[fgawinson]

Hi iMacg3, 

 

fixlog file attached below.

Attached Files

•  Fixlog.txt   3.02KB   44 downloads

[Advertisements]

Hi fgawinson,

How is the computer doing?

[iMacg3]

Hi fgawinson,

How is the computer doing?

[fgawinson]

Seems like nothing effect.

[fgawinson]

Finally, system can boot up normally. Really thanks you a lot.

[iMacg3]

Hi fgawinson,

Excellent

Please download and run this tool from Normal mode...

---------------------------------------------------
Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool 64 bit and save it to your desktop.

• Right-click FRST64.exe then click "Run as administrator"
• When the tool opens, click Yes to the disclaimer.
• Press the Scan button.
• When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
• Please copy and paste the logs in your next reply.

---------------------------------------------------

In your next reply, please include:

• FRST.txt
• Addition.txt

[fgawinson]

Hi, both files attached below.

Attached Files

•  FRST.txt   55.57KB   37 downloads
•  Addition.txt   51.78KB   38 downloads

[fgawinson]

Now I found some issues, just startup as normal without any program open and around 5GB memory running in background. Looks like Chromium takes higher memory running in the background maybe some virus or ads malware affected.

Attached Thumbnails

• 
• 

[iMacg3]

Hi fgawinson,

Do you recognize the program TeamViewer?

Do you recognize this registry entry?
 

HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\Policies\Explorer: [NoSecurityTab] 1

---------------------------------------------------
I noticed you have disabled some startup items using msconfig. msconfig is designed to be used for temporary/troubleshooting issues, and is not recommended as a startup manager.

MSConfig - Normal Startup

• Press the Windows key + R.
• Type msconfig in the Run box and press Enter.
• MSConfig will open. Select the Normal Startup radio button and click Apply > OK.
• Restart your computer to apply the changes.

---------------------------------------------------
Uninstall a Program

• Press the Windows Key + R.
• Type appwiz.cpl in the Run box and click OK.
• The Add/Remove Programs list will open. Locate the following program(s) on the list:
  

  Chromium

• Select the above program(s) and click Uninstall.
• Restart the computer if prompted.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix

• Highlight the contents of the below code box and press Ctrl + C on your keyboard:
  

  Start::
  CreateRestorePoint:
  EmptyTemp:
  CloseProcesses:
  HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
  HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\Run: [GoogleChromeAutoLaunch_CD4000C31A87C4AB51AF348EE25F0D6B] => C:\Users\Winson\AppData\Local\Chromium\Application\chrome.exe [1527808 2018-09-18] (The Chromium Authors) [File not signed]
  CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
  HKU\S-1-5-21-2804506713-796569667-501129852-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10057_292_190717
  SearchScopes: HKU\S-1-5-21-2804506713-796569667-501129852-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
  Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 -  No File
  FF Homepage: Mozilla\Firefox\Profiles\vwtqtef6.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10057_292_190717
  FF NewTab: Mozilla\Firefox\Profiles\vwtqtef6.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10057_292_190717
  2019-07-17 21:35 - 2019-07-17 21:35 - 000000258 __RSH C:\Users\Winson\ntuser.pol
  2019-07-17 21:23 - 2019-07-17 22:16 - 000000000 ____D C:\Program Files (x86)\Sending
  2019-07-17 21:22 - 2019-07-18 11:03 - 000000000 ____D C:\Users\Winson\AppData\Roaming\1337
  2019-07-17 21:22 - 2019-07-18 11:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\System
  2019-07-17 21:22 - 2019-07-17 21:22 - 000000000 ____D C:\ProgramData\Lamia
  2019-07-17 20:06 - 2019-07-17 21:36 - 000722944 _____ C:\Users\Winson\AppData\Local\sha.db
  2019-07-17 20:06 - 2019-07-17 20:06 - 000140800 _____ C:\Users\Winson\AppData\Local\installer.dat
  2019-07-17 20:06 - 2019-07-17 20:06 - 000126464 _____ C:\Users\Winson\AppData\Local\lobby.dat
  2019-07-17 20:06 - 2019-07-17 20:06 - 000054272 _____ C:\Users\Winson\AppData\Local\ApplicationHosting.dat
  2019-07-17 22:58 - 2018-09-22 15:47 - 000002517 _____ C:\Users\Winson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
  2019-07-17 21:23 - 2019-04-15 23:28 - 000000258 __RSH C:\ProgramData\ntuser.pol
  CustomCLSID: HKU\S-1-5-21-2804506713-796569667-501129852-1001_Classes\CLSID\{635EFA6F-08D6-4EC9-BD14-8A0FDE975159}\localserver32 -> C:\Users\Winson\AppData\Local\Chromium\Application\69.0.3497.100\notification_helper.exe (The Chromium Authors) [File not signed] <==== ATTENTION
  ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No File
  ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
  ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll -> No File
  IE trusted site: HKU\S-1-5-21-2804506713-796569667-501129852-1001\...\webcompanion.com -> hxxp://webcompanion.com
  FirewallRules: [TCP Query User{24DFFBAF-4123-4273-8AFA-C51D31B40231}C:\users\winson\appdata\local\chromium\application\chrome.exe] => (Allow) C:\users\winson\appdata\local\chromium\application\chrome.exe (The Chromium Authors) [File not signed]
  FirewallRules: [UDP Query User{3B2ED776-2C9D-4D22-AC40-9BB7CCA0D75B}C:\users\winson\appdata\local\chromium\application\chrome.exe] => (Allow) C:\users\winson\appdata\local\chromium\application\chrome.exe (The Chromium Authors) [File not signed]
  C:\Users\Winson\AppData\Local\Chromium
  Folder: C:\ProgramData\{C519007A-4F5B-8ABC-C99D-14FE53DF9F30}
  Folder: C:\WINDOWS\System32\Tasks\{5AD17DCA-2298-B66F-227F-4D6238E86F16}
  VirusTotal: C:\WINDOWS\system32\Drivers\aswc7a99de7a98d29e7.tmp
  CMD: type "C:\Program Files (x86)\ASUS\GameFirst IV\startGameFirstIV.bat"
  cmd: ipconfig /flushdns
  cmd: ipconfig /release
  cmd: ipconfig /renew
  cmd: netsh winsock reset 
  cmd: netsh int ip reset c:\resetlog.txt
  cmd: netsh int ipv4 reset
  cmd: netsh int ipv6 reset
  Removeproxy:
  CMD: Bitsadmin /Reset /Allusers
  End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

• Double-click FRST.exe/FRST64.exe to run it.
• Press the Fix button just once and wait.
• Restart the computer if prompted.
• When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
• Please copy and paste its contents into your reply.

---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.

• Double click AdwCleaner.exe to run it.
• Click Scan Now ...
  • When the scan has finished a Scan Results window will open.
  • Click Cancel (at this point do not attempt to Quarantine anything that is found)
• Now click the Log Files tab ...
  • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
  • A Notepad file will open containing the results of the scan.
  • Please post the contents of the file in your next reply.

---------------------------------------------------

In your next reply, please include:

• Fixlog.txt
• AdwCleaner[S0*].txt
• Let me know how the computer is doing

[iMacg3]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.