Windows 10: Got any Idea what is going on?

Page 1 of 2 12 LastLast

  1. Posts : 4
    Windows
       04 Jul 2016 #1

    Got any Idea what is going on?


    Not wanting to copy and paste my help thread from other forums that I never got a reply from I will try to get help here.


    The problem I am experiencing is Default Application

    I get the How do you want to open this file?


    Problem:

    It opens without me doing anything even after I start my computer.

    It causes taskbar freezing and desktop freezing.

    Once I choose a default program it opens it tons of times for no reason

    Then It does that until I shutdown

    Here are some videos of what I am experiencing:

    RIP Lenovo Y510P - YouTube
    oooh noooo noo - YouTube

    It also causes on the browser to go back pages until you can't anymore.

    Here is what the pop up looks like:

    Imgur: The most awesome images on the Internet

    Things I have tried:

    Hard Drive Factory Reset-

    Windows 10 Upgrade-

    Useful information:

    This is not a virus/malware
      My ComputerSystem Spec


  2. Posts : 12,199
    W10Prox64
       04 Jul 2016 #2

    Wat said: View Post
    Not wanting to copy and paste my help thread from other forums that I never got a reply from I will try to get help here.


    The problem I am experiencing is Default Application

    I get the How do you want to open this file?


    Problem:

    It opens without me doing anything even after I start my computer.

    It causes taskbar freezing and desktop freezing.

    Once I choose a default program it opens it tons of times for no reason

    Then It does that until I shutdown

    Here are some videos of what I am experiencing:

    RIP Lenovo Y510P - YouTube
    oooh noooo noo - YouTube

    It also causes on the browser to go back pages until you can't anymore.

    Here is what the pop up looks like:

    Imgur: The most awesome images on the Internet

    Things I have tried:

    Hard Drive Factory Reset-

    Windows 10 Upgrade-

    Useful information:

    This is not a virus/malware
    Hi Wat and welcome to Tenforums.

    We just had a similar situation here, which did indeed turn out to be a rootkit infection, so if you'd like help, I would suggest running some scans first just to be sure nothing is lurking on your system:

    RKILL (Note: everything RKILL does is undone by a reboot, so if you reboot after running any of the other scans, be sure to run RKILL again before proceeding.)
    TDSSKiller
    ADWCleaner
    MBAM with Rootkit box checked, and running a full scan on the OS drive.

    Click image for larger version. 

Name:	mbam03.PNG 
Views:	2 
Size:	49.6 KB 
ID:	88395
    Click image for larger version. 

Name:	mbam04.PNG 
Views:	2 
Size:	48.5 KB 
ID:	88396

    Please post all logs, complete and unaltered, using the CODE box ("#" symbol) for us to see.
    Thanks.
      My ComputerSystem Spec


  3. Posts : 4
    Windows
    Thread Starter
       05 Jul 2016 #3

    simrick said: View Post
    Hi Wat and welcome to Tenforums.

    We just had a similar situation here, which did indeed turn out to be a rootkit infection, so if you'd like help, I would suggest running some scans first just to be sure nothing is lurking on your system:

    RKILL (Note: everything RKILL does is undone by a reboot, so if you reboot after running any of the other scans, be sure to run RKILL again before proceeding.)
    TDSSKiller
    ADWCleaner
    MBAM with Rootkit box checked, and running a full scan on the OS drive.

    Click image for larger version. 

Name:	mbam03.PNG 
Views:	2 
Size:	49.6 KB 
ID:	88395
    Click image for larger version. 

Name:	mbam04.PNG 
Views:	2 
Size:	48.5 KB 
ID:	88396

    Please post all logs, complete and unaltered, using the CODE box ("#" symbol) for us to see.
    Thanks.
    Malwarebytes will come in late

    Here is what I have in pastebin:

    Adwcleaner Log: Adwcleaner Log - Pastebin.com

    TDSSKiller Log: TDSSKiller Log - Pastebin.com

    Rkill Log: RKill Log - Pastebin.com

    Also how would I figure out what file makes triggers the How do you want to open this?

    Its been bugging me a ton..
      My ComputerSystem Spec


  4. Posts : 12,199
    W10Prox64
       05 Jul 2016 #4

    Wat said: View Post
    Malwarebytes will come in late

    Here is what I have in pastebin:

    Adwcleaner Log: Adwcleaner Log - Pastebin.com

    TDSSKiller Log: TDSSKiller Log - Pastebin.com

    Rkill Log: RKill Log - Pastebin.com

    Also how would I figure out what file makes triggers the How do you want to open this?

    Its been bugging me a ton..
    In the ADWCleaner log:

    • Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MalwareProtectionLive]

    This is an infection

    • hxxp://www.trovi.com

    This is a browser hijack

    In the TSDDKiller log:
    No rootkits detected.

