Windows 10: Got any Idea what is going on?

Not wanting to copy and paste my help thread from other forums that I never got a reply from I will try to get help here.


The problem I am experiencing is Default Application

I get the How do you want to open this file?


Problem:

It opens without me doing anything even after I start my computer.

It causes taskbar freezing and desktop freezing.

Once I choose a default program it opens it tons of times for no reason

Then It does that until I shutdown

Here are some videos of what I am experiencing:

RIP Lenovo Y510P - YouTube
oooh noooo noo - YouTube

It also causes on the browser to go back pages until you can't anymore.

Here is what the pop up looks like:

Imgur: The most awesome images on the Internet

Things I have tried:

Hard Drive Factory Reset-

Windows 10 Upgrade-

Useful information:

This is not a virus/malware

:)

 

0x8503001C Any idea what this is exactly?

http://www.htcwiki.com/thread/11500...47/cant+get+calendar+items+to+my+phone?t=anon

 

0x8503001C Any idea what this is exactly?

See if this thread helps:



http://forums.microsoft.com/windowsmobile/ShowPost.aspx?PostID=2769442&SiteID=65

 

Hi Wat and welcome to Tenforums.

We just had a similar situation here, which did indeed turn out to be a rootkit infection, so if you'd like help, I would suggest running some scans first just to be sure nothing is lurking on your system:

RKILL (Note: everything RKILL does is undone by a reboot, so if you reboot after running any of the other scans, be sure to run RKILL again before proceeding.)
TDSSKiller
ADWCleaner
MBAM with Rootkit box checked, and running a full scan on the OS drive.








Please post all logs, complete and unaltered, using the CODE box ("#" symbol) for us to see.
Thanks.

 

Malwarebytes will come in late

Here is what I have in pastebin:

Adwcleaner Log: Adwcleaner Log - Pastebin.com

TDSSKiller Log: TDSSKiller Log - Pastebin.com

Rkill Log: RKill Log - Pastebin.com

Also how would I figure out what file makes triggers the How do you want to open this?

Its been bugging me a ton..

 

In the ADWCleaner log:

• Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MalwareProtectionLive]

This is an infection

• hxxp://www.trovi.com

This is a browser hijack

In the TSDDKiller log:
No rootkits detected.

In the RKILL Log:

• C:\Users\Sasha\AppData\Local\Temp\{2D37DB65-D57E-4E39-9C9F-43B9825F9D37}\{28107E2E-6C26-40C0-BD44-25E41A8F1167}.exe (PID: 6524) [T-HEUR]

This is a suspicious process running.

In your hosts file:
127.0.0.1 keystone.mwbsys.com
127.0.0.1 sirius.mwbsys.com
127.0.0.1 bactem.mwbsys.com


Do you have Ccleaner free installed on the system? If not, please install it. Then navigate to the installed programs list, and save to text file, and upload it here using the # sign to put it between CODE tags.






Please also run JRT and post the log for that as well. Thanks.

 

Not sure if we will be able to see it or not.

Please also post a screenshot of your Scheduled Tasks in Ccleaner as shown:

 

Try this after cleaning up Trovi - follow simricks' excellent guidance
Default File Type Associations - Restore in Windows 10 - Windows 10 Forums

OPTION ONE: To Reset All File Associations to Microsoft Recommended Defaults

I also saw in one of your videos, that Daemon Tools Lite is installed. Win10 can native mount images and along with 7-zip can manage nearly any compressed folder type.

There are known issues with Daemon Tools on some machines.
How to avoid problems after Windows upgrade installation

Recommendation: Uninstall DT lite.
Also uninstall the SPTD service
DuplexSecure - Downloads
Download the installer
Select uninstall

It's possible that there's nothing to uninstall for SPTD

Just use Win10 native mount - no need to reinstall Daemon tools

 

Sorry for the delay.. The pop up is messing with my browser and work..

Screenshot: Imgur: The most awesome images on the Internet

JRT Log: JRT Log - Pastebin.com

Start Up Log: Start Up Log - Pastebin.com

 

simrick, just a note: Temp File Cleaner (TFC) is a nice small utility that well ... cleans out temp files

Jaycee always used TFC and Adwcleaner together as the first line of malware remediation.

cCleaner does the temp file cleaning job too. TFC is just a lighter, single purpose tool.

 

In your hosts file:
127.0.0.1 keystone.mwbsys.com
127.0.0.1 sirius.mwbsys.com
127.0.0.1 bactem.mwbsys.com

This is an illegal malwarebytes hack to get Pro for FREE. Not allowed on these or most forums to crack paid software.

 

How would I remove C:\Users\Sasha\AppData\Local\Temp\{2D37DB65-D57E-4E39-9C9F-43B9825F9D37}\{28107E2E-6C26-40C0-BD44-25E41A8F1167}.exe (PID: 6524) [T-HEUR]Value Found : [x64]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [MalwareProtectionLive]

And the Trovi Infection?I remember scanning with malwarebytes and deleted most of it.

 

Thank you Porthos. I am well aware of this.
@Wat : There will be no additional assistance until all illegal software and cracks are removed from the system, including the hosts file entries.