Author Topic: Win7Pro, 2-14 Update problems  (Read 4282 times)

0 Members and 1 Guest are viewing this topic.

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 66
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Win7Pro, 2-14 Update problems
« on: February 20, 2012, 02:24:45 AM »
I'm thrilled to be back in the presence of greatness. I so appreciate the many volunteers who have assisted here and at AdAware and elsewhere. The help that I've received before from AdAware and HiJackThis and  has saved my bacon more than once. So, thanks in advance and KUDOS to y'all. :Hammys pint:

I have Win7Pro, SP1. It was a fresh install in January 2011, completely updated at that time. MS Office 2003 was loaded next, again with all updates. Then AVG was added. That was upgraded to AVG2012 earlier this month.

When the 2/14 update was made available, it did not completely finalize the update. On 2/15 and 2/16, the updater asked if I wanted to restart. I did restart each time and both times it did not complete the update. On 2/17, the updater did not ask, it just restarted the machine. Since that time, I've not been able to run ANYTHING in normal windows mode. I am currently able to run only in Safe Mode w/networking. Everything in normal mode freezes before loading or in mid-action.

I did not in any way edit the various txt files and think that I've provided all requested info.

After all of this is over, I am seriously considering ditching AVG as my anti-virus and going back to Symantec/Norton AV. I'd love to hear your thoughts. (should that be a separate topic?? :confused: )

CHECKUP:

 Results of screen317's Security Check version 0.99.31 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 9 
``````````````````````````````
Antivirus/Firewall Check:

 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
 AVG 2012     
 AVG PC Tuneup 2011   
 MuseScore 1.1 MuseScore score typesetter 
 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

 SUPERAntiSpyware     
 AVG PC Tuneup 2011 
 Java(TM) 6 Update 20 
 Java(TM) 6 Update 29 
 Java version out of date!
 Adobe Flash Player    11.1.102.55 
 Adobe Reader X (10.1.2)
 Mozilla Firefox (Firefox,.. Firefox out of Date! 
````````````````````````````````
Process Check: 
objlist.exe by Laurent

``````````End of Log````````````

LOG.TXT

Logfile of random's system information tool 1.09 (written by random/random)
Run by Deanszf at 2012-02-19 21:36:34
Microsoft Windows 7 Professional  Service Pack 1
System drive C: has 251 GB (82%) free of 305 GB
Total RAM: 3546 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:37:11 PM, on 2/19/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Deanszf\Downloads\RSIT.exe
C:\Program Files\trend micro\Deanszf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Dragon Service (DragonSvc) - Nuance Communications, Inc. - C:\Program Files\Common Files\Nuance\dgnsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--
End of file - 5817 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Deanszf\AppData\Roaming\Mozilla\Firefox\Profiles\1pq0i6wu.default

prefs.js - "browser.search.useDBForOrder" -  true
prefs.js - "browser.startup.homepage" -  "http://zionfire.com/"
prefs.js - "extensions.enabledItems" -  "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10, {578e7caa-210f-4967-a0d3-88fe5b59a39f}:0.8.5, {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.10, {1C7CCF7A-ECB8-4CE5-B5D1-A4FA477A7242}:0.3.6, {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.5, {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.6.3, rehostimage@engy.us:1.5.3, {3EC9C995-8072-4fc0-953E-4F30620D17F3}:2.0.0.4, {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704, {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.4.3, {89f8dde0-010a-11da-8cd6-0800200c9a66}:1.0.1, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, amznUWL2@amazon.com:1.7, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, savedpasswordeditor@daniel.dawson:2.2.5, {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1829, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.23"
prefs.js - "keyword.URL" -  "http://search.avg.com/?d=4dc3949e&i=23&tp=ab&nt=1&q="

"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer]
"Description"=Musicnotes Viewer Plugin
"Path"=C:\Program Files\Musicnotes\npmusicn.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Sibelius.com/Scorch Plugin]
"Description"=Sibelius Scorch Plugin
"Path"=C:\Program Files\Musicnotes\npsibelius.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFFICE.DLL
nppdf32.DEU
nppdf32.dll
nppdf32.FRA
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
avg_igeared.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Deanszf\AppData\Roaming\Mozilla\Firefox\Profiles\1pq0i6wu.default\extensions\
{1C7CCF7A-ECB8-4CE5-B5D1-A4FA477A7242}
{3EC9C995-8072-4fc0-953E-4F30620D17F3}
{5546F97E-11A5-46b0-9082-32AD74AAA920}
{578e7caa-210f-4967-a0d3-88fe5b59a39f}
{89f8dde0-010a-11da-8cd6-0800200c9a66}
{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
{ada4b710-8346-4b82-8199-5de2b400a6ae}
{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-01-24 2416480]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2010-04-05 288040]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 137752]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 171032]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 172568]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"DNS7reminder"=C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [2010-10-27 328992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2011-06-05 222496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"msacm.trspch"=tssoft32.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"msacm.pspgru"=pspgru.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-02-19 21:36:34 ----D---- C:\rsit
2012-02-19 21:36:34 ----D---- C:\Program Files\trend micro
2012-02-17 22:14:52 ----N---- C:\bootsqm.dat
2012-02-17 09:52:03 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-17 09:52:02 ----A---- C:\Windows\system32\jscript.dll
2012-02-17 09:52:02 ----A---- C:\Windows\system32\iertutil.dll
2012-02-17 09:52:01 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-17 09:52:01 ----A---- C:\Windows\system32\jscript9.dll
2012-02-17 09:52:00 ----A---- C:\Windows\system32\wininet.dll
2012-02-17 09:52:00 ----A---- C:\Windows\system32\url.dll
2012-02-17 09:52:00 ----A---- C:\Windows\system32\ieui.dll
2012-02-17 09:51:58 ----A---- C:\Windows\system32\mshtml.dll
2012-02-17 09:51:57 ----A---- C:\Windows\system32\urlmon.dll
2012-02-17 09:51:57 ----A---- C:\Windows\system32\ieframe.dll
2012-02-16 00:49:42 ----D---- C:\Program Files\ReflexiveArcade
2012-02-15 11:11:23 ----A---- C:\Windows\ntbtlog.txt
2012-02-14 21:50:02 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-14 21:50:00 ----A---- C:\Windows\system32\shell32.dll
2012-02-14 21:50:00 ----A---- C:\Windows\system32\ntshrui.dll
2012-02-14 21:49:59 ----A---- C:\Windows\system32\win32k.sys
2012-02-05 07:23:49 ----D---- C:\Program Files\MSXML 4.0
2012-02-04 23:20:49 ----A---- C:\Users\Deanszf\AppData\Roaming\SAS7_000.DAT
2012-02-04 23:01:30 ----D---- C:\Users\Deanszf\AppData\Roaming\Nuance
2012-02-04 13:06:06 ----D---- C:\Users\Deanszf\AppData\Roaming\FLEXnet
2012-02-04 13:04:24 ----D---- C:\Program Files\Common Files\IVA
2012-02-04 13:04:02 ----D---- C:\Program Files\Common Files\Nuance
2012-02-04 12:59:36 ----D---- C:\ProgramData\Nuance
2012-02-04 12:59:36 ----D---- C:\Program Files\Nuance
2012-01-26 22:21:01 ----D---- C:\ProgramData\FLEXnet
2012-01-26 22:20:25 ----D---- C:\Program Files\Common Files\Macrovision Shared
2012-01-26 22:20:07 ----RA---- C:\Windows\system32\AdobePDFUI.dll

======List of files/folders modified in the last 1 month======

2012-02-19 21:37:07 ----D---- C:\Windows\Temp
2012-02-19 21:36:34 ----RD---- C:\Program Files
2012-02-19 14:49:09 ----D---- C:\Windows\system32\config
2012-02-19 14:49:01 ----D---- C:\Windows\system32\drivers\AVG
2012-02-18 00:11:20 ----D---- C:\Windows\Microsoft.NET
2012-02-18 00:06:42 ----D---- C:\Windows\system32\catroot2
2012-02-18 00:06:26 ----D---- C:\Windows\Minidump
2012-02-18 00:06:21 ----D---- C:\Windows
2012-02-17 23:23:01 ----D---- C:\Windows\Prefetch
2012-02-17 23:16:21 ----D---- C:\Program Files\Mozilla Firefox
2012-02-17 21:49:57 ----RSD---- C:\Windows\assembly
2012-02-17 21:47:35 ----D---- C:\ProgramData\MFAData
2012-02-17 21:43:31 ----D---- C:\Windows\winsxs
2012-02-17 21:41:50 ----SHD---- C:\System Volume Information
2012-02-17 21:38:32 ----D---- C:\Windows\System32
2012-02-17 21:38:30 ----D---- C:\Windows\system32\migration
2012-02-17 21:38:28 ----D---- C:\Program Files\Internet Explorer
2012-02-16 10:27:27 ----SHD---- C:\Windows\Installer
2012-02-16 10:26:35 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-15 10:35:01 ----D---- C:\BB
2012-02-15 10:26:38 ----A---- C:\Windows\system32\MRT.exe
2012-02-15 10:23:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-02-15 10:23:09 ----D---- C:\Windows\inf
2012-02-15 10:21:35 ----D---- C:\Windows\system32\catroot
2012-02-15 10:20:52 ----A---- C:\Windows\win.ini
2012-02-11 00:55:12 ----AD---- C:\ProgramData\TEMP
2012-02-04 13:05:57 ----D---- C:\Windows\Speech
2012-02-04 13:04:24 ----D---- C:\Program Files\Common Files
2012-02-04 12:59:36 ----HD---- C:\ProgramData
2012-01-29 05:10:42 ----N---- C:\Windows\system32\MpSigStub.exe
2012-01-27 10:38:35 ----D---- C:\Users\Deanszf\AppData\Roaming\Adobe
2012-01-26 22:20:26 ----D---- C:\ProgramData\Adobe
2012-01-26 22:20:26 ----D---- C:\Program Files\Common Files\Adobe
2012-01-26 22:20:17 ----D---- C:\Windows\system32\DriverStore
2012-01-26 22:18:15 ----RSD---- C:\Windows\Fonts
2012-01-26 22:17:11 ----D---- C:\Program Files\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-06-15 461080]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 48128]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows x86; C:\Windows\system32\DRIVERS\Apfiltr.sys [2010-04-15 252536]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-07 2506232]
R3 vpcbus;Virtual PC Host Bus Service; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 172416]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 296064]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-13 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-13 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-13 53312]
S3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
S3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
S3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-02-11 9036800]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-13 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-13 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-13 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 vpcusb;USB Virtualization Connector Service; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 78336]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S2 DragonSvc;Dragon Service; C:\Program Files\Common Files\Nuance\dgnsvc.exe [2011-06-05 296808]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-01-26 651720]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-27 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1343400]

-----------------EOF-----------------

INFO.TXT

info.txt logfile of random's system information tool 1.09 2012-02-19 21:37:13

======Uninstall list======

Adobe Acrobat  9 Standard - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-BA7E-000000000004}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -maintain plugin
Adobe Reader X (10.1.2)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Adobe Shockwave Player 11.6-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Amazon MP3 Downloader 1.0.12-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AmpliTube X-GEAR-->C:\Program Files\InstallShield Installation Information\{21E77392-C30A-4AA2-8CA7-5728316939D6}\setup.exe

-runfromtemp -l0x0009 uninstall -removeonly
Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
AVG 2012-->"C:\Program Files\AVG\AVG2012\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2012-->MsiExec.exe /I{083E0D59-B6B4-4570-AA0A-37F5B4526CF5}
AVG 2012-->MsiExec.exe /I{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}
AVG PC Tuneup 2011-->"C:\Program Files\AVG\AVG PC Tuneup 2011\unins000.exe"
Band-in-a-Box Server-->"C:\bb\BBHelper\unins000.exe"
Calorie Balance Tracker 4.0.