Tech Support banner

Status
Not open for further replies.
1 - 13 of 13 Posts

·
Registered
Joined
·
103 Posts
Discussion Starter #1
Hello

My PC has been running much slower than normal lately and I think I know why. I have Avira Antivir and it keeps detecting a certain virus called TR/Crypt.ZPACK.200907. I keep hitting remove but the infection keeps coming back. Please help!

My specs: Windows 8 64 bit

I went to run DDS, but it said that I could not run it in compatibility mode. Therefore I used Farbar Recovery Scan Tool because I saw someone else had the same problem in another thread. TSF advised them to use this tool.

Please let me know if I should post anything else. THanks!
 

Attachments

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Are you running an illegal(pirated) copy of Office?
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Our forum rules prevent us from helping users with illegal software. It's the same as stealing.

If you need further assistance, you will have to uninstall Office, run FRST again, making sure Addition.txt is ticked and post/attach the logs as before.
 

·
Registered
Joined
·
103 Posts
I uninstalled it.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by rahul_000 (administrator) on RAHULSPC (14-11-2015 20:50:41)
Running from C:\Users\rahul_000\Downloads
Loaded Profiles: rahul_000 (Available Profiles: rahul_000)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
() C:\Program Files (x86)\Toshiba\TOSHIBA System Driver\TOSTABSYSSVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TssSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Brightness Adjust\TosBrightnessAdjust.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\nacl64.exe
(Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\rahul_000\Downloads\FRST64 (1).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [1008128 2014-04-28] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3276616 2014-05-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\Windows\system32\thpsrv /logon
HKLM\...\Run: [TosBrightnessAdjust] => C:\Program Files\Toshiba\Brightness Adjust\TosBrightnessAdjust.exe [77408 2014-06-03] (Toshiba Corporation)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [517536 2014-04-06] (TOSHIBA)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [782520 2015-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-09-21] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3794674557-4143362066-2723272169-1001\...\Run: [GoogleChromeAutoLaunch_124F57D3B9A00D34603FEDE10C0A6114] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-11-06] (Google Inc.)
HKU\S-1-5-21-3794674557-4143362066-2723272169-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2014-03-18] (Microsoft Corporation)
HKU\S-1-5-21-3794674557-4143362066-2723272169-1001\...\Run: [QiyElro] => regsvr32.exe "
HKU\S-1-5-21-3794674557-4143362066-2723272169-1001\...\Run: [RSA1121955412] => C:\Windows\system32\rundll32.exe ",DllInitialize
HKU\S-1-5-21-3794674557-4143362066-2723272169-1001\...\Run: [DragonAssistant] => "C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistant.exe" -autorun
HKU\S-1-5-21-3794674557-4143362066-2723272169-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\rahul_000\Downloads\dds.scr [688992 2015-11-08] (Swearware)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-10-12] (Google)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{924188CC-6F3D-496B-968D-17B6754B97C3}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C6001CA6-5C2B-46D4-9B1C-52640905807F}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-3794674557-4143362066-2723272169-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-3794674557-4143362066-2723272169-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-3794674557-4143362066-2723272169-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKU\S-1-5-21-3794674557-4143362066-2723272169-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-3794674557-4143362066-2723272169-1001 -> DefaultScope {42A03219-C515-44C3-95FD-F7180FB73DDE} URL =
SearchScopes: HKU\S-1-5-21-3794674557-4143362066-2723272169-1001 -> {42A03219-C515-44C3-95FD-F7180FB73DDE} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL => No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL => No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL => No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\rahul_000\AppData\Roaming\Mozilla\Firefox\Profiles\3efAOnFL.default
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [No File]
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\rahul_000\AppData\Roaming\Mozilla\Firefox\Profiles\3efAOnFL.default\Extensions\[email protected] [2015-08-14] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://espn.go.com/
CHR StartupUrls: Default -> "hxxp://espn.go.com/"
CHR Profile: C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-14]
CHR Extension: (Google Docs) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-14]
CHR Extension: (Google Drive) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-23]
CHR Extension: (YouTube) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-10-17]
CHR Extension: (Adblock Plus) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-24]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-11-06]
CHR Extension: (Google Search) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Google Play Music) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-11-14]
CHR Extension: (Google Sheets) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-14]
CHR Extension: (Google Docs Offline) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (MagicScroll eBook Reader) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgnmgfdoiplfmhgghbmlphanpfmjble [2015-08-14]
CHR Extension: (IE Tab) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd [2015-10-07]
CHR Extension: (Google Keep - notes and lists) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-11-14]
CHR Extension: (Adblock for Pirate Bay) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\imkpamgpfalmdaikobnkefcmmkpgljjd [2015-08-14]
CHR Extension: (GroupMe Notifications) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhlmejlghbfnmdogojohgfnhdldnjhah [2015-08-14]
CHR Extension: (Motorola Connect) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigmoblgooahdmdibodmcnffgnejlndh [2015-11-14]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2015-08-14]
CHR Extension: (Answers by Answers.com) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfgeapdodalngkocjdblmncgfdhcnakd [2015-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Gmail) - C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [932912 2015-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [461672 2015-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [461672 2015-10-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1147720 2015-10-14] (Avira Operations GmbH & Co. KG)
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [240360 2015-09-21] (Avira Operations GmbH & Co. KG)
S3 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-05-14] ()
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [953352 2014-05-08] (Intel Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [103240 2014-05-12] (ELAN Microelectronics Corp.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2014-03-06] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 TOSTABSYSSVC; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\TOSTABSYSSVC.exe [34680 2014-03-27] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
S2 DAMSvc; "C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [137800 2015-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [148632 2015-07-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [74440 2015-10-07] (Avira Operations GmbH & Co. KG)
S3 AX88179; C:\Windows\system32\DRIVERS\ax88179_178a.sys [70104 2013-07-08] (ASIX Electronics Corp.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 BS1121955412; C:\Users\rahul_000\AppData\Local\Temp\NTFS.sys [13192 2015-11-01] (Sysinternals) [File not signed]
S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32640 2013-08-22] (Microsoft Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [34624 2014-05-08] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [193136 2014-05-08] (Intel Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [24904 2014-02-06] (ELAN Microelectronic Corp.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2014-03-06] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3433952 2014-02-18] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-04-16] (Realtek Semiconductor Corp.)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [27136 2014-03-24] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150813.019\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20150813.019\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 20:50 - 2015-11-14 20:50 - 02198528 _____ (Farbar) C:\Users\rahul_000\Downloads\FRST64 (1).exe
2015-11-14 20:42 - 2015-11-14 20:48 - 00000000 ____D C:\Users\rahul_000\Documents\[]Microsoft Office Professional Plus (x64) 2013 Incl Activator P2P
2015-11-14 19:42 - 2015-11-14 19:55 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-11-14 19:41 - 2015-11-14 19:41 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\rahul_000\Downloads\revosetup.exe
2015-11-14 19:38 - 2015-11-14 19:40 - 00347816 _____ (Microsoft Corporation) C:\Users\rahul_000\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.Run.exe
2015-11-14 18:59 - 2015-11-14 18:59 - 00000290 _____ C:\Windows\Tasks\AutoKMS.job
2015-11-14 17:21 - 2015-11-14 17:33 - 383390333 ____R C:\Users\rahul_000\Desktop\Real.Time.With.Bill.Maher.2015.11.13.HDTV.x264-BATV[eztv].mp4
2015-11-14 01:39 - 2015-11-14 01:39 - 00000715 _____ C:\Windows\Settings.ini
2015-11-13 00:15 - 2015-11-14 18:59 - 00002900 _____ C:\Windows\System32\Tasks\AutoKMS
2015-11-12 22:30 - 2015-11-13 00:11 - 00004972 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for RAHULSPC-rahul_000 RahulsPC
2015-11-12 22:15 - 2015-11-12 22:15 - 00268252 _____ C:\Users\rahul_000\Downloads\APhA Poster Spring 2015_final draft - example.pptx
2015-11-12 21:09 - 2015-11-12 21:10 - 00318058 _____ C:\Users\rahul_000\Downloads\PCP Poster - 11 12 15 - JNS_SO_edits.pptx
2015-11-12 18:51 - 2015-11-12 18:57 - 285918288 ____R C:\Users\rahul_000\Desktop\Gotham.S02E08.HDTV.x264-LOL[eztv].mp4
2015-11-12 18:49 - 2015-11-12 18:55 - 251988797 _____ C:\Users\rahul_000\Desktop\Gotham.S02E07.HDTV.x264-LOL[eztv].mp4
2015-11-11 21:05 - 2015-11-11 21:14 - 323603354 ____R C:\Users\rahul_000\Desktop\Law.and.Order.SVU.S17E07.HDTV.x264-KILLERS[eztv].mp4
2015-11-11 21:01 - 2015-11-11 21:04 - 183563374 ____R C:\Users\rahul_000\Desktop\Brooklyn.Nine-Nine.S03E06.INTERNAL.HDTV.x264-KILLERS[eztv].mp4
2015-11-11 00:04 - 2015-11-11 00:04 - 00150187 _____ C:\Users\rahul_000\Downloads\PCP Poster Template.pptx
2015-11-08 09:29 - 2015-11-08 09:29 - 00033966 _____ C:\Users\rahul_000\Desktop\FRST.txt
2015-11-08 09:29 - 2015-11-08 09:29 - 00026691 _____ C:\Users\rahul_000\Desktop\Addition.txt
2015-11-08 09:21 - 2015-11-08 09:28 - 00026691 _____ C:\Users\rahul_000\Downloads\Addition.txt
2015-11-08 09:15 - 2015-11-14 20:56 - 00026056 _____ C:\Users\rahul_000\Downloads\FRST.txt
2015-11-08 09:14 - 2015-11-14 20:51 - 00000000 ____D C:\FRST
2015-11-08 09:14 - 2015-11-08 09:14 - 02198528 _____ (Farbar) C:\Users\rahul_000\Downloads\FRST64.exe
2015-11-08 09:10 - 2015-11-08 09:10 - 00688992 _____ (Swearware) C:\Users\rahul_000\Downloads\dds (1).scr
2015-11-08 09:06 - 2015-11-08 09:06 - 00688992 _____ (Swearware) C:\Users\rahul_000\Downloads\dds.scr
2015-11-07 18:45 - 2015-11-07 19:27 - 00158756 _____ C:\Users\rahul_000\Downloads\Draft 3 PCP PPX Poster Rahul and Priyanka .pptx
2015-11-07 15:20 - 2015-11-07 16:59 - 00119808 _____ C:\Users\rahul_000\Downloads\PCP PPX Project deidentified (1).xls
2015-11-07 15:18 - 2015-11-07 15:18 - 00195823 _____ C:\Users\rahul_000\Downloads\Draft 2 PCP PPX Poster Rahul and Priyanka DPR and EAC Edits.pptx
2015-11-01 11:23 - 2015-11-06 20:09 - 00000000 ____D C:\Users\rahul_000\AppData\Local\Cefix
2015-11-01 11:23 - 2015-11-01 11:24 - 00000000 ___HD C:\ProgramData\{F66CB4EE-546F-4D54-9332-216DE189AAB0}
2015-10-27 16:58 - 2015-11-06 20:52 - 00000000 ____D C:\Users\rahul_000\AppData\LocalLow\uTorrent
2015-10-26 20:36 - 2015-10-26 20:36 - 00014758 _____ C:\Users\rahul_000\Downloads\Drushyam 2014 Telugu Movie HDRip 700MB.torrent
2015-10-26 20:34 - 2015-10-26 20:34 - 00019173 _____ C:\Users\rahul_000\Downloads\Drushyam 2014 Telugu Movie 1080P HD 3.4GB.torrent
2015-10-16 20:43 - 2015-10-16 20:54 - 381049412 _____ C:\Users\rahul_000\Desktop\The.Last.Ship.S02E13.HDTV.x264-LOL.mp4
2015-10-15 21:30 - 2015-10-15 21:30 - 00770048 _____ C:\Users\rahul_000\Downloads\Figure.ppt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-14 20:48 - 2015-08-14 12:41 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F244DF1F-25C7-466E-8F11-CD4F46975725}
2015-11-14 20:47 - 2014-08-19 08:04 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-14 20:44 - 2014-08-19 07:38 - 01495785 _____ C:\Windows\WindowsUpdate.log
2015-11-14 20:31 - 2015-08-14 12:42 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3794674557-4143362066-2723272169-1001
2015-11-14 20:24 - 2015-08-14 16:56 - 00000000 ____D C:\Program Files\Microsoft Office
2015-11-14 20:17 - 2015-08-14 16:01 - 00000000 ____D C:\Users\rahul_000\AppData\Roaming\uTorrent
2015-11-14 20:16 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-14 18:59 - 2015-08-14 17:09 - 00000000 ____D C:\Windows\AutoKMS
2015-11-14 18:12 - 2015-08-14 15:33 - 00000000 ____D C:\Users\rahul_000\AppData\Roaming\vlc
2015-11-13 17:50 - 2015-08-22 23:42 - 00465920 ___SH C:\Users\rahul_000\Desktop\Thumbs.db
2015-11-12 22:19 - 2015-08-14 12:31 - 00000000 ____D C:\Users\rahul_000\AppData\Local\Packages
2015-11-12 21:41 - 2014-08-19 07:57 - 00000000 ____D C:\ProgramData\TEMP
2015-11-11 20:49 - 2015-08-14 17:07 - 00002174 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-10 04:47 - 2014-08-19 08:04 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-08 20:30 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\migwiz
2015-11-08 08:53 - 2014-03-18 04:53 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-08 08:50 - 2013-08-22 09:46 - 00027353 _____ C:\Windows\setupact.log
2015-11-06 19:59 - 2015-08-14 16:00 - 00000000 ____D C:\Users\rahul_000\AppData\Local\CrashDumps
2015-11-06 19:59 - 2015-08-14 12:37 - 00000000 __RDO C:\Users\rahul_000\OneDrive
2015-11-06 19:54 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-06 19:53 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-11-06 19:46 - 2014-08-19 08:11 - 03442668 _____ C:\Users\Public\CAFADEBUG.log
2015-11-04 07:13 - 2014-12-17 15:19 - 00000000 ____D C:\Users\rahul_000\Documents\Resume-CV
2015-11-02 22:29 - 2014-05-15 02:16 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-11-01 12:01 - 2015-10-07 22:01 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-01 11:38 - 2014-08-19 07:38 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-01 11:32 - 2014-03-18 04:44 - 00515750 _____ C:\Windows\PFRO.log
2015-10-28 20:15 - 2015-08-14 14:49 - 00001121 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-10-28 20:15 - 2015-08-14 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-10-27 09:03 - 2015-05-28 20:20 - 00000000 ____D C:\Users\rahul_000\Documents\6th year APPEs
2015-10-17 13:51 - 2014-08-19 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

