Policy Restrictions & Failed Windows 11 Boot. Possible rootkit?

I think it is possible this is the source of your system freezing. To test this, please disable virtualization.

I disabled virtualization, and then went into advanced startup settings to run the automatic repair again, but it still failed. This is the log file it spat out: 

 

Startup Repair diagnosis and repair log
---------------------------
Last successful boot time: ‎3/‎3/‎2024 2:47:07 AM (GMT)
Number of repair attempts: 1

Session details
---------------------------
System Disk = \Device\Harddisk0
Windows directory = C:\Windows
AutoChk Run = 0
Number of root causes = 1

Test Performed:
---------------------------
Name: Check for updates
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System disk test
Result: Completed successfully. Error code = 0x0
Time taken = 15 ms

Test Performed:
---------------------------
Name: Disk failure diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code = 0x0
Time taken = 110 ms

Test Performed:
---------------------------
Name: Disk metadata test
Result: Completed successfully. Error code = 0x0
Time taken = 31 ms

Test Performed:
---------------------------
Name: Target OS test
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Volume content check
Result: Completed successfully. Error code = 0x0
Time taken = 31 ms

Test Performed:
---------------------------
Name: Boot manager diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: System boot log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Event log diagnosis
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Internal state check
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Test Performed:
---------------------------
Name: Check for installed LCU
Result: Completed successfully. Error code = 0x0
Time taken = 1922 ms

Test Performed:
---------------------------
Name: Check for installed driver updates
Result: Completed successfully. Error code = 0x0
Time taken = 500 ms

Test Performed:
---------------------------
Name: Check for pending package install
Result: Completed successfully. Error code = 0x0
Time taken = 1391 ms

Test Performed:
---------------------------
Name: Boot status test
Result: Completed successfully. Error code = 0x0
Time taken = 0 ms

Root cause found:
---------------------------
Boot status indicates that the OS booted successfully.

---------------------------
---------------------------
�

I wouldn't expect Startup Repair to provide any clues. There were entries in the Event Viewer System report pointing to Virtualization potentially being the culprit. We just need to monitor things to see if your computer freezes.

I haven't had any freezes as of yet, but I'm having frequent graphics driver timeouts in which my screen will flash black, which is then followed by a drastic decrease in video resolution. These timeouts are generally triggered when I am watching a video on my device. I have already tried clearing the shader cache and updating my graphics drivers.

 

Thanks,

Isaac

Let's bypass NVIDIA and use the native windows video driver.

===================================================

Using VGA Driver in Normal Mode

--------------------

• Click the Windows key + R at the same time
• Type msconfig and hit Enter
• Click the Boot tab
• Place a check mark in Base video, then click OK
• Restart your computer - Note: your screen resolution will change, that is normal.
• Check your computer performance

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

• Results?

I tried changing to base video, but the video player issue with driver timeout persisted. If you would like, I could mark this thread resolved and contact AMD support, since we are now beyond any boot/malware issues. If you think you know how to resolve the issue, I'm also open to keep trying fixes.

 

Thanks!

I updated my graphics drivers again to a release that came out a few days ago, and this seems to have fixed the issue. Thank you again for the help! Is everything resolved as long as I don't have any more graphics or boot issues?

Yes, I think we are all set. Are there any remaining questions or concerns you might have before I post some tool/log clean up instructions and other information for you to consider going forward?

The initial issues I had before factory resetting my computer included:

1. Laptop not booting until I disabled secure boot

2. Safe boot never functioning

3. FRST finding policy restrictions on Firefox and Edge

4. Windows Antivirus flickering off and on once

5. Windows Defender telling me that its settings were restricted and to contact my IT administrator for help (My laptop is a personal device)

 

Looking back, I am guessing that 4 and 5 were probably due to Malwarebytes or Avast One disabling Defender in favor of their software, which I had installed only to scan my device. I thought that there was a possibility of a rootkit because of the above symptoms, one which could hide from the superficial Malwarebytes and Avast One scans, which is what prompted my decision for a reset. In retrospect, how could I have determined if malware was the root cause of problems with my device, without waiting for the initial 3-5 day response time of this forum?

Greetings.

The issue with Virtualization (which you Disabled) was likely the cause for your booting issues and freezing. If you have experienced a repeat of that after we changed the setting let me know.

-----
 

FRST finding policy restrictions on Firefox and Edge

Typically these are not an issue unless there are browser specific symptoms. They can be easily reset if you'd like but if no symptoms appear or the settings seem irrelevant to the overall condition of the computer I ignore them.

-----

Multiple antivirus programs can cause abnormalities with Windows Defender. Even though Malwarebytes is designed to work in concert with Windows Defender, in order to have them both run (not turn off Windows Defender) a setting needs to be adjusted within Malwarebytes.

-----
 

how could I have determined if malware was the root cause of problems with my device, without waiting for the initial 3-5 day response time of this forum?

It doesn't usually take 3-5 days for a reply. In your case we replied within a day and a half. It is probably best to wait for a trained expert to look over your computer but it you wanted to pre-scan I would recommend Malwarebytes and ESET Online Scanner.

-----

One thing you originally listed as a concern was System Restore. In the newer versions of Windows Microsoft has decided to make the default setting Disabled.

Does this address everything?

Hi Gary,

 

I haven't had any further issues, so this does resolve everything. Thank you! Is there anything I should do for cleanup? Uninstall FRST?

Hi Gary,

 

I haven't had any further issues, so this does resolve everything. Thank you! Is there anything I should do for cleanup? Uninstall FRST?

Great thanks.

Here is our final step and some additional information to consider.

===================================================

KpRm by Kernel-panik

--------------

• Download KpRm and save it to your Desktop (see here if you must use Chrome)
• Note: If the file is detected as malware it is not and it is safe to download. The detection is a false positive.
• Right click on the icon and select Run as administrator
• Click Yes on the Disclaimer
• Place a check mark in Delete Tools, Create Restore Point, and Delete in 7 days
• Click Run
• Click OK on All operations are completed
• KpRm will delete itself from you Desktop and you can either save or remove the report that is generated
• You are free to remove any other tools/reports still remaining

===================================================

All Clean!

--------------

Your computer is now clean. Please consider this going forward.

• Have you Been Hacked? 10 Indicators That Say Yes
• So How did I get infected?
• How to Spot the Real Download Button on Websites
• Pirated Software is All Fun and Games Until Your Data is Stolen
• Do You Need Anti-Ransomware Software for Your PC?
• How Browser Extensions Turn Into Malware
• Why You Should Update All Your Software
• How Safe Are Password Managers?
• Whats the Best Way to Back Up My Computer?
• Why Is My Internet So Slow?

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you.