Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malicious Website Blocked Frequent Popup From Malware Bytes From 91.212.124.159


  • This topic is locked This topic is locked
4 replies to this topic

#1 Ashokkumar1990

Ashokkumar1990

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:50 AM

Posted 02 February 2015 - 05:47 AM

hi

 

i am receiving a frequent popup message from malware bytes from this ip 91.212.124.159 with random port each time

 

Malwarebytes_Anti_Malware.png

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 PM

Posted 02 February 2015 - 07:42 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Ashokkumar1990

Ashokkumar1990
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:50 AM

Posted 02 February 2015 - 09:44 PM

FRST Log File

============

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by ashokkumar (administrator) on ROCKER-PC on 03-02-2015 08:08:50
Running from C:\Users\ashokkumar\Desktop
Loaded Profiles: ashokkumar (Available profiles: ashokkumar)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ArcSoft, Inc.) C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12021464 2014-05-09] (Realtek Semiconductor)
HKLM\...\Run: [DriveUtilitiesHelper] => C:\Program Files\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1852264 2014-05-23] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Drive Unlocker] => C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694048 2014-05-23] (Western Digital Technologies, Inc.)
HKLM\...\Run: [WD Quick View] => C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM\...\Run: [Onboard] => C:\Program Files\Western Digital\WD SmartWare\WDSmartWare.exe [3197808 2014-07-22] (Western Digital Technologies, Inc.)
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\Run: [Lync] => C:\Program Files\Microsoft Office\Office15\lync.exe [19102872 2014-11-12] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
Startup: C:\Users\ashokkumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\ashokkumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 91.212.124.159 8.8.8.8
Tcpip\..\Interfaces\{88E46EC9-570E-43A5-98D9-EC3C7CC033E3}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\071stcak.default-1422928599568
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2669073899-1961402799-846495380-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ashokkumar\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\ashokkumar\AppData\Roaming\Mozilla\Firefox\Profiles\071stcak.default-1422928599568\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdwteff
FF HKLM\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-31]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-31]
FF HKLM\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-31]
FF HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\ashokkumar\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\ashokkumar\AppData\Roaming\IDM\idmmzcc5 [2015-01-15]
FF HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\ashokkumar\AppData\Roaming\IDM\idmmzcc5
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/?gfe_rd=cr&ei=MYt6VLvLH8uZOpXZgcgO&gws_rd=cr&fg=1
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-29]
CHR Extension: (Google Drive) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-29]
CHR Extension: (YouTube) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-29]
CHR Extension: (Nimbus Screenshot) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpconcjcammlapcogcnnelfmaeghhagj [2015-01-06]
CHR Extension: (Adblock Plus) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-27]
CHR Extension: (Google Search) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-29]
CHR Extension: (IDM Integration Module) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2015-01-12]
CHR Extension: (Currency Converter) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lncdobdbibdgoiohgnflmjajfphcnakg [2015-01-12]
CHR Extension: (Google Wallet) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-29]
CHR Extension: (Gmail) - C:\Users\ashokkumar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-29]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2015-01-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADExchange; C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2014-03-11] (ArcSoft, Inc.)
R2 AVP15.0.1; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 HPSLPSVC; C:\Users\ashokkumar\AppData\Local\Temp\7zS5B12\hpslpsvc32.dll [701288 2013-07-19] (Hewlett-Packard Co.)
S2 Launch TotalMedia Theatre 6 Driver; C:\Program Files\ArcSoft\TotalMedia Theatre 6\TMTLaunchDriverServer.exe [608256 2014-03-04] (ArcSoft, Inc.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2014-07-16] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [392712 2014-07-16] ()
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-07-22] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-05-23] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [1909952 2013-11-20] ()
R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-24] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [37440 2014-07-02] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [24496 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [119304 2015-01-31] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [36536 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [648392 2015-01-31] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [25696 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [24672 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [25696 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [56840 2015-01-31] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [64200 2015-01-31] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [146240 2014-07-09] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10320 2013-09-30] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-08-13] (Duplex Secure Ltd.)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [23040 2014-04-08] (The OpenVPN Project)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [30256 2014-06-05] (Basil Projects)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
U3 aswMBR; \??\C:\Users\SATHIS~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\SATHIS~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 08:08 - 2015-02-03 08:09 - 00018750 _____ () C:\Users\ashokkumar\Desktop\FRST.txt
2015-02-03 08:08 - 2015-02-03 08:08 - 00003637 _____ () C:\Users\ashokkumar\Desktop\aswMBR.txt
2015-02-03 08:08 - 2015-02-03 08:08 - 00000512 _____ () C:\Users\ashokkumar\Desktop\MBR.dat
2015-02-03 08:08 - 2015-02-02 06:39 - 01122304 _____ (Farbar) C:\Users\ashokkumar\Desktop\FRST.exe
2015-02-03 07:26 - 2015-02-03 07:26 - 00000000 ____D () C:\Users\ashokkumar\Desktop\Old Firefox Data
2015-02-02 21:15 - 2015-02-02 21:17 - 00003912 _____ () C:\Users\ashokkumar\Desktop\anjaan bd50.txt
2015-02-02 18:24 - 2015-02-03 08:08 - 00000000 ____D () C:\Users\ashokkumar\Desktop\malware popup
2015-02-02 18:21 - 2015-02-02 18:22 - 05200384 _____ (AVAST Software) C:\Users\ashokkumar\Desktop\aswmbr.exe
2015-02-02 18:20 - 2015-02-03 07:37 - 00000000 ____D () C:\Users\ashokkumar\Desktop\adult popup
2015-02-02 18:01 - 2015-02-02 18:01 - 00000000 ____D () C:\Users\ashokkumar\Documents\ArcSoft
2015-02-02 18:01 - 2015-02-02 18:01 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\ArcSoft
2015-02-02 17:56 - 2015-02-02 17:56 - 00000000 ____D () C:\Users\ashokkumar\AppData\Local\ArcSoft
2015-02-02 17:56 - 2015-02-02 17:56 - 00000000 ____D () C:\Program Files\Common Files\ArcSoft
2015-02-02 17:55 - 2015-02-02 18:01 - 00000000 ____D () C:\Users\Public\ArcSoft
2015-02-02 17:55 - 2015-02-02 17:56 - 00000000 ____D () C:\ProgramData\ArcSoft
2015-02-02 17:55 - 2015-02-02 17:55 - 00002205 _____ () C:\Users\Public\Desktop\TotalMedia Theatre 6.lnk
2015-02-02 17:55 - 2015-02-02 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 6
2015-02-02 17:54 - 2015-02-02 17:54 - 00000000 ____D () C:\Program Files\ArcSoft
2015-02-02 15:10 - 2015-02-01 09:56 - 469389752 _____ () C:\Users\ashokkumar\Downloads\Isai (2015).mkv
2015-02-02 09:43 - 2015-02-02 09:43 - 00000913 _____ () C:\Users\ashokkumar\Desktop\µTorrent.lnk
2015-02-02 06:41 - 2015-02-02 06:56 - 00000000 ____D () C:\AdwCleaner
2015-02-01 19:26 - 2015-02-01 19:26 - 00166120 _____ () C:\Windows\Minidump\020115-35015-01.dmp
2015-02-01 17:15 - 2015-02-03 08:08 - 00000000 ____D () C:\FRST
2015-01-31 13:31 - 2015-01-31 13:44 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-31 13:20 - 2015-01-31 13:20 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\ParetoLogic
2015-01-31 13:19 - 2015-01-31 13:25 - 00000000 ____D () C:\ProgramData\ParetoLogic
2015-01-31 10:49 - 2015-02-03 07:18 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-31 10:49 - 2015-01-31 10:49 - 00002301 _____ () C:\Users\ashokkumar\Desktop\Safe Money.lnk
2015-01-31 10:49 - 2015-01-31 10:49 - 00001081 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-31 10:49 - 2015-01-31 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-31 10:48 - 2015-01-31 10:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-31 10:48 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-31 10:48 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-31 10:48 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-31 10:47 - 2015-01-31 10:47 - 00002127 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-01-31 10:47 - 2015-01-31 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-01-31 10:46 - 2015-01-31 10:46 - 00000000 ____D () C:\Windows\ELAMBKUP
2015-01-31 10:46 - 2015-01-31 10:46 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2015-01-31 10:46 - 2014-08-12 18:32 - 00036536 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-01-28 17:57 - 2015-02-02 15:03 - 00000000 ____D () C:\Users\ashokkumar\VirtualBox VMs
2015-01-28 14:04 - 2015-01-28 16:04 - 00000000 ____D () C:\Program Files\PowerDataRecovery
2015-01-28 14:04 - 2015-01-28 14:04 - 00001094 _____ () C:\Users\Public\Desktop\MiniTool Power Data Recovery 6.8.lnk
2015-01-28 14:04 - 2015-01-28 14:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 6.8
2015-01-28 07:45 - 2015-01-28 07:45 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-01-28 07:45 - 2015-01-28 07:44 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-28 07:45 - 2015-01-28 07:44 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-27 12:23 - 2015-01-27 12:23 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-25 18:41 - 2015-01-25 18:41 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\MediaInfo
2015-01-23 12:11 - 2015-01-23 12:11 - 00001101 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2015-01-23 12:11 - 2015-01-23 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2015-01-23 12:11 - 2015-01-23 12:11 - 00000000 ____D () C:\Program Files\Oracle
2015-01-23 12:11 - 2014-11-24 12:16 - 00744520 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2015-01-23 12:11 - 2014-11-24 12:16 - 00104384 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2015-01-23 07:50 - 2015-02-02 16:12 - 00000000 ____D () C:\Users\ashokkumar\.VirtualBox
2015-01-22 21:41 - 2015-01-22 21:41 - 00002069 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2015-01-22 21:41 - 2015-01-22 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-01-22 21:40 - 2015-01-22 21:40 - 00000000 ____D () C:\ProgramData\Sony
2015-01-22 21:40 - 2015-01-22 21:40 - 00000000 ____D () C:\Program Files\Sony
2015-01-20 14:01 - 2015-02-03 07:18 - 00008192 _____ () C:\Windows\system32\WDPABKP.dat
2015-01-20 14:01 - 2015-01-20 14:01 - 00001160 _____ () C:\Users\Public\Desktop\WD SmartWare.lnk
2015-01-20 14:01 - 2015-01-20 14:01 - 00000000 ____D () C:\Users\ashokkumar\AppData\Local\Western_Digital_Technolog
2015-01-20 14:01 - 2015-01-20 14:01 - 00000000 ____D () C:\Users\ashokkumar\AppData\Local\Western Digital
2015-01-20 14:00 - 2015-01-20 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-01-20 14:00 - 2015-01-20 14:01 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-01-20 14:00 - 2015-01-20 14:00 - 00001146 _____ () C:\Users\Public\Desktop\WD Security.lnk
2015-01-20 14:00 - 2015-01-20 14:00 - 00001103 _____ () C:\Users\Public\Desktop\WD Drive Utilities.lnk
2015-01-20 14:00 - 2015-01-20 14:00 - 00000000 ____D () C:\Program Files\Western Digital
2015-01-20 12:07 - 2015-01-22 21:41 - 00148040 _____ () C:\Windows\DPINST.LOG
2015-01-20 12:07 - 2015-01-20 14:01 - 00000000 ____D () C:\ProgramData\Western Digital
2015-01-15 18:07 - 2015-01-28 09:34 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\IDM
2015-01-15 18:07 - 2015-01-15 18:31 - 00000991 _____ () C:\Users\ashokkumar\Desktop\Internet Download Manager.lnk
2015-01-15 18:07 - 2015-01-15 18:07 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-01-15 18:07 - 2015-01-15 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-01-15 18:07 - 2015-01-15 18:07 - 00000000 ____D () C:\ProgramData\IDM
2015-01-15 18:06 - 2015-01-16 06:12 - 00000000 ____D () C:\Program Files\Internet Download Manager
2015-01-14 08:44 - 2014-12-19 11:16 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 08:44 - 2014-12-12 07:04 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 08:44 - 2014-12-12 06:16 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-01-14 08:44 - 2014-12-09 09:12 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 08:44 - 2014-12-09 01:16 - 00485544 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-01-14 08:44 - 2014-12-09 01:16 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 08:44 - 2014-12-09 01:12 - 00448792 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 08:44 - 2014-12-09 01:12 - 00372408 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-01-14 08:44 - 2014-12-09 01:12 - 00033584 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-01-14 08:44 - 2014-12-06 08:06 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 08:44 - 2014-12-06 06:58 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 08:44 - 2014-12-06 06:53 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-01-14 08:44 - 2014-10-29 08:42 - 00413136 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-01-14 08:44 - 2014-10-29 08:42 - 00136296 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-01-14 08:44 - 2014-10-29 08:37 - 00424544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 08:44 - 2014-10-29 08:37 - 00370424 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 08:44 - 2014-10-29 08:37 - 00344536 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 08:44 - 2014-10-29 08:37 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-01-14 08:44 - 2014-10-29 07:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\werdiagcontroller.dll
2015-01-14 08:44 - 2014-10-29 06:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 08:44 - 2014-10-29 06:19 - 00694272 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-13 19:13 - 2015-02-01 19:26 - 216556161 _____ () C:\Windows\MEMORY.DMP
2015-01-13 19:13 - 2015-01-13 19:13 - 00177328 _____ () C:\Windows\Minidump\011315-23187-01.dmp
2015-01-13 18:06 - 2014-11-29 06:07 - 00115752 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2015-01-10 16:52 - 2015-01-31 13:22 - 00001486 _____ () C:\Users\ashokkumar\Desktop\downlaod.lnk
2015-01-09 12:24 - 2015-01-09 12:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirExplorer
2015-01-08 19:05 - 2013-09-30 16:26 - 02881848 _____ () C:\Windows\system32\pwNative.exe
2015-01-08 19:05 - 2013-09-30 16:26 - 00015688 ____N () C:\Windows\system32\pwdrvio.sys
2015-01-08 19:04 - 2015-01-08 19:05 - 00000000 ____D () C:\Program Files\MiniTool Partition Wizard Professional Edition 8.1.1
2015-01-08 19:04 - 2015-01-08 19:04 - 00001322 _____ () C:\Users\Public\Desktop\MiniTool Partition Wizard Professional Edition.lnk
2015-01-08 19:04 - 2015-01-08 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Professional Edition 8.1.1
2015-01-08 19:04 - 2013-09-30 16:26 - 00010320 ____N () C:\Windows\system32\pwdspio.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-03 08:07 - 2014-06-04 12:46 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\DMCache
2015-02-03 07:43 - 2013-08-22 13:47 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-03 07:32 - 2014-11-22 09:22 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-03 07:30 - 2013-08-22 13:47 - 00000000 ____D () C:\Windows\system32\sru
2015-02-03 07:21 - 2014-12-25 18:34 - 01380450 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 07:18 - 2014-07-29 10:13 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 07:17 - 2015-01-01 09:36 - 00011780 _____ () C:\Windows\setupact.log
2015-02-03 07:17 - 2013-08-22 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 07:16 - 2014-09-26 11:01 - 00000000 ____D () C:\Windows\Minidump
2015-02-03 07:12 - 2014-07-29 10:13 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 19:58 - 2014-06-05 17:47 - 00002240 ____H () C:\Users\ashokkumar\Documents\Default.rdp
2015-02-02 19:57 - 2014-06-07 18:25 - 04820992 ___SH () C:\Users\ashokkumar\Desktop\Thumbs.db
2015-02-02 19:44 - 2013-08-22 13:47 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-02 19:43 - 2014-06-04 17:10 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\Nitro PDF
2015-02-02 17:57 - 2015-01-01 14:42 - 00000000 ____D () C:\Users\ashokkumar\AppData\Local\CrashDumps
2015-02-02 17:55 - 2014-07-09 10:22 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-02 17:55 - 2013-08-22 11:51 - 00000000 ___RD () C:\Users\Public
2015-02-02 17:53 - 2014-06-23 12:42 - 00000000 ____D () C:\Users\ashokkumar\AppData\Local\Downloaded Installations
2015-02-02 17:52 - 2014-06-04 12:46 - 00000000 ____D () C:\Users\ashokkumar\Downloads\Compressed
2015-02-02 14:53 - 2014-06-04 14:16 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\vlc
2015-02-02 12:29 - 2015-01-01 16:22 - 00011912 _____ () C:\Windows\PFRO.log
2015-02-02 09:52 - 2013-08-22 13:47 - 00000000 ____D () C:\Windows\tracing
2015-02-02 09:51 - 2014-06-04 13:54 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\uTorrent
2015-02-02 09:43 - 2014-06-04 13:56 - 00000893 _____ () C:\Users\ashokkumar\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-02 07:09 - 2014-07-05 09:52 - 00452096 ___SH () C:\Users\ashokkumar\Downloads\Thumbs.db
2015-02-01 21:22 - 2014-06-04 12:00 - 00000000 ____D () C:\Users\ashokkumar
2015-01-31 21:07 - 2015-01-01 17:31 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\FileZilla
2015-01-31 20:54 - 2014-06-04 12:46 - 00000000 ____D () C:\Users\ashokkumar\Downloads\Video
2015-01-31 13:22 - 2014-12-29 13:15 - 00001683 _____ () C:\Users\ashokkumar\Desktop\Online Hosting.lnk
2015-01-31 13:22 - 2014-12-29 13:15 - 00001632 _____ () C:\Users\ashokkumar\Desktop\Seedbox.lnk
2015-01-31 10:58 - 2014-08-20 18:04 - 00648392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-01-31 10:58 - 2014-08-18 14:43 - 00119304 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-01-31 10:58 - 2014-08-13 19:34 - 00064200 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-01-31 10:58 - 2014-07-25 13:13 - 00056840 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwfp.sys
2015-01-31 10:49 - 2014-11-22 08:51 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-01-31 10:47 - 2013-08-22 11:43 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-01-30 12:31 - 2014-06-04 15:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 10:53 - 2014-09-26 11:38 - 00000000 ____D () C:\Users\ashokkumar\AppData\Local\Adobe
2015-01-30 09:22 - 2014-06-04 15:42 - 00000000 ____D () C:\Users\ashokkumar\AppData\Roaming\Nitro
2015-01-28 09:02 - 2014-03-18 13:30 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 07:46 - 2014-09-04 17:26 - 00000000 ____D () C:\Program Files\Java
2015-01-28 07:46 - 2014-06-04 17:26 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-28 07:44 - 2014-06-04 17:26 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-28 07:44 - 2014-06-04 17:26 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-28 07:21 - 2013-08-22 13:35 - 00000000 ____D () C:\Windows\CbsTemp
2015-01-28 07:14 - 2014-06-10 17:42 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-26 15:42 - 2015-01-01 17:29 - 00001967 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2015-01-26 15:42 - 2015-01-01 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-01-26 15:42 - 2015-01-01 15:00 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-01-24 19:26 - 2013-08-22 13:47 - 00000000 ____D () C:\Windows\AppReadiness
2015-01-23 12:07 - 2014-03-18 13:33 - 01581968 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-01-23 07:52 - 2013-08-22 11:43 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-01-22 18:11 - 2013-08-22 13:47 - 00000010 __RSH () C:\config.sys
2015-01-22 11:10 - 2013-08-22 13:47 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-19 17:14 - 2014-07-09 10:22 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-18 08:04 - 2014-06-05 06:27 - 00000000 ____D () C:\Program Files\KMSpico
2015-01-15 07:38 - 2014-06-09 15:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 07:31 - 2014-06-09 15:13 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 06:27 - 2014-09-08 20:50 - 00000000 ____D () C:\Program Files\Common Files\PX Storage Engine
2015-01-07 10:56 - 2014-12-09 13:09 - 00000600 _____ () C:\Users\ashokkumar\AppData\Local\PUTTY.RND
2015-01-06 05:38 - 2014-08-13 21:22 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-06 05:38 - 2014-08-13 21:22 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-07-10 11:46 - 2014-07-10 11:46 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files\Common Files\atimpenc.dll
2014-07-09 08:52 - 2014-07-31 08:05 - 0000096 _____ () C:\Users\ashokkumar\AppData\Roaming\Camdata.ini
2014-07-09 08:52 - 2014-07-31 08:05 - 0000408 _____ () C:\Users\ashokkumar\AppData\Roaming\CamLayout.ini
2014-07-09 08:52 - 2014-07-31 08:05 - 0000408 _____ () C:\Users\ashokkumar\AppData\Roaming\CamShapes.ini
2014-07-09 08:52 - 2014-07-31 08:05 - 0004506 _____ () C:\Users\ashokkumar\AppData\Roaming\CamStudio.cfg
2014-07-31 08:03 - 2014-07-31 08:03 - 0000098 _____ () C:\Users\ashokkumar\AppData\Roaming\CamStudio.Producer.command
2014-07-31 08:04 - 2014-07-31 08:04 - 0000000 _____ () C:\Users\ashokkumar\AppData\Roaming\CamStudio.Producer.Data.ini
2014-07-31 08:04 - 2014-07-31 08:04 - 0001206 _____ () C:\Users\ashokkumar\AppData\Roaming\CamStudio.Producer.ini
2015-01-31 13:20 - 2015-01-31 13:24 - 0000115 _____ () C:\Users\ashokkumar\AppData\Roaming\LogFile.txt
2014-12-09 13:09 - 2015-01-07 10:56 - 0000600 _____ () C:\Users\ashokkumar\AppData\Local\PUTTY.RND
2014-06-06 19:00 - 2014-06-06 19:00 - 0007605 _____ () C:\Users\ashokkumar\AppData\Local\Resmon.ResmonCfg
2014-07-24 20:58 - 2014-07-24 20:58 - 0152335 _____ () C:\Users\ashokkumar\AppData\Local\TempAttendance.bmp
2014-07-25 13:52 - 2014-07-25 13:52 - 0487419 _____ () C:\ProgramData\1406276119.bdinstall.bin
2014-07-09 10:23 - 2014-07-09 10:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 07:43

==================== End Of Log ============================

Addition Log File

==============

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2015
Ran by ashokkumar at 2015-02-03 08:09:32
Running from C:\Users\ashokkumar\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\uTorrent) (Version: 3.4.2.38429 - BitTorrent Inc.)
Adblock Plus for IE (32-bit) (HKLM\...\{DF0E7912-4A45-4B24-B472-E521C4D2C663}) (Version: 99.9 - Eyeo GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 16.0.0.222 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
ArcSoft TotalMedia Theatre 6 (HKLM\...\InstallShield_{5232358C-7C23-4319-8271-E43F924196AC}) (Version: 6.7.1.199 - ArcSoft)
ArcSoft TotalMedia Theatre 6 (Version: 6.7.1.199 - ArcSoft) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
FileZilla Client 3.10.0.2 (HKLM\...\FileZilla Client) (Version: 3.10.0.2 - Tim Kosse)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HashTab 5.1.0.23 (HKLM\...\HashTab) (Version: 5.1.0.23 - Implbits Software)
HP Deskjet 1510 series Basic Device Software (HKLM\...\{61268BF7-3EC8-4CDC-922B-C8F718A0D46F}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kaspersky Internet Security (HKLM\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.1.415 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Professional Edition 8.1.1 (HKLM\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version:  - MiniTool Solution Ltd.)
MiniTool Power Data Recovery (HKLM\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mozilla Thunderbird 30.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Nitro Pro 9 (HKLM\...\{4AE74AEC-7CF4-478E-AF4C-A4BD12B086ED}) (Version: 9.5.2.29 - Nitro)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{DBB6FBB8-7860-4BFC-B229-5036C03CA468}) (Version: 4.3.20 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Sony PC Companion 2.10.236 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.236 - Sony)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WampServer 2.5 (HKLM\...\WampServer 2_is1) (Version:  - Hervé Leclerc (HeL))
WD Drive Utilities (HKLM\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD Security (HKLM\...\{919ADA61-13BF-43C4-A2DD-8BA49A244FC8}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{6EE644CD-FC7F-424C-83EA-9C0285C4FB7F}) (Version: 2.4.2.26 - Western Digital Technologies, Inc.)
WinRAR 5.10 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2669073899-1961402799-846495380-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\ashokkumar\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)

==================== Restore Points  =========================

20-01-2015 12:06:38 Installed WD Drive Utilities
22-01-2015 21:41:19 Sony PC Companion
30-01-2015 07:34:39 Scheduled Checkpoint
02-02-2015 17:54:08 Installed ArcSoft TotalMedia Theatre 6

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 11:43 - 2014-12-26 09:28 - 00003059 ____N C:\Windows\system32\Drivers\etc\hosts
    	127.0.0.1 lmlicenses.wip4.adobe.com
	127.0.0.1 lm.licenses.adobe.com
	127.0.0.1 209.34.83.73:443
	127.0.0.1 209.34.83.73:43
	127.0.0.1 209.34.83.73
	127.0.0.1 209.34.83.67:443
	127.0.0.1 209.34.83.67:43
	127.0.0.1 209.34.83.67
	127.0.0.1 ood.opsource.net
	127.0.0.1 199.7.52.190:80
	127.0.0.1 199.7.52.190
	127.0.0.1 OCSP.SPO1.VERISIGN.COM
	127.0.0.1 199.7.54.72:80
	127.0.0.1 199.7.54.72
	127.0.0.1 192.150.14.69
	127.0.0.1 192.150.18.101
	127.0.0.1 192.150.18.108
	127.0.0.1 192.150.22.40
	127.0.0.1 192.150.8.100
	127.0.0.1 192.150.8.118
	127.0.0.1 209-34-83-73.ood.opsource.net
	127.0.0.1 3dns-1.adobe.com
	127.0.0.1 3dns-2.adobe.com
	127.0.0.1 3dns-2.adobe.com
	127.0.0.1 3dns-3.adobe.com
	127.0.0.1 3dns-3.adobe.com
	127.0.0.1 3dns-4.adobe.com
	127.0.0.1 3dns.adobe.com
	127.0.0.1 activate-sea.adobe.com
	127.0.0.1 activate-sea.adobe.com
	127.0.0.1 activate-sjc0.adobe.com
	127.0.0.1 activate-sjc0.adobe.com
	127.0.0.1 activate.adobe.com
	127.0.0.1 activate.adobe.com
	127.0.0.1 activate.wip.adobe.com
	127.0.0.1 activate.wip1.adobe.com
	127.0.0.1 activate.wip2.adobe.com
	127.0.0.1 activate.wip3.adobe.com
	127.0.0.1 activate.wip3.adobe.com
	127.0.0.1 activate.wip4.adobe.com
	127.0.0.1 adobe-dns-1.adobe.com
	127.0.0.1 adobe-dns-2.adobe.com
	127.0.0.1 adobe-dns-2.adobe.com
	127.0.0.1 adobe-dns-3.adobe.com
	127.0.0.1 adobe-dns-3.adobe.com
	127.0.0.1 adobe-dns-4.adobe.com
	127.0.0.1 adobe-dns.adobe.com
	127.0.0.1 adobe-dns.adobe.com
	127.0.0.1 adobe.activate.com
	127.0.0.1 adobeereg.com
	127.0.0.1 crl.verisign.net
	127.0.0.1 CRL.VERISIGN.NET.*
	127.0.0.1 ereg.adobe.com
	127.0.0.1 ereg.adobe.com
	127.0.0.1 ereg.wip.adobe.com
	127.0.0.1 ereg.wip1.adobe.com
	127.0.0.1 ereg.wip2.adobe.com
	127.0.0.1 ereg.wip3.adobe.com
	127.0.0.1 ereg.wip3.adobe.com
	127.0.0.1 ereg.wip4.adobe.com
	127.0.0.1       localhost
	127.0.0.1      myprojectsite.com
	127.0.0.1       localhost
	127.0.0.1      community.myprojectsite.com
	127.0.0.1       localhost
	127.0.0.1     forums.myprojectsite.com
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {17FC19F5-9F75-4DE1-852D-ED0E078CF760} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {33250AF9-AEA7-4D9B-AFF9-86D7D8CDBC59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-29] (Google Inc.)
Task: {75B68E4C-6EE4-4C4B-B466-C7BAA3C0C933} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-07-29] (Google Inc.)
Task: {A91E89C2-65B8-4B99-8014-4CD8E7D69CA5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {E4CC0C30-05A5-4B04-9024-A473EF80B311} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {EC182443-C844-4279-9783-8A23DF13DAC6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-01-15] (Microsoft Corporation)
Task: {EC83E1C6-4B99-4D91-93B8-79C0108BBD5C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {FFA4106D-9CBC-467C-AA88-3712A6D2FEF7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-30] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2014-07-16 15:07 - 2014-07-16 15:07 - 00392712 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-12 15:19 - 2014-05-12 15:19 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2015-01-27 12:23 - 2015-01-27 12:23 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-30 17:12 - 2015-01-31 10:58 - 00459048 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-08-30 17:12 - 2015-01-31 10:58 - 00587048 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2014-08-30 17:12 - 2015-01-31 10:58 - 00332584 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\ashokkumar\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "Adobe ARM"
HKLM\...\StartupApproved\Run: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "Onboard"
HKLM\...\StartupApproved\Run: => "WD Drive Unlocker"
HKLM\...\StartupApproved\Run: => "DriveUtilitiesHelper"
HKLM\...\StartupApproved\Run: => "WD Quick View"
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Deskjet 1510 series.lnk"
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\StartupApproved\Run: => "Backup4all 5 Tray Agent"
HKU\S-1-5-21-2669073899-1961402799-846495380-1001\...\StartupApproved\Run: => "CyberGhost"

========================= Accounts: ==========================

Administrator (S-1-5-21-2669073899-1961402799-846495380-500 - Administrator - Disabled)
Guest (S-1-5-21-2669073899-1961402799-846495380-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2669073899-1961402799-846495380-1003 - Limited - Enabled)
ashokkumar (S-1-5-21-2669073899-1961402799-846495380-1001 - Administrator - Enabled) => C:\Users\ashokkumar

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/03/2015 08:09:32 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:43:32Z. Error Code: 0x80041318.

Error: (02/03/2015 08:09:02 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:44:02Z. Error Code: 0x80041318.

Error: (02/03/2015 08:08:32 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:43:32Z. Error Code: 0x80041318.

Error: (02/03/2015 08:08:02 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:44:02Z. Error Code: 0x80041318.

Error: (02/03/2015 08:07:32 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:43:32Z. Error Code: 0x80041318.

Error: (02/03/2015 08:07:02 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:44:02Z. Error Code: 0x80041318.

Error: (02/03/2015 08:06:32 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:43:32Z. Error Code: 0x80041318.

Error: (02/03/2015 08:06:02 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:44:02Z. Error Code: 0x80041318.

Error: (02/03/2015 08:05:32 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:43:32Z. Error Code: 0x80041318.

Error: (02/03/2015 08:05:02 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2015-02-17T00:44:02Z. Error Code: 0x80041318.


System errors:
=============
Error: (02/03/2015 07:44:05 AM) (Source: DCOM) (EventID: 10010) (User: ROCKER-PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/03/2015 07:43:35 AM) (Source: DCOM) (EventID: 10010) (User: ROCKER-PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/03/2015 07:17:27 AM) (Source: Ntfs) (EventID: 137) (User: )
Description: The default transaction resource manager on volume D: encountered a non-retryable error and could not start.  The data contains the error code.

Error: (02/03/2015 07:17:27 AM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (02/03/2015 07:16:42 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error: 
%%1062

Error: (02/03/2015 07:16:42 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056

Error: (02/03/2015 07:16:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WD Backup service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (02/03/2015 07:16:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/03/2015 07:16:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/03/2015 07:16:12 AM) (Source: DCOM) (EventID: 10010) (User: ROCKER-PC)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (02/03/2015 08:09:32 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:43:32Z

Error: (02/03/2015 08:09:02 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:44:02Z

Error: (02/03/2015 08:08:32 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:43:32Z

Error: (02/03/2015 08:08:02 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:44:02Z

Error: (02/03/2015 08:07:32 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:43:32Z

Error: (02/03/2015 08:07:02 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:44:02Z

Error: (02/03/2015 08:06:32 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:43:32Z

Error: (02/03/2015 08:06:02 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:44:02Z

Error: (02/03/2015 08:05:32 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:43:32Z

Error: (02/03/2015 08:05:02 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413182015-02-17T00:44:02Z


CodeIntegrity Errors:
===================================
  Date: 2015-01-31 06:59:54.913
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-30 07:08:33.678
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-29 08:59:20.505
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-29 07:44:50.258
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-28 10:05:44.114
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-27 07:07:07.652
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-26 09:56:17.069
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-25 07:16:09.632
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-23 13:10:28.865
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-01-22 08:27:25.479
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 56%
Total physical RAM: 2035.84 MB
Available physical RAM: 875.55 MB
Total Pagefile: 4083.84 MB
Available Pagefile: 2469.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.66 MB

==================== Drives ================================

Drive c: (Windows 8) (Fixed) (Total:99 GB) (Free:59.8 GB) NTFS
Drive d: (Tamil Bluray Movies Collection) (Fixed) (Total:225.05 GB) (Free:56.65 GB) NTFS
Drive e: (Tamil Untouched Dvd) (Fixed) (Total:80.22 GB) (Free:42.21 GB) NTFS
Drive f: (English Movies And Software) (Fixed) (Total:37.09 GB) (Free:13.74 GB) NTFS
Drive g: (Document And Pictures) (Fixed) (Total:24.3 GB) (Free:15.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 0000954B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=366.7 GB) - (Type=OF Extended)

==================== End Of Log ============================

aswMBR Log File

===============

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-02-03 07:37:44
-----------------------------
07:37:44.402    OS Version: Windows 6.2.9200 
07:37:44.402    Number of processors: 2 586 0x170A
07:37:44.404    ComputerName: ROCKER-PC  UserName: 
07:38:28.468    Initialize success
07:38:28.718    VM: initialized successfully
07:38:28.718    VM: Intel CPU virtualization not supported 
08:07:19.438    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-5
08:07:19.454    Disk 0 Vendor: ST3500418AS CC34 Size: 476940MB BusType: 3
08:07:19.470    Disk 0 MBR read successfully
08:07:19.470    Disk 0 MBR scan
08:07:19.470    Disk 0 Windows 7 default MBR code
08:07:19.485    Disk 0 Partition 1 80 (A) 07      HPFS/NTFS NTFS          100 MB offset 2048
08:07:19.501    Disk 0 Partition 2 00     07      HPFS/NTFS NTFS       101378 MB offset 206848
08:07:19.501    Disk 0 Partition - 00     0F   Extended LBA            375459 MB offset 207832905
08:07:19.517    Disk 0 Partition 3 00     07      HPFS/NTFS NTFS       230447 MB offset 207832968
08:07:19.517    Disk 0 Partition - 00     05       Extended             82144 MB offset 679790475
08:07:19.548    Disk 0 Partition 4 00     07      HPFS/NTFS NTFS        82144 MB offset 679790538
08:07:19.548    Disk 0 Partition - 00     05       Extended             37981 MB offset 1319980725
08:07:19.563    Disk 0 Partition 5 00     07      HPFS/NTFS NTFS        37981 MB offset 848023218
08:07:19.563    Disk 0 Partition - 00     05       Extended             24884 MB offset 1566000135
08:07:19.579    Disk 0 Partition 6 00     07      HPFS/NTFS NTFS        24884 MB offset 925809948
08:07:19.579    Disk 0 scanning sectors +976773168
08:07:19.610    Disk 0 scanning C:\Windows\system32\drivers
08:07:30.919    Service scanning
08:07:32.872    Service cm_km_w C:\Windows\system32\DRIVERS\cm_km_w.sys **LOCKED** 5
08:07:59.572    Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
08:07:59.593    Service kldisk C:\Windows\system32\DRIVERS\kldisk.sys **LOCKED** 5
08:07:59.619    Service klelam C:\Windows\system32\DRIVERS\klelam.sys **LOCKED** 5
08:07:59.644    Service klflt C:\Windows\system32\DRIVERS\klflt.sys **LOCKED** 5
08:07:59.673    Service klhk C:\Windows\system32\DRIVERS\klhk.sys **LOCKED** 5
08:07:59.747    Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
08:07:59.770    Service klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys **LOCKED** 5
08:07:59.791    Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
08:07:59.816    Service klpd C:\Windows\system32\DRIVERS\klpd.sys **LOCKED** 5
08:07:59.842    Service klwfp C:\Windows\system32\DRIVERS\klwfp.sys **LOCKED** 5
08:07:59.869    Service Klwtp C:\Windows\system32\DRIVERS\klwtp.sys **LOCKED** 5
08:07:59.888    Service kneps C:\Windows\system32\DRIVERS\kneps.sys **LOCKED** 5
08:08:07.808    Modules scanning
08:08:07.808    Disk 0 trace - called modules:
08:08:07.839    ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x850541f8]<<
08:08:07.855    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82cb52d8]
08:08:07.855    3 CLASSPNP.SYS[82956fbc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-5[0x82be1030]
08:08:07.870    \Driver\atapi[0x82bdc608] -> IRP_MJ_CREATE -> 0x850541f8
08:08:07.870    Disk 0 statistics 91738/0/0 @ 5.87 MB/s
08:08:07.886    Scan finished successfully
08:08:20.223    Disk 0 MBR has been saved successfully to "C:\Users\ashokkumar\Desktop\MBR.dat"
08:08:20.223    The log file has been saved successfully to "C:\Users\ashokkumar\Desktop\aswMBR.txt"


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 PM

Posted 04 February 2015 - 08:52 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:20 PM

Posted 03 July 2015 - 02:28 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users