Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help- malware


  • Please log in to reply

#16
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Also I don't have the extension search selector in my browser
  • 0

Advertisements


#17
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I'm having a problem uninstalling Yahoo powered
  • 0

#18
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I right click and hit change/remove and it doesn't do anything
  • 0

#19
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I downloaded the malware bytes adware cleaner bc I read it can remove the Yahoo powered thing
  • 0

#20
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I am unable to remove the Yahoo! Powered program
  • 0

#21
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-08-2019
Ran by James (24-08-2019 15:51:30) Run:1
Running from C:\Users\James\Downloads
Loaded Profiles: James (Available Profiles: jimak & Kelly & nanke & James & sugar)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
GroupPolicyUsers\S-1-5-21-1736177130-1667789116-2251809797-1010\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1736177130-1667789116-2251809797-1009\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1736177130-1667789116-2251809797-1008\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1736177130-1667789116-2251809797-1001\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {CB368B59-613B-4DCF-A1B1-9564617BA002} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {D1FCCF51-F2A6-45BF-9490-0FD0298C6889} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1736177130-1667789116-2251809797-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1736177130-1667789116-2251809797-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1736177130-1667789116-2251809797-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-1736177130-1667789116-2251809797-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-1736177130-1667789116-2251809797-1009 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1736177130-1667789116-2251809797-1009 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1736177130-1667789116-2251809797-1009 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-1736177130-1667789116-2251809797-1009 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-1736177130-1667789116-2251809797-1010 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1736177130-1667789116-2251809797-1010 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-1736177130-1667789116-2251809797-1010 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-1736177130-1667789116-2251809797-1010 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\coIEPlg.dll => No File
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.0.71\coIEPlg.dll => No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\coIEPlg.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine32\22.9.0.71\coIEPlg.dll No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll No File
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\Exts\Chrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [gboaiodgdajeapekadgejlbmabjganof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\Exts\Chrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gboaiodgdajeapekadgejlbmabjganof] - hxxps://clients2.google.com/service/update2/crx
2017-12-22 18:28 - 2017-12-22 18:28 - 000000056 _____ () C:\Users\jimak\AppData\Local\wbq5hwbq5h
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\NavShExt.dll -> No File
ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\NavShExt.dll -> No File
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\buShell.dll -> No File
ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files (x86)\Norton Security Suite\Engine\22.9.0.71\NavShExt.dll -> No File
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [94]
AlternateDataStreams: C:\Users\Public\AppData:CSM [231]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [464]
HKLM\...\StartupApproved\Run32: => "Norton Online Backup"
HKU\S-1-5-21-1736177130-1667789116-2251809797-1001\...\StartupApproved\Run: => "Chromium"
FirewallRules: [UDP Query User{205D39D8-4CBE-48CF-9D0A-BB352CFADE4F}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe No File
FirewallRules: [TCP Query User{FD4BDA15-6B1C-4EA0-82D0-B590649C416F}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe No File
FirewallRules: [UDP Query User{34762203-760D-41FD-B6FC-A5F7EDEE4B9C}C:\program files (x86)\java\jre1.8.0_151\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\bin\java.exe No File
FirewallRules: [TCP Query User{DD6DA73E-2CD8-4FC4-A671-479E49CE77B5}C:\program files (x86)\java\jre1.8.0_151\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_151\bin\java.exe No File
