Jump to content


Photo
- - - - -

W7 freezes after boot, google redirect aftermath


  • This topic is locked This topic is locked
3 replies to this topic

#1 ashyy

ashyy

    New Member

  • Members
  • Pip
  • 2 posts

Posted 26 March 2012 - 08:41 AM

Hi guys, i recently had the google redirect virus and after some attempts with various scanners i found something using Avast and they have just stopped. I believe Avast cleaned it because i stopped getting redirects and security centre/essentials started working again. However, i have a much more serious problem now Posted Image basically last night i rebooted following installing security essentials again and i cannot get into Windows 7. Upon starting up the Welcome message appears as usual. Following this the screen goes black with just the mouse pointer, after about half a minute my desktop appears with just a start bar, without shortcuts or anything and everything begins to load very slowly. My network in the bottom right at this point has the icon showing an attempt is being made to connect to my router. Everything at this point is frozen and the circling "doing something" icon appears as my pointer. After a short period the entire desktop becomes unresponsive. I can move my mouse and click around but nothing will open and the entire system just hangs. I left it for nearly 10 minutes and still nothing changes so it is obviously in some sort of loop.

Thankfully i have managed to get into safe mode with networking and everything in here works perfect! I get no redirects in here either so i believe that is fixed. Obviously the problem must be a suspicious driver or startup file that has been tampered with which is preventing windows starting up as normal. I am also on 64bit if that helps.

I checked my event viewer and get a array of errors similar to these.

The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

I'm by no means assuming that my infection was cleared but i have run various scanners such as TDSSkiller and got nothing. The only potential result i got was in ASWMBR.exe which told me the file Mpnwmon.sys is locked.

Thank you so much for any help, i have posted my DDS log below, please bare in mind i am only able to run anything from safe mode.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
Run by Lawrence at 14:35:08 on 2012-03-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2691 [GMT 1:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A50071CD-BFDA-4A9D-A5DB-6E7D7A02E6B9} : DhcpNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lawrence\AppData\Roaming\Mozilla\Firefox\Profiles\s4fhh83v.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\system32\npdeployJava1.dll
FF - plugin: C:\Windows\system32\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
S1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
S1 LUM;LUM;\??\C:\Windows\system32\drivers\LUM.sys --> C:\Windows\system32\drivers\LUM.sys [?]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-12-22 328536]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
S2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-24 44768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
S2 KMService;KMService;C:\Windows\System32\srvany.exe [2012-2-20 8192]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-3-20 2152152]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-23 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-28 2348352]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-22 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2011-1-8 87336]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-20 79360]
S3 DraftSight API Service;DraftSight API Service;C:\Program Files (x86)\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [2012-1-24 78336]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-1-4 1431888]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-24 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-24 136176]
.
=============== Created Last 30 ================
.
2012-03-26 12:19:56 -------- d-----w- C:\ProgramData\InstallMate
2012-03-26 11:34:44 -------- d-----w- C:\Program Files (x86)\RegistryNuke 2012
2012-03-26 11:00:47 -------- d-sh--w- C:\$RECYCLE.BIN
2012-03-25 21:05:35 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{948F0553-4B42-44FD-A651-A83A8D11AE0B}\offreg.dll
2012-03-25 20:56:16 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6912DAFA-3635-447E-AB17-F940BADC9463}\gapaengine.dll
2012-03-25 20:56:11 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{948F0553-4B42-44FD-A651-A83A8D11AE0B}\mpengine.dll
2012-03-24 15:53:43 -------- d-----w- C:\CompChecker
2012-03-24 13:39:33 -------- d-----w- C:\madrid centro
2012-03-24 12:02:52 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-24 12:02:49 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-24 12:02:47 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-03-24 12:02:26 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-24 12:02:16 -------- d-----w- C:\ProgramData\AVAST Software
2012-03-24 12:02:16 -------- d-----w- C:\Program Files\AVAST Software
2012-03-24 01:52:16 -------- d-----w- C:\saasaa
2012-03-24 01:08:55 287304 ----a-w- C:\Windows\System32\drivers\TrufosAlt.sys
2012-03-24 01:07:32 -------- d-----w- C:\ProgramData\SUPERSetup
2012-03-24 01:05:52 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-03-24 00:56:58 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-24 00:56:54 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-03-23 23:51:14 16200 ----a-w- C:\Windows\stinger.sys
2012-03-23 23:50:50 -------- d-----w- C:\Program Files (x86)\stinger
2012-03-23 23:15:44 714526 ----a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Addon Scenery\Bajasim SJD\unins000.exe
2012-03-23 18:20:33 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-03-23 18:15:23 -------- d-----w- C:\Program Files\trend micro
2012-03-23 18:06:31 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-03-23 18:00:24 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-03-23 18:00:19 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-03-23 17:03:33 962612 ----a-w- C:\Windows\SysWow64\mfc42d.dll
2012-03-23 17:03:33 434252 ----a-w- C:\Windows\SysWow64\MSVCRTD.DLL
2012-03-23 17:03:31 24576 ----a-w- C:\Windows\SysWow64\AsIO.dll
2012-03-23 17:03:31 13368 ----a-w- C:\Windows\SysWow64\drivers\AsIO.sys
2012-03-23 17:03:29 -------- d-----w- C:\Program Files (x86)\ASUS
2012-03-23 17:00:27 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-23 13:06:36 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-03-23 12:28:42 -------- d-----w- C:\College Area
2012-03-23 12:12:00 42672 ----a-w- C:\Windows\SysWow64\drivers\fsbts.sys
2012-03-23 11:56:18 -------- d-----w- C:\TDSSKiller_Quarantine
2012-03-23 11:46:09 -------- d-----w- C:\ProgramData\fssg
2012-03-23 11:42:39 -------- d-----w- C:\ProgramData\F-Secure
2012-03-23 11:31:21 27424 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-03-23 11:31:05 -------- d-----w- C:\ProgramData\HitmanPro
2012-03-23 11:22:06 -------- d-----w- C:\Program Files (x86)\ESET
2012-03-23 10:52:44 -------- d-----w- C:\Users\Lawrence\AppData\Roaming\WinPatrol
2012-03-23 10:52:41 -------- d-----w- C:\Program Files (x86)\BillP Studios
2012-03-23 10:52:00 388096 ----a-r- C:\Users\Lawrence\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-23 03:19:27 -------- d-----w- C:\Program Files (x86)\Oracle
2012-03-23 03:19:20 637848 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-03-23 02:23:21 -------- d-----w- C:\Program Files\Enigma Software Group
2012-03-23 02:03:47 2 --shatr- C:\Windows\winstart.bat
2012-03-23 02:03:41 -------- d-----w- C:\Program Files (x86)\UnHackMe
2012-03-23 01:46:08 -------- d-----w- C:\Program Files (x86)\Sophos
2012-03-22 16:13:26 98816 ----a-w- C:\Windows\sed.exe
2012-03-22 16:13:26 518144 ----a-w- C:\Windows\SWREG.exe
2012-03-22 16:13:26 256000 ----a-w- C:\Windows\PEV.exe
2012-03-22 16:13:26 208896 ----a-w- C:\Windows\MBR.exe
2012-03-22 16:05:31 -------- d-----w- C:\Users\Lawrence\AppData\Roaming\SUPERAntiSpyware.com
2012-03-22 16:05:17 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-03-22 16:05:17 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-03-22 16:04:25 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2012-03-22 15:55:00 -------- d-----w- C:\Users\Lawrence\AppData\Local\Lunarsoft
2012-03-22 15:55:00 -------- d-----w- C:\Program Files (x86)\Lunarsoft
