Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't boot up windows 10 after running Hitman Pro


  • This topic is locked This topic is locked
7 replies to this topic

#1 NateIsTheMate

NateIsTheMate

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 09 December 2017 - 10:22 AM

v6BwXFB.jpg

I didn't have any malware or any type of infections, It's just my routine of scanning viruses, and it's my first time running Hitman pro, so I made a pretty noob mistake by running Hitman Pro and accidentally deleted every detections. Now, I can't seem to access windows. I get through Windows 10 Login but as soon as I get in, I get a message that says "Your PC will automatically restart in one minute, Windows ran into a problem and needs to restart, You should close this message now and save your work message" then it restarts. I am able to boot in safe mode. I'm 100% sure that Hitman pro deleted a false-positive windows registry threat since it's the only thing that I can think of as a root of this problem. What should I do? EDIT: No system restore point were created even though minutes before running hitman pro, it said it was creating a system restore. 

Some shady entries I found on FRST.txt (I didn't include the whole entries for privacy's sake)

==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe


==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2017-01-25] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528 2015-02-04] (Zbshareware Lab)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [706392 2017-11-21] (Autodesk, Inc.)
HKU\S-1-5-21-1416146827-1402653696-1639172637-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-1416146827-1402653696-1639172637-1001\...\Run: [uTorrent] => C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe [1981624 2017-12-01] (BitTorrent Inc.)
HKU\S-1-5-21-1416146827-1402653696-1639172637-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1416146827-1402653696-1639172637-1001\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9175896 2017-10-02] ()
HKU\S-1-5-21-1416146827-1402653696-1639172637-1001\...\Run: [Akamai NetSession Interface] => C:\Users\User\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1416146827-1402653696-1639172637-1001\...\Policies\Explorer: [] 
GroupPolicy: Restriction <==== ATTENTION

Edited by NateIsTheMate, 09 December 2017 - 10:36 AM.


BC AdBot (Login to Remove)

 


#2 PhillPower2

PhillPower2

  • Members
  • 330 posts
  • ONLINE
  •  
  • Local time:07:38 PM

Posted 09 December 2017 - 11:09 AM

Hello NateIsTheMate,

 

As you can boot into Safe Mode I would suggest that you use the Reset feature and keep my files etc option (a refresh).

 

The refresh option does not delete your personal data but may remove certain apps such as Chrome etc, I do however always recommend that folk back up any important data before carrying out a refresh or making any significant changes to the computers software or hardware.

 

 I'm 100% sure that Hitman pro deleted a false-positive windows registry threat since it's the only thing that I can think of as a root of this problem

 

 

Once you get Windows running as it should you may want to have the computer checked for malware over on those forums, discussing anything malware removal related is off limits on these forums but what I can say is because the computer is starting in Safe Mode it could be a bad driver or program that is loading on boot that is causing you issues, the refresh should sort it out for you.



#3 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 8,989 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:02:38 PM

Posted 09 December 2017 - 11:14 AM

Moved to the Malware Removal forum since Malware has been identified and an FRST log (or part thereof) is included.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

     . . . the presumption of innocence, while essential in the legal realm, does not mean the elimination of common sense outside it.  The willing suspension of disbelief has its limits, or should.

    ~ Ruth Marcus,  November 10, 2017, in Washington Post article, Bannon is right: It’s no coincidence The Post broke the Moore story


 

 

 

              

 


#4 NateIsTheMate

NateIsTheMate
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 09 December 2017 - 11:40 AM

Hello NateIsTheMate,
 
As you can boot into Safe Mode I would suggest that you use the Reset feature and keep my files etc option (a refresh).
 
The refresh option does not delete your personal data but may remove certain apps such as Chrome etc, I do however always recommend that folk back up any important data before carrying out a refresh or making any significant changes to the computers software or hardware.
 

 I'm 100% sure that Hitman pro deleted a false-positive windows registry threat since it's the only thing that I can think of as a root of this problem

 
Once you get Windows running as it should you may want to have the computer checked for malware over on those forums, discussing anything malware removal related is off limits on these forums but what I can say is because the computer is starting in Safe Mode it could be a bad driver or program that is loading on boot that is causing you issues, the refresh should sort it out for you.

I also want to add is it worth a shot if I could actually restore my registry from five days ago.I checked that windows have created a back up of my whole registry from five days ago so I figured it might be worth a shot.

#5 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:38 PM

Posted 09 December 2017 - 01:41 PM

Welcome.

 

We need to see the entire log.

 

  • Open FRST. When the tool opens click Yes to disclaimer if present.
  • Make sure that under Optional Scans, there is a checkmark on Addition.txt.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also produce another log (Addition.txt ). Please attach this to your reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#6 NateIsTheMate

NateIsTheMate
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 10 December 2017 - 05:32 AM

Hey, guys. I am able to boot normally without any problems now. I just copied the back up registry hives in the system32 and replaced everything in the config. Thanks for the quick responses anyway! 



#7 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:38 PM

Posted 10 December 2017 - 05:03 PM

Thanks for the feedback.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:38 PM

Posted 10 December 2017 - 05:03 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users