AdvancedSetup

Hello @Apesbrain Can you try posting the log as outlined in the reply above and we'll take a look and see what we can find. Thanks Ron

Only the 1 file. SYSTEM If you're capable of doing it from the command line on your own please try. If not let me know and I'll assist you There is no overwrite as you're renaming the current SYSTEM to SYSTEM.OEM If you overwrite you won't be able to put back and then you might as well to a REPAIR

Please post the Drive and Path you want to modify and I'll provide you a FRST script to unlock it.

Yes, it can be convincing on some of them. Just remember, never use the same password on other sites. Even though login via Facebook or Google looks tempting DO NOT do it. Always create your own personal account and a unique password for every site. Use a password manager as needed to help. If you're using the same password and a stie get's hacked, they now have access to any other site you may be using. Use Password Management software Bitwarden KeePass Password Safe

I really don't think this is the issue, but just to rule it out can you please temporarily uninstall the following software Zemana AntiMalware I believe you had a Certlock infection on this computer at one point and it was probably not fully removed. Please make a NEW, System Restore Point - just in case anything happens during clean up you'll have a restore point to go back to. Please download the attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Thanks Ron

No, we don't just want to copy and overwrite what is there. Rename or add an extension like .oem to the SYSTEM hive ie. Change C:\Windows\System32\config\system to C:\Windows\System32\config\system.oem Then copy the one from the other computer to C:\Windows\System32\config\ Then see if it will boot up or if it BSOD as well

No, looks like it didn't provide the result I was looking for. I'm sorry but I'll need to get with you later on to explore. However, that amount of memory is nothing for a modern computer. Just a bit odd for trustedinstaller to be running unless maybe a Windows Update or something called it.

Sorry Gil, but it's now past 3AM I need to get some rest. Will help you again tomorrow if I can, otherwise on Monday Goodnight Ron

You're welcome to try, but I would not expect that to work. Let me know how it goes. I'll try to help you again tomorrow if I can, otherwise on Monday. I want to see if we can get Windows to boot using other hives. We'll need to backup what is there already though so we don't shoot ourselves in the foot so to speak. Ron

Okay, please run it again with this file fixlist.txt Ron

That was a scheduled task. That cannot stop Windows from starting. What error do you get when it won't start? What happens? What about Safe Mode? It won't start in Safe Mode either? Do you have access to another computer that runs a similar version of Windows?

Hi Gil, Let me have you run the following please, then post back the new log. Please download the attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Ron

I'm sorry, I didn't realize that you were offended by someone being polite. Your last reply to the Support Agent did not let them know you were having any further issues. In fact I would expect the Agent to possibly close the ticket on Monday as resolved unless you let them know you're still having issues. They do not monitor the forums and have no idea if you don't tell them. I would recommend you update your ticket with any concerns you have and they will more than happy to address your issues. Thank you

Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks

Great, glad to hear Michele I will go ahead and close your topic now and leave you with some advice to help keep your computer safe and clean going forward. Let's get real. If you're not backing up your data and you're still using Google Chrome then you're just not serious about Privacy, Safety, and protecting your data. Malwarebytes is a fantastic program but you still need to back up your data and you still need to block scripts and Ads in your browser. If you're still using Google Chrome I would highly suggest you consider using Firefox instead. For more advanced users you might consider installing NoScript as well (it does have a higher learning curve though) Help Secure your browsers Please install uBlock Origin for your browsers to better protect your system FireFox, Chrome, Opera , Safari, Microsoft Edge AdBlock for Internet Explorer How to use uBlock Origin to protect your online privacy and security | uBlock Origin tutorial 2018 This video tutorial above explains how to use uBlock Origin in advanced user mode and all the advanced settings to protect your online privacy and help prevent unwanted sites from changing your browser settings Browser push notifications: a feature asking to be abused HTTPS Everywhere NOTHING TO HIDE documentary Review your email and Office choices Quit Gmail for free encrypted email - Tutanota Why ProtonMail Is More Secure Than Gmail LibreOffice - Free and open source office suite Use Password Management software Bitwarden KeePass Password Safe Encrypted Instant Messenger and Voice Calls Riot Signal Wickr Me Follow-up Reading Everything you need to know about cybercrime 10 easy ways to prevent malware infection Keep your data backed up Thank you for choosing Malwarebytes as your preferred security protection software and tell your friends and family too. We're here to help. Ron

Okay, we're going to try the following restore operation. The issue though is that I think it is from a FRST run after you were having trouble. If that is the case then it will not fix it. It will basically put things back exactly as they were on 2019-07-18 13:36 Please copy this file to the location where you're running FRST from which looks to be: Running from e:\ Then inside the Recovery Console run FRST64 and then click the FIX button. - (remember fixlist.txt must be in the same folder as FRST64 so that it can find it) fixlist.txt It will restore the registry hive files and restart the computer. Let me know if it restarts back into Windows or not now. Thanks Ron

I understand, but if we do it wrong it will never boot up again. If you really cannot wait then you can try the Windows 10 Reset which won't remove your data.

Thanks Michele - keep me posted. Ron

I need to review this and make sure we don't make a mistake. I'll will try to assist you this weekend but can't promise as I'm not officially working on the weekend. Ron

Just stop using it already 🙂

Please read the following and see if you have Push Notifications enabled. Disable them if you do. https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

Interesting. Okay, please run FRST again and get me NEW, Fresh logs please. Thanks

Please see if one of the following helps https://www.howtogeek.com/226280/how-to-take-screenshots-in-windows-10/ https://www.cnet.com/how-to/8-ways-to-take-screenshots-in-windows-10/ Go ahead and run FRST and get the 2 new logs and post back as an attachment please.

I would highly recommend you run a disk check on the external drive. E - run from an elevated admin command prompt. Example, assuming the drive is E: CHKDSK E: /f Now, that said.... 16 million files is going to take a LONG time with any security software. There really is no reason to do a Full scan more than once. Malware does not just randomly show up in folders. All known locations of malware are already scanned via normal Threat Scan. However, I do have other non malware advice concerning your drive. Just a reminder that if that drive were to fail tomorrow and could not be recovered would that be an acceptable loss for you? If not then I would highly recommend that you obtain another drive with the same or higher space capacity and back that drive up. Then once it's backed up disconnect it from the system. If an infection were to hit the main computer it could very easily encrypt or otherwise damage the data on a backup drive too.

Can you take a screenshot of it please and post. Also, let me get a new fresh set of FRST logs please. -