FirewallRules: [UDP Query User{AFEB7FE0-FC45-43E9-88BA-500F3DFF8A9E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [TCP Query User{1E533757-1C1F-4D03-B929-D66347349407}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [UDP Query User{34F14942-C5C2-483B-A634-28C98E68B8A3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [TCP Query User{2AC33021-605C-4B77-9985-3658288AFB81}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe No File
FirewallRules: [{862F8AC9-CA2A-434F-9A7A-6B38E40076C1}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE No File
FirewallRules: [{C376A56E-66E3-4468-888C-960D9C62D3A3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No FileFirewallRules: [{2D589BFC-DBE9-46E2-9F00-B409147EE089}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{05C9FC87-C2C6-4BFF-85CE-6F46BB2D5167}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe No File
FirewallRules: [{7DB4EF7C-574F-4B87-B44E-D584446DDDF1}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe No File
FirewallRules: [{85BA3A8D-2314-433D-B7B8-953D240F9A86}] => (Allow) E:\Network\EpsonNetSetup\ENEasyApp.exe No File
FirewallRules: [TCP Query User{CFBCACDC-3170-4D0F-B05E-050AD2C72BCA}C:\users\james\appdata\local\temp\rar$exa0.748\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.748\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe No File
FirewallRules: [UDP Query User{8B8D8193-6E55-497C-A3A8-C7405D3B8D33}C:\users\james\appdata\local\temp\rar$exa0.748\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.748\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe No File
FirewallRules: [TCP Query User{49A6B60D-2300-4930-80CA-9B02A00E0DA0}C:\users\james\appdata\local\temp\rar$exa0.576\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.576\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe No File
FirewallRules: [UDP Query User{5705011A-8F8A-4A8A-90E7-229E1ACCCD69}C:\users\james\appdata\local\temp\rar$exa0.576\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.576\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe No File
FirewallRules: [TCP Query User{275A75FD-7633-4740-9B76-2DAEABB80892}C:\users\james\appdata\local\temp\rar$exa0.509\jdk\bin\java.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.509\jdk\bin\java.exe No File
FirewallRules: [UDP Query User{BB317261-D616-4BAF-9033-AD4B5DCFCED6}C:\users\james\appdata\local\temp\rar$exa0.509\jdk\bin\java.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.509\jdk\bin\java.exe No File
FirewallRules: [TCP Query User{94AE19FF-3184-441A-96E5-6349F387CED0}C:\users\james\appdata\local\temp\rar$exa0.733\jdk\bin\java.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.733\jdk\bin\java.exe No File
FirewallRules: [UDP Query User{68314DB1-C008-43CC-B906-DBACFCB25C98}C:\users\james\appdata\local\temp\rar$exa0.733\jdk\bin\java.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.733\jdk\bin\java.exe No File
FirewallRules: [TCP Query User{B4ABFD01-4153-4046-9E23-F59C0C929660}C:\users\james\appdata\local\temp\rar$exa0.266\jdk\bin\java.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.266\jdk\bin\java.exe No File
FirewallRules: [UDP Query User{276293FD-F5BA-4585-A125-2F326284A3E9}C:\users\james\appdata\local\temp\rar$exa0.266\jdk\bin\java.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.266\jdk\bin\java.exe No File
FirewallRules: [TCP Query User{365EE0A6-7CC3-4155-9B72-1263ED9E1A39}C:\users\james\appdata\local\temp\rar$exa0.026\jdk\bin\java.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.026\jdk\bin\java.exe No File
FirewallRules: [UDP Query User{4C3408FD-351C-4D41-8599-10219DE9CEBA}C:\users\james\appdata\local\temp\rar$exa0.026\jdk\bin\java.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.026\jdk\bin\java.exe No File
FirewallRules: [TCP Query User{4BB789B5-49E6-4BE9-AA6A-F435F9E34FC0}C:\users\james\appdata\local\temp\rar$exa0.440\jdk\bin\java.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.440\jdk\bin\java.exe No File
FirewallRules: [UDP Query User{2A8CA829-6C23-46BA-B7CA-18320F3A5CA0}C:\users\james\appdata\local\temp\rar$exa0.440\jdk\bin\java.exe] => (Allow) C:\users\james\appdata\local\temp\rar$exa0.440\jdk\bin\java.exe No File
VirusTotal: C:\Users\James\Documents\Oracle\docs\javaw-shaded.jar;C:\ProgramData\Oracle\Java\lib\locale.jar;C:\Users\James\AppData\Roaming\java\lib\charset.jar;C:\Users\James\3D Objects\Java\3D\lwjgl.jar;C:\Users\jimak\AppData\Local\SRQP;C:\Users\jimak\AppData\Local\SRQPONMLKJ
CMD: Bitsadmin /Reset /Allusers
 
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
"C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1736177130-1667789116-2251809797-1010\User" => not found
 
"C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1736177130-1667789116-2251809797-1009\User" folder move:
 
Could not move "C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1736177130-1667789116-2251809797-1009\User" => Scheduled to move on reboot.
 
