Got any Idea what is going on?

Page 1 of 2 12 LastLast

  1. Wat
    Posts : 4
    Windows
       #1

    Got any Idea what is going on?


    Not wanting to copy and paste my help thread from other forums that I never got a reply from I will try to get help here.


    The problem I am experiencing is Default Application

    I get the How do you want to open this file?


    Problem:

    It opens without me doing anything even after I start my computer.

    It causes taskbar freezing and desktop freezing.

    Once I choose a default program it opens it tons of times for no reason

    Then It does that until I shutdown

    Here are some videos of what I am experiencing:

    RIP Lenovo Y510P - YouTube
    oooh noooo noo - YouTube

    It also causes on the browser to go back pages until you can't anymore.

    Here is what the pop up looks like:

    Imgur: The most awesome images on the Internet

    Things I have tried:

    Hard Drive Factory Reset-

    Windows 10 Upgrade-

    Useful information:

    This is not a virus/malware
      My Computer

  2. simrick's Avatar
    Posts : 15,923
    W10Prox64
       #2

    Wat said:
    Not wanting to copy and paste my help thread from other forums that I never got a reply from I will try to get help here.


    The problem I am experiencing is Default Application

    I get the How do you want to open this file?


    Problem:

    It opens without me doing anything even after I start my computer.

    It causes taskbar freezing and desktop freezing.

    Once I choose a default program it opens it tons of times for no reason

    Then It does that until I shutdown

    Here are some videos of what I am experiencing:

    RIP Lenovo Y510P - YouTube
    oooh noooo noo - YouTube

    It also causes on the browser to go back pages until you can't anymore.

    Here is what the pop up looks like:

    Imgur: The most awesome images on the Internet

    Things I have tried:

    Hard Drive Factory Reset-

    Windows 10 Upgrade-

    Useful information:

    This is not a virus/malware
    Hi Wat and welcome to Tenforums.

    We just had a similar situation here, which did indeed turn out to be a rootkit infection, so if you'd like help, I would suggest running some scans first just to be sure nothing is lurking on your system:

    RKILL (Note: everything RKILL does is undone by a reboot, so if you reboot after running any of the other scans, be sure to run RKILL again before proceeding.)
    TDSSKiller
    ADWCleaner
    MBAM with Rootkit box checked, and running a full scan on the OS drive.

    Got any Idea what is going on?-mbam03.png
    Got any Idea what is going on?-mbam04.png

    Please post all logs, complete and unaltered, using the CODE box ("#" symbol) for us to see.
    Thanks.
      My Computer


  3. Wat
    Posts : 4
    Windows
    Thread Starter
       #3

    simrick said:
    Hi Wat and welcome to Tenforums.

    We just had a similar situation here, which did indeed turn out to be a rootkit infection, so if you'd like help, I would suggest running some scans first just to be sure nothing is lurking on your system:

    RKILL (Note: everything RKILL does is undone by a reboot, so if you reboot after running any of the other scans, be sure to run RKILL again before proceeding.)
    TDSSKiller
    ADWCleaner
    MBAM with Rootkit box checked, and running a full scan on the OS drive.

    Got any Idea what is going on?-mbam03.png
    Got any Idea what is going on?-mbam04.png

    Please post all logs, complete and unaltered, using the CODE box ("#" symbol) for us to see.
    Thanks.
    Malwarebytes will come in late

    Here is what I have in pastebin:

    Adwcleaner Log: Adwcleaner Log - Pastebin.com

    TDSSKiller Log: TDSSKiller Log - Pastebin.com

    Rkill Log: RKill Log - Pastebin.com

    Also how would I figure out what file makes triggers the How do you want to open this?

    Its been bugging me a ton..
      My Computer

  4. simrick's Avatar
    Posts : 15,923
    W10Prox64
       #4

    Wat said:
    Malwarebytes will come in late

    Here is what I have in pastebin:

    Adwcleaner Log: Adwcleaner Log - Pastebin.com

    TDSSKiller Log: TDSSKiller Log - Pastebin.com

    Rkill Log: RKill Log - Pastebin.com

    Also how would I figure out what file makes triggers the How do you want to open this?

    Its been bugging me a ton..
    In the ADWCleaner log:

    • Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MalwareProtectionLive]

    This is an infection

    • hxxp://www.trovi.com

    This is a browser hijack

    In the TSDDKiller log:
    No rootkits detected.

    In the RKILL Log:

    • C:\Users\Sasha\AppData\Local\Temp\{2D37DB65-D57E-4E39-9C9F-43B9825F9D37}\{28107E2E-6C26-40C0-BD44-25E41A8F1167}.exe (PID: 6524) [T-HEUR]

    This is a suspicious process running.

    In your hosts file:
    127.0.0.1 keystone.mwbsys.com
    127.0.0.1 sirius.mwbsys.com
    127.0.0.1 bactem.mwbsys.com


    Do you have Ccleaner free installed on the system? If not, please install it. Then navigate to the installed programs list, and save to text file, and upload it here using the # sign to put it between CODE tags.

    Got any Idea what is going on?-ccleaner-installed-progs.png


    Please also run JRT and post the log for that as well. Thanks.
      My Computer

  5. simrick's Avatar
    Posts : 15,923
    W10Prox64
       #5

    Wat said:
    ...[snip]Also how would I figure out what file makes triggers the How do you want to open this?

    Its been bugging me a ton..
    Not sure if we will be able to see it or not.

    Please also post a screenshot of your Scheduled Tasks in Ccleaner as shown:

    Got any Idea what is going on?-ccleaner-task-tab.png
      My Computer

  6. Slartybart's Avatar
    Posts : 3,502
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       #6

    Try this after cleaning up Trovi - follow simricks' excellent guidance
    Default File Type Associations - Restore in Windows 10 - Windows 10 Forums

    OPTION ONE: To Reset All File Associations to Microsoft Recommended Defaults

    I also saw in one of your videos, that Daemon Tools Lite is installed. Win10 can native mount images and along with 7-zip can manage nearly any compressed folder type.

    There are known issues with Daemon Tools on some machines.
    How to avoid problems after Windows upgrade installation

    Recommendation: Uninstall DT lite.
    Also uninstall the SPTD service
    DuplexSecure - Downloads
    Download the installer
    Select uninstall

    It's possible that there's nothing to uninstall for SPTD

    Just use Win10 native mount - no need to reinstall Daemon tools
      My Computer



  7. Wat
    Posts : 4
    Windows
    Thread Starter
       #7

    simrick said:
    Not sure if we will be able to see it or not.

    Please also post a screenshot of your Scheduled Tasks in Ccleaner as shown:

    Got any Idea what is going on?-ccleaner-task-tab.png

    Sorry for the delay.. The pop up is messing with my browser and work..

    Screenshot: Imgur: The most awesome images on the Internet

    JRT Log: JRT Log - Pastebin.com

    Start Up Log: Start Up Log - Pastebin.com
      My Computer

  8. Slartybart's Avatar
    Posts : 3,502
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       #8

    simrick, just a note: Temp File Cleaner (TFC) is a nice small utility that well ... cleans out temp files

    Jaycee always used TFC and Adwcleaner together as the first line of malware remediation.

    cCleaner does the temp file cleaning job too. TFC is just a lighter, single purpose tool.
      My Computer

  9. Porthos's Avatar
    Posts : 813
    Win 10
       #9

    In your hosts file:
    127.0.0.1 keystone.mwbsys.com
    127.0.0.1 sirius.mwbsys.com
    127.0.0.1 bactem.mwbsys.com

    This is an illegal malwarebytes hack to get Pro for FREE. Not allowed on these or most forums to crack paid software.
      My Computers


  10. Wat
    Posts : 4
    Windows
    Thread Starter
       #10

    How would I remove C:\Users\Sasha\AppData\Local\Temp\{2D37DB65-D57E-4E39-9C9F-43B9825F9D37}\{28107E2E-6C26-40C0-BD44-25E41A8F1167}.exe (PID: 6524) [T-HEUR]Value Found : [x64]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MalwareProtectionLive]

    And the Trovi Infection?I remember scanning with malwarebytes and deleted most of it.
      My Computer


 

Related Threads
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 07:25.
Find Us




Windows 10 Forums