2012-03-22 15:53:22 -------- d-----w- C:\Program Files (x86)\Nsasoft
2012-03-22 01:50:01 -------- d-----w- C:\Program Files (x86)\hj
2012-03-21 18:17:57 47950 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\737evocall-uninst-fs9.exe
2012-03-21 17:47:37 -------- d-----w- C:\he
2012-03-21 14:17:01 14336 ----a-r- C:\Users\Lawrence\AppData\Roaming\Microsoft\Installer\{DA46AA5F-4934-4DAC-94E4-7D84AD9A4090}\IconDA46AA5F.exe
2012-03-21 14:14:28 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-03-21 14:00:00 470016 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\uninstall_RG2.exe
2012-03-21 13:39:10 -------- d-----w- C:\Program Files (x86)\Elaborate Bytes
2012-03-21 12:47:04 98263 ----a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Uninstal-pic737v2-fs9.exe
2012-03-21 12:47:03 -------- d-----w- C:\testtting
2012-03-17 12:34:25 -------- d-----w- C:\Program Files\iPod
2012-03-17 12:34:24 -------- d-----w- C:\Program Files\iTunes
2012-03-17 12:34:24 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-14 13:39:47 74827 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Active Camera 2004 update to 2_1 for FS 9_1 uninstal.exe
2012-03-14 13:39:29 74524 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Active Camera 2004 patch for FS 9_1 uninstal.exe
2012-03-14 13:39:20 75386 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Active Camera 2004 2_0 uninstal.exe
2012-03-14 13:29:23 47948 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\uninstall-igfly-dbswaf.exe
2012-03-14 13:17:09 -------- d-----w- C:\Program Files (x86)\TSS Airbus 380 GP7000 Sound FS2004
2012-03-14 13:06:31 90228 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Uninstal_WilcoA380.exe
2012-03-14 11:57:04 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 11:57:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 11:57:02 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 11:39:06 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 11:39:04 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 11:39:04 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 11:38:11 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 11:38:11 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 11:38:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 11:38:09 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 11:38:09 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 11:38:09 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 11:38:09 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-08 15:35:09 -------- d-----w- C:\temp
2012-03-07 15:10:41 -------- d-----w- C:\Users\Lawrence\AppData\Local\{32E268A7-51EC-43D9-BAD8-A70FE632752C}
2012-03-07 15:10:30 -------- d-----w- C:\Users\Lawrence\AppData\Local\{05693713-5481-4FFC-BE5F-BA18D1AAE382}
2012-03-07 14:49:01 155136 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Taxi2005.exe
2012-03-04 12:45:51 -------- d-----w- C:\Users\Lawrence\AppData\Local\Google
2012-03-01 17:51:44 48315 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\ftlandfl-uninst.exe
2012-03-01 16:45:42 85696 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\unFS2Crew_FS9_Airbus_Evolution.exe
2012-03-01 16:45:19 83073 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\unFS2CrewStartCenterFS9.exe
2012-03-01 16:42:04 120441 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\UnFS2CrewWilcoAirbusSpecialFS9.exe
2012-03-01 15:51:21 -------- d-----w- C:\Windows\Downloaded Installations
2012-03-01 15:09:01 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-03-01 15:09:01 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-03-01 15:09:01 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-03-01 15:09:00 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-03-01 15:09:00 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-03-01 15:08:59 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-03-01 15:08:59 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-03-01 02:11:55 366181 -c--a-w- C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\UnFokker70-FS9.exe
2012-02-29 17:01:15 -------- d-----w- C:\Users\Lawrence\AppData\Local\CrashRpt
2012-02-29 17:00:52 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-02-29 17:00:24 -------- d-----w- C:\Users\Lawrence\AppData\Roaming\DraftSight
2012-02-29 17:00:23 -------- d-----w- C:\ProgramData\Dassault Systemes
2012-02-29 17:00:12 -------- d-----w- C:\Program Files (x86)\Dassault Systemes
2012-02-29 16:40:03 -------- d-----w- C:\Users\Lawrence\AppData\Local\TempSWBackupDirectory
2012-02-29 16:39:57 -------- d-----w- C:\Users\Lawrence\AppData\Roaming\SolidWorks 2011
2012-02-28 15:42:09 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-28 15:42:09 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-28 15:42:09 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-28 15:42:08 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-28 15:42:08 2497985 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-02-28 15:42:08 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-28 15:41:47 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-02-26 20:53:33 -------- d-----r- C:\Users\Lawrence\Dropbox
2012-02-26 20:52:03 -------- d-----w- C:\Users\Lawrence\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2012-03-04 12:42:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-20 12:53:10 8192 ----a-w- C:\Windows\SysWow64\srvany.exe
2012-02-15 17:07:00 180 ----a-w- C:\Users\Lawrence\Cloud9_Los Angeles.reg
2012-02-09 20:05:44 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-02-08 13:14:14 286720 ----a-w- C:\Windows\iun506.exe
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-17 12:46:01 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-01-17 12:45:56 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-01-17 12:45:55 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-01-12 17:09:55 61 --sha-w- C:\Windows\cnerolf.bin
2012-01-10 13:57:10 567696 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-04 19:37:01 180 ----a-w- C:\Users\Lawrence\FSDreamTeam_JFK.reg
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 19:52:34 181 ----a-w- C:\Users\Lawrence\FSDreamTeam_KLAS.reg
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 14:38:46.43 ===============


And the attach.txt



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 20/12/2011 7:57:25 PM
System Uptime: 26/03/2012 12:54:47 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5N-E SLI
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 198.921 GiB free.
D: is FIXED (NTFS) - 114 GiB total, 71.288 GiB free.
E: is CDROM (UDF)
F: is CDROM (UDF)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avast! Network Shield Support
Device ID: ROOT\LEGACY_ASWTDI\0000
Manufacturer:
Name: avast! Network Shield Support
PNP Device ID: ROOT\LEGACY_ASWTDI\0000
Service: aswTdi
.
Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: Printer Port
Device ID: ACPI\PNP0400\1
Manufacturer: (Standard port types)
Name: Printer Port (LPT1)
PNP Device ID: ACPI\PNP0400\1
Service: Parport
.
Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
Description: Communications Port
Device ID: ACPI\PNP0501\1
Manufacturer: (Standard port types)
Name: Communications Port (COM1)
PNP Device ID: ACPI\PNP0501\1
Service: Serial
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
50N Boeing 737 Family Base Pack 1.1.0
737 Pilot in Command
Active Camera 2004 patch for FS 9.1
Active Camera 2004 update to version 2.1 (FS 9.1)
Active Camera 2004 version 2.0
ActiveSky Version 6.5 and ActiveSky Graphics
Ad-Aware
Adobe AIR
Adobe Community Help
Adobe Content Viewer
Adobe InDesign CS5.5
Adobe Photoshop CS5.1
Adobe Reader X (10.1.2)
Advanced SystemCare 4
Aerosoft's - Airbus X
aerosoft's - German Airports 3-Berlin Tegel
aerosoft's - German Airports 3 - Hamburg
aerosoft's - Ibiza X for FS2004
aerosoft's - Keflavik
aerosoft's - Lissabon 2008
aerosoft's - London Heathrow 2008
aerosoft's - Madrid 2008
aerosoft's - Mallorca X for FS2004
aerosoft's - Mega Airport Amsterdam
aerosoft's - Mega Airport Frankfurt - FS2004
aerosoft's - Mega Airport Munich
aerosoft's - Mega Airport Paris CDG
aerosoft's - Mega Airport Stockholm Arlanda
aerosoft's - Mega Airport Zurich 2012 - FS2004
aerosoft's - Nice Cote dAzur
aerosoft's - Real Germany 1 - FS2004
aerosoft's - Real Germany 2 - FS2004
aerosoft's - Real Germany 3 - FS2004
aerosoft's - Wonderful Madeira - FS2004
Aerosoft - Gibraltar FS2004
Airbus Series Vol.1 Deluxe (FS2004)
AirSimmer A320 Basic Edition 1.3
Anti-Malware Toolkit 1.13.326
Apple Application Support
Apple Software Update
Ariane Boeing CFM56 Engine Sounds & FX
Atlanta
µTorrent
avast! Free Antivirus
Bajasim SJD fs9 S03 1.01b version 1.0
BhoScanner 1.9
Cancún 2011 MMUN
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Cloud9 Los Angeles FS9 1.0.2
CLS A330/A340 SP3
CLS DC10
CLS DC10 Service Pack 01
CLS DC10 Service Pack 02
Combi Livery Pack
CONCORDE SSTSIM
Contrails Pro
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
CYVR 1.0
D3DX10
DraftSight
DSDG Dubai, The Burj Dubai
eReg
ESET Online Scanner v3
FeelThere - Phenom 100
feelThere Florida Landings 1.0
FlightAlpes BasePack Nord
FlightBeam San Francisco International FS9 2.0.1
FlightMediterranee BasePack
FlightParis CityPack
FlightPyrénées Atlantiques BasePack
FlightPyrénées Orientales BasePack
FlightRiviera BasePack
Fokker 70-100
Football Manager 2012
FormatFactory 2.80
FranceVFR FlightParis - VFR Pack
FS2Crew Start Center April 2009
FS2Crew: Airbus Evolution Upgrade
FS2Crew: iFly737NG Button Control Edition
FS2Crew: Wilco-Feelthere Airbus Special Edition
FS2Crew: Wilco-Feelthere Airbus Special Edition Service Update 2
FSDreamTeam JFK FS9 1.0.3
FSDreamTeam Las Vegas McCarran FS9 1.1
FSDreamTeam Los Angeles International FS9 1.3
FSDreamTeam Ohare9 2.0
FSDreamTeam OHareX 2.0
FSNavigator
Google Update Helper
Ground Environment Professional
HiJackThis
Hitman 2 Silent Assassin
HP Deskjet 3050 J610 series Help
iFly Jets - The 737NG for FS2004
Islamabad INTL Chaklala AB
Java Auto Updater
Java™ 7 Update 3
JavaFX 2.0.3
Jinnah International Airport FS2004
Just Flight - FSceneX FS2004
Just Flight VFR Photographic Scenery: C & S England v1.01
Just Flight VFR Photographic Scenery: E & SE England v1.01
Just Flight VFR Photographic Scenery: Northern England v1.00
KATL Atlanta
KPHL FS9
LAGO Male Scenery FS2004 2.00
Level-D Simulations 767-300
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.60.1.1000
Mega Airport Barcelona Update 1.01
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X Service Pack 2
Microsoft Office 2003 Web Components
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Applications - ENU
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MixMeister Fusion 7.2.2
Morten's AI Traffic 2.2
Mozilla Firefox 11.0 (x86 en-US)
Mozilla Thunderbird 11.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Northern California Scenery
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PAOB-Fokker50-V1.0
PDF Settings CS5
PIC 737 Evolution Call for FS9 2.0.1
PMDG 737 8900 NGX
PMDG747_400 Queen of the Skies
PowerISO
Project Canarias 2006
Project Canarias 2006 by CanarySim
PSS - Boeing 757 Pro. v1.3
PSS Airbus A330 v1.2 [FSSR]
PSS Airbus A340 v1.2 [FSSR]
PUERTO VALLARTA SCENERY FOR FS2004
QuickTime
Ready for Pushback V2_10 Full Version
Real Environment Xtreme for FS2004
Real Environment Xtreme for FS2004 - Overdrive
RegistryNuke 2012 version 2.0.0.86
Remove UK2000 Edinburgh Xtreme files
Remove UK2000 Glasgow Xtreme files
RODOS International 2010
Safari
Samsung_MonSetup
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Shade
Simview Sky Max FS2004
SolidWorks 2011 x64 Edition SP02
Sophos Anti-Rootkit 1.5.20
Spotify
Spybot - Search & Destroy
SpywareBlaster 4.6
Texture Ground Plus
TJSJ San Juan
TropicalSim / Bilbao Airport
TSS 777 RR Trent fs2004
TSS A330 RR sound FS2004
TSS Airbus 380 GP7000 Sound FS2004
TSS BOEING 747 RR SOUND FSX
TSS Boeing 757 Rolls Royce RB211 sound
Tweaking.com - Windows Repair (All in One)
UK2000 Gatwick Xtreme FS9
UK2000 Liverpool Xtreme FS9
UK2000 London City Xtreme FS9
UK2000 Manchester Xtreme FS9
Ultimate Terrain - Europe
Ultimate Terrain - USA
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Vancouver+
VHHH Hong Kong FS2004
VirtualCloneDrive
VIRTUALI Addon Manager 1.81
Visual Flight London
VLC media player 1.1.11
Wilco Fleet : A380
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
World of Warcraft
XNResourceEditor 3.0.0.1
.
==== Event Viewer Messages From Past Week ========
.
26/03/2012 2:07:15 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2012 12:57:46 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2012 12:56:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
26/03/2012 12:56:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
26/03/2012 12:55:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
26/03/2012 12:55:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO aswSnx aswSP aswTdi ctxusbm discache ElbyCDIO LUM MpFilter SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6
26/03/2012 12:55:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
26/03/2012 12:55:13 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2012 12:53:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
26/03/2012 12:53:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service.
26/03/2012 12:53:22 PM, Error: Service Control Manager [7000] - The Secondary Logon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/03/2012 12:48:54 PM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
26/03/2012 12:46:54 PM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
26/03/2012 12:43:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
26/03/2012 12:12:35 PM, Error: nvstor64 [3] - Data error on device. Device: \Device\RaidPort1 Model: Maxtor 6Y120M0 Firmware Version: YAR5 Serial Number: Y3Q0FBQE Port: 1
26/03/2012 12:08:21 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2012 12:07:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
26/03/2012 12:07:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
26/03/2012 12:07:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO aswRdr aswSnx aswSP aswTdi ctxusbm DfsC discache ElbyCDIO LUM MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
26/03/2012 12:07:23 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2012 12:07:23 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2012 12:07:23 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2012 12:07:23 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2012 12:07:23 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2012 12:07:23 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2012 12:07:22 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