"C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1736177130-1667789116-2251809797-1008\User" => not found
"C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1736177130-1667789116-2251809797-1001\User" => not found
HKLM\SOFTWARE\Policies\Google => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB368B59-613B-4DCF-A1B1-9564617BA002} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1FCCF51-F2A6-45BF-9490-0FD0298C6889} => could not remove. Access Denied.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Error setting value.
"HKU\S-1-5-21-1736177130-1667789116-2251809797-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
"HKU\S-1-5-21-1736177130-1667789116-2251809797-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => not found
"HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => not found
"HKU\S-1-5-21-1736177130-1667789116-2251809797-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => not found
"HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => not found
"HKU\S-1-5-21-1736177130-1667789116-2251809797-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => not found
"HKLM\Software\Classes\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => not found
"HKU\S-1-5-21-1736177130-1667789116-2251809797-1009\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1736177130-1667789116-2251809797-1009\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => removed successfully
"HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => not found
HKU\S-1-5-21-1736177130-1667789116-2251809797-1009\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => removed successfully
"HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => not found
HKU\S-1-5-21-1736177130-1667789116-2251809797-1009\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => removed successfully
"HKLM\Software\Classes\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => not found
"HKU\S-1-5-21-1736177130-1667789116-2251809797-1010\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => not found
"HKU\S-1-5-21-1736177130-1667789116-2251809797-1010\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => not found
"HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => not found
"HKU\S-1-5-21-1736177130-1667789116-2251809797-1010\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => not found
"HKLM\Software\Classes\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3}" => not found
"HKU\S-1-5-21-1736177130-1667789116-2251809797-1010\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => not found
"HKLM\Software\Classes\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc}" => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => could not remove. Access Denied.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => could not remove. Access Denied.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => could not remove. Access Denied.
HKLM\Software\Classes\PROTOCOLS\Handler\sacore => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => could not remove. Access Denied.
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer => could not remove. Access Denied.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => could not remove. Access Denied.
HKLM\SOFTWARE\Google\Chrome\Extensions\gboaiodgdajeapekadgejlbmabjganof => could not remove. Access Denied.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => could not remove. Access Denied.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gboaiodgdajeapekadgejlbmabjganof => could not remove. Access Denied.
"C:\Users\jimak\AppData\Local\wbq5hwbq5h" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => could not remove. Access Denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => could not remove. Access Denied.
"HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => not found
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayExcluded => could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C} => could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayPending => could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => could not remove. Access Denied.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\  OverlayProtected => could not remove. Access Denied.
HKLM\Software\Wow6432Node\Classes\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148} => could not remove. Access Denied.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BUContextMenu => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => could not remove. Access Denied.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => could not remove. Access Denied.
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => could not remove. Access Denied.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BUContextMenu => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => could not remove. Access Denied.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu => could not remove. Access Denied.
HKLM\Software\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => could not remove. Access Denied.
C:\ProgramData\Temp => ":1CE11B51" ADS could not remove.
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Norton Online Backup" => removed successfully
"HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Norton Online Backup" => removed successfully
"HKU\S-1-5-21-1736177130-1667789116-2251809797-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Chromium" => not found
"HKU\S-1-5-21-1736177130-1667789116-2251809797-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Chromium" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{205D39D8-4CBE-48CF-9D0A-BB352CFADE4F}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FD4BDA15-6B1C-4EA0-82D0-B590649C416F}C:\program files (x86)\java\jre1.8.0_151\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{34762203-760D-41FD-B6FC-A5F7EDEE4B9C}C:\program files (x86)\java\jre1.8.0_151\bin\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DD6DA73E-2CD8-4FC4-A671-479E49CE77B5}C:\program files (x86)\java\jre1.8.0_151\bin\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{AFEB7FE0-FC45-43E9-88BA-500F3DFF8A9E}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1E533757-1C1F-4D03-B929-D66347349407}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{34F14942-C5C2-483B-A634-28C98E68B8A3}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2AC33021-605C-4B77-9985-3658288AFB81}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{862F8AC9-CA2A-434F-9A7A-6B38E40076C1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C376A56E-66E3-4468-888C-960D9C62D3A3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{05C9FC87-C2C6-4BFF-85CE-6F46BB2D5167}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7DB4EF7C-574F-4B87-B44E-D584446DDDF1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{85BA3A8D-2314-433D-B7B8-953D240F9A86}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{CFBCACDC-3170-4D0F-B05E-050AD2C72BCA}C:\users\james\appdata\local\temp\rar$exa0.748\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8B8D8193-6E55-497C-A3A8-C7405D3B8D33}C:\users\james\appdata\local\temp\rar$exa0.748\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{49A6B60D-2300-4930-80CA-9B02A00E0DA0}C:\users\james\appdata\local\temp\rar$exa0.576\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{5705011A-8F8A-4A8A-90E7-229E1ACCCD69}C:\users\james\appdata\local\temp\rar$exa0.576\hello neighbor alpha 1\helloneighbor\helloneighborreborn\binaries\win64\helloneighborreborn-win64-shipping.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{275A75FD-7633-4740-9B76-2DAEABB80892}C:\users\james\appdata\local\temp\rar$exa0.509\jdk\bin\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BB317261-D616-4BAF-9033-AD4B5DCFCED6}C:\users\james\appdata\local\temp\rar$exa0.509\jdk\bin\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{94AE19FF-3184-441A-96E5-6349F387CED0}C:\users\james\appdata\local\temp\rar$exa0.733\jdk\bin\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{68314DB1-C008-43CC-B906-DBACFCB25C98}C:\users\james\appdata\local\temp\rar$exa0.733\jdk\bin\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B4ABFD01-4153-4046-9E23-F59C0C929660}C:\users\james\appdata\local\temp\rar$exa0.266\jdk\bin\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{276293FD-F5BA-4585-A125-2F326284A3E9}C:\users\james\appdata\local\temp\rar$exa0.266\jdk\bin\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{365EE0A6-7CC3-4155-9B72-1263ED9E1A39}C:\users\james\appdata\local\temp\rar$exa0.026\jdk\bin\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4C3408FD-351C-4D41-8599-10219DE9CEBA}C:\users\james\appdata\local\temp\rar$exa0.026\jdk\bin\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4BB789B5-49E6-4BE9-AA6A-F435F9E34FC0}C:\users\james\appdata\local\temp\rar$exa0.440\jdk\bin\java.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2A8CA829-6C23-46BA-B7CA-18320F3A5CA0}C:\users\james\appdata\local\temp\rar$exa0.440\jdk\bin\java.exe" => removed successfully
VirusTotal: C:\Users\James\Documents\Oracle\docs\javaw-shaded.jar => https://www.virustot...sis/1566676344/
VirusTotal: C:\ProgramData\Oracle\Java\lib\locale.jar => https://www.virustot...sis/1566676344/
VirusTotal: C:\Users\James\AppData\Roaming\java\lib\charset.jar => https://www.virustot...sis/1566676344/
VirusTotal: C:\Users\James\3D Objects\Java\3D\lwjgl.jar => https://www.virustot...sis/1566676344/
"VirusTotal: C:\Users\jimak\AppData\Local\SRQP" => not found
"VirusTotal: C:\Users\jimak\AppData\Local\SRQPONMLKJ" => not found
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.
 
Unable to enum jobs - 0x80070005
Access is denied.
 
 
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 81064240 B
Java, Flash, Steam htmlcache => 239874161 B
Windows/system/drivers => 0 B
Edge => 30445658 B
Chrome => 447716909 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
jimak => 14057 B
Kelly => 0 B
nanke => 0 B
James => 9930345 B
sugar => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 771.6 MB temporary data Removed.
 
================================

  • 0

#22
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
My CPU is still pinned to 100%
  • 0

#23
Jamesoo

Jamesoo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
And there are still all of those programs :/
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP