Author Topic: Win7Pro, 2-14 Update problems  (Read 5239 times)

0 Members and 1 Guest are viewing this topic.

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 75
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Win7Pro, 2-14 Update problems
« on: February 20, 2012, 02:24:45 AM »
--
DeanZF
aka PastyWhiteGuy

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15973
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Win7Pro, 2-14 Update problems
« Reply #1 on: February 20, 2012, 02:49:08 PM »
Hi, DeanZF.  Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Quote
When the 2/14 update was made available, it did not completely finalize the update.

Have you attempted a system restore point prior to the February 14th updates?  When originally released, there was a problem with the Silverlight update, although it was a "failure to install" message, which was quickly repaired.  In addition, I always recommend installing .NET Framework updates separately from other updates.  While many people have no problems with .NET Framework updates, for some reason, others do.

The DDS.txt log got cut off by the forum software.  Please copy/paste the remainder of the log following 2012-02-08 03:39:44   --------   d-----w-   c:\users\deanszf\appdata\local\{2E575AFC-E332-46E2-A8C0-E4E1D5F6156C} to the end.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 75
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #2 on: February 20, 2012, 03:04:47 PM »
As requested, the rest of that log:

2012-02-08 03:39:34   --------   d-----w-   c:\users\deanszf\appdata\local\{B42D7D0A-0777-41B4-804A-159726DFE37C}
2012-02-07 04:18:41   --------   d-----w-   c:\users\deanszf\appdata\local\{FBCAFD6C-95F2-4059-8832-2944C5DB0EA4}
2012-02-07 04:18:30   --------   d-----w-   c:\users\deanszf\appdata\local\{BCBED0D9-5094-4C7D-BE36-E2CB599909E6}
2012-02-06 16:18:15   --------   d-----w-   c:\users\deanszf\appdata\local\{896AE353-D57E-4173-8420-7ED6E2AB2877}
2012-02-06 16:18:02   --------   d-----w-   c:\users\deanszf\appdata\local\{EF2FCAF2-ABC6-4FBE-B33F-09BE69FEC769}
2012-02-05 19:42:14   --------   d-----w-   c:\users\deanszf\appdata\local\{0D5BFB48-D3ED-457C-A72B-F220DB836317}
2012-02-05 19:42:04   --------   d-----w-   c:\users\deanszf\appdata\local\{77DA27CB-1E8A-48CB-AF87-831B711209D4}
2012-02-05 13:23:49   --------   d-----w-   c:\program files\MSXML 4.0
2012-02-05 06:13:15   --------   d-----w-   c:\users\deanszf\appdata\local\{7C48287C-3840-4479-A725-4933413DB2F1}
2012-02-05 06:13:05   --------   d-----w-   c:\users\deanszf\appdata\local\{8F59CB11-2CC7-4BC5-AB4A-AF9A1380BDB5}
2012-02-05 05:01:30   --------   d-----w-   c:\users\deanszf\appdata\roaming\Nuance
2012-02-04 19:06:06   --------   d-----w-   c:\users\deanszf\appdata\roaming\FLEXnet
2012-02-04 19:04:24   --------   d-----w-   c:\program files\common files\IVA
2012-02-04 19:04:02   --------   d-----w-   c:\program files\common files\Nuance
2012-02-04 18:59:36   --------   d-----w-   c:\programdata\Nuance
2012-02-04 18:59:36   --------   d-----w-   c:\program files\Nuance
2012-02-04 18:12:40   --------   d-----w-   c:\users\deanszf\appdata\local\{74FA868D-401C-49E8-A2E3-D6A2A35BE046}
2012-02-04 18:12:21   --------   d-----w-   c:\users\deanszf\appdata\local\{AAD7B903-6222-4231-8A3C-9E859BD571B0}
2012-02-04 05:48:23   --------   d-----w-   c:\users\deanszf\appdata\local\{33532CB9-361B-4134-A9AA-7DAEDA474606}
2012-02-04 05:48:02   --------   d-----w-   c:\users\deanszf\appdata\local\{70FCF635-D1AA-44D0-85CB-13645F8E3037}
2012-02-03 17:35:14   --------   d-----w-   c:\users\deanszf\appdata\local\{4FFFEFBA-1FC9-45E6-ADBB-8CBA87CC2BBE}
2012-02-03 17:35:03   --------   d-----w-   c:\users\deanszf\appdata\local\{BA95D1E9-3A68-4289-9DCE-B8004DE4D840}
2012-02-03 05:08:40   --------   d-----w-   c:\users\deanszf\appdata\local\{8DB8B7B0-B98D-4C79-9CFE-0C15A4FC2A46}
2012-02-03 05:08:29   --------   d-----w-   c:\users\deanszf\appdata\local\{14A5167C-22C7-4E42-8CA4-8CC1F914988C}
2012-02-02 17:08:17   --------   d-----w-   c:\users\deanszf\appdata\local\{EB787A15-7859-4114-A0D1-C357EC028832}
2012-02-02 17:08:06   --------   d-----w-   c:\users\deanszf\appdata\local\{07705064-186D-4DE4-9B5A-61EE2D5F144E}
2012-02-02 05:07:54   --------   d-----w-   c:\users\deanszf\appdata\local\{8A8F6294-B073-4A6A-A3B9-69E41DB10D19}
2012-02-02 05:07:43   --------   d-----w-   c:\users\deanszf\appdata\local\{F3743F1E-59CB-4DA8-B3BA-E995BD42863F}
2012-02-01 17:07:31   --------   d-----w-   c:\users\deanszf\appdata\local\{7FE3F963-C83A-4B37-8B88-B3A2552C6C29}
2012-02-01 17:07:21   --------   d-----w-   c:\users\deanszf\appdata\local\{59612B47-5570-446F-BC33-84DA0800E166}
2012-02-01 05:07:09   --------   d-----w-   c:\users\deanszf\appdata\local\{D2C52B97-5514-4A1D-96AA-A77D8DA76A09}
2012-02-01 05:06:57   --------   d-----w-   c:\users\deanszf\appdata\local\{35B93567-3653-4EDE-9D1F-63A970ADA3EF}
2012-01-31 17:06:45   --------   d-----w-   c:\users\deanszf\appdata\local\{944305CB-7DBB-4D85-99B2-F08EA6886E9A}
2012-01-31 17:06:34   --------   d-----w-   c:\users\deanszf\appdata\local\{7470E580-2CFA-479B-A284-4EF2B94D2EBD}
2012-01-31 05:06:22   --------   d-----w-   c:\users\deanszf\appdata\local\{B2076DB1-78DB-4698-B017-37F9437C6C6B}
2012-01-31 05:06:11   --------   d-----w-   c:\users\deanszf\appdata\local\{2486142A-FC3C-41B7-9585-258602564E97}
2012-01-30 17:05:57   --------   d-----w-   c:\users\deanszf\appdata\local\{F2D347F5-DE3F-41AC-A985-30D1A3079277}
2012-01-30 17:05:29   --------   d-----w-   c:\users\deanszf\appdata\local\{37BA1F06-9BE8-494F-9775-24C9C91C33C3}
2012-01-30 04:49:21   --------   d-----w-   c:\users\deanszf\appdata\local\{993BF766-3ABC-4FAE-936B-1C185706F863}
2012-01-30 04:49:11   --------   d-----w-   c:\users\deanszf\appdata\local\{CEBBED22-E2A9-4107-AF79-39D6CD9C1ACF}
2012-01-29 16:40:56   --------   d-----w-   c:\users\deanszf\appdata\local\{601A3795-8787-44AC-A984-869BBCB86C6C}
2012-01-29 04:40:45   --------   d-----w-   c:\users\deanszf\appdata\local\{72605994-A0F0-4ED3-A845-BAC9CA0D8EAE}
2012-01-29 04:40:33   --------   d-----w-   c:\users\deanszf\appdata\local\{030FBE94-D4E9-4D20-B04F-0CB78E1942F7}
2012-01-28 16:40:17   --------   d-----w-   c:\users\deanszf\appdata\local\{F2A249BB-72F3-43B4-AA6C-0605F0E88B57}
2012-01-28 16:40:00   --------   d-----w-   c:\users\deanszf\appdata\local\{2E0A788D-AA17-4C8E-AEF5-DB360F49A61A}
2012-01-28 04:36:23   --------   d-----w-   c:\users\deanszf\appdata\local\{42A5A35B-9039-4CF0-BD50-1B5F17C0FFB9}
2012-01-28 04:36:13   --------   d-----w-   c:\users\deanszf\appdata\local\{5A570E5A-5482-4C53-A0CD-981F406E6594}
2012-01-27 16:36:01   --------   d-----w-   c:\users\deanszf\appdata\local\{8352F7B0-64D0-4EE8-BC0A-F13C4EA6AFC1}
2012-01-27 16:35:49   --------   d-----w-   c:\users\deanszf\appdata\local\{EBBFC1BF-C55B-42E1-886A-3FC58C2BE7FC}
2012-01-27 04:35:37   --------   d-----w-   c:\users\deanszf\appdata\local\{2BB25A46-67E1-4F80-94EF-7F3A9FA570CE}
2012-01-27 04:35:27   --------   d-----w-   c:\users\deanszf\appdata\local\{913C5912-DB11-4D75-9916-39F72AC16E44}
2012-01-27 04:20:25   --------   d-----w-   c:\program files\common files\Macrovision Shared
2012-01-27 04:20:07   22872   ----a-r-   c:\windows\system32\AdobePDFUI.dll
2012-01-26 16:35:02   --------   d-----w-   c:\users\deanszf\appdata\local\{467A71B9-7713-4D00-8A2F-1FC830A5B0B2}
2012-01-26 16:34:48   --------   d-----w-   c:\users\deanszf\appdata\local\{71FDA1DB-E436-416C-9F8D-04DCA21CAD1E}
2012-01-26 04:34:04   --------   d-----w-   c:\users\deanszf\appdata\local\{48E824F3-C00E-44E6-8D43-9953C4B2983D}
2012-01-26 04:33:53   --------   d-----w-   c:\users\deanszf\appdata\local\{5014B2EE-D83E-44E3-AF62-DE7FAC4D2E93}
2012-01-25 16:33:42   --------   d-----w-   c:\users\deanszf\appdata\local\{9C04206D-DD87-432B-85B8-456514962E82}
2012-01-25 16:33:29   --------   d-----w-   c:\users\deanszf\appdata\local\{2C36C459-1FB2-4F55-BFAB-B21111A2D7DE}
2012-01-25 04:18:23   --------   d-----w-   c:\users\deanszf\appdata\local\{CB59DA8A-D9D5-4D6F-8EA9-7EDA4C7E70E4}
2012-01-25 04:18:13   --------   d-----w-   c:\users\deanszf\appdata\local\{822A9A34-4A0E-47BE-87BD-49969734F609}
2012-01-24 16:18:01   --------   d-----w-   c:\users\deanszf\appdata\local\{AE88DC8C-42B8-449C-B3D1-7941F62F55B1}
2012-01-24 16:17:48   --------   d-----w-   c:\users\deanszf\appdata\local\{37EF5FF6-BC29-47CF-9A05-82522E4B76DC}
2012-01-24 03:44:29   --------   d-----w-   c:\users\deanszf\appdata\local\{6B78AE1C-98F0-4505-82A9-2148C9835069}
2012-01-24 03:44:18   --------   d-----w-   c:\users\deanszf\appdata\local\{78DF9519-F71F-40D5-ACA9-18F113721530}
2012-01-23 15:44:07   --------   d-----w-   c:\users\deanszf\appdata\local\{18651752-E39E-4BB6-8E12-14DCA2C35C6C}
2012-01-23 15:43:56   --------   d-----w-   c:\users\deanszf\appdata\local\{33CDBC36-CE08-472F-BC2E-5177024315A2}
2012-01-23 03:43:44   --------   d-----w-   c:\users\deanszf\appdata\local\{35F9A7E2-3A7E-4DE4-BE3D-23A6BA5889A4}
2012-01-23 03:43:34   --------   d-----w-   c:\users\deanszf\appdata\local\{F16B3226-EC1E-4D01-B78A-675C05CAD748}
2012-01-22 15:43:21   --------   d-----w-   c:\users\deanszf\appdata\local\{7DBC57E7-34C6-48C6-BC88-2C550534A146}
2012-01-22 15:42:58   --------   d-----w-   c:\users\deanszf\appdata\local\{BA89FD56-5404-484F-8D2C-5DB4215796B6}
2012-01-22 03:42:47   --------   d-----w-   c:\users\deanszf\appdata\local\{759E7816-0FF8-454E-9CAC-0BB39D43BCBA}
2012-01-22 03:42:36   --------   d-----w-   c:\users\deanszf\appdata\local\{2EBC071D-5A45-4428-B79B-10B8C0501FA1}
2012-01-21 15:42:24   --------   d-----w-   c:\users\deanszf\appdata\local\{1E89A4BB-BD78-41CE-9832-87548A57955E}
2012-01-21 15:42:00   --------   d-----w-   c:\users\deanszf\appdata\local\{472A3E57-0BEF-469F-88B2-F05388B245DF}
.
==================== Find3M  ====================
.
2012-01-29 11:10:42   237072   ------w-   c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:49:29.60 ===============
--
DeanZF
aka PastyWhiteGuy

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 75
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #3 on: February 20, 2012, 03:27:46 PM »
In response to the other points, no I have not tried to go backward. I'd likely need instructions for that, too. Currently, my Win7 does everything automatically. How do I set it up to allow me to steer how those updates are installed?

Also, based on MS' forum advice, I did run MS Windows Defender to no avail. I'm not working through them any longer. Glad to be "loyal" to LDForums. I promise to take no additional actions other than as directed here!  :goodie:
--
DeanZF
aka PastyWhiteGuy

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15973
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Win7Pro, 2-14 Update problems
« Reply #4 on: February 20, 2012, 04:03:01 PM »
Hi, DeanZF.

Thank you for the rest of that log.  Let's start first with System Restore.
  • Open System Restore by clicking the Start button.
  • In the search box, type System Restore and wait while it loads
  • Click Next at the first prompt where System Restore is explained.
  • The date we are looking for may not appear in the list of results, so please check the box "Show more restore points" and click Next.
  • Select a Date and Time prior to February 14 and click Next.
Note:  System Restore will restart your PC so save any open files and close all programs.

Can you get to Normal mode now?  If not, please try the instructions for starting the computer using LKGC,  Using Last Known Good Configuration.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 75
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #5 on: February 20, 2012, 04:30:44 PM »
says that there ARE no restore points yet and tells me to open system protector, but that set of tabs does not give me an obvious place to create restore points.
--
DeanZF
aka PastyWhiteGuy

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15973
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Win7Pro, 2-14 Update problems
« Reply #6 on: February 20, 2012, 04:45:56 PM »
Windows 7 does not include "System Protector".  That is a fake/rogue, although I do not see signs of it in your logs. 

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:
  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 75
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #7 on: February 20, 2012, 05:28:28 PM »
What a mess! Running in Safe Mode, one cannot disable AVG. I uninstalled it. Will reinstall after I send this.

Ran ComboFix. Log:

ComboFix 12-02-19.02 - Deanszf 02/20/2012  13:07:42.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3546.2790 [GMT -6:00]
Running from: c:\users\Deanszf\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\VDM93BB.tmp
C:\VDM93BC.tmp
C:\VDME6D1.tmp
C:\VDME6E1.tmp
c:\windows\system32\SET8809.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-20 to 2012-02-20  )))))))))))))))))))))))))))))))
.
.
2012-02-20 03:36 . 2012-02-20 03:39   --------   d-----w-   C:\rsit
2012-02-20 03:36 . 2012-02-20 03:37   --------   d-----w-   c:\program files\trend micro
2012-02-19 21:09 . 2012-01-17 10:39   6557240   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FFF8926-C54E-46F0-ACA8-9CC638100564}\mpengine.dll
2012-02-17 15:52 . 2011-12-14 02:50   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-02-17 15:52 . 2011-12-14 03:32   141112   ----a-w-   c:\program files\Internet Explorer\sqmapi.dll
2012-02-17 15:52 . 2011-12-14 03:04   1798656   ----a-w-   c:\windows\system32\jscript9.dll
2012-02-17 15:52 . 2011-12-14 02:54   194048   ----a-w-   c:\program files\Internet Explorer\IEShims.dll
2012-02-17 15:52 . 2011-12-14 02:57   1127424   ----a-w-   c:\windows\system32\wininet.dll
2012-02-17 15:51 . 2011-12-14 02:59   678912   ----a-w-   c:\program files\Internet Explorer\iedvtool.dll
2012-02-17 15:51 . 2011-12-14 02:56   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-02-16 06:49 . 2012-02-16 06:49   --------   d-----w-   c:\program files\ReflexiveArcade
2012-02-15 03:50 . 2011-12-30 05:27   478720   ----a-w-   c:\windows\system32\timedate.cpl
2012-02-15 03:50 . 2011-12-16 07:52   690688   ----a-w-   c:\windows\system32\msvcrt.dll
2012-02-15 03:50 . 2012-01-04 08:58   442880   ----a-w-   c:\windows\system32\ntshrui.dll
2012-02-15 03:49 . 2012-01-14 03:35   2343424   ----a-w-   c:\windows\system32\win32k.sys
2012-02-05 13:23 . 2012-02-05 13:23   --------   d-----w-   c:\program files\MSXML 4.0
2012-02-05 05:01 . 2012-02-05 05:01   --------   d-----w-   c:\users\Deanszf\AppData\Roaming\Nuance
2012-02-04 19:06 . 2012-02-04 19:06   --------   d-----w-   c:\users\Deanszf\AppData\Roaming\FLEXnet
2012-02-04 19:04 . 2012-02-04 19:04   --------   d-----w-   c:\program files\Common Files\IVA
2012-02-04 19:04 . 2012-02-04 19:04   --------   d-----w-   c:\program files\Common Files\Nuance
2012-02-04 18:59 . 2012-02-04 18:59   --------   d-----w-   c:\programdata\Nuance
2012-02-04 18:59 . 2012-02-04 18:59   --------   d-----w-   c:\program files\Nuance
2012-01-27 04:21 . 2012-02-04 18:59   --------   d-----w-   c:\programdata\FLEXnet
2012-01-27 04:20 . 2012-01-27 04:20   --------   d-----w-   c:\program files\Common Files\Macrovision Shared
2012-01-27 04:20 . 2008-04-07 11:38   22872   ----a-r-   c:\windows\system32\AdobePDFUI.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 11:10 . 2010-12-27 16:33   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-02-18 05:16 . 2011-10-17 01:30   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1343400]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2011-06-06 296808]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Deanszf\AppData\Roaming\Mozilla\Firefox\Profiles\1pq0i6wu.default\
FF - prefs.js: browser.startup.homepage - hxxp://zionfire.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3949e&i=23&tp=ab&nt=1&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-20  13:18:26
ComboFix-quarantined-files.txt  2012-02-20 19:18
.
Pre-Run: 263,058,948,096 bytes free
Post-Run: 263,861,444,608 bytes free
.
- - End Of File - - 4B005A49F95B81B9DDD874468226E268
--
DeanZF
aka PastyWhiteGuy

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 75
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #8 on: February 20, 2012, 06:47:27 PM »
I've reinstalled AVG 2012 (sigh) after running ComboFix. I looked for a new restore point and it says the only restore point is 2/20.

Do I need to re-run ComboFix or something else? I'd love to go back to 2/13.

I am running in normal mode at the moment, but FireFox continues to show up very often as not responding. Many hesitations, even writing this post. 5-10 seconds to add a period to the end of the sentence.
--
DeanZF
aka PastyWhiteGuy

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15973
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Win7Pro, 2-14 Update problems
« Reply #9 on: February 20, 2012, 09:40:50 PM »
I hope you didn't include AVG PC Tuneup 2011 in the reinstall.  I'll hold off on the registry cleaner "lecture" for the moment and only stay that they do more damage than good.  I specifically don't think I'd feel confident with an AVG registry cleaner when AVG left files behind when you did the uninstall before running ComboFix the first time.

I will want you to run ComboFix again, but let's hold off for the moment.  Since you located a restore point, I'd like you to try something else.
  • Relaunch System Restore.
  • Seeing only the date of 2/20, first try clicking "Show more restore points".
  • If none appear, click back and click "Scan for affected programs".
  • Should any affected programs be listed, if the date is prior to 2/14, try that restore point.
  • If none appear, click Close on that window and again click "Show more restore points".

Hopefully, this time you will get earlier restore points.

Following that, please uninstall the left-behind Java(TM) 6 Update 20 and update the remaining version Java SE Runtime Environment 6u31.

I see that the version of Firefox installed is outdated.  What version of Firefox do you have installed?  The current release is Firefox 10.0.2 and includes security updates.

Next, please go here to run an on-line scan from ESET.
  • Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 75
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #10 on: February 20, 2012, 11:40:15 PM »
Okay. To the best of my knowledge, I did not include the PC Tuneup 2011. I don't do registry things without specific instructions!

Did ComboFix again and did not get a better date.
Got rid of the Java Update 20 and did the Java SE RE 31.

FireFox is 10.0.2, and Java Console for FF also updated.

Ran ESET. 80 minutes into the scan, with 1/8" at the end of the progress bar remaining, it crashed. :cry:

The only part of the log that was on the drive was:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

It was WAY down into the end of the windows files, past system32. It did find five instances of OpenCandy. The ESET site says that it will find this and that it may or may not be a threat. Actually four instances and a variant on it something about CoreD?? The blue screen of freezing death hit and the computer restarted. Should I start the ESET again?? It was in stage 3 of 4.

Thanks for your patient help with this thing.   :blink:
--
DeanZF
aka PastyWhiteGuy

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15973
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Win7Pro, 2-14 Update problems
« Reply #11 on: February 21, 2012, 12:53:04 AM »
Open Candy is Adware.  Undesirable but not damaging.  I'd like to see the ESET results but why don't you try a full system scan with AVG first to see if it finds something.  If it doesn't find anything, then try ESET again after a shutdown/restart.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 75
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #12 on: February 21, 2012, 01:13:13 AM »
Did a scan with AVG. Found nothing.

After the freeze in ESET and the self-initiated restart, I'm back in safe mode and am running the ESET again. 44 minutes in, 88500 files scanned thus far. More when it finishes.

Thanks.
--
DeanZF
aka PastyWhiteGuy

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 75
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #13 on: February 21, 2012, 01:42:26 AM »
ESET scan was again quite long, but successful this time. It paused for a VERY long time, sufficiently long that IE thought it was non-responsive and offered to restart the window for me. At least it waited until the scan was completed.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=021e831794c6fc41b03ad4ea25b5a4a1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-21 03:36:34
# local_time=2012-02-20 09:36:34 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 11554041 11554041 0 0
# compatibility_mode=5893 16776574 100 94 0 81336139 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=144149
# found=5
# cleaned=0
# scan_time=4045
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll   Win32/OpenCandy application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Deanszf\AppData\Roaming\OpenCandy\OpenCandy_8B10B76F11484E29A43CA4F1A1915B72\GameHouseSupercollapse3_p1v7.exe   Win32/OpenCandy application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Deanszf\Downloads\cnet_setupcalorietrackerA_exe.exe   a variant of Win32/InstallCore.D application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Deanszf\Downloads\CNET_TechTracker_2_0_4_Setup.exe   Win32/OpenCandy application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Deanszf\Downloads\MusicnotesSuite.exe   Win32/OpenCandy application (unable to clean)   00000000000000000000000000000000   I

That's all I have. I hope it's a complete scan.

Thanks!!
--
DeanZF
aka PastyWhiteGuy

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 15973
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Win7Pro, 2-14 Update problems
« Reply #14 on: February 21, 2012, 10:03:19 PM »
Thank you, DeanZF. 

Fortunately, the only finding was OpenCandy, which we'll address with ComboFix.  I suggest that where possible you go to the vendor site rather than third-party sites to download programs.  (See Win32/InstallCore.D + Win32/OpenCandy - CNET CNET TechTracker Forums)

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:
Code: [Select]
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

File::
MusicnotesSuite.exe
CNET_TechTracker_2_0_4_Setup.exe
cnet_setupcalorietrackerA_exe.exe
OCSetupHlp.dll

Folder::
C:\Users\Deanszf\AppData\Roaming\OpenCandy
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.




  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.