26/03/2012 12:07:06 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2012 12:07:06 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2012 12:07:06 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2012 12:07:06 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
26/03/2012 12:02:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
26/03/2012 12:02:17 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
26/03/2012 12:02:17 PM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
26/03/2012 12:02:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
26/03/2012 12:02:17 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/03/2012 11:50:07 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
26/03/2012 11:48:50 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
26/03/2012 11:07:17 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
26/03/2012 11:04:01 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
26/03/2012 1:43:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
26/03/2012 1:28:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
26/03/2012 1:02:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
25/03/2012 9:53:36 PM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
24/03/2012 12:34:36 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
24/03/2012 12:14:45 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
23/03/2012 2:31:41 AM, Error: Service Control Manager [7000] - The MEMSWEEP2 service failed to start due to the following error: This driver has been blocked from loading
23/03/2012 2:31:41 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\15E0.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
23/03/2012 11:51:16 PM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).
23/03/2012 11:51:16 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
23/03/2012 11:39:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
23/03/2012 11:38:46 PM, Error: Application Popup [1060] - \??\C:\Users\Lawrence\AppData\Local\Temp\mbr.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
23/03/2012 11:13:14 AM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
23/03/2012 1:47:25 AM, Error: Application Popup [1060] - \??\C:\Windows\system32\2DC5.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
23/03/2012 1:06:37 PM, Error: Service Control Manager [7000] - The F-Secure Content Control Driver service failed to start due to the following error: The system cannot find the file specified.
22/03/2012 4:24:03 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
22/03/2012 4:23:31 PM, Error: Service Control Manager [7031] - The KMService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/03/2012 4:07:18 PM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\Drivers\PAGEDFRG.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
22/03/2012 2:35:10 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
21/03/2012 11:45:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
.
==== End Of File ===========================


Again thank you so much.

#2 ashyy

ashyy

    New Member

  • Members
  • Pip
  • 2 posts

Posted 26 March 2012 - 09:43 AM

Just to update this thread, i am now able to get into W7. Updated the graphics driver and oddly that seems to of fixed it. :S I still get very slow startups but there are no infected items and redirects are gone. Please disregard this thread. :)

#3 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 26 March 2012 - 03:29 PM

Hello and Welcome to the forum.

Looks like you're running 3 anti-virus programs.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}


Never install more than one Antivirus and Firewall! Rather than giving you extra protection, it will decrease the reliability of it seriously!
The reason for this is that if both products have their automatic (Real-Time) protection switched on, your system may lock up due to both software products attempting to access the same file at the same time.
Also because more than one Antivirus and Firewall installed are not compatible with each other, it can cause system performance problems and a serious system slowdown.

Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#4 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 31 March 2012 - 05:19 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users