    In the RKILL Log:

    • C:\Users\Sasha\AppData\Local\Temp\{2D37DB65-D57E-4E39-9C9F-43B9825F9D37}\{28107E2E-6C26-40C0-BD44-25E41A8F1167}.exe (PID: 6524) [T-HEUR]

    This is a suspicious process running.

    In your hosts file:
    127.0.0.1 keystone.mwbsys.com
    127.0.0.1 sirius.mwbsys.com
    127.0.0.1 bactem.mwbsys.com


    Do you have Ccleaner free installed on the system? If not, please install it. Then navigate to the installed programs list, and save to text file, and upload it here using the # sign to put it between CODE tags.

    Click image for larger version. 

Name:	ccleaner-installed-progs.PNG 
Views:	2 
Size:	70.9 KB 
ID:	88460


    Please also run JRT and post the log for that as well. Thanks.
      My ComputerSystem Spec


  5. Posts : 12,199
    W10Prox64
       05 Jul 2016 #5

    Wat said: View Post
    ...[snip]Also how would I figure out what file makes triggers the How do you want to open this?

    Its been bugging me a ton..
    Not sure if we will be able to see it or not.

    Please also post a screenshot of your Scheduled Tasks in Ccleaner as shown:

    Click image for larger version. 

Name:	ccleaner-task-tab.PNG 
Views:	2 
Size:	63.0 KB 
ID:	88464
      My ComputerSystem Spec


  6. Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       05 Jul 2016 #6

    Try this after cleaning up Trovi - follow simricks' excellent guidance
    Default File Type Associations - Restore in Windows 10 - Windows 10 Forums

    OPTION ONE: To Reset All File Associations to Microsoft Recommended Defaults

    I also saw in one of your videos, that Daemon Tools Lite is installed. Win10 can native mount images and along with 7-zip can manage nearly any compressed folder type.

    There are known issues with Daemon Tools on some machines.
    How to avoid problems after Windows upgrade installation

    Recommendation: Uninstall DT lite.
    Also uninstall the SPTD service
    DuplexSecure - Downloads
    Download the installer
    Select uninstall

    It's possible that there's nothing to uninstall for SPTD

    Just use Win10 native mount - no need to reinstall Daemon tools
      My ComputerSystem Spec


  7. Posts : 4
    Windows
    Thread Starter
       05 Jul 2016 #7

    simrick said: View Post
    Not sure if we will be able to see it or not.

    Please also post a screenshot of your Scheduled Tasks in Ccleaner as shown:

    Click image for larger version. 

Name:	ccleaner-task-tab.PNG 
Views:	2 
Size:	63.0 KB 
ID:	88464

    Sorry for the delay.. The pop up is messing with my browser and work..

    Screenshot: Imgur: The most awesome images on the Internet

    JRT Log: JRT Log - Pastebin.com

    Start Up Log: Start Up Log - Pastebin.com
      My ComputerSystem Spec


  8. Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       05 Jul 2016 #8

    simrick, just a note: Temp File Cleaner (TFC) is a nice small utility that well ... cleans out temp files

    Jaycee always used TFC and Adwcleaner together as the first line of malware remediation.

    cCleaner does the temp file cleaning job too. TFC is just a lighter, single purpose tool.
      My ComputerSystem Spec

  9.    05 Jul 2016 #9

    In your hosts file:
    127.0.0.1 keystone.mwbsys.com
    127.0.0.1 sirius.mwbsys.com
    127.0.0.1 bactem.mwbsys.com

    This is an illegal malwarebytes hack to get Pro for FREE. Not allowed on these or most forums to crack paid software.
      My ComputerSystem Spec


  10. Posts : 4
    Windows
    Thread Starter
       05 Jul 2016 #10

    How would I remove C:\Users\Sasha\AppData\Local\Temp\{2D37DB65-D57E-4E39-9C9F-43B9825F9D37}\{28107E2E-6C26-40C0-BD44-25E41A8F1167}.exe (PID: 6524) [T-HEUR]Value Found : [x64]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MalwareProtectionLive]

    And the Trovi Infection?I remember scanning with malwarebytes and deleted most of it.
      My ComputerSystem Spec


 
Page 1 of 2 12 LastLast

Related Threads
Solved Black-sod. No idea why. in BSOD Crashes and Debugging
I have no idea what it was, is. But after screen turns black, sounds keep playing for about a min or so before it shuts down the pc. Windows10 x64. 4670k, 16gb, gtx970.
No idea what this is. in Software and Apps
In Settings, "Select which icons appear on the taskbar" there is something called PCFDOC8.exe Under it, it says "install progress 100%. The bar is switched off, but even on it does nothing. Any idea what this is, and how to remove it?
No idea what I'very done! in General Support
I was playing Portal 2 through Steam when it glitched, the colours went weird and it froze. Restarted and it was fine for about ten minutes and it did it again. The third time it reacted to a YouTube video, so it can't have been Steam. Now when it...
I guess you all remember these ads about users claiming to have had the idea and telling Microsoft. is it true, can you just email in with an idea. has anyone ever tried it.
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 22:09.
Find Us