Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help- malware [Closed]


  • This topic is locked This topic is locked

#46
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2019
Ran by jimak (02-09-2019 10:41:25) Run:3
Running from C:\Users\James\Downloads
Loaded Profiles: jimak & James (Available Profiles: jimak & Kelly & nanke & James & sugar)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
DeleteKey: HKLM\Software\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
DeleteKey: HKLM\Software\Wow6432Node\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}
DeleteKey: HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
DeleteKey: HKLM\Software\Wow6432Node\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\NavShExt.dll -> No File
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\NavShExt.dll -> No File
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\NavShExt.dll -> No File
DeleteKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56EFBE2F-066F-6FAF-B7EF-1F2F676FCCAF}
 
*****************
 
Restore point was successfully created.
HKLM\Software\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => could not remove. Access Denied.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => not found
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => could not remove. Access Denied.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BUContextMenu => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => could not remove. Access Denied.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => could not remove. Access Denied.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => could not remove. Access Denied.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BUContextMenu => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => could not remove. Access Denied.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => could not remove. Access Denied.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{56EFBE2F-066F-6FAF-B7EF-1F2F676FCCAF} => removed successfully

  • 0

Advertisements


#47
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Not sure why it says access is denied: I ran with administrator.


  • 0

#48
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Yahoo powered is gone!


  • 0

#49
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 990 posts
Hi Jamesoo,

---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
---------------------------------------------------
Malwarebytes Anti-Malware

Malwarebytes is already installed on your computer.
  • Launch Malwarebytes
  • When the tool opens, click Settings, then the Protection tab.
  • Under Scan options, ensure Scan for rootkits and Scan within archives are On.
  • Click the Scan button on the left.
  • Select Scan Now and wait for the scan to complete.
  • Malwarebytes will update its databases, then start scanning.
  • If no threats are found, close the Malwarebytes window. If threats are detected, make sure they are all selected and click Quarantine selected.
  • Click on Reports in the left pane, and check the box next to the latest report (at the top). Click on View Report.
  • Select Export in the bottom left corner, and click Text File. Save the file to your desktop.
  • Open the Malwarebytes log on your desktop and copy/paste its contents into your next reply.
---------------------------------------------------

In your next reply, please include:
  • ESET log
  • MBAM log

  • 0

#50
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Well... I ran eset but I ran it over night my computer was off bc somebody in my family turned it off. It already removed the threats it detected so no log for the ones that were removed... 😤😤
  • 0

#51
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Running it again but 🤷‍♂️
  • 0

#52
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

Eset didn't save a log :P I definitely selected it then chose to save to desktop. Well it wouldn't have helped any way ig bc the second scan didn't pick up anything.


  • 0

#53
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 9/5/19
Scan Time: 5:13 PM
Log File: 0eb35f1a-d022-11e9-960f-dcfe0705ba6b.json
 
-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.613
Update Package Version: 1.0.12345
License: Free
 
-System Information-
OS: Windows 10 (Build 18362.295)
CPU: x64
File System: NTFS
User: DESKTOP-QU6GUT2\James
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 457595
Threats Detected: 4
Threats Quarantined: 4
Time Elapsed: 21 min, 20 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 4
PUP.Optional.ASK, C:\USERS\JIMAK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [2], [454824],1.0.12345
PUP.Optional.DefaultSearch.ShrtCln, C:\USERS\JIMAK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [300], [455072],1.0.12345
PUP.Optional.DefaultSearch.ShrtCln, C:\USERS\JIMAK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [300], [455072],1.0.12345
PUP.Optional.DefaultSearch.ShrtCln, C:\USERS\JIMAK\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, [300], [455072],1.0.12345
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)

  • 0

#54
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts

..


Edited by Jamesoo, 05 September 2019 - 05:59 PM.

  • 0

#55
iMacg3

iMacg3

    GeekU Mod

  • GeekU Moderator
  • 990 posts
Hi Jamesoo,

How is the computer doing?
  • 0

Advertisements


#56
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Well there is still a problem
  • 0

#57
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Lately after doing cleanup processes the 100% CPU thing went away. However I have a Minecraft server hosted on my PC and I ran it and my computer seemed slow so I checked task manager and 100%. Registry console tool and console window host
  • 0

#58
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Is there a virus related to the Java update 5 or whatever app I had that was removed that would trigger when a Java program is run?
  • 0

#59
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Is having Port 25565 a problem?
  • 0

#60
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 116 posts
Oh I had Port 90 opened as well because I was trying to set up "Moonlight" WOL but reading up on it says that it could be used to control a computer or something. I closed that Port.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP