Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ran malwarebytes on Windows 10, now won't boot [Closed]

windows 10 wont boot malware malwarebytes

  • This topic is locked This topic is locked

#16
fgawinson

fgawinson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hi iMacg3, 

 

fixlog file attached below.

Attached Files


  • 0

Advertisements


#17
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 776 posts
Hi fgawinson,

How is the computer doing?
  • 0

#18
fgawinson

fgawinson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Seems like nothing effect.
  • 0

#19
fgawinson

fgawinson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Finally, system can boot up normally. Really thanks you a lot.


  • 0

#20
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 776 posts
Hi fgawinson,

Excellent :thumbsup:

Please download and run this tool from Normal mode...

---------------------------------------------------
Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool 64 bit and save it to your desktop.
  • Right-click FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.
---------------------------------------------------

In your next reply, please include:
  • FRST.txt
  • Addition.txt

  • 0

#21
fgawinson

fgawinson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hi, both files attached below.

Attached Files


  • 0

#22
fgawinson

fgawinson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Now I found some issues, just startup as normal without any program open and around 5GB memory running in background. Looks like Chromium takes higher memory running in the background maybe some virus or ads malware affected.

Attached Thumbnails

  • photo_2019-08-02_00-23-15.jpg
  • photo_2019-08-02_00-23-27.jpg

  • 0

#23
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 776 posts
Hi fgawinson,

Do you recognize the program TeamViewer?

Do you recognize this registry entry?
 

HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\Policies\Explorer: [NoSecurityTab] 1


---------------------------------------------------
I noticed you have disabled some startup items using msconfig. msconfig is designed to be used for temporary/troubleshooting issues, and is not recommended as a startup manager.

MSConfig - Normal Startup
  • Press the Windows key + R.
  • Type msconfig in the Run box and press Enter.
  • MSConfig will open. Select the Normal Startup radio button and click Apply > OK.
  • Restart your computer to apply the changes.
---------------------------------------------------
Uninstall a Program
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program(s) on the list:
    Chromium
  • Select the above program(s) and click Uninstall.
  • Restart the computer if prompted.
---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Start::
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
    HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\Run: [GoogleChromeAutoLaunch_CD4000C31A87C4AB51AF348EE25F0D6B] => C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe [1527808 2018-09-18] (The Chromium Authors) [File not signed]
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    HKU\S-1-5-21-2804506713-796569667-501129852-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10057_292_190717
    SearchScopes: HKU\S-1-5-21-2804506713-796569667-501129852-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
    Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File
    FF Homepage: Mozilla\Firefox\Profiles\vwtqtef6.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10057_292_190717
    FF NewTab: Mozilla\Firefox\Profiles\vwtqtef6.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10057_292_190717
    2019-07-17 21:35 - 2019-07-17 21:35 - 000000258 __RSH C:\Users\Winson\ntuser.pol
    2019-07-17 21:23 - 2019-07-17 22:16 - 000000000 ____D C:\Program Files (x86)\Sending
    2019-07-17 21:22 - 2019-07-18 11:03 - 000000000 ____D C:\Users\Winson\AppData\Roaming\1337
    2019-07-17 21:22 - 2019-07-18 11:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\System
    2019-07-17 21:22 - 2019-07-17 21:22 - 000000000 ____D C:\ProgramData\Lamia
    2019-07-17 20:06 - 2019-07-17 21:36 - 000722944 _____ C:\Users\Winson\AppData\Local\sha.db
    2019-07-17 20:06 - 2019-07-17 20:06 - 000140800 _____ C:\Users\Winson\AppData\Local\installer.dat
    2019-07-17 20:06 - 2019-07-17 20:06 - 000126464 _____ C:\Users\Winson\AppData\Local\lobby.dat
    2019-07-17 20:06 - 2019-07-17 20:06 - 000054272 _____ C:\Users\Winson\AppData\Local\ApplicationHosting.dat
    2019-07-17 22:58 - 2018-09-22 15:47 - 000002517 _____ C:\Users\Winson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
    2019-07-17 21:23 - 2019-04-15 23:28 - 000000258 __RSH C:\ProgramData\ntuser.pol
    CustomCLSID: HKU\S-1-5-21-2804506713-796569667-501129852-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Winson\AppData\Local\Chromium\Application\69.0.3497.100\notification_helper.exe (The Chromium Authors) [File not signed] <==== ATTENTION
    ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
    ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No File
    IE trusted site: HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\webcompanion.com -> hxxp://webcompanion.com
    FirewallRules: [TCP Query User{24DFFBAF-4123-4273-8AFA-C51D31B40231}C:\users\winson\appdata\local\chromium\application\chrome.exe] => (Allow) C:\users\winson\appdata\local\chromium\application\chrome.exe (The Chromium Authors) [File not signed]
    FirewallRules: [UDP Query User{3B2ED776-2C9D-4D22-AC40-9BB7CCA0D75B}C:\users\winson\appdata\local\chromium\application\chrome.exe] => (Allow) C:\users\winson\appdata\local\chromium\application\chrome.exe (The Chromium Authors) [File not signed]
    C:\Users\Winson\AppData\Local\Chromium
    Folder: C:\ProgramData\{C519007A-4F5B-8ABC-C99D-14FE53DF9F30}
    Folder: C:\WINDOWS\System32\Tasks\{5AD17DCA-2298-B66F-227F-4D6238E86F16}
    VirusTotal: C:\WINDOWS\system32\Drivers\aswc7a99de7a98d29e7.tmp
    CMD: type "C:\Program Files (x86)\ASUS\GameFirst IV\startGameFirstIV.bat"
    cmd: ipconfig /flushdns
    cmd: ipconfig /release
    cmd: ipconfig /renew
    cmd: netsh winsock reset 
    cmd: netsh int ip reset c:\resetlog.txt
    cmd: netsh int ipv4 reset
    cmd: netsh int ipv6 reset
    Removeproxy:
    CMD: Bitsadmin /Reset /Allusers
    End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.
---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • AdwCleaner[S0*].txt
  • Let me know how the computer is doing

  • 0

#24
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 776 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics


Also tagged with one or more of these keywords: windows 10, wont boot, malware, malwarebytes

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP