Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[Need Help] My PC Infected With adultcameras.info Popup


  • Please log in to reply
8 replies to this topic

#1 Ashokkumar1990

Ashokkumar1990

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:27 AM

Posted 31 January 2015 - 05:15 AM

Hello everyone

 

My pc is infected with adultcameras.info popup virus i searched about this popup virus on google i found all the result  returned 2days

 

( 28-Jan-15 ) of data and none of the technique didn't work kindly guide me how to remove this popup virus

 

and my recent  installation are

 

  1. flash player from adobe.com
  2. MiniTool Power Data Recovery

and i tired following methods

 

  1. installed spyhunter as most of the google search resutls displayed to install this software to remove this virus but it didn't able to fix my issuse ( unistalled spyhunter software as it asked me to purchase the product to remove ths virus )

also i scanned with my malware bytes & kaspersky internet security still the problem persist

 

kindly some one guide me to remove this virus

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 01 February 2015 - 10:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 Ashokkumar1990

Ashokkumar1990
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:27 AM

Posted 01 February 2015 - 08:36 PM

Thanks for the reply nasdaq

 

AdwCleaner Log File
===============

# AdwCleaner v4.109 - Report created 02/02/2015 at 06:41:20
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 8.1 Pro  (32 bits)
# Username : ashokkumar - ROCKER-PC
# Running from : C:\Users\ashokkumar\Downloads\Programs\adwcleaner_4.109.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\foxydeal.sqlite
File Found : C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\user.js
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\Users\ashokkumar\AppData\Local\CrashRpt
Folder Found : C:\Users\ashokkumar\AppData\Roaming\KW
Folder Found : C:\Users\ashokkumar\AppData\Roaming\ParetoLogic

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Found : HKLM\SOFTWARE\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v35.0.1 (x86 en-US)

[6uhkwj6c.default] - Line Found : user_pref("smartbar.machineId", "D0Z3LE4JINYHZOKYD9XI08QXDGB/HJMBP040REYJ/2SLGI+GXXM/IB+ZH1PD4UFAGDWV0BNM8OPP1T1SCEEOHQ");

-\\ Google Chrome v40.0.2214.94


*************************

AdwCleaner[R0].txt - [2603 octets] - [02/02/2015 06:41:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2663 octets] ##########

FRST Log File
==========
 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by ashokkumar (administrator) on ROCKER-PC on 02-02-2015 06:41:34
Running from C:\Users\ashokkumar\Desktop
Loaded Profiles: ashokkumar (Available profiles: ashokkumar)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
() C:\Users\ashokkumar\Downloads\Programs\adwcleaner_4.109.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [DriveUtilitiesHelper] => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3197808 2014-07-22] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [19102872 2014-11-12] (Microsoft Corporation)
Startup: C:\Users\ashokkumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\ashokkumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8
Tcpip\..\Interfaces\{88E46EC9-570E-43A5-98D9-EC3C7CC033E3}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default
FF Homepage: https://www.google.co.in/?gws_rd=ssl
FF NetworkProxy: "backup.ftp", "212.175.17.237"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "212.175.17.237"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "212.175.17.237"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "202.62.95.53"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "109.200.192.50"
FF NetworkProxy: "gopher_port", 80
FF NetworkProxy: "http", "202.62.95.53"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "202.62.95.53"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "202.62.95.53"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
FF Plugin HKU\S-1-5-21-2669073899-1961402799-846495380-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ashokkumar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\searchplugins\torrentz-search.xml
FF Extension: IDM CC - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\mozilla_cc@internetdownloadmanager.com [2015-01-27]
FF Extension: Print pages to PDF - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\printPages2Pdf@reinhold.ripper [2014-06-10]
FF Extension: WebRank SEO Toolbar - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\webrank-toolbar@probcomp.com [2014-06-10]
FF Extension: ColorZilla - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2014-06-10]
FF Extension: FoxClocks - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1} [2014-06-10]
FF Extension: Auto Refresh - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\autorefresh@plugin.xpi [2014-06-10]
FF Extension: Easy Screenshot - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2014-11-30]
FF Extension: Firebug - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\firebug@software.joehewitt.com.xpi [2014-06-10]
FF Extension: Good Website Inspector - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\gwif-quality@goodwebsiteinspector.com.xpi [2014-06-10]
FF Extension: ClixAddon - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\jid1-wKRSK9TpFpr9Hw@jetpack.xpi [2014-08-02]
FF Extension: Turn Off the Lights - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\stefanvandamme@stefanvd.net.xpi [2014-06-10]
FF Extension: YSlow - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\yslow@yahoo-inc.com.xpi [2014-06-10]
FF Extension: Flagfox - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-12-08]
FF Extension: Password Exporter - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-06-10]
FF Extension: QuickNote - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi [2014-06-10]
FF Extension: Web Developer - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-06-10]
FF Extension: Adblock Plus - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-10]
FF Extension: User Agent Switcher - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2014-06-10]
FF Extension: NeoBux AdAlert - C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\Extensions\{eb80b076-a444-444c-a590-5aee5d977d80}.xpi [2014-06-14]
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF HKLM\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-31]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-31]
FF HKLM\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-31]
FF HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\ashokkumar\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\ashokkumar\AppData\Roaming\IDM\idmmzcc5 [2015-01-15]
FF HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\ashokkumar\AppData\Roaming\IDM\idmmzcc5
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/?gfe_rd=cr&ei=MYt6VLvLH8uZOpXZgcgO&gws_rd=cr&fg=1
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]
CHR Extension: (Google Drive) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-29]
CHR Extension: (YouTube) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-29]
CHR Extension: (Nimbus Screenshot) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2015-01-06]
CHR Extension: (Adblock Plus) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-27]
CHR Extension: (Google Search) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-29]
CHR Extension: (Kaspersky Protection) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-01-31]
CHR Extension: (IDM Integration Module) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-01-12]
CHR Extension: (Currency Converter) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncdobdbibdgoiohgnflmjajfphcnakg [2015-01-12]
CHR Extension: (Google Wallet) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-29]
CHR Extension: (Gmail) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-29]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-01-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.1; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 HPSLPSVC; C:\Users\ashokkumar\AppData\Local\Temp\7zS5B12\hpslpsvc32.dll [701288 2013-07-19] (Hewlett-Packard Co.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2014-07-16] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [392712 2014-07-16] ()
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-24] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [37440 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [24496 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [119304 2015-01-31] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [36536 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [648392 2015-01-31] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [56840 2015-01-31] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [64200 2015-01-31] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [146240 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-02] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-08-13] (Duplex Secure Ltd.)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [23040 2014-04-08] (The OpenVPN Project)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [30256 2014-06-05] (Basil Projects)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 mcdbus; \SystemRoot\System32\drivers\mcdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 06:41 - 2015-02-02 06:41 - 00022596 _____ () C:\Users\ashokkumar\Desktop\FRST.txt
2015-02-02 06:41 - 2015-02-02 06:41 - 00000000 ____D () C:\AdwCleaner
2015-02-02 06:39 - 2015-02-02 06:39 - 01122304 _____ (Farbar) C:\Users\ashokkumar\Desktop\FRST.exe
2015-02-01 19:26 - 2015-02-01 19:26 - 00166120 _____ () C:\Windows\Minidump\020115-35015-01.dmp
2015-02-01 17:15 - 2015-02-02 06:41 - 00000000 ____D () C:\FRST
2015-01-31 13:31 - 2015-01-31 13:44 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-31 13:20 - 2015-01-31 13:20 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\ParetoLogic
2015-01-31 13:19 - 2015-01-31 13:25 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-01-31 10:49 - 2015-02-02 06:30 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 10:49 - 2015-01-31 10:49 - 00002301 _____ () C:\Users\ashokkumar\Desktop\Safe Money.lnk
