[system running slow.]

Mr.Ron, gone forward and done the TDSSKiller scan and no threats were found. the screen shot is attached. i do not require the samsung printer driver  as i last used the printer 3 months back and coming to the OUC (online update service of the internet provider or the Dongle soft updater)problem may be sorted if i uninstall  and reinstall the internet provider service software.Please let me know If you want me to merge DgiVecp back into the Registry. will be waiting for your instructions. thankyou.

[system running slow.]

Hello Mr.Ron, deleted the  DgiVecp but unable to find  OUC to delete from the registry. shall i move forward and scan with TDSSKiller. thankyou.

[system running slow.]

Hello Mr.Ron, Avira AV has found something and i am not sure what it is. so i am posting it for your advice. thankyou.

 

 

 

 

Avira Free Antivirus

Report file date: 26 September 2013  19:06

 

 

The program is running as an unrestricted full version.

Online services are available.

 

Licensee        : Avira Free Antivirus

Serial number   : 0000149996-ADJIE-0000001

Platform        : Windows 7 Home Basic

Windows version : (Service Pack 1)  [6.1.7601]

Boot mode       : Normally booted

Username        : SYSTEM

Computer name   : KISHOREREDDY-PC

 

Version information:

BUILD.DAT       : 13.0.0.4052    55009 Bytes  29-08-2013 18:03:00

AVSCAN.EXE      : 13.6.20.2100   639032 Bytes  17-07-2013 14:07:09

AVSCANRC.DLL    : 13.6.20.2174    52280 Bytes  06-08-2013 13:24:14

LUKE.DLL        : 13.6.20.2174    65080 Bytes  31-07-2013 18:31:48

AVSCPLR.DLL     : 13.6.20.2174    92216 Bytes  31-07-2013 18:22:31

AVREG.DLL       : 13.6.20.2174   250424 Bytes  31-07-2013 18:21:56

avlode.dll      : 13.6.20.2174   497720 Bytes  31-07-2013 18:21:22

avlode.rdf      : 13.0.1.42      26846 Bytes  28-08-2013 07:31:36

VBASE000.VDF    : 7.11.70.0   66736640 Bytes  04-04-2013 05:30:13

VBASE001.VDF    : 7.11.74.226  2201600 Bytes  30-04-2013 07:11:13

VBASE002.VDF    : 7.11.80.60   2751488 Bytes  28-05-2013 04:32:30

VBASE003.VDF    : 7.11.85.214  2162688 Bytes  21-06-2013 08:10:18

VBASE004.VDF    : 7.11.91.176  3903488 Bytes  23-07-2013 08:58:27

VBASE005.VDF    : 7.11.98.186  6822912 Bytes  29-08-2013 06:20:30

VBASE006.VDF    : 7.11.103.230  2293248 Bytes  24-09-2013 08:18:38

VBASE007.VDF    : 7.11.103.231     2048 Bytes  24-09-2013 08:18:38

VBASE008.VDF    : 7.11.103.232     2048 Bytes  24-09-2013 08:18:38

VBASE009.VDF    : 7.11.103.233     2048 Bytes  24-09-2013 08:18:39

VBASE010.VDF    : 7.11.103.234     2048 Bytes  24-09-2013 08:18:39

VBASE011.VDF    : 7.11.103.235     2048 Bytes  24-09-2013 08:18:39

VBASE012.VDF    : 7.11.103.236     2048 Bytes  24-09-2013 08:18:40

VBASE013.VDF    : 7.11.103.237     2048 Bytes  24-09-2013 08:18:40

VBASE014.VDF    : 7.11.103.238     2048 Bytes  24-09-2013 08:18:40

VBASE015.VDF    : 7.11.103.239     2048 Bytes  24-09-2013 08:18:40

VBASE016.VDF    : 7.11.103.240     2048 Bytes  24-09-2013 08:18:41

VBASE017.VDF    : 7.11.103.241     2048 Bytes  24-09-2013 08:18:41

VBASE018.VDF    : 7.11.103.242     2048 Bytes  24-09-2013 08:18:41

VBASE019.VDF    : 7.11.103.243     2048 Bytes  24-09-2013 08:18:42

VBASE020.VDF    : 7.11.103.244     2048 Bytes  24-09-2013 08:18:42

VBASE021.VDF    : 7.11.103.245     2048 Bytes  24-09-2013 08:18:43

VBASE022.VDF    : 7.11.103.246     2048 Bytes  24-09-2013 08:18:43

VBASE023.VDF    : 7.11.103.247     2048 Bytes  24-09-2013 08:18:43

VBASE024.VDF    : 7.11.103.248     2048 Bytes  24-09-2013 08:18:44

VBASE025.VDF    : 7.11.103.249     2048 Bytes  24-09-2013 08:18:44

VBASE026.VDF    : 7.11.103.250     2048 Bytes  24-09-2013 08:18:44

VBASE027.VDF    : 7.11.103.251     2048 Bytes  24-09-2013 08:18:44

VBASE028.VDF    : 7.11.103.252     2048 Bytes  24-09-2013 08:18:45

VBASE029.VDF    : 7.11.103.253     2048 Bytes  24-09-2013 08:18:45

VBASE030.VDF    : 7.11.103.254     2048 Bytes  24-09-2013 08:18:45

VBASE031.VDF    : 7.11.104.112   320512 Bytes  25-09-2013 07:34:29

Engine version  : 8.2.12.122

AEVDF.DLL       : 8.1.3.4       102774 Bytes  17-06-2013 05:00:27

AESCRIPT.DLL    : 8.1.4.150     516478 Bytes  25-09-2013 08:19:17

AESCN.DLL       : 8.1.10.4      131446 Bytes  26-03-2013 11:24:32

AESBX.DLL       : 8.2.16.26    1245560 Bytes  23-08-2013 09:16:40

AERDL.DLL       : 8.2.0.128     688504 Bytes  17-06-2013 05:00:27

AEPACK.DLL      : 8.3.2.28      749945 Bytes  25-09-2013 08:19:15

AEOFFICE.DLL    : 8.1.2.76      205181 Bytes  08-08-2013 11:31:21

AEHEUR.DLL      : 8.1.4.648    6525306 Bytes  25-09-2013 08:19:12

AEHELP.DLL      : 8.1.27.6      266617 Bytes  28-08-2013 07:31:27

AEGEN.DLL       : 8.1.7.14      446839 Bytes  25-09-2013 08:18:50

AEEXP.DLL       : 8.4.1.62      328055 Bytes  25-09-2013 08:19:18

AEEMU.DLL       : 8.1.3.2       393587 Bytes  29-11-2012 06:56:05

AECORE.DLL      : 8.1.32.0      201081 Bytes  23-08-2013 09:16:38

AEBB.DLL        : 8.1.1.4        53619 Bytes  29-11-2012 06:56:05

AVWINLL.DLL     : 13.6.20.2174    23608 Bytes  31-07-2013 18:23:24

AVPREF.DLL      : 13.6.20.2174    48184 Bytes  31-07-2013 18:21:46

AVREP.DLL       : 13.6.20.2174   175672 Bytes  31-07-2013 18:22:20

AVARKT.DLL      : 13.6.20.2174   258104 Bytes  31-07-2013 18:19:34

AVEVTLOG.DLL    : 13.6.20.2174   165432 Bytes  31-07-2013 18:20:38

SQLITE3.DLL     : 3.7.0.1       394824 Bytes  31-07-2013 16:24:53

AVSMTP.DLL      : 13.6.20.2174    60472 Bytes  31-07-2013 18:23:03

NETNT.DLL       : 13.6.20.2174    13368 Bytes  31-07-2013 18:32:20

RCIMAGE.DLL     : 13.6.20.2174  4788792 Bytes  31-07-2013 18:41:15

RCTEXT.DLL      : 13.6.20.2175    66616 Bytes  22-08-2013 13:35:19

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp

Reporting...........................: default

Primary action......................: Interactive

Secondary action....................: Ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, Q:, 

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Limit recursion depth...............: 20

Smart extensions....................: on

Macrovirus heuristic................: on

File heuristic......................: extended

 

Start of the scan: 26 September 2013  19:06

 

Starting master boot sector scan:

Master boot sector HD0

    [iNFO]      No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

    [iNFO]      No virus was found!

 

Starting search for hidden objects.

Hidden driver

  [NOTE]      A memory modification has been detected, which could potentially be used to hide file access attempts.

 

The scan of running processes will be started:

Scan process 'svchost.exe' - '52' Module(s) have been scanned

Scan process 'svchost.exe' - '39' Module(s) have been scanned

Scan process 'svchost.exe' - '76' Module(s) have been scanned

Scan process 'svchost.exe' - '100' Module(s) have been scanned

Scan process 'svchost.exe' - '63' Module(s) have been scanned

Scan process 'svchost.exe' - '167' Module(s) have been scanned

Scan process 'svchost.exe' - '28' Module(s) have been scanned

Scan process 'SbieSvc.exe' - '31' Module(s) have been scanned

Scan process 'svchost.exe' - '89' Module(s) have been scanned

Scan process 'svchost.exe' - '80' Module(s) have been scanned

Scan process 'WLANExt.exe' - '32' Module(s) have been scanned

Scan process 'conhost.exe' - '14' Module(s) have been scanned

Scan process 'spoolsv.exe' - '83' Module(s) have been scanned

Scan process 'sched.exe' - '46' Module(s) have been scanned

Scan process 'taskhost.exe' - '54' Module(s) have been scanned

Scan process 'Dwm.exe' - '31' Module(s) have been scanned

Scan process 'Explorer.EXE' - '163' Module(s) have been scanned

Scan process 'armsvc.exe' - '28' Module(s) have been scanned

Scan process 'igfxtray.exe' - '28' Module(s) have been scanned

Scan process 'psi_tray.exe' - '27' Module(s) have been scanned

Scan process 'ouc.exe' - '32' Module(s) have been scanned

Scan process 'avguard.exe' - '106' Module(s) have been scanned

Scan process 'btwdins.exe' - '33' Module(s) have been scanned

Scan process 'dirmngr.exe' - '38' Module(s) have been scanned

Scan process 'dsiwmis.exe' - '44' Module(s) have been scanned

Scan process 'ePowerSvc.exe' - '30' Module(s) have been scanned

Scan process 'GREGsvc.exe' - '15' Module(s) have been scanned

Scan process 'HWDeviceService64.exe' - '32' Module(s) have been scanned

Scan process 'LMS.exe' - '33' Module(s) have been scanned

Scan process 'DCSHelper.exe' - '32' Module(s) have been scanned

Scan process 'mbamscheduler.exe' - '37' Module(s) have been scanned

Scan process 'IScheduleSvc.exe' - '71' Module(s) have been scanned

Scan process 'PSIA.exe' - '84' Module(s) have been scanned

Scan process 'sftvsa.exe' - '32' Module(s) have been scanned

Scan process 'svchost.exe' - '32' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'UpdaterService.exe' - '27' Module(s) have been scanned

Scan process 'sftlist.exe' - '77' Module(s) have been scanned

Scan process 'CVHSVC.EXE' - '82' Module(s) have been scanned

Scan process 'avshadow.exe' - '29' Module(s) have been scanned

Scan process 'AVWEBGRD.EXE' - '72' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '50' Module(s) have been scanned

Scan process 'KeyScrambler.exe' - '54' Module(s) have been scanned

Scan process 'LManager.exe' - '73' Module(s) have been scanned

Scan process 'IAStorIcon.exe' - '51' Module(s) have been scanned

Scan process 'avgnt.exe' - '95' Module(s) have been scanned

Scan process 'MMDx64Fx.exe' - '27' Module(s) have been scanned

Scan process 'LMworker.exe' - '26' Module(s) have been scanned

Scan process 'unsecapp.exe' - '28' Module(s) have been scanned

Scan process 'KeyScrambler.exe' - '28' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned

Scan process 'svchost.exe' - '34' Module(s) have been scanned

Scan process 'GoogleUpdate.exe' - '55' Module(s) have been scanned

Scan process 'IAStorDataMgrSvc.exe' - '50' Module(s) have been scanned

Scan process 'GoogleCrashHandler.exe' - '34' Module(s) have been scanned

Scan process 'GoogleCrashHandler64.exe' - '29' Module(s) have been scanned

Scan process 'UNS.exe' - '59' Module(s) have been scanned

Scan process 'wuauclt.exe' - '37' Module(s) have been scanned

Scan process 'DCSHelper.exe' - '39' Module(s) have been scanned

Scan process 'Aircel.exe' - '151' Module(s) have been scanned

Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned

Scan process 'MailWasher.exe' - '152' Module(s) have been scanned

Scan process 'avcenter.exe' - '105' Module(s) have been scanned

Scan process 'avscan.exe' - '122' Module(s) have been scanned

Scan process 'vssvc.exe' - '47' Module(s) have been scanned

Scan process 'svchost.exe' - '28' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Scan process 'csrss.exe' - '18' Module(s) have been scanned

Scan process 'csrss.exe' - '18' Module(s) have been scanned

Scan process 'wininit.exe' - '26' Module(s) have been scanned

Scan process 'winlogon.exe' - '31' Module(s) have been scanned

Scan process 'services.exe' - '36' Module(s) have been scanned

Scan process 'lsass.exe' - '63' Module(s) have been scanned

Scan process 'lsm.exe' - '16' Module(s) have been scanned

 

Starting to scan executable files (registry):

The registry was scanned ( '5137' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <Acer>

Begin scan in 'Q:\'

Search path Q:\ could not be opened!

System error [5]: Access is denied.

 

 

End of the scan: 26 September 2013  20:47

Used time:  1:41:16 Hour(s)

 

The scan has been done completely.

 

  34098 Scanned directories

 638583 Files were scanned

      0 Viruses and/or unwanted programs were found

      0 Files were classified as suspicious

      0 Files were deleted

      0 Viruses and unwanted programs were repaired

      0 Files were moved to quarantine

      0 Files were renamed

      0 Files cannot be scanned

 638583 Files not concerned

   9829 Archives were scanned

      0 Warnings

      1 Notes

 1101447 Objects were scanned with rootkit scan

      1 Hidden objects were found

 

[system running slow.]

Okay, thankyou.

[system running slow.]

Mr.Ron, the required log is as follows:

 

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 26/09/2013 14:12:57

 

Note: All dates below are in the format dd/mm/yyyy

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 24/09/2013 21:50:38

Type: Error Category: 1

Event: 100 Source: CVHSVC

Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. 

 

Log: 'Application' Date/Time: 24/09/2013 21:03:23

Type: Error Category: 1

Event: 100 Source: CVHSVC

Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. 

 

Log: 'Application' Date/Time: 24/09/2013 19:23:53

Type: Error Category: 0

Event: 80 Source: SideBySide

Activation context generation failed for "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Log: 'Application' Date/Time: 24/09/2013 15:15:20

Type: Error Category: 1

Event: 100 Source: CVHSVC

Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. 

 

Log: 'Application' Date/Time: 24/09/2013 14:56:37

Type: Error Category: 0

Event: 80 Source: SideBySide

Activation context generation failed for "C:\Users\Kishore Reddy\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Log: 'Application' Date/Time: 24/09/2013 08:17:02

Type: Error Category: 1

Event: 100 Source: CVHSVC

Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. 

 

Log: 'Application' Date/Time: 24/09/2013 07:56:38

Type: Error Category: 1

Event: 100 Source: CVHSVC

Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. 

 

Log: 'Application' Date/Time: 24/09/2013 07:32:27

Type: Error Category: 0

Event: 80 Source: SideBySide

Activation context generation failed for "C:\Users\Kishore Reddy\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Log: 'Application' Date/Time: 24/09/2013 05:46:12

Type: Error Category: 1

Event: 100 Source: CVHSVC

Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. 

 

Log: 'Application' Date/Time: 23/09/2013 21:44:16

Type: Error Category: 1

Event: 100 Source: CVHSVC

Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected. 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 26/09/2013 08:38:01

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.

 

Log: 'System' Date/Time: 26/09/2013 08:38:00

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The Aircel. OUC service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

 

Log: 'System' Date/Time: 26/09/2013 08:38:00

Type: Error Category: 0

Event: 7009 Source: Service Control Manager

A timeout was reached (30000 milliseconds) while waiting for the Aircel. OUC service to connect.

 

Log: 'System' Date/Time: 26/09/2013 07:09:25

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.

 

Log: 'System' Date/Time: 26/09/2013 07:09:25

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The Aircel. OUC service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

 

Log: 'System' Date/Time: 26/09/2013 07:09:25

Type: Error Category: 0

Event: 7009 Source: Service Control Manager

A timeout was reached (30000 milliseconds) while waiting for the Aircel. OUC service to connect.

 

Log: 'System' Date/Time: 26/09/2013 06:57:43

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.

 

Log: 'System' Date/Time: 26/09/2013 06:57:43

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The Aircel. OUC service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

 

Log: 'System' Date/Time: 26/09/2013 06:57:43

Type: Error Category: 0

Event: 7009 Source: Service Control Manager

A timeout was reached (30000 milliseconds) while waiting for the Aircel. OUC service to connect.

 

Log: 'System' Date/Time: 25/09/2013 13:33:46

Type: Error Category: 0

Event: 7000 Source: Service Control Manager

The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.

[system running slow.]

Hello Mr.Ron, i have 1 important windows update and 3 adobe updates on standby. can i go ahead and update. waiting for your advice. thankyou.

[system running slow.]

Thankyou Mr.Ron. will be waiting to hear from you tomorrow.  

[system running slow.]

Mr.Ron, the result is same as the earlier one. the log is attached.will be waiting for your instructions. thankyou.

Result.txt

[system running slow.]

Mr.Ron, just wanted to ask you whether i need to install avira toolbar(opted not to install).It is showing that web protection is inactive due to not installing avira toolbar. thankyou.

[system running slow.]

Mr.Ron, its done and the Result.txt is attached. thankyou.

Result.txt

[system running slow.]

Mr.Ron, can i use the previous day copy of MiniToolBox and can i download the avast removal tool before uninstalling avast antivirus. thankyou.

[system running slow.]

Mr.Ron, the combofix log is posted for further analysis. it only took half the time than the earlier scans. thankyou.

 

ComboFix 13-09-24.02 - Kishore Reddy 25-09-2013  11:29:41.11.4 - x64

Microsoft Windows 7 Home Basic   6.1.7601.1.1252.91.1033.18.2807.1624 [GMT 5.5:30]

Running from: c:\users\Kishore Reddy\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((   Files Created from 2013-08-25 to 2013-09-25  )))))))))))))))))))))))))))))))

.

.

2013-09-25 06:04 . 2013-09-25 06:04 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-24 08:27 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-09-24 08:27 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-09-24 08:27 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-09-24 08:27 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-09-24 08:27 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-09-24 08:27 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-09-24 08:27 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-09-24 08:27 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-09-24 08:26 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr

2013-09-24 08:03 . 2013-09-24 08:03 -------- d-s---w- c:\windows\SysWow64\Microsoft

2013-09-24 07:36 . 2013-09-24 19:27 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0939623-FEFE-4AC6-9581-8886E73E27E1}\offreg.dll

2013-09-24 05:50 . 2013-09-15 19:20 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A0939623-FEFE-4AC6-9581-8886E73E27E1}\mpengine.dll

2013-09-22 07:25 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-09-22 07:24 . 2013-09-24 08:26 -------- d-----w- c:\program files\AVAST Software

2013-09-22 07:23 . 2013-09-24 08:26 -------- d-----w- c:\programdata\AVAST Software

2013-09-20 06:37 . 2013-09-23 20:56 -------- d-----w- C:\AdwCleaner

2013-09-20 05:21 . 2013-09-20 05:21 -------- d-----w- c:\windows\ERUNT

2013-09-12 08:06 . 2013-09-25 06:04 -------- d-----w- c:\users\Kishore Reddy\AppData\Local\temp

2013-09-12 06:38 . 2013-08-10 05:22 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-09-12 06:38 . 2013-08-10 05:21 53248 ----a-w- c:\windows\system32\jsproxy.dll

2013-09-12 06:38 . 2013-08-10 03:59 1767936 ----a-w- c:\windows\SysWow64\wininet.dll

2013-09-12 06:38 . 2013-08-10 05:22 2241024 ----a-w- c:\windows\system32\wininet.dll

2013-09-12 06:38 . 2013-08-10 05:20 15404544 ----a-w- c:\windows\system32\ieframe.dll

2013-09-12 06:38 . 2013-08-10 05:21 19246592 ----a-w- c:\windows\system32\mshtml.dll

2013-09-07 15:33 . 2013-09-17 07:44 -------- d-----w- C:\FRST

2013-09-06 09:37 . 2013-09-13 15:25 -------- d-----w- c:\users\Kishore Reddy\Doctor Web

2013-08-29 14:07 . 2013-08-29 14:07 -------- d-----w- c:\programdata\Kaspersky Lab

2013-08-29 14:05 . 2013-08-29 11:01 460888 ----a-w- c:\windows\system32\drivers\97771742.sys

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-12 06:32 . 2011-09-10 10:04 79143768 ----a-w- c:\windows\system32\MRT.exe

2013-08-19 07:30 . 2012-04-02 15:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-19 07:30 . 2012-03-11 09:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-06 22:52 . 2011-09-16 07:01 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-08-02 01:48 . 2013-09-11 07:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-25 09:25 . 2013-08-15 03:19 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-25 08:57 . 2013-08-15 03:19 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58 . 2013-08-15 03:19 2048 ----a-w- c:\windows\system32\tzres.dll

2013-07-19 01:41 . 2013-08-15 03:19 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-07-09 05:52 . 2013-08-15 03:20 224256 ----a-w- c:\windows\system32\wintrust.dll

2013-07-09 05:51 . 2013-08-15 03:18 1217024 ----a-w- c:\windows\system32\rpcrt4.dll

2013-07-09 05:46 . 2013-08-15 03:20 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-09 05:46 . 2013-08-15 03:20 1472512 ----a-w- c:\windows\system32\crypt32.dll

2013-07-09 05:46 . 2013-08-15 03:20 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-07-09 04:52 . 2013-08-15 03:18 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll

2013-07-09 04:52 . 2013-08-15 03:21 175104 ----a-w- c:\windows\SysWow64\wintrust.dll

2013-07-09 04:46 . 2013-08-15 03:21 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-07-09 04:46 . 2013-08-15 03:21 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-07-09 04:46 . 2013-08-15 03:21 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-07-06 06:03 . 2013-08-15 05:38 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-07 14:33 . 2013-03-19 06:51 10965504 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 130736 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2013-03-26 534160]

"LManager"="c:\program files (x86)\launch manager\lmanager.exe" [2010-08-10 975952]

"IAStorIcon"="c:\program files (x86)\intel\intel® rapid storage technology\iastoricon.exe" [2010-04-13 284696]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ  

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

"vProt"=c:\program files (x86)\avg secure search\vprot.exe

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R2 Aircel. RunOuc;Aircel. OUC;c:\program files (x86)\Aircel\UpdateDog\ouc.exe;c:\program files (x86)\Aircel\UpdateDog\ouc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 DirMngr;DirMngr;c:\program files (x86)\GNU\GnuPG\dirmngr.exe;c:\program files (x86)\GNU\GnuPG\dirmngr.exe [x]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]

R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]

R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]

R4 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-09-20 03:38 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-04-04 22:12 164016 ----a-w- c:\users\Kishore Reddy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]

"ETDWare"="c:\program files (x86)\elantech\etdctrl.exe" [bU]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

IE: Free YouTube Download - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\users\Kishore Reddy\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: Interfaces\{F893701F-8C69-4B7A-9239-8A552C12ECDE}: NameServer = 101.223.255.141 101.223.255.142

FF - ProfilePath - c:\users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\

FF - ExtSQL: 2013-09-03 13:38; firefox@ghostery.com; c:\users\Kishore Reddy\AppData\Roaming\Mozilla\Firefox\Profiles\8l8f2rdt.default-1353771796483\extensions\firefox@ghostery.com.xpi

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{2B9F5787-88A5-4945-90E7-C4B18563BC5E}"=hex:51,66,7a,6c,4c,1d,38,12,e9,54,8c,

   2f,97,c6,2b,0c,ef,f1,87,f1,80,3d,f8,4a

"{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}"=hex:51,66,7a,6c,4c,1d,38,12,81,2d,20,

   35,ad,85,e1,00,d0,fd,90,4e,9f,38,f2,ae

"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,

   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{CC59E0F9-7E43-44FA-9FAA-8377850BF205}"=hex:51,66,7a,6c,4c,1d,38,12,97,e3,4a,

   c8,71,30,94,01,e0,bc,c0,37,80,55,b6,11

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:e6,1e,6f,07,11,c4,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,08,60,ce,f5,dc,1a,92,4a,98,22,81,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-09-25  11:38:14

ComboFix-quarantined-files.txt  2013-09-25 06:08

ComboFix2.txt  2013-09-23 18:37

ComboFix3.txt  2013-09-23 07:03

ComboFix4.txt  2013-09-21 01:58

ComboFix5.txt  2013-09-25 05:58

.

Pre-Run: 421,452,816,384 bytes free

Post-Run: 421,373,657,088 bytes free

.

- - End Of File - - 355C0481048EBED2906784D9C4B41E04

[system running slow.]

Okay. will get back to you with the log. thankyou.

[system running slow.]

Mr.Ron, the log is posted for your analysis. thankyou.

 

HitmanPro 3.7.7.205www.hitmanpro.com    Computer name . . . . : KISHOREREDDY-PC   Windows . . . . . . . : 6.1.1.7601.X64/4   User name . . . . . . : KishoreReddy-PC\Kishore Reddy   UAC . . . . . . . . . : Enabled   License . . . . . . . : Trial (Expired)    Scan date . . . . . . : 2013-09-25 10:29:24   Scan mode . . . . . . : Normal   Scan duration . . . . : 4m 23s   Disk access mode  . . : Direct disk access (SRB)   Cloud . . . . . . . . : Internet   Reboot  . . . . . . . : No    Threats . . . . . . . : 0   Traces  . . . . . . . : 0    Objects scanned . . . : 1,712,540   Files scanned . . . . : 27,888   Remnants scanned  . . : 346,441 files / 1,338,211 keys  

[system running slow.]

Mr.Ron, i have Hitman Pro on my system, shall update and scan. thankyou.

[system running slow.]

Mr.Ron,i have copied & pasted one log and the other log is attached. thankyou.

 

Farbar Service Scanner Version: 13-09-2013

Ran by Kishore Reddy (administrator) on 25-09-2013 at 02:39:46

Running from "C:\Users\Kishore Reddy\Desktop"

Microsoft Windows 7 Home Basic  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Attempt to access Google IP returned error. Other errors

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo.com returned error: Other errors

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

Result.txt

[system running slow.]

Mr.Ron, the DDS logs are attached and will be waiting for your instructions. thankyou.  at last.

dds.txt

attach.txt

[system running slow.]

Mr.Ron, i have uninstalled three programs(Notepad+, Mozilla Thunderbird & Threatfire). may be any one of these is the responsible for the problem or the three combined. Do you want me to go ahead and run the DDS tool. thankyou.

[system running slow.]

Hello Mr.Ron, it seems you have solved the problem. the new MBAM quick scan log is attached for further analysis. thankyou.

mbam-log-2013-09-24 (21-13-10).txt

[system running slow.]

Mr.Ron, i have run the MBAM scan in safe mode and no threats were shown. the log is posted below. thankyou.

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.09.23.12

 

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)

Internet Explorer 10.0.9200.16686

Kishore Reddy :: KISHOREREDDY-PC [administrator]

 

24-09-2013 14:55:00

mbam-log-2013-09-24 (14-55-00).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 205109

Time elapsed: 4 minute(s), 46 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

[system running slow.]

Hello Mr.Ron, done as per your instructions and the problem still continues even after uninstalling  threatfire and avast antivirus. thankyou.

[system running slow.]

Hello Mr.Ron, the remaining scans are completed and the logs are attached. It seems the problem still continues. thankyou.

mbam-log-2013-09-24 (02-52-22).txt

checkup.txt

[system running slow.]

Mr.Ron, i have attached the logs, please take a look. I will get back as soon as  the remaining scans are completed. i just noticed that Windows Defender was running on my machine and i don't know how it started suddenly. thankyou.  

JRT.txt

AdwCleanerR2.txt

AdwCleanerS1.txt

[system running slow.]

Mr.Ron, its done and the log is attached. thankyou.

ComboFixlog.txt

[system running slow.]

Mr.Ron, the combofix was run as per your advice and the combofix log is attached for your analysis. thankyou.

ComboFixlog.txt