Sign in to follow this  
Followers 0
ashyy

W7 freezes after boot, google redirect aftermath

4 posts in this topic

Hi guys, i recently had the google redirect virus and after some attempts with various scanners i found something using Avast and they have just stopped. I believe Avast cleaned it because i stopped getting redirects and security centre/essentials started working again. However, i have a much more serious problem now sad.gif basically last night i rebooted following installing security essentials again and i cannot get into Windows 7. Upon starting up the Welcome message appears as usual. Following this the screen goes black with just the mouse pointer, after about half a minute my desktop appears with just a start bar, without shortcuts or anything and everything begins to load very slowly. My network in the bottom right at this point has the icon showing an attempt is being made to connect to my router. Everything at this point is frozen and the circling "doing something" icon appears as my pointer. After a short period the entire desktop becomes unresponsive. I can move my mouse and click around but nothing will open and the entire system just hangs. I left it for nearly 10 minutes and still nothing changes so it is obviously in some sort of loop.

Thankfully i have managed to get into safe mode with networking and everything in here works perfect! I get no redirects in here either so i believe that is fixed. Obviously the problem must be a suspicious driver or startup file that has been tampered with which is preventing windows starting up as normal. I am also on 64bit if that helps.

I checked my event viewer and get a array of errors similar to these.

The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error:

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

I'm by no means assuming that my infection was cleared but i have run various scanners such as TDSSkiller and got nothing. The only potential result i got was in ASWMBR.exe which told me the file Mpnwmon.sys is locked.

Thank you so much for any help, i have posted my DDS log below, please bare in mind i am only able to run anything from safe mode.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1

Run by Lawrence at 14:35:08 on 2012-03-26

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2691 [GMT 1:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\ctfmon.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A50071CD-BFDA-4A9D-A5DB-6E7D7A02E6B9} : DhcpNameServer = 192.168.1.254

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\s4fhh83v.default\

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Windows\system32\npdeployJava1.dll

FF - plugin: C:\Windows\system32\npmproxy.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]

S1 LUM;LUM;\??\C:\Windows\system32\drivers\LUM.sys --> C:\Windows\system32\drivers\LUM.sys [?]

S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

S2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-12-22 328536]

S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-24 44768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]

S2 KMService;KMService;C:\Windows\System32\srvany.exe [2012-2-20 8192]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-3-20 2152152]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-23 652360]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-28 2348352]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-22 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]

S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-1-8 87336]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-20 79360]

S3 DraftSight API Service;DraftSight API Service;C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-1-24 78336]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-4 1431888]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]

S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-24 136176]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-24 136176]

.

=============== Created Last 30 ================

.

2012-03-26 12:19:56 -------- d-----w- C:\ProgramData\InstallMate

2012-03-26 11:34:44 -------- d-----w- C:\Program Files (x86)\RegistryNuke 2012

2012-03-26 11:00:47 -------- d-sh--w- C:\$RECYCLE.BIN

2012-03-25 21:05:35 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{948F0553-4B42-44FD-A651-A83A8D11AE0B}\offreg.dll

2012-03-25 20:56:16 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6912DAFA-3635-447E-AB17-F940BADC9463}\gapaengine.dll

2012-03-25 20:56:11 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{948F0553-4B42-44FD-A651-A83A8D11AE0B}\mpengine.dll

2012-03-24 15:53:43 -------- d-----w- C:\CompChecker

2012-03-24 13:39:33 -------- d-----w- C:\madrid centro

2012-03-24 12:02:52 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-03-24 12:02:49 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-03-24 12:02:47 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-03-24 12:02:26 41184 ----a-w- C:\Windows\avastSS.scr

2012-03-24 12:02:16 -------- d-----w- C:\ProgramData\AVAST Software

2012-03-24 12:02:16 -------- d-----w- C:\Program Files\AVAST Software

2012-03-24 01:52:16 -------- d-----w- C:\saasaa

2012-03-24 01:08:55 287304 ----a-w- C:\Windows\System32\drivers\TrufosAlt.sys

2012-03-24 01:07:32 -------- d-----w- C:\ProgramData\SUPERSetup

2012-03-24 01:05:52 -------- d-----w- C:\Program Files (x86)\Tweaking.com

2012-03-24 00:56:58 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-03-24 00:56:54 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-03-23 23:51:14 16200 ----a-w- C:\Windows\stinger.sys

2012-03-23 23:50:50 -------- d-----w- C:\Program Files (x86)\stinger

2012-03-23 23:15:44 714526 ----a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Addon Scenery\Bajasim SJD\unins000.exe

2012-03-23 18:20:33 16432 ----a-w- C:\Windows\System32\lsdelete.exe

2012-03-23 18:15:23 -------- d-----w- C:\Program Files\trend micro

2012-03-23 18:06:31 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys

2012-03-23 18:00:24 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys

2012-03-23 18:00:19 -------- d-----w- C:\Program Files (x86)\Lavasoft

2012-03-23 17:03:33 962612 ----a-w- C:\Windows\SysWow64\mfc42d.dll

2012-03-23 17:03:33 434252 ----a-w- C:\Windows\SysWow64\MSVCRTD.DLL

2012-03-23 17:03:31 24576 ----a-w- C:\Windows\SysWow64\AsIO.dll

2012-03-23 17:03:31 13368 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys

2012-03-23 17:03:29 -------- d-----w- C:\Program Files (x86)\ASUS

2012-03-23 17:00:27 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-23 13:06:36 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-03-23 12:28:42 -------- d-----w- C:\College Area

2012-03-23 12:12:00 42672 ----a-w- C:\Windows\SysWow64\drivers\fsbts.sys

2012-03-23 11:56:18 -------- d-----w- C:\TDSSKiller_Quarantine

2012-03-23 11:46:09 -------- d-----w- C:\ProgramData\fssg

2012-03-23 11:42:39 -------- d-----w- C:\ProgramData\F-Secure

2012-03-23 11:31:21 27424 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys

2012-03-23 11:31:05 -------- d-----w- C:\ProgramData\HitmanPro

2012-03-23 11:22:06 -------- d-----w- C:\Program Files (x86)\ESET

2012-03-23 10:52:44 -------- d-----w- C:\Users\Lawrence\AppData\Roaming\WinPatrol

2012-03-23 10:52:41 -------- d-----w- C:\Program Files (x86)\BillP Studios

2012-03-23 10:52:00 388096 ----a-r- C:\Users\Lawrence\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-03-23 03:19:27 -------- d-----w- C:\Program Files (x86)\Oracle

2012-03-23 03:19:20 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-03-23 02:23:21 -------- d-----w- C:\Program Files\Enigma Software Group

2012-03-23 02:03:47 2 --shatr- C:\Windows\winstart.bat

2012-03-23 02:03:41 -------- d-----w- C:\Program Files (x86)\UnHackMe

2012-03-23 01:46:08 -------- d-----w- C:\Program Files (x86)\Sophos

2012-03-22 16:13:26 98816 ----a-w- C:\Windows\sed.exe

2012-03-22 16:13:26 518144 ----a-w- C:\Windows\SWREG.exe

2012-03-22 16:13:26 256000 ----a-w- C:\Windows\PEV.exe

2012-03-22 16:13:26 208896 ----a-w- C:\Windows\MBR.exe

2012-03-22 16:05:31 -------- d-----w- C:\Users\Lawrence\AppData\Roaming\SUPERAntiSpyware.com

2012-03-22 16:05:17 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-03-22 16:05:17 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-03-22 16:04:25 -------- d-----w- C:\Program Files (x86)\SpywareBlaster

2012-03-22 15:55:00 -------- d-----w- C:\Users\Lawrence\AppData\Local\Lunarsoft

2012-03-22 15:55:00 -------- d-----w- C:\Program Files (x86)\Lunarsoft

2012-03-22 15:53:22 -------- d-----w- C:\Program Files (x86)\Nsasoft

2012-03-22 01:50:01 -------- d-----w- C:\Program Files (x86)\hj

2012-03-21 18:17:57 47950 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\737evocall-uninst-fs9.exe

2012-03-21 17:47:37 -------- d-----w- C:\he

2012-03-21 14:17:01 14336 ----a-r- C:\Users\Lawrence\AppData\Roaming\Microsoft\Installer\{DA46AA5F-4934-4DAC-94E4-7D84AD9A4090}\IconDA46AA5F.exe

2012-03-21 14:14:28 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2012-03-21 14:00:00 470016 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\uninstall_RG2.exe

2012-03-21 13:39:10 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes

2012-03-21 12:47:04 98263 ----a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Uninstal-pic737v2-fs9.exe

2012-03-21 12:47:03 -------- d-----w- C:\testtting

2012-03-17 12:34:25 -------- d-----w- C:\Program Files\iPod

2012-03-17 12:34:24 -------- d-----w- C:\Program Files\iTunes

2012-03-17 12:34:24 -------- d-----w- C:\Program Files (x86)\iTunes

2012-03-14 13:39:47 74827 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Active Camera 2004 update to 2_1 for FS 9_1 uninstal.exe

2012-03-14 13:39:29 74524 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Active Camera 2004 patch for FS 9_1 uninstal.exe

2012-03-14 13:39:20 75386 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Active Camera 2004 2_0 uninstal.exe

2012-03-14 13:29:23 47948 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\uninstall-igfly-dbswaf.exe

2012-03-14 13:17:09 -------- d-----w- C:\Program Files (x86)\TSS Airbus 380 GP7000 Sound FS2004

2012-03-14 13:06:31 90228 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Uninstal_WilcoA380.exe

2012-03-14 11:57:04 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 11:57:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 11:57:02 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 11:39:06 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 11:39:04 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 11:39:04 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 11:38:11 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 11:38:11 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 11:38:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 11:38:09 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 11:38:09 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 11:38:09 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 11:38:09 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-08 15:35:09 -------- d-----w- C:\temp

2012-03-07 15:10:41 -------- d-----w- C:\Users\Lawrence\AppData\Local\{32E268A7-51EC-43D9-BAD8-A70FE632752C}

2012-03-07 15:10:30 -------- d-----w- C:\Users\Lawrence\AppData\Local\{05693713-5481-4FFC-BE5F-BA18D1AAE382}

2012-03-07 14:49:01 155136 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Taxi2005.exe

2012-03-04 12:45:51 -------- d-----w- C:\Users\Lawrence\AppData\Local\Google

2012-03-01 17:51:44 48315 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\ftlandfl-uninst.exe

2012-03-01 16:45:42 85696 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\unFS2Crew_FS9_Airbus_Evolution.exe

2012-03-01 16:45:19 83073 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\unFS2CrewStartCenterFS9.exe

2012-03-01 16:42:04 120441 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\UnFS2CrewWilcoAirbusSpecialFS9.exe

2012-03-01 15:51:21 -------- d-----w- C:\Windows\Downloaded Installations

2012-03-01 15:09:01 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2012-03-01 15:09:01 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2012-03-01 15:09:01 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2012-03-01 15:09:00 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2012-03-01 15:09:00 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2012-03-01 15:08:59 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2012-03-01 15:08:59 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2012-03-01 02:11:55 366181 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\UnFokker70-FS9.exe

2012-02-29 17:01:15 -------- d-----w- C:\Users\Lawrence\AppData\Local\CrashRpt

2012-02-29 17:00:52 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe

2012-02-29 17:00:24 -------- d-----w- C:\Users\Lawrence\AppData\Roaming\DraftSight

2012-02-29 17:00:23 -------- d-----w- C:\ProgramData\Dassault Systemes

2012-02-29 17:00:12 -------- d-----w- C:\Program Files (x86)\Dassault Systemes

2012-02-29 16:40:03 -------- d-----w- C:\Users\Lawrence\AppData\Local\TempSWBackupDirectory

2012-02-29 16:39:57 -------- d-----w- C:\Users\Lawrence\AppData\Roaming\SolidWorks 2011

2012-02-28 15:42:09 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-02-28 15:42:09 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-02-28 15:42:09 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-02-28 15:42:08 6074176 ----a-w- C:\Windows\System32\nvcpl.dll

2012-02-28 15:42:08 2497985 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-02-28 15:42:08 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-02-28 15:41:47 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2012-02-26 20:53:33 -------- d-----r- C:\Users\Lawrence\Dropbox

2012-02-26 20:52:03 -------- d-----w- C:\Users\Lawrence\AppData\Roaming\Dropbox

.

==================== Find3M ====================

.

2012-03-04 12:42:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-20 12:53:10 8192 ----a-w- C:\Windows\SysWow64\srvany.exe

2012-02-15 17:07:00 180 ----a-w- C:\Users\Lawrence\Cloud9_Los Angeles.reg

2012-02-09 20:05:44 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-02-08 13:14:14 286720 ----a-w- C:\Windows\iun506.exe

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-17 12:46:01 31040 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-01-17 12:45:56 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2012-01-17 12:45:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2012-01-12 17:09:55 61 --sha-w- C:\Windows\cnerolf.bin

2012-01-10 13:57:10 567696 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-01-04 19:37:01 180 ----a-w- C:\Users\Lawrence\FSDreamTeam_JFK.reg

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

2012-01-03 19:52:34 181 ----a-w- C:\Users\Lawrence\FSDreamTeam_KLAS.reg

2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl

2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys

.

============= FINISH: 14:38:46.43 ===============

And the attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 20/12/2011 7:57:25 PM

System Uptime: 26/03/2012 12:54:47 PM (2 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5N-E SLI

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 198.921 GiB free.

D: is FIXED (NTFS) - 114 GiB total, 71.288 GiB free.

E: is CDROM (UDF)

F: is CDROM (UDF)

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: avast! Network Shield Support

Device ID: ROOT\LEGACY_ASWTDI\0000

Manufacturer:

Name: avast! Network Shield Support

PNP Device ID: ROOT\LEGACY_ASWTDI\0000

Service: aswTdi

.

Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}

Description: Printer Port

Device ID: ACPI\PNP0400\1

Manufacturer: (Standard port types)

Name: Printer Port (LPT1)

PNP Device ID: ACPI\PNP0400\1

Service: Parport

.

Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}

Description: Communications Port

Device ID: ACPI\PNP0501\1

Manufacturer: (Standard port types)

Name: Communications Port (COM1)

PNP Device ID: ACPI\PNP0501\1

Service: Serial

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

50N Boeing 737 Family Base Pack 1.1.0

737 Pilot in Command

Active Camera 2004 patch for FS 9.1

Active Camera 2004 update to version 2.1 (FS 9.1)

Active Camera 2004 version 2.0

ActiveSky Version 6.5 and ActiveSky Graphics

Ad-Aware

Adobe AIR

Adobe Community Help

Adobe Content Viewer

Adobe InDesign CS5.5

Adobe Photoshop CS5.1

Adobe Reader X (10.1.2)

Advanced SystemCare 4

Aerosoft's - Airbus X

aerosoft's - German Airports 3-Berlin Tegel

aerosoft's - German Airports 3 - Hamburg

aerosoft's - Ibiza X for FS2004

aerosoft's - Keflavik

aerosoft's - Lissabon 2008

aerosoft's - London Heathrow 2008

aerosoft's - Madrid 2008

aerosoft's - Mallorca X for FS2004

aerosoft's - Mega Airport Amsterdam

aerosoft's - Mega Airport Frankfurt - FS2004

aerosoft's - Mega Airport Munich

aerosoft's - Mega Airport Paris CDG

aerosoft's - Mega Airport Stockholm Arlanda

aerosoft's - Mega Airport Zurich 2012 - FS2004

aerosoft's - Nice Cote dAzur

aerosoft's - Real Germany 1 - FS2004

aerosoft's - Real Germany 2 - FS2004

aerosoft's - Real Germany 3 - FS2004

aerosoft's - Wonderful Madeira - FS2004

Aerosoft - Gibraltar FS2004

Airbus Series Vol.1 Deluxe (FS2004)

AirSimmer A320 Basic Edition 1.3

Anti-Malware Toolkit 1.13.326

Apple Application Support

Apple Software Update

Ariane Boeing CFM56 Engine Sounds & FX

Atlanta

µTorrent

avast! Free Antivirus

Bajasim SJD fs9 S03 1.01b version 1.0

BhoScanner 1.9

Cancún 2011 MMUN

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Cloud9 Los Angeles FS9 1.0.2

CLS A330/A340 SP3

CLS DC10

CLS DC10 Service Pack 01

CLS DC10 Service Pack 02

Combi Livery Pack

CONCORDE SSTSIM

Contrails Pro

Creative Audio Control Panel

Creative Software AutoUpdate

Creative Sound Blaster Properties x64 Edition

CYVR 1.0

D3DX10

DraftSight

DSDG Dubai, The Burj Dubai

eReg

ESET Online Scanner v3

FeelThere - Phenom 100

feelThere Florida Landings 1.0

FlightAlpes BasePack Nord

FlightBeam San Francisco International FS9 2.0.1

FlightMediterranee BasePack

FlightParis CityPack

FlightPyrénées Atlantiques BasePack

FlightPyrénées Orientales BasePack

FlightRiviera BasePack

Fokker 70-100

Football Manager 2012

FormatFactory 2.80

FranceVFR FlightParis - VFR Pack

FS2Crew Start Center April 2009

FS2Crew: Airbus Evolution Upgrade

FS2Crew: iFly737NG Button Control Edition

FS2Crew: Wilco-Feelthere Airbus Special Edition

FS2Crew: Wilco-Feelthere Airbus Special Edition Service Update 2

FSDreamTeam JFK FS9 1.0.3

FSDreamTeam Las Vegas McCarran FS9 1.1

FSDreamTeam Los Angeles International FS9 1.3

FSDreamTeam Ohare9 2.0

FSDreamTeam OHareX 2.0

FSNavigator

Google Update Helper

Ground Environment Professional

HiJackThis

Hitman 2 Silent Assassin

HP Deskjet 3050 J610 series Help

iFly Jets - The 737NG for FS2004

Islamabad INTL Chaklala AB

Java Auto Updater

Java 7 Update 3

JavaFX 2.0.3

Jinnah International Airport FS2004

Just Flight - FSceneX FS2004

Just Flight VFR Photographic Scenery: C & S England v1.01

Just Flight VFR Photographic Scenery: E & SE England v1.01

Just Flight VFR Photographic Scenery: Northern England v1.00

KATL Atlanta

KPHL FS9

LAGO Male Scenery FS2004 2.00

Level-D Simulations 767-300

Magic ISO Maker v5.5 (build 0281)

Malwarebytes Anti-Malware version 1.60.1.1000

Mega Airport Barcelona Update 1.01

Microsoft Flight Simulator 2004 A Century of Flight

Microsoft Flight Simulator X

Microsoft Flight Simulator X Service Pack 1

Microsoft Flight Simulator X Service Pack 2

Microsoft Office 2003 Web Components

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Visio 2007 Service Pack 3 (SP3)

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual Studio 2005 Tools for Applications - ENU

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MixMeister Fusion 7.2.2

Morten's AI Traffic 2.2

Mozilla Firefox 11.0 (x86 en-US)

Mozilla Thunderbird 11.0 (x86 en-US)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Northern California Scenery

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

PAOB-Fokker50-V1.0

PDF Settings CS5

PIC 737 Evolution Call for FS9 2.0.1

PMDG 737 8900 NGX

PMDG747_400 Queen of the Skies

PowerISO

Project Canarias 2006

Project Canarias 2006 by CanarySim

PSS - Boeing 757 Pro. v1.3

PSS Airbus A330 v1.2 [FSSR]

PSS Airbus A340 v1.2 [FSSR]

PUERTO VALLARTA SCENERY FOR FS2004

QuickTime

Ready for Pushback V2_10 Full Version

Real Environment Xtreme for FS2004

Real Environment Xtreme for FS2004 - Overdrive

RegistryNuke 2012 version 2.0.0.86

Remove UK2000 Edinburgh Xtreme files

Remove UK2000 Glasgow Xtreme files

RODOS International 2010

Safari

Samsung_MonSetup

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Shade

Simview Sky Max FS2004

SolidWorks 2011 x64 Edition SP02

Sophos Anti-Rootkit 1.5.20

Spotify

Spybot - Search & Destroy

SpywareBlaster 4.6

Texture Ground Plus

TJSJ San Juan

TropicalSim / Bilbao Airport

TSS 777 RR Trent fs2004

TSS A330 RR sound FS2004

TSS Airbus 380 GP7000 Sound FS2004

TSS BOEING 747 RR SOUND FSX

TSS Boeing 757 Rolls Royce RB211 sound

Tweaking.com - Windows Repair (All in One)

UK2000 Gatwick Xtreme FS9

UK2000 Liverpool Xtreme FS9

UK2000 London City Xtreme FS9

UK2000 Manchester Xtreme FS9

Ultimate Terrain - Europe

Ultimate Terrain - USA

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Visio 2007 Help (KB963666)

Vancouver+

VHHH Hong Kong FS2004

VirtualCloneDrive

VIRTUALI Addon Manager 1.81

Visual Flight London

VLC media player 1.1.11

Wilco Fleet : A380

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

World of Warcraft

XNResourceEditor 3.0.0.1

.

==== Event Viewer Messages From Past Week ========

.

26/03/2012 2:07:15 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

26/03/2012 12:57:46 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

26/03/2012 12:56:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

26/03/2012 12:56:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

26/03/2012 12:55:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

26/03/2012 12:55:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO aswSnx aswSP aswTdi ctxusbm discache ElbyCDIO LUM MpFilter SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6

26/03/2012 12:55:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

26/03/2012 12:55:13 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.

26/03/2012 12:53:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.

26/03/2012 12:53:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service.

26/03/2012 12:53:22 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

26/03/2012 12:48:54 PM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

26/03/2012 12:46:54 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

26/03/2012 12:43:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

26/03/2012 12:12:35 PM, Error: nvstor64 [3] - Data error on device. Device: \Device\RaidPort1 Model: Maxtor 6Y120M0 Firmware Version: YAR5 Serial Number: Y3Q0FBQE Port: 1

26/03/2012 12:08:21 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

26/03/2012 12:07:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

26/03/2012 12:07:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

26/03/2012 12:07:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO aswRdr aswSnx aswSP aswTdi ctxusbm DfsC discache ElbyCDIO LUM MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

26/03/2012 12:07:23 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

26/03/2012 12:07:23 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

26/03/2012 12:07:23 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

26/03/2012 12:07:23 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

26/03/2012 12:07:23 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

26/03/2012 12:07:23 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

26/03/2012 12:07:22 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

26/03/2012 12:07:06 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

26/03/2012 12:07:06 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

26/03/2012 12:07:06 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

26/03/2012 12:07:06 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

26/03/2012 12:02:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

26/03/2012 12:02:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

26/03/2012 12:02:17 PM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

26/03/2012 12:02:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

26/03/2012 12:02:17 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

26/03/2012 11:50:07 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

26/03/2012 11:48:50 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

26/03/2012 11:07:17 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.

26/03/2012 11:04:01 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

26/03/2012 1:43:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

26/03/2012 1:28:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

26/03/2012 1:02:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

25/03/2012 9:53:36 PM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

24/03/2012 12:34:36 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

24/03/2012 12:14:45 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).

23/03/2012 2:31:41 AM, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading

23/03/2012 2:31:41 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\15E0.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

23/03/2012 11:51:16 PM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).

23/03/2012 11:51:16 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

23/03/2012 11:39:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

23/03/2012 11:38:46 PM, Error: Application Popup [1060] - \??\C:\Users\Lawrence\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

23/03/2012 11:13:14 AM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

23/03/2012 1:47:25 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\2DC5.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

23/03/2012 1:06:37 PM, Error: Service Control Manager [7000] - The F-Secure Content Control Driver service failed to start due to the following error: The system cannot find the file specified.

22/03/2012 4:24:03 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

22/03/2012 4:23:31 PM, Error: Service Control Manager [7031] - The KMService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

22/03/2012 4:07:18 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\Drivers\PAGEDFRG.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

22/03/2012 2:35:10 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

21/03/2012 11:45:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

Again thank you so much.

Share this post


Link to post
Share on other sites

Just to update this thread, i am now able to get into W7. Updated the graphics driver and oddly that seems to of fixed it. :S I still get very slow startups but there are no infected items and redirects are gone. Please disregard this thread. :)

Share this post


Link to post
Share on other sites

Hello and Welcome to the forum.

Looks like you're running 3 anti-virus programs.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!

The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.

Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.