Some files in TEMP:
====================
C:\Users\rahul_000\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-25 15:58

==================== End of FRST.txt ============================
 

Attachments

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

If needed, here is a free alternative to Office that will work with your documents:

https://www.libreoffice.org/download/libreoffice-fresh/?type=win-x86_64&version=5.0&lang=en-US

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------
 

·
Registered
Joined
·
103 Posts
Discussion Starter #8
# AdwCleaner v5.021 - Logfile created 14/11/2015 at 23:18:49
# Updated 14/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 8.1 (x64)
# Username : rahul_000 - RAHULSPC
# Running from : C:\Users\rahul_000\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\rahul_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\autopcbackup.dl.tb.ask.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\gamingwonderland.dl.tb.ask.com

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1255 bytes] ##########
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
I thought you said you uninstalled MS Office?
 

·
Registered
Joined
·
103 Posts
Discussion Starter #10
I thought I did. I went to program files and deleted the files. I tried removing through control panel and add/remove programs, but it would not let me. How can I remove it from my PC?
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
I think you know you uninstall an application via Programs and Features, and not by deleting its folder.

Why did you just download this folder:

2015-11-14 20:42 - 2015-11-14 20:48 - 00000000 ____D C:\Users\rahul_000\Documents\[]Microsoft Office Professional Plus (x64) 2013 Incl Activator P2P
It appears you have already downloaded, and plan on re-installing another pirated version of MS Office, after we are done, correct?

------------------------------------------------------
 

·
Security Team , Moderator, Analyst , Rangemaster,
Joined
·
29,790 Posts
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
 
1 - 13 of 13 Posts
Status
Not open for further replies.
Top