2015-01-31 10:49 - 2015-01-31 10:49 - 00001081 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 10:49 - 2015-01-31 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 10:48 - 2015-01-31 10:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-31 10:48 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-31 10:48 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-31 10:48 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-31 10:47 - 2015-01-31 10:47 - 00002127 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-01-31 10:47 - 2015-01-31 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-31 10:46 - 2015-01-31 10:46 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-31 10:46 - 2015-01-31 10:46 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-01-31 10:46 - 2014-08-12 18:32 - 00036536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-28 17:57 - 2015-02-01 19:28 - 00000000 ____D () C:\Users\ashokkumar\VirtualBox VMs
2015-01-28 14:04 - 2015-01-28 16:04 - 00000000 ____D () C:\Program Files\PowerDataRecovery
2015-01-28 14:04 - 2015-01-28 14:04 - 00001094 _____ () C:\Users\Public\Desktop\MiniTool Power Data Recovery 6.8.lnk
2015-01-28 14:04 - 2015-01-28 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 6.8
2015-01-28 07:45 - 2015-01-28 07:45 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-28 07:45 - 2015-01-28 07:44 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-28 07:45 - 2015-01-28 07:44 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-27 12:23 - 2015-01-27 12:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-27 06:35 - 2015-01-27 06:35 - 00852568 _____ () C:\Windows\Minidump\012715-18125-01.dmp
2015-01-26 18:50 - 2015-01-26 18:50 - 00877560 _____ () C:\Windows\Minidump\012615-18671-01.dmp
2015-01-26 09:20 - 2015-01-26 09:20 - 00850904 _____ () C:\Windows\Minidump\012615-27031-01.dmp
2015-01-25 18:41 - 2015-01-25 18:41 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\MediaInfo
2015-01-25 07:03 - 2015-01-25 07:03 - 00836584 _____ () C:\Windows\Minidump\012515-17703-01.dmp
2015-01-24 20:51 - 2015-01-24 20:51 - 00864816 _____ () C:\Windows\Minidump\012415-19265-01.dmp
2015-01-24 19:19 - 2015-01-24 19:19 - 00883832 _____ () C:\Windows\Minidump\012415-18937-01.dmp
2015-01-24 07:01 - 2015-01-24 07:01 - 00869992 _____ () C:\Windows\Minidump\012415-19453-01.dmp
2015-01-23 20:33 - 2015-01-23 20:33 - 00834344 _____ () C:\Windows\Minidump\012315-21296-01.dmp
2015-01-23 12:11 - 2015-01-23 12:11 - 00001101 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-01-23 12:11 - 2015-01-23 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-01-23 12:11 - 2015-01-23 12:11 - 00000000 ____D () C:\Program Files\Oracle
2015-01-23 12:11 - 2014-11-24 12:16 - 00744520 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-01-23 12:11 - 2014-11-24 12:16 - 00104384 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-01-23 11:50 - 2015-01-23 11:50 - 00833976 _____ () C:\Windows\Minidump\012315-19375-01.dmp
2015-01-23 07:50 - 2015-02-01 19:30 - 00000000 ____D () C:\Users\ashokkumar\.VirtualBox
2015-01-23 06:59 - 2015-01-23 06:59 - 00629584 _____ () C:\Windows\Minidump\012315-32859-01.dmp
2015-01-22 21:41 - 2015-01-22 21:41 - 00002069 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-01-22 21:41 - 2015-01-22 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-01-22 21:40 - 2015-01-22 21:40 - 00000000 ____D () C:\ProgramData\Sony
2015-01-22 21:40 - 2015-01-22 21:40 - 00000000 ____D () C:\Program Files\Sony
2015-01-22 21:24 - 2015-01-22 21:24 - 00818400 _____ () C:\Windows\Minidump\012215-17937-01.dmp
2015-01-22 19:00 - 2015-01-22 19:00 - 00788832 _____ () C:\Windows\Minidump\012215-22203-01.dmp
2015-01-22 17:50 - 2015-01-22 17:50 - 00818600 _____ () C:\Windows\Minidump\012215-24687-01.dmp
2015-01-22 14:19 - 2015-01-22 14:19 - 00796296 _____ () C:\Windows\Minidump\012215-24781-01.dmp
2015-01-22 12:45 - 2015-01-22 12:46 - 00846192 _____ () C:\Windows\Minidump\012215-24703-01.dmp
2015-01-22 11:06 - 2015-01-22 11:06 - 01067104 _____ () C:\Windows\Minidump\012215-20296-01.dmp
2015-01-22 08:15 - 2015-01-22 08:15 - 00903408 _____ () C:\Windows\Minidump\012215-17796-01.dmp
2015-01-22 06:48 - 2015-01-22 06:48 - 00822536 _____ () C:\Windows\Minidump\012215-20359-01.dmp
2015-01-21 18:12 - 2015-01-21 18:12 - 00891120 _____ () C:\Windows\Minidump\012115-20500-01.dmp
2015-01-21 15:53 - 2015-01-21 15:53 - 00891360 _____ () C:\Windows\Minidump\012115-16203-01.dmp
2015-01-21 11:10 - 2015-01-21 11:10 - 00906984 _____ () C:\Windows\Minidump\012115-19500-01.dmp
2015-01-21 06:50 - 2015-01-21 06:50 - 00889616 _____ () C:\Windows\Minidump\012115-17656-01.dmp
2015-01-20 19:09 - 2015-01-20 19:09 - 00876912 _____ () C:\Windows\Minidump\012015-21937-01.dmp
2015-01-20 15:24 - 2015-01-20 15:24 - 00902664 _____ () C:\Windows\Minidump\012015-31468-01.dmp
2015-01-20 14:01 - 2015-02-02 06:29 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
2015-01-20 14:01 - 2015-01-20 14:01 - 00001160 _____ () C:\Users\Public\Desktop\WD SmartWare.lnk
2015-01-20 14:01 - 2015-01-20 14:01 - 00000000 ____D () C:\Users\ashokkumar\AppData\Local\Western_Digital_Technolog
2015-01-20 14:01 - 2015-01-20 14:01 - 00000000 ____D () C:\Users\ashokkumar\AppData\Local\Western Digital
2015-01-20 14:00 - 2015-01-20 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-01-20 14:00 - 2015-01-20 14:01 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-01-20 14:00 - 2015-01-20 14:00 - 00001146 _____ () C:\Users\Public\Desktop\WD Security.lnk
2015-01-20 14:00 - 2015-01-20 14:00 - 00001103 _____ () C:\Users\Public\Desktop\WD Drive Utilities.lnk
2015-01-20 14:00 - 2015-01-20 14:00 - 00000000 ____D () C:\Program Files\Western Digital
2015-01-20 12:07 - 2015-01-22 21:41 - 00148040 _____ () C:\Windows\DPINST.LOG
2015-01-20 12:07 - 2015-01-20 14:01 - 00000000 ____D () C:\ProgramData\Western Digital
2015-01-20 07:36 - 2015-01-20 07:36 - 00864104 _____ () C:\Windows\Minidump\012015-33953-01.dmp
2015-01-19 14:17 - 2015-01-19 14:17 - 00836568 _____ () C:\Windows\Minidump\011915-19968-01.dmp
2015-01-19 06:50 - 2015-01-19 06:50 - 00891640 _____ () C:\Windows\Minidump\011915-27468-01.dmp
2015-01-18 15:47 - 2015-01-18 15:48 - 00856560 _____ () C:\Windows\Minidump\011815-19218-01.dmp
2015-01-18 06:13 - 2015-01-18 06:13 - 00836960 _____ () C:\Windows\Minidump\011815-18718-01.dmp
2015-01-17 11:12 - 2015-01-17 11:12 - 00000000 __SHD () C:\found.002
2015-01-17 11:12 - 2015-01-17 11:12 - 00000000 __SHD () C:\found.001
2015-01-16 06:26 - 2015-01-16 06:26 - 00156768 _____ () C:\Windows\Minidump\011615-21359-01.dmp
2015-01-16 06:13 - 2015-01-16 06:13 - 00160896 _____ () C:\Windows\Minidump\011615-29359-01.dmp
2015-01-15 18:21 - 2015-01-15 18:21 - 00000000 __SHD () C:\found.000
2015-01-15 18:07 - 2015-01-28 09:34 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\IDM
2015-01-15 18:07 - 2015-01-15 18:31 - 00000991 _____ () C:\Users\ashokkumar\Desktop\Internet Download Manager.lnk
2015-01-15 18:07 - 2015-01-15 18:07 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-01-15 18:07 - 2015-01-15 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-01-15 18:07 - 2015-01-15 18:07 - 00000000 ____D () C:\ProgramData\IDM
2015-01-15 18:06 - 2015-01-16 06:12 - 00000000 ____D () C:\Program Files\Internet Download Manager
2015-01-14 08:44 - 2014-12-19 11:16 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:44 - 2014-12-12 07:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:44 - 2014-12-12 06:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 08:44 - 2014-12-09 09:12 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:44 - 2014-12-09 01:16 - 00485544 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 08:44 - 2014-12-09 01:16 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 08:44 - 2014-12-09 01:12 - 00448792 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 08:44 - 2014-12-09 01:12 - 00372408 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 08:44 - 2014-12-09 01:12 - 00033584 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 08:44 - 2014-12-06 08:06 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 08:44 - 2014-12-06 06:58 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:44 - 2014-12-06 06:53 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 08:44 - 2014-10-29 08:42 - 00413136 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 08:44 - 2014-10-29 08:42 - 00136296 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 08:44 - 2014-10-29 08:37 - 00424544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 08:44 - 2014-10-29 08:37 - 00370424 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 08:44 - 2014-10-29 08:37 - 00344536 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 08:44 - 2014-10-29 08:37 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 08:44 - 2014-10-29 07:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 08:44 - 2014-10-29 06:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 08:44 - 2014-10-29 06:19 - 00694272 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-13 19:13 - 2015-02-01 19:26 - 216556161 _____ () C:\Windows\MEMORY.DMP
2015-01-13 19:13 - 2015-01-13 19:13 - 00177328 _____ () C:\Windows\Minidump\011315-23187-01.dmp
2015-01-13 18:06 - 2014-11-29 06:07 - 00115752 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-01-10 16:52 - 2015-01-31 13:22 - 00001486 _____ () C:\Users\ashokkumar\Desktop\downlaod.lnk
2015-01-09 12:24 - 2015-01-09 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirExplorer
2015-01-08 19:05 - 2013-09-30 16:26 - 02881848 _____ () C:\Windows\system32\pwNative.exe
2015-01-08 19:05 - 2013-09-30 16:26 - 00015688 ____N () C:\Windows\system32\pwdrvio.sys
2015-01-08 19:04 - 2015-01-08 19:05 - 00000000 ____D () C:\Program Files\MiniTool Partition Wizard Professional Edition 8.1.1
2015-01-08 19:04 - 2015-01-08 19:04 - 00001322 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Professional Edition.lnk
2015-01-08 19:04 - 2015-01-08 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Professional Edition 8.1.1
2015-01-08 19:04 - 2013-09-30 16:26 - 00010320 ____N () C:\Windows\system32\pwdspio.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 06:32 - 2013-08-22 13:47 - 00000000 ____D () C:\Windows\system32\sru
2015-02-02 06:29 - 2015-01-01 09:36 - 00011084 _____ () C:\Windows\setupact.log
2015-02-02 06:29 - 2014-11-22 09:22 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-02 06:29 - 2014-07-29 10:13 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 06:29 - 2013-08-22 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 06:28 - 2014-12-25 18:34 - 02076833 _____ () C:\Windows\WindowsUpdate.log
2015-02-01 21:22 - 2014-06-04 12:46 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\DMCache
2015-02-01 21:22 - 2014-06-04 12:00 - 00000000 ____D () C:\Users\ashokkumar
2015-02-01 21:12 - 2014-07-29 10:13 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 20:48 - 2014-06-04 12:46 - 00000000 ____D () C:\Users\ashokkumar\Downloads\Compressed
2015-02-01 19:26 - 2014-09-26 11:01 - 00000000 ____D () C:\Windows\Minidump
2015-02-01 11:15 - 2014-06-04 14:16 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\vlc
2015-02-01 07:45 - 2013-08-22 13:47 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-31 21:07 - 2015-01-01 17:31 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\FileZilla
2015-01-31 20:54 - 2014-06-04 12:46 - 00000000 ____D () C:\Users\ashokkumar\Downloads\Video
2015-01-31 13:45 - 2015-01-01 16:22 - 00011552 _____ () C:\Windows\PFRO.log
2015-01-31 13:22 - 2014-12-29 13:15 - 00001683 _____ () C:\Users\ashokkumar\Desktop\Online Hosting.lnk
2015-01-31 13:22 - 2014-12-29 13:15 - 00001632 _____ () C:\Users\ashokkumar\Desktop\Seedbox.lnk
2015-01-31 10:58 - 2014-08-20 18:04 - 00648392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-31 10:58 - 2014-08-18 14:43 - 00119304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-31 10:58 - 2014-08-13 19:34 - 00064200 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-01-31 10:58 - 2014-07-25 13:13 - 00056840 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwfp.sys
2015-01-31 10:49 - 2014-11-22 08:51 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-01-31 10:47 - 2013-08-22 11:43 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-31 06:37 - 2014-06-07 18:25 - 04791296 ___SH () C:\Users\ashokkumar\Desktop\Thumbs.db
2015-01-30 12:31 - 2014-06-04 15:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 10:53 - 2014-09-26 11:38 - 00000000 ____D () C:\Users\ashokkumar\AppData\Local\Adobe
2015-01-30 09:22 - 2014-06-04 15:42 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\Nitro
2015-01-30 09:21 - 2015-01-01 14:42 - 00000000 ____D () C:\Users\ashokkumar\AppData\Local\CrashDumps
2015-01-28 17:47 - 2014-06-05 17:47 - 00002242 ____H () C:\Users\ashokkumar\Documents\Default.rdp
2015-01-28 09:02 - 2014-03-18 13:30 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 07:46 - 2014-09-04 17:26 - 00000000 ____D () C:\Program Files\Java
2015-01-28 07:46 - 2014-06-04 17:26 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-28 07:44 - 2014-06-04 17:26 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-28 07:44 - 2014-06-04 17:26 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-28 07:21 - 2013-08-22 13:35 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-28 07:14 - 2014-06-10 17:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-27 20:31 - 2013-08-22 13:47 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-27 18:16 - 2014-06-04 17:10 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\Nitro PDF
2015-01-26 21:30 - 2014-06-04 13:54 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\uTorrent
2015-01-26 19:48 - 2014-07-05 09:52 - 00452096 ___SH () C:\Users\ashokkumar\Downloads\Thumbs.db
2015-01-26 15:42 - 2015-01-01 17:29 - 00001967 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2015-01-26 15:42 - 2015-01-01 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-01-26 15:42 - 2015-01-01 15:00 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-01-24 19:26 - 2013-08-22 13:47 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-23 12:07 - 2014-03-18 13:33 - 01581968 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-01-23 07:52 - 2013-08-22 11:43 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-22 21:40 - 2014-07-09 10:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-22 18:11 - 2013-08-22 13:47 - 00000010 __RSH () C:\config.sys
2015-01-22 11:10 - 2013-08-22 13:47 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-19 17:14 - 2014-07-09 10:22 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-18 08:04 - 2014-06-05 06:27 - 00000000 ____D () C:\Program Files\KMSpico
2015-01-15 07:38 - 2014-06-09 15:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 07:31 - 2014-06-09 15:13 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 06:27 - 2014-09-08 20:50 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-01-07 10:56 - 2014-12-09 13:09 - 00000600 _____ () C:\Users\ashokkumar\AppData\Local\PUTTY.RND
2015-01-06 05:38 - 2014-08-13 21:22 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-06 05:38 - 2014-08-13 21:22 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-03 17:12 - 2014-12-25 16:28 - 00481648 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-03 06:31 - 2014-09-26 12:19 - 00000000 ____D () C:\Program Files\Adobe
2015-01-03 06:31 - 2014-06-05 16:39 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-03 06:31 - 2014-06-05 16:38 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-03 06:29 - 2014-06-21 16:50 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe

==================== Files in the root of some directories =======

2014-07-10 11:46 - 2014-07-10 11:46 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2014-07-09 08:52 - 2014-07-31 08:05 - 0000096 _____ () C:\Users\ashokkumar\AppData\Roaming\Camdata.ini
2014-07-09 08:52 - 2014-07-31 08:05 - 0000408 _____ () C:\Users\ashokkumar\AppData\Roaming\CamLayout.ini
2014-07-09 08:52 - 2014-07-31 08:05 - 0000408 _____ () C:\Users\ashokkumar\AppData\Roaming\CamShapes.ini
2014-07-09 08:52 - 2014-07-31 08:05 - 0004506 _____ () C:\Users\ashokkumar\AppData\Roaming\CamStudio.cfg
2014-07-31 08:03 - 2014-07-31 08:03 - 0000098 _____ () C:\Users\ashokkumar\AppData\Roaming\CamStudio.Producer.command
2014-07-31 08:04 - 2014-07-31 08:04 - 0000000 _____ () C:\Users\ashokkumar\AppData\Roaming\CamStudio.Producer.Data.ini
2014-07-31 08:04 - 2014-07-31 08:04 - 0001206 _____ () C:\Users\ashokkumar\AppData\Roaming\CamStudio.Producer.ini
2015-01-31 13:20 - 2015-01-31 13:24 - 0000115 _____ () C:\Users\ashokkumar\AppData\Roaming\LogFile.txt
2014-12-09 13:09 - 2015-01-07 10:56 - 0000600 _____ () C:\Users\ashokkumar\AppData\Local\PUTTY.RND
2014-06-06 19:00 - 2014-06-06 19:00 - 0007605 _____ () C:\Users\ashokkumar\AppData\Local\Resmon.ResmonCfg
2014-07-24 20:58 - 2014-07-24 20:58 - 0152335 _____ () C:\Users\ashokkumar\AppData\Local\TempAttendance.bmp
2014-07-25 13:52 - 2014-07-25 13:52 - 0487419 _____ () C:\ProgramData\1406276119.bdinstall.bin
2014-07-09 10:23 - 2014-07-09 10:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\ashokkumar\AppData\Local\Temp\eauninstall.exe
C:\Users\ashokkumar\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\ashokkumar\AppData\Local\Temp\Need for Speed Most Wanted_uninst.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl20D5.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl21E6.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl24D2.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl2C34.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl3222.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl32C8.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl3554.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl3771.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl38AE.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl3BE1.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl4162.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl4CF5.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl4E3.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl5202.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl54F2.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl5943.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl5AA2.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl5C92.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl601C.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl6423.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl6C80.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl7C6.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl851F.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl8A5D.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl8BBB.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl8DF1.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl94E7.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl956B.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pyl9768.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pylA16A.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pylA4D1.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pylA714.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pylAFDF.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pylB0BD.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pylB133.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pylC3BA.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pylC80.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pylD00D.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pylDB2D.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pylE0CC.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pylEAC3.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pylF7BD.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\pylF9B6.tmp.exe
C:\Users\ashokkumar\AppData\Local\Temp\Quarantine.exe
C:\Users\ashokkumar\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 07:14

==================== End Of Log ============================
==================== End Of Log ============================

Addition Log File
============

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015
Ran by ashokkumar at 2015-02-02 06:42:48
Running from C:\Users\ashokkumar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adblock Plus for IE (32-bit) (HKLM\...\{DF0E7912-4A45-4B24-B472-E521C4D2C663}) (Version: 99.9 - Eyeo GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.222 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
FileZilla Client 3.10.0.2 (HKLM\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HashTab 5.1.0.23 (HKLM\...\HashTab) (Version: 5.1.0.23 - Implbits Software)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{61268BF7-3EC8-4CDC-922B-C8F718A0D46F}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kaspersky Internet Security (HKLM\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.1.415 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Professional Edition 8.1.1 (HKLM\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery (HKLM\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 30.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Nitro Pro 9 (HKLM\...\{4AE74AEC-7CF4-478E-AF4C-A4BD12B086ED}) (Version: 9.5.2.29 - Nitro)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{DBB6FBB8-7860-4BFC-B229-5036C03CA468}) (Version: 4.3.20 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Sony PC Companion 2.10.236 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.236 - Sony)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WampServer 2.5 (HKLM\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WD Drive Utilities (HKLM\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6EE644CD-FC7F-424C-83EA-9C0285C4FB7F}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WinRAR 5.10 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2669073899-1961402799-846495380-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\ashokkumar\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points  =========================

20-01-2015 12:06:38 Installed WD Drive Utilities
22-01-2015 21:41:19 Sony PC Companion
30-01-2015 07:34:39 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 11:43 - 2014-12-26 09:28 - 00003059 ____N C:\Windows\system32\Drivers\etc\hosts
    	127.0.0.1 lmlicenses.wip4.adobe.com
	127.0.0.1 lm.licenses.adobe.com
	127.0.0.1 209.34.83.73:443
	127.0.0.1 209.34.83.73:43
	127.0.0.1 209.34.83.73
	127.0.0.1 209.34.83.67:443
	127.0.0.1 209.34.83.67:43
	127.0.0.1 209.34.83.67
	127.0.0.1 ood.opsource.net
	127.0.0.1 199.7.52.190:80
	127.0.0.1 199.7.52.190
	127.0.0.1 OCSP.SPO1.VERISIGN.COM
	127.0.0.1 199.7.54.72:80
	127.0.0.1 199.7.54.72
	127.0.0.1 192.150.14.69
	127.0.0.1 192.150.18.101
	127.0.0.1 192.150.18.108
	127.0.0.1 192.150.22.40
	127.0.0.1 192.150.8.100
	127.0.0.1 192.150.8.118
	127.0.0.1 209-34-83-73.ood.opsource.net
	127.0.0.1 3dns-1.adobe.com
	127.0.0.1 3dns-2.adobe.com
	127.0.0.1 3dns-2.adobe.com
	127.0.0.1 3dns-3.adobe.com
	127.0.0.1 3dns-3.adobe.com
	127.0.0.1 3dns-4.adobe.com
	127.0.0.1 3dns.adobe.com
	127.0.0.1 activate-sea.adobe.com
	127.0.0.1 activate-sea.adobe.com
	127.0.0.1 activate-sjc0.adobe.com
	127.0.0.1 activate-sjc0.adobe.com
	127.0.0.1 activate.adobe.com
	127.0.0.1 activate.adobe.com
	127.0.0.1 activate.wip.adobe.com
	127.0.0.1 activate.wip1.adobe.com
	127.0.0.1 activate.wip2.adobe.com
	127.0.0.1 activate.wip3.adobe.com
	127.0.0.1 activate.wip3.adobe.com
	127.0.0.1 activate.wip4.adobe.com
	127.0.0.1 adobe-dns-1.adobe.com
	127.0.0.1 adobe-dns-2.adobe.com
	127.0.0.1 adobe-dns-2.adobe.com
	127.0.0.1 adobe-dns-3.adobe.com
	127.0.0.1 adobe-dns-3.adobe.com
	127.0.0.1 adobe-dns-4.adobe.com
	127.0.0.1 adobe-dns.adobe.com
	127.0.0.1 adobe-dns.adobe.com
	127.0.0.1 adobe.activate.com
	127.0.0.1 adobeereg.com
	127.0.0.1 crl.verisign.net
	127.0.0.1 CRL.VERISIGN.NET.*
	127.0.0.1 ereg.adobe.com
	127.0.0.1 ereg.adobe.com
	127.0.0.1 ereg.wip.adobe.com
	127.0.0.1 ereg.wip1.adobe.com
	127.0.0.1 ereg.wip2.adobe.com
	127.0.0.1 ereg.wip3.adobe.com
	127.0.0.1 ereg.wip3.adobe.com
	127.0.0.1 ereg.wip4.adobe.com
	127.0.0.1       localhost
	127.0.0.1      myprojectsite.com
	127.0.0.1       localhost
	127.0.0.1      community.myprojectsite.com
	127.0.0.1       localhost
	127.0.0.1     forums.myprojectsite.com
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {117AF285-D661-4F0D-A0B3-900176FEE800} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-15] (Microsoft Corporation)
Task: {17FC19F5-9F75-4DE1-852D-ED0E078CF760} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {33250AF9-AEA7-4D9B-AFF9-86D7D8CDBC59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-29] (Google Inc.)
Task: {75B68E4C-6EE4-4C4B-B466-C7BAA3C0C933} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-29] (Google Inc.)
Task: {A91E89C2-65B8-4B99-8014-4CD8E7D69CA5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {E4CC0C30-05A5-4B04-9024-A473EF80B311} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EC83E1C6-4B99-4D91-93B8-79C0108BBD5C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F1F63FF6-1178-4B74-ACC3-721017084456} - \AutoPico Daily Restart No Task File <==== ATTENTION
Task: {FFA4106D-9CBC-467C-AA88-3712A6D2FEF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-30] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2014-07-16 15:07 - 2014-07-16 15:07 - 00392712 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-12 15:19 - 2014-05-12 15:19 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2015-02-02 06:37 - 2015-02-02 06:37 - 02194432 _____ () C:\Users\ashokkumar\Downloads\Programs\adwcleaner_4.109.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\ashokkumar\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Adobe ARM"
HKLM\...\StartupApproved\Run: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Onboard"
HKLM\...\StartupApproved\Run: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run: => "WD Quick View"
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Deskjet 1510 series.lnk"
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\StartupApproved\Run: => "Backup4all 5 Tray Agent"
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\StartupApproved\Run: => "CyberGhost"

========================= Accounts: ==========================

Administrator (S-1-5-21-2669073899-1961402799-846495380-500 - Administrator - Disabled)
Guest (S-1-5-21-2669073899-1961402799-846495380-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2669073899-1961402799-846495380-1003 - Limited - Enabled)
ashokkumar (S-1-5-21-2669073899-1961402799-846495380-1001 - Administrator - Enabled) => C:\Users\ashokkumar

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2015 06:42:49 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:43:49Z. Error Code: 0x80041318.

Error: (02/02/2015 06:42:19 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:44:19Z. Error Code: 0x80041318.

Error: (02/02/2015 06:41:49 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:43:49Z. Error Code: 0x80041318.

Error: (02/02/2015 06:40:13 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:44:13Z. Error Code: 0x80041318.

Error: (02/02/2015 06:39:43 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:43:43Z. Error Code: 0x80041318.

Error: (02/02/2015 06:39:13 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:44:13Z. Error Code: 0x80041318.

Error: (02/02/2015 06:38:43 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:43:43Z. Error Code: 0x80041318.

Error: (02/02/2015 06:38:13 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:44:13Z. Error Code: 0x80041318.

Error: (02/02/2015 06:37:43 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:43:43Z. Error Code: 0x80041318.

Error: (02/02/2015 06:37:13 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:44:13Z. Error Code: 0x80041318.


System errors:
=============
Error: (02/02/2015 06:33:38 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Network Devices Support service hung on starting.

Error: (02/02/2015 06:29:18 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume D: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (02/02/2015 06:29:18 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/01/2015 09:22:56 PM) (Source: DCOM) (EventID: 10010) (User: ROCKER-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/01/2015 09:22:56 PM) (Source: DCOM) (EventID: 10010) (User: ROCKER-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/01/2015 09:22:54 PM) (Source: DCOM) (EventID: 10010) (User: ROCKER-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/01/2015 09:22:54 PM) (Source: DCOM) (EventID: 10010) (User: ROCKER-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/01/2015 09:22:53 PM) (Source: DCOM) (EventID: 10010) (User: ROCKER-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/01/2015 09:22:53 PM) (Source: DCOM) (EventID: 10010) (User: ROCKER-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/01/2015 09:22:51 PM) (Source: cdrom) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\CdRom0.


Microsoft Office Sessions:
=========================
Error: (02/02/2015 06:42:49 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:43:49Z

Error: (02/02/2015 06:42:19 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:44:19Z

Error: (02/02/2015 06:41:49 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:43:49Z

Error: (02/02/2015 06:40:13 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:44:13Z

Error: (02/02/2015 06:39:43 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:43:43Z

Error: (02/02/2015 06:39:13 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:44:13Z

Error: (02/02/2015 06:38:43 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:43:43Z

Error: (02/02/2015 06:38:13 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:44:13Z

Error: (02/02/2015 06:37:43 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:43:43Z

Error: (02/02/2015 06:37:13 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:44:13Z


CodeIntegrity Errors:
===================================
  Date: 2015-01-31 06:59:54.913
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-30 07:08:33.678
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-29 08:59:20.505
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-29 07:44:50.258
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-28 10:05:44.114
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-27 07:07:07.652
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-26 09:56:17.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-25 07:16:09.632
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-23 13:10:28.865
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-22 08:27:25.479
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 51%
Total physical RAM: 2035.84 MB
Available physical RAM: 996.75 MB
Total Pagefile: 4083.84 MB
Available Pagefile: 2610.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.8 MB

==================== Drives ================================

Drive c: (Windows 8) (Fixed) (Total:99 GB) (Free:61.75 GB) NTFS
Drive d: (Tamil Bluray Movies Collection) (Fixed) (Total:225.05 GB) (Free:58.08 GB) NTFS
Drive e: (Tamil Untouched Dvd) (Fixed) (Total:80.22 GB) (Free:42.21 GB) NTFS
Drive f: (English Movies And Software) (Fixed) (Total:37.09 GB) (Free:13.74 GB) NTFS
Drive g: (Document And Pictures) (Fixed) (Total:24.3 GB) (Free:15.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0000954B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=366.7 GB) - (Type=OF Extended)

==================== End Of Log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 02 February 2015 - 09:21 AM

Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
FF user.js: detected! => C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\user.js
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 mcdbus; \SystemRoot\System32\drivers\mcdbus.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Task: {F1F63FF6-1178-4B74-ACC3-721017084456} - \AutoPico Daily Restart No Task File <==== ATTENTION
C:\Windows\Minidump\012715-18125-01.dmp
C:\Windows\Minidump\012615-18671-01.dmp
C:\Windows\Minidump\012615-27031-01.dmp
C:\Windows\Minidump\012515-17703-01.dmp
C:\Windows\Minidump\012415-19265-01.dmp
C:\Windows\Minidump\012415-18937-01.dmp
C:\Windows\Minidump\012415-19453-01.dmp
C:\Windows\Minidump\012315-21296-01.dmp
C:\Windows\Minidump\012315-19375-01.dmp
C:\Windows\Minidump\012315-32859-01.dmp
C:\Windows\Minidump\012215-17937-01.dmp
C:\Windows\Minidump\012215-22203-01.dmp
C:\Windows\Minidump\012215-24687-01.dmp
C:\Windows\Minidump\012215-24781-01.dmp
C:\Windows\Minidump\012215-24703-01.dmp
C:\Windows\Minidump\012215-20296-01.dmp
C:\Windows\Minidump\012215-17796-01.dmp
C:\Windows\Minidump\012215-20359-01.dmp
C:\Windows\Minidump\012115-20500-01.dmp
C:\Windows\Minidump\012115-16203-01.dmp
C:\Windows\Minidump\012115-19500-01.dmp
C:\Windows\Minidump\012115-17656-01.dmp
C:\Windows\Minidump\012015-21937-01.dmp
C:\Windows\Minidump\012015-31468-01.dmp
C:\Windows\Minidump\012015-33953-01.dmp
C:\Windows\Minidump\011915-19968-01.dmp
C:\Windows\Minidump\011915-27468-01.dmp
C:\Windows\Minidump\011815-19218-01.dmp
C:\Windows\Minidump\011815-18718-01.dmp
C:\found.002
C:\found.001
C:\Windows\Minidump\011615-21359-01.dmp
C:\Windows\Minidump\011615-29359-01.dmp
C:\found.000

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Any remaining issues with this computer?

#5 Ashokkumar1990

Ashokkumar1990
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:27 AM

Posted 02 February 2015 - 09:00 PM

Fixlog Log File

============

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2015
Ran by Ashokkumar at 2015-02-03 07:16:10 Run:1
Running from C:\Users\ashokkumar\Desktop
Loaded Profiles: ashokkumar (Available profiles: ashokkumar)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

CloseProcesses:

Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -  No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
FF user.js: detected! => C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\user.js
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - No Path
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
S3 mcdbus; \SystemRoot\System32\drivers\mcdbus.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
Task: {F1F63FF6-1178-4B74-ACC3-721017084456} - \AutoPico Daily Restart No Task File <==== ATTENTION
C:\Windows\Minidump\012715-18125-01.dmp
C:\Windows\Minidump\012615-18671-01.dmp
C:\Windows\Minidump\012615-27031-01.dmp
C:\Windows\Minidump\012515-17703-01.dmp
C:\Windows\Minidump\012415-19265-01.dmp
C:\Windows\Minidump\012415-18937-01.dmp
C:\Windows\Minidump\012415-19453-01.dmp
C:\Windows\Minidump\012315-21296-01.dmp
C:\Windows\Minidump\012315-19375-01.dmp
C:\Windows\Minidump\012315-32859-01.dmp
C:\Windows\Minidump\012215-17937-01.dmp
C:\Windows\Minidump\012215-22203-01.dmp
C:\Windows\Minidump\012215-24687-01.dmp
C:\Windows\Minidump\012215-24781-01.dmp
C:\Windows\Minidump\012215-24703-01.dmp
C:\Windows\Minidump\012215-20296-01.dmp
C:\Windows\Minidump\012215-17796-01.dmp
C:\Windows\Minidump\012215-20359-01.dmp
C:\Windows\Minidump\012115-20500-01.dmp
C:\Windows\Minidump\012115-16203-01.dmp
C:\Windows\Minidump\012115-19500-01.dmp
C:\Windows\Minidump\012115-17656-01.dmp
C:\Windows\Minidump\012015-21937-01.dmp
C:\Windows\Minidump\012015-31468-01.dmp
C:\Windows\Minidump\012015-33953-01.dmp
C:\Windows\Minidump\011915-19968-01.dmp
C:\Windows\Minidump\011915-27468-01.dmp
C:\Windows\Minidump\011815-19218-01.dmp
C:\Windows\Minidump\011815-18718-01.dmp
C:\found.002
C:\found.001
C:\Windows\Minidump\011615-21359-01.dmp
C:\Windows\Minidump\011615-29359-01.dmp
C:\found.000

End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value deleted successfully.
HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => Key not found. 
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\user.js => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fabcmochhfpldjekobfaaggijgohadih" => Key deleted successfully.
klkbdflt2 => Error deleting Service
mcdbus => Service deleted successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1F63FF6-1178-4B74-ACC3-721017084456}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1F63FF6-1178-4B74-ACC3-721017084456}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => Key deleted successfully.
C:\Windows\Minidump\012715-18125-01.dmp => Moved successfully.
C:\Windows\Minidump\012615-18671-01.dmp => Moved successfully.
C:\Windows\Minidump\012615-27031-01.dmp => Moved successfully.
C:\Windows\Minidump\012515-17703-01.dmp => Moved successfully.
C:\Windows\Minidump\012415-19265-01.dmp => Moved successfully.
C:\Windows\Minidump\012415-18937-01.dmp => Moved successfully.
C:\Windows\Minidump\012415-19453-01.dmp => Moved successfully.
C:\Windows\Minidump\012315-21296-01.dmp => Moved successfully.
C:\Windows\Minidump\012315-19375-01.dmp => Moved successfully.
C:\Windows\Minidump\012315-32859-01.dmp => Moved successfully.
C:\Windows\Minidump\012215-17937-01.dmp => Moved successfully.
C:\Windows\Minidump\012215-22203-01.dmp => Moved successfully.
C:\Windows\Minidump\012215-24687-01.dmp => Moved successfully.
C:\Windows\Minidump\012215-24781-01.dmp => Moved successfully.
C:\Windows\Minidump\012215-24703-01.dmp => Moved successfully.
C:\Windows\Minidump\012215-20296-01.dmp => Moved successfully.
C:\Windows\Minidump\012215-17796-01.dmp => Moved successfully.
C:\Windows\Minidump\012215-20359-01.dmp => Moved successfully.
C:\Windows\Minidump\012115-20500-01.dmp => Moved successfully.
C:\Windows\Minidump\012115-16203-01.dmp => Moved successfully.
C:\Windows\Minidump\012115-19500-01.dmp => Moved successfully.
C:\Windows\Minidump\012115-17656-01.dmp => Moved successfully.
C:\Windows\Minidump\012015-21937-01.dmp => Moved successfully.
C:\Windows\Minidump\012015-31468-01.dmp => Moved successfully.
C:\Windows\Minidump\012015-33953-01.dmp => Moved successfully.
C:\Windows\Minidump\011915-19968-01.dmp => Moved successfully.
C:\Windows\Minidump\011915-27468-01.dmp => Moved successfully.
C:\Windows\Minidump\011815-19218-01.dmp => Moved successfully.
C:\Windows\Minidump\011815-18718-01.dmp => Moved successfully.
C:\found.002 => Moved successfully.
C:\found.001 => Moved successfully.
C:\Windows\Minidump\011615-21359-01.dmp => Moved successfully.
C:\Windows\Minidump\011615-29359-01.dmp => Moved successfully.
C:\found.000 => Moved successfully.


The system needed a reboot. 

==== End of Fixlog 07:16:15 ====


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 03 February 2015 - 09:34 AM

Any remaining issues?

#7 Ashokkumar1990

Ashokkumar1990
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:06:27 AM

Posted 03 February 2015 - 09:52 AM

now i am not receiving any more popup from adultcamerasinfo & is there any method verify that the malware has removed and thank you for guide :)



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 03 February 2015 - 10:38 AM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 03 February 2015 - 02:04 PM


This file user.js was corrupted. It was remove.
FF user.js: detected! => C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\6uhkwj6c.default\user.js

Look in the file if you have any refences to adultcameras.
If you do remove it and save the file.

===

This task was also removed from the Task folder.

Task: {F1F63FF6-1178-4B74-ACC3-721017084456} - \AutoPico Daily Restart No Task File <==== ATTENTION

You may not have this or possibly something else that you did not create.

==

Reset the browsers that have been compromised.

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

If he did anything else I do not know

Good luck.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users