Page 1 of 2 12 LastLast
  1.    04 Jul 2016 #1
    Join Date : Jul 2016
    Posts : 4
    Windows

    Got any Idea what is going on?


    Not wanting to copy and paste my help thread from other forums that I never got a reply from I will try to get help here.


    The problem I am experiencing is Default Application

    I get the How do you want to open this file?


    Problem:

    It opens without me doing anything even after I start my computer.

    It causes taskbar freezing and desktop freezing.

    Once I choose a default program it opens it tons of times for no reason

    Then It does that until I shutdown

    Here are some videos of what I am experiencing:

    RIP Lenovo Y510P - YouTube
    oooh noooo noo - YouTube

    It also causes on the browser to go back pages until you can't anymore.

    Here is what the pop up looks like:

    Imgur: The most awesome images on the Internet

    Things I have tried:

    Hard Drive Factory Reset-

    Windows 10 Upgrade-

    Useful information:

    This is not a virus/malware
      My ComputerSystem Spec

  2.    04 Jul 2016 #2
    Join Date : Apr 2015
    Posts : 12,942
    W10Prox64

    Quote Originally Posted by Wat View Post
    Not wanting to copy and paste my help thread from other forums that I never got a reply from I will try to get help here.


    The problem I am experiencing is Default Application

    I get the How do you want to open this file?


    Problem:

    It opens without me doing anything even after I start my computer.

    It causes taskbar freezing and desktop freezing.

    Once I choose a default program it opens it tons of times for no reason

    Then It does that until I shutdown

    Here are some videos of what I am experiencing:

    RIP Lenovo Y510P - YouTube
    oooh noooo noo - YouTube

    It also causes on the browser to go back pages until you can't anymore.

    Here is what the pop up looks like:

    Imgur: The most awesome images on the Internet

    Things I have tried:

    Hard Drive Factory Reset-

    Windows 10 Upgrade-

    Useful information:

    This is not a virus/malware
    Hi Wat and welcome to Tenforums.

    We just had a similar situation here, which did indeed turn out to be a rootkit infection, so if you'd like help, I would suggest running some scans first just to be sure nothing is lurking on your system:

    RKILL (Note: everything RKILL does is undone by a reboot, so if you reboot after running any of the other scans, be sure to run RKILL again before proceeding.)
    TDSSKiller
    ADWCleaner
    MBAM with Rootkit box checked, and running a full scan on the OS drive.

    Click image for larger version. 

Name:	mbam03.PNG 
Views:	2 
Size:	49.6 KB 
ID:	88395
    Click image for larger version. 

Name:	mbam04.PNG 
Views:	2 
Size:	48.5 KB 
ID:	88396

    Please post all logs, complete and unaltered, using the CODE box ("#" symbol) for us to see.
    Thanks.
      My ComputerSystem Spec

  3.    05 Jul 2016 #3
    Join Date : Jul 2016
    Posts : 4
    Windows
    Thread Starter

    Quote Originally Posted by simrick View Post
    Hi Wat and welcome to Tenforums.

    We just had a similar situation here, which did indeed turn out to be a rootkit infection, so if you'd like help, I would suggest running some scans first just to be sure nothing is lurking on your system:

    RKILL (Note: everything RKILL does is undone by a reboot, so if you reboot after running any of the other scans, be sure to run RKILL again before proceeding.)
    TDSSKiller
    ADWCleaner
    MBAM with Rootkit box checked, and running a full scan on the OS drive.

    Click image for larger version. 

Name:	mbam03.PNG 
Views:	2 
Size:	49.6 KB 
ID:	88395
    Click image for larger version. 

Name:	mbam04.PNG 
Views:	2 
Size:	48.5 KB 
ID:	88396

    Please post all logs, complete and unaltered, using the CODE box ("#" symbol) for us to see.
    Thanks.
    Malwarebytes will come in late

    Here is what I have in pastebin:

    Adwcleaner Log: Adwcleaner Log - Pastebin.com

    TDSSKiller Log: TDSSKiller Log - Pastebin.com

    Rkill Log: RKill Log - Pastebin.com

    Also how would I figure out what file makes triggers the How do you want to open this?

    Its been bugging me a ton..
      My ComputerSystem Spec

  4.    05 Jul 2016 #4
    Join Date : Apr 2015
    Posts : 12,942
    W10Prox64

    Quote Originally Posted by Wat View Post
    Malwarebytes will come in late

    Here is what I have in pastebin:

    Adwcleaner Log: Adwcleaner Log - Pastebin.com

    TDSSKiller Log: TDSSKiller Log - Pastebin.com

    Rkill Log: RKill Log - Pastebin.com

    Also how would I figure out what file makes triggers the How do you want to open this?

    Its been bugging me a ton..
    In the ADWCleaner log:

    • Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MalwareProtectionLive]

    This is an infection

    • hxxp://www.trovi.com

    This is a browser hijack

    In the TSDDKiller log:
    No rootkits detected.

    In the RKILL Log:

    • C:\Users\Sasha\AppData\Local\Temp\{2D37DB65-D57E-4E39-9C9F-43B9825F9D37}\{28107E2E-6C26-40C0-BD44-25E41A8F1167}.exe (PID: 6524) [T-HEUR]

    This is a suspicious process running.

