Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Farbar tool run, now what to do?

  • This topic is locked This topic is locked
2 replies to this topic

#1 totallypolluted


  • Members
  • 9 posts
  • Gender:Female
  • Local time:06:20 PM

Posted 16 November 2017 - 02:27 AM

Hello to Anyone willing to Help- As usual, I know just enough to be dangerous!   :unsure: I apologize if I jumped the gun here but I took it upon myself to download and run the Farbar Recovery Scan Tool because of a rather wide variety of issues with my desktop computer,(windows 10, 64-bit).  Well, now I have all of this information and not a clue what to do, for sure, to fix anything.  

Now, I say "variety of issues" because there could be something simple here and I am just paranoid or it could be that I have just been running this rag computer on her last leg and wearing bandaids for so long now that I have probably just become accustomed to just how fouled up the situation may be here.  lol  

At any rate, here are a few issues I did not understand and felt enough concern to run the tool. 


    Most recently installed McAfee Total security -and it was malfunctioning so i uninstalled and have been using Windows Defender alone since( 11-13-17 until today 11/16/17)  

    computer debilitated for a significant part of all of my daily usage time from high CPU usage, but by what source is something that is above my scope of knowledge

    Even with the "help" of tech support- they do not have the answer to the error messages generated by the product portal here on my computer (Not Protected, and port and program vulnerabilities)  As long as the "Virtual Technician Tool says there is no problem on your device"  they "Pros" just feel I am supposed to eat-poo and smile politely right? 
  • Network setup is ISP Centurylink, provides Norton Security with Online backup -I lack confidence in all three,never trusted NOB, and when you take into account the "free" security with internet, well... 

  • I have used AVG- problems- bad

  • The "Network" - Private, Public? (No one of authority has ever given me a clear concise answer and so my uncertainty into paranoia raves on....)

  1.  to the network- 1 modem wireless capabilty
  2.  three(3) users in the household, numerous devices- windows 10 pc,  laptops, android phones, android tablet, amazon fire kindle tablet - all different security providers and questionable internet carousing, probably  :blush:
  3. all use same connection to internet- 
  4. Network properties change at random, network properties are well populated- adapters and connections that ISP wants me to pay extra service fee for them to explain; however, all the while, it is impossible to create a simple "homegroup" connection for me right here in my own bedroom between a laptop and a desktop for the simple reason of my wanting to stay clear of Microsoft OneDrive in any and all capacities.. go figure? 
  5. Browser redirect, and a little i in a circle sometimes replaces the green secure lock in the browser bar
  6. SLOW very slow computer, GOogle browser gets jacked up in some form or fashion at least every other week -requiring resetting a gazillion settings ( online school quirks) uninstalling, reinstalling, and all for the sad reasoning that I only prefer using Google because of the Midnight lizard extension compatibility- no other browser has this and my eyes depend on it.
  7. I have Microsoft Office 365 provided by my school- love Word, PPT, Excel, but am uncomfortably uncertain about everything that is Microsoft One-World!  Privacy issues are present, confirmed vulnerabilities but no resolve through Microsoft or campus tech non-support department.
  8. There is more but if anyone is still reading this, then Bless your Heart and I'll quit cause you have endured enough  :axe:

Said all that to say this:  the logs are attached from the FSRT which i ran twice because the first time I included the extra check marks and I think that was overkill.  sorry.  I apologize for the mad chaos this all must appear on the surface, but remember that I admit to the curse of knowing just enough to be dangerous but not enough to be wary!  Thanks so much for any and all assistance.  My name is Tara and I hope to hear from ya'll  :rolleyes:  



Attached Files

BC AdBot (Login to Remove)


#2 nasdaq


  • Malware Response Team
  • 40,213 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:20 PM

Posted 16 November 2017 - 09:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.



GroupPolicy\User: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2987922433-232653442-2292116789-1006 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1119&geo=US&ver=
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Toolbar: HKU\S-1-5-21-2987922433-232653442-2292116789-1006 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\disas\AppData\Roaming\Mozilla\Firefox\Profiles\lhgs6wo8.default-1510766366389\Extensions\fvdmedia@gmail.com.xpi [2017-11-15]
FF Extension: (New Tab Page) - C:\Users\disas\AppData\Roaming\Mozilla\Firefox\Profiles\lhgs6wo8.default-1510766366389\Extensions\pavel.sherbakov@gmail.com.xpi [2017-11-15]
CHR NewTab: Profile 3 ->  Active:"chrome-extension://llaficoajjainaijghjlofdfmbjpebpa/newtab.html"
CHR Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\disas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog [2017-11-13]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\disas\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2017-11-13]
CHR Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\disas\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog [2017-11-14]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\disas\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2017-11-14]
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ShortcutWithArgument: C:\Users\disas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\e44326f6633ecbf1\Speed Dial [FVD] - New Tab Page, 3D, Sync.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3" --app-id=llaficoajjainaijghjlofdfmbjpebpa
FirewallRules: [{80953D2D-E879-4285-86CB-DDC0FAF8F695}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{24B1B038-C058-4E40-B29E-B46652EAD5BD}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{CEEE6BB1-08ED-41F9-BE6B-87A7E05D141E}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{55EAB882-3443-483C-AC5B-1DC78E15B7C9}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{9A03764B-5A20-4067-8C0A-23109756EC8C}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{240F11D5-27A9-4911-B8FA-9D0161D0214E}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe

Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.

Please post the logs and let me know what problem persists with this computer.

#3 nasdaq


  • Malware Response Team
  • 40,213 posts
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:20 PM

Posted 22 November 2017 - 08:09 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users