logs, which can put some light into the issue.

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.

If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

 

[crystald3w]

Here you go.

 

[DR M]

Unfortunately the Addition log is not complete. Can you repeat the process once more please? Attach both the logs for me to review them.

 

[crystald3w]

Noted, here you go.

 

[DR M]

You have keygens and the KMS service in there. These are enough to infect your computer with the easiest way...

Question: Is your operating system (Windows) legally activated?

 

[crystald3w]

I remember i have downloaded those some time ago. Are they harming my PC in any way right now?
And I got my Windows installed by a friend so I'm really unsure, but it shows "Windows is activated."

 

[DR M]

Have in mind that using pirated/cracked software is an easy way to infect your computer. Almost as easy as intentionally downloading malware. Sysnative's Rules don't allow the use of illegal/cracked programs. To get assistance, a user has to remove anything illegal first. Most important, we can't provide assistance if a user has a not legally activated operating system.

Let's make some checks.

1. Running slmgr command

• Press Windows icon on your Desktop, together with the letter R.
• Type cmd, and press Ctrl + Shift + Enter to run Command Prompt as administrator.
• Copy and paste the following command and press Enter:

slmgr /dli

• After running the command, you will get a report. Please take a screenshot of what you got and attach it in your next reply. Here is an article where you can see how do you take a screenshot with the snipping tool, in case you need it.

2. Running CKScanner

• Download CKScanner from here and save it to your desktop.
• Doubleclick CKScanner.exe and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

[crystald3w]

Understood.
Here you go.

V
V
V

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\makena\there\thereclient\resources\dv\t006dv1c_stonecracked2.jpg.dds
c:\makena\there\thereclient\resources\dv\t006dv_stonecracked01.jpg.dds
c:\makena\there\thereclient\resources\gamekit\actionkit\s00107ak_cracked_client.ts
c:\makena\there\thereclient\resources\gamekit\templates\s00107tp_cracked.ts
c:\makena\there\thereclient\resources\terrain\dunecracks.png.dds
c:\program files\ableton\live 10 suite\resources\core library\ableton folder info\previews\devices\instruments\tension\effects\crackling strings abstract.adv.ogg
c:\program files\ableton\live 10 suite\resources\core library\ableton folder info\previews\devices\instruments\tension\effects\crackling strings abstract.adv.ogg.asd
c:\program files\ableton\live 10 suite\resources\core library\devices\audio effects\vinyl distortion\crack.adv
c:\program files\ableton\live 10 suite\resources\core library\devices\instruments\tension\effects\crackling strings abstract.adv
c:\program files\ableton\live 10 suite\resources\core library\samples\drums\snare\snare crack it.wav.asd
c:\program files\ableton\live 10 suite\resources\core library\samples\drums\snare\snare crack ring layered.aif
c:\program files\ableton\live 10 suite\resources\core library\samples\drums\snare\snare crack ring layered.aif.asd
c:\program files\ableton\live 10 suite\resources\core library\samples\drums\snare\snare crackle basket.wav.asd
c:\program files\ableton\live 10 suite\resources\max\resources\media\jitter\materials\pavement.cracks.jitmtl
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.746.1.6\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\f\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.746.1.6\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\r\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\ssh-keygen.exe
scanner sequence 3.KG.11.LLBCT0
----- EOF -----

 

[DR M]

Hi, Crystald3w.

Any reason you removed an entry from the above log?

 

[crystald3w]

Hi DR M.
I have completely removed some files which consisted of the cracked softwares before scanning my PC. Was that okay? I haven't restarted my PC yet so i'm unsure if they'll appear again.

 

[DR M]

Please run again the CKScanner as instructed here: My PC is acting very strange

DO NOT remove any line from the log.

Also, since the topic is now removed to the Security Arena Forum, please have in mind the following:

1. Always ask before acting. Do not continue if you are not sure, or if something unexpected happens.

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. If your computer seems to start working normally, don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

4. You have to reply to my posts within 3 days. If you need some additional time, just let me know. Otherwise, I will leave the topic due to lack of feedback. If you are able, I would request you to check this thread at least once per day so that we can resolve your issues effectively and efficiently.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.

 

[crystald3w]

Noted.
Here you go, i have run the CKScanner again resulting in the following log.

V
V
V


CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\makena\there\thereclient\resources\dv\t006dv1c_stonecracked2.jpg.dds
c:\makena\there\thereclient\resources\dv\t006dv_stonecracked01.jpg.dds
c:\makena\there\thereclient\resources\gamekit\actionkit\s00107ak_cracked_client.ts
c:\makena\there\thereclient\resources\gamekit\templates\s00107tp_cracked.ts
c:\makena\there\thereclient\resources\terrain\dunecracks.png.dds
c:\program files\ableton\live 10 suite\resources\core library\ableton folder info\previews\devices\instruments\tension\effects\crackling strings abstract.adv.ogg
c:\program files\ableton\live 10 suite\resources\core library\ableton folder info\previews\devices\instruments\tension\effects\crackling strings abstract.adv.ogg.asd
c:\program files\ableton\live 10 suite\resources\core library\devices\audio effects\vinyl distortion\crack.adv
c:\program files\ableton\live 10 suite\resources\core library\devices\instruments\tension\effects\crackling strings abstract.adv
c:\program files\ableton\live 10 suite\resources\core library\samples\drums\snare\snare crack it.wav.asd
c:\program files\ableton\live 10 suite\resources\core library\samples\drums\snare\snare crack ring layered.aif
c:\program files\ableton\live 10 suite\resources\core library\samples\drums\snare\snare crack ring layered.aif.asd
c:\program files\ableton\live 10 suite\resources\core library\samples\drums\snare\snare crackle basket.wav.asd
c:\program files\ableton\live 10 suite\resources\max\resources\media\jitter\materials\pavement.cracks.jitmtl
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.746.1.6\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\f\ssh-keygen.exe
c:\windows\servicing\lcu\package_for_rollupfix~31bf3856ad364e35~amd64~~19041.746.1.6\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\r\ssh-keygen.exe
c:\windows\winsxs\amd64_openssh-common-components-onecore_31bf3856ad364e35_10.0.19041.329_none_9ab860b70e7bbcc8\ssh-keygen.exe
scanner sequence 3.GJ.11.EJFAO0
----- EOF -----