[Jamesoo]

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2019

Ran by jimak (02-09-2019 10:41:25) Run:3

Running from C:\Users\James\Downloads

Loaded Profiles: jimak & James (Available Profiles: jimak & Kelly & nanke & James & sugar)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

CreateRestorePoint:

DeleteKey: HKLM\Software\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}

DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}

DeleteKey: HKLM\Software\Wow6432Node\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}

DeleteKey: HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

DeleteKey: HKLM\Software\Wow6432Node\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File

ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File

ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File

ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File

ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File

ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File

ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\NavShExt.dll -> No File

ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\NavShExt.dll -> No File

ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File

ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\NavShExt.dll -> No File

DeleteKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56EFBE2F-066F-6FAF-B7EF-1F2F676FCCAF}

 

*****************

 

Restore point was successfully created.

HKLM\Software\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => could not remove. Access Denied.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => could not remove. Access Denied.

HKLM\Software\Wow6432Node\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => could not remove. Access Denied.

HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => could not remove. Access Denied.

HKLM\Software\Wow6432Node\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => could not remove. Access Denied.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => could not remove. Access Denied.

HKLM\Software\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => could not remove. Access Denied.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => could not remove. Access Denied.

HKLM\Software\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => could not remove. Access Denied.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => could not remove. Access Denied.

HKLM\Software\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => could not remove. Access Denied.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => not found

HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => could not remove. Access Denied.

HKLM\Software\Wow6432Node\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => could not remove. Access Denied.

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => could not remove. Access Denied.

HKLM\Software\Wow6432Node\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => could not remove. Access Denied.

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => could not remove. Access Denied.

HKLM\Software\Wow6432Node\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => could not remove. Access Denied.

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BUContextMenu => could not remove. Access Denied.

HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => could not remove. Access Denied.

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => could not remove. Access Denied.

HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => could not remove. Access Denied.

HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => could not remove. Access Denied.

HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => could not remove. Access Denied.

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BUContextMenu => could not remove. Access Denied.

HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => could not remove. Access Denied.

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => could not remove. Access Denied.

HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => could not remove. Access Denied.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56EFBE2F-066F-6FAF-B7EF-1F2F676FCCAF} => removed successfully

[Advertisements]

Not sure why it says access is denied: I ran with administrator.

[Jamesoo]

Not sure why it says access is denied: I ran with administrator.

[Jamesoo]

Yahoo powered is gone!

[iMacg3]

Hi Jamesoo,

---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.

• Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
• When the tool opens, click Get Started.
• Read and accept the license agreement.
• At the Welcome to ESET Online Scanner window, click Get Started.
• Select whether you would like to send anonymous data to ESET.
• Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
• Click on the Full Scan option.
• Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
• ESET will now begin scanning your computer. This may take some time.
• When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
• ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
• On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
• Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.

---------------------------------------------------
Malwarebytes Anti-Malware

Malwarebytes is already installed on your computer.

• Launch Malwarebytes
• When the tool opens, click Settings, then the Protection tab.
• Under Scan options, ensure Scan for rootkits and Scan within archives are On.
• Click the Scan button on the left.
• Select Scan Now and wait for the scan to complete.
• Malwarebytes will update its databases, then start scanning.
• If no threats are found, close the Malwarebytes window. If threats are detected, make sure they are all selected and click Quarantine selected.
• Click on Reports in the left pane, and check the box next to the latest report (at the top). Click on View Report.
• Select Export in the bottom left corner, and click Text File. Save the file to your desktop.
• Open the Malwarebytes log on your desktop and copy/paste its contents into your next reply.

---------------------------------------------------

In your next reply, please include:

• ESET log
• MBAM log

[Jamesoo]

Well... I ran eset but I ran it over night my computer was off bc somebody in my family turned it off. It already removed the threats it detected so no log for the ones that were removed... 😤😤

[Jamesoo]

Running it again but 🤷‍♂️

[Jamesoo]

Eset didn't save a log I definitely selected it then chose to save to desktop. Well it wouldn't have helped any way ig bc the second scan didn't pick up anything.

[Jamesoo]

Malwarebytes

www.malwarebytes.com

 

-Log Details-

Scan Date: 9/5/19

Scan Time: 5:13 PM

Log File: 0eb35f1a-d022-11e9-960f-dcfe0705ba6b.json

 

-Software Information-

Version: 3.8.3.2965

Components Version: 1.0.613

Update Package Version: 1.0.12345

License: Free

 

-System Information-

OS: Windows 10 (Build 18362.295)

CPU: x64

File System: NTFS

User: DESKTOP-QU6GUT2\James

 

-Scan Summary-

Scan Type: Threat Scan

Scan Initiated By: Manual

Result: Completed

Objects Scanned: 457595

Threats Detected: 4

Threats Quarantined: 4

Time Elapsed: 21 min, 20 sec

 

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Detect

PUM: Detect

 

-Scan Details-

Process: 0

(No malicious items detected)

 

Module: 0

(No malicious items detected)

 

Registry Key: 0

(No malicious items detected)

 

Registry Value: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Data Stream: 0

(No malicious items detected)

 

Folder: 0

(No malicious items detected)

 

File: 4

PUP.Optional.ASK, C:\USERS\JIMAK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [2], [454824],1.0.12345

PUP.Optional.DefaultSearch.ShrtCln, C:\USERS\JIMAK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [300], [455072],1.0.12345

PUP.Optional.DefaultSearch.ShrtCln, C:\USERS\JIMAK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [300], [455072],1.0.12345

PUP.Optional.DefaultSearch.ShrtCln, C:\USERS\JIMAK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [300], [455072],1.0.12345

 

Physical Sector: 0

(No malicious items detected)

 

WMI: 0

(No malicious items detected)

 

 

(end)

[Jamesoo]

..

Edited by Jamesoo, 05 September 2019 - 05:59 PM.

[iMacg3]

Hi Jamesoo,

How is the computer doing?

[Jamesoo]

Well there is still a problem

[Jamesoo]

Lately after doing cleanup processes the 100% CPU thing went away. However I have a Minecraft server hosted on my PC and I ran it and my computer seemed slow so I checked task manager and 100%. Registry console tool and console window host

[Jamesoo]

Is there a virus related to the Java update 5 or whatever app I had that was removed that would trigger when a Java program is run?

[Jamesoo]

Is having Port 25565 a problem?

[Jamesoo]

Oh I had Port 90 opened as well because I was trying to set up "Moonlight" WOL but reading up on it says that it could be used to control a computer or something. I closed that Port.