Jump to content

Unable to Restart after Quarantine


Recommended Posts

I ran Malwarebytes to detect and quarantine the Chromium malware.  All of the quarantined files were PuP files.

Upon restart, I received a blue screen with the following message ": ( Your PC ran into a problem and needs to restart."  "Stop Code: PNP Detected Fatal Error."  At the Recovery Windows didn't load correctly"  I selected the Repair Options>Troubleshooting>Reset this PC tabs with the options to keep my files.  After entering my password, it went to through the reset process.  That did not work.

I then attempted some Advanced Options including:

1) System Restore  - received the message "PC ran into a problem" "Stop Code: Critical Process Died"

2) Go Back to Previous Version - received message "Your PC ran into Problems", try resetting  your PC (which I already did above)

3) Start Up Repair - received message "Automatic repair could not repair your PC" with the code Log file C:\WINDOWS\System32\Logfiles\Srt\SrtTrail.txt .  I googled this line and found the recommendations on the Microsoft help community:

4) Command prompt - I tried some boot.exe and chkdsk commands I found on the Microsoft help community in reference to the log file.  That did not work and am still receiving the same message as in 3.

I did not have a recent back up and am trying to find a way to fix this short of reinstalling my operating system.  Any input you could provide would be helpful.

 

Link to post
Share on other sites

Thanks for the update, continue:

On spare PC downoad and save FRST to the Flash drive, make sure to get the correct version, if you are unsure d/l and save both, only the correct one will run. Do not plug Flash Drive into sick PC until booted to Recovery Environment.

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

Next,

Boot sick PC to Recovery Environment, if you are unsure of that action have a read at the following link, maybe bookmark for future reference...

https://www.tenforums.com/tutorials/2294-boot-advanced-startup-options-windows-10-a.html

Next,

From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10

user posted image


From that window select "Troubleshoot"


user posted image


From the next window select "Advance Options"


user posted image


From that Window select "Command Prompt"

Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open......

Continue with the following:
 
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" or "My PC" and find your flash drive letter and close the notepad.
  • In the command window type E:\frst64 or E:\frst depending on your version. Press Enter Note: Replace letter E with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Leave the infected PC in Recovery mode, post the produced log from your flash drive via the spare PC....

Thank you,

Kevin..
Link to post
Share on other sites

Thanks for that log, continue:

From your spare PC Save the attached file fixlist.txt to your flash drive, same place as FRST.

Plug Flashdrive back into Sick PC, Run System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Re-boot sick PC, any change...?

fixlist.txt

Link to post
Share on other sites

Here are results. Afterwards, system still said I had an issue went into diagnosis mode.

Fix result of Farbar Recovery Scan Tool (x64) Version: 08.11.2018
Ran by SYSTEM (08-11-2018 16:24:33) Run:1
Running from G:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
start
HKLM\...\Winlogon: [Userinit] 
HKLM\...\Winlogon: [Shell]  [ ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [ ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  <==== ATTENTION
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  <==== ATTENTION
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
S2 0167231537409658mcinstcleanup; C:\WINDOWS\TEMP\016723~1.EXE -cleanup -nolog [X]
HKLM\...\.exe:  =>  <==== ATTENTION
HKLM\...\exefile\DefaultIcon:  <==== ATTENTION
HKLM\...\exefile\shell\open\command:  <==== ATTENTION
end
*****************

HKLM\...\Winlogon: [Userinit] => Could not restore
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully
HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value restored successfully
HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32\\Default => value restored successfully
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully
"HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => removed successfully
"HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WAB Migrate" => not found
C:\Windows\System32\GroupPolicy\Machine => moved successfully
C:\Windows\System32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\System\ControlSet001\Services\0167231537409658mcinstcleanup => removed successfully
0167231537409658mcinstcleanup => service removed successfully
HKLM\Software\Classes\.exe\\Default => value restored successfully
HKLM\Software\Classes\exefile\DefaultIcon\\Default => value restored successfully
HKLM\Software\Classes\exefile\shell\open\command\\Default => value restored successfully

==== End of Fixlog 16:24:33 ====

Link to post
Share on other sites

Thanks for that log, continue:

From your spare PC Save the attached file fixlist.txt to your flash drive, same place as FRST.

Plug Flashdrive back into Sick PC, Run System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Re-boot sick PC, any change...?

fixlist.txt

Link to post
Share on other sites

Here are the results

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 08.11.2018
Ran by SYSTEM (08-11-2018 17:20:54) Run:3
Running from g:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
start
LastRegBack: 2018-05-29 06:28
end
*****************

DEFAULT => copied successfully to System32\config\HiveBackup
DEFAULT => restored successfully from registry back up
SAM => copied successfully to System32\config\HiveBackup
SAM => restored successfully from registry back up
SECURITY => copied successfully to System32\config\HiveBackup
SECURITY => restored successfully from registry back up
SOFTWARE => copied successfully to System32\config\HiveBackup
SOFTWARE => restored successfully from registry back up
SYSTEM => copied successfully to System32\config\HiveBackup
SYSTEM => restored successfully from registry back up

==== End of Fixlog 17:20:55 ====

Link to post
Share on other sites

Thanks for that log, continue:

From your spare PC Save the attached file fixlist.txt to your flash drive, same place as FRST.

Plug Flashdrive back into Sick PC, Run System Recovery Options as you did to get the log.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

fixlist.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.