    In your hosts file:
    127.0.0.1 keystone.mwbsys.com
    127.0.0.1 sirius.mwbsys.com
    127.0.0.1 bactem.mwbsys.com


    Do you have Ccleaner free installed on the system? If not, please install it. Then navigate to the installed programs list, and save to text file, and upload it here using the # sign to put it between CODE tags.

    Click image for larger version. 

Name:	ccleaner-installed-progs.PNG 
Views:	2 
Size:	70.9 KB 
ID:	88460


    Please also run JRT and post the log for that as well. Thanks.
      My ComputerSystem Spec

  5.    05 Jul 2016 #5
    Join Date : Apr 2015
    Posts : 12,942
    W10Prox64

    Quote Originally Posted by Wat View Post
    ...[snip]Also how would I figure out what file makes triggers the How do you want to open this?

    Its been bugging me a ton..
    Not sure if we will be able to see it or not.

    Please also post a screenshot of your Scheduled Tasks in Ccleaner as shown:

    Click image for larger version. 

Name:	ccleaner-task-tab.PNG 
Views:	2 
Size:	63.0 KB 
ID:	88464
      My ComputerSystem Spec

  6.    05 Jul 2016 #6
    Join Date : Oct 2013
    Penns Forrest
    Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3

    Try this after cleaning up Trovi - follow simricks' excellent guidance
    Default File Type Associations - Restore in Windows 10 - Windows 10 Forums

    OPTION ONE: To Reset All File Associations to Microsoft Recommended Defaults

    I also saw in one of your videos, that Daemon Tools Lite is installed. Win10 can native mount images and along with 7-zip can manage nearly any compressed folder type.

    There are known issues with Daemon Tools on some machines.
    How to avoid problems after Windows upgrade installation

    Recommendation: Uninstall DT lite.
    Also uninstall the SPTD service
    DuplexSecure - Downloads
    Download the installer
    Select uninstall

    It's possible that there's nothing to uninstall for SPTD

    Just use Win10 native mount - no need to reinstall Daemon tools
      My ComputerSystem Spec

  7.    05 Jul 2016 #7
    Join Date : Jul 2016
    Posts : 4
    Windows
    Thread Starter

    Quote Originally Posted by simrick View Post
    Not sure if we will be able to see it or not.

    Please also post a screenshot of your Scheduled Tasks in Ccleaner as shown:

    Click image for larger version. 

Name:	ccleaner-task-tab.PNG 
Views:	2 
Size:	63.0 KB 
ID:	88464

    Sorry for the delay.. The pop up is messing with my browser and work..

    Screenshot: Imgur: The most awesome images on the Internet

    JRT Log: JRT Log - Pastebin.com

    Start Up Log: Start Up Log - Pastebin.com
      My ComputerSystem Spec

  8.    05 Jul 2016 #8
    Join Date : Oct 2013
    Penns Forrest
    Posts : 3,506
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3

    simrick, just a note: Temp File Cleaner (TFC) is a nice small utility that well ... cleans out temp files

    Jaycee always used TFC and Adwcleaner together as the first line of malware remediation.

    cCleaner does the temp file cleaning job too. TFC is just a lighter, single purpose tool.
      My ComputerSystem Spec

  9.    05 Jul 2016 #9
    Join Date : Jul 2015
    Posts : 196
    Win 7 8 and 10

    In your hosts file:
    127.0.0.1 keystone.mwbsys.com
    127.0.0.1 sirius.mwbsys.com
    127.0.0.1 bactem.mwbsys.com

    This is an illegal malwarebytes hack to get Pro for FREE. Not allowed on these or most forums to crack paid software.
      My ComputerSystem Spec

  10.    05 Jul 2016 #10
    Join Date : Jul 2016
    Posts : 4
    Windows
    Thread Starter

    How would I remove C:\Users\Sasha\AppData\Local\Temp\{2D37DB65-D57E-4E39-9C9F-43B9825F9D37}\{28107E2E-6C26-40C0-BD44-25E41A8F1167}.exe (PID: 6524) [T-HEUR]Value Found : [x64]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MalwareProtectionLive]

    And the Trovi Infection?I remember scanning with malwarebytes and deleted most of it.
      My ComputerSystem Spec


 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Solved Black-sod. No idea why.
I have no idea what it was, is. But after screen turns black, sounds keep playing for about a min or so before it shuts down the pc. Windows10 x64. 4670k, 16gb, gtx970.
BSOD Crashes and Debugging
No idea what this is.
In Settings, "Select which icons appear on the taskbar" there is something called PCFDOC8.exe Under it, it says "install progress 100%. The bar is switched off, but even on it does nothing. Any idea what this is, and how to remove it?
Software and Apps
No idea what I'very done!
I was playing Portal 2 through Steam when it glitched, the colours went weird and it froze. Restarted and it was fine for about ten minutes and it did it again. The third time it reacted to a YouTube video, so it can't have been Steam. Now when it...
General Support
i'm a pc and windows was my idea.
I guess you all remember these ads about users claiming to have had the idea and telling Microsoft. is it true, can you just email in with an idea. has anyone ever tried it.
General Support
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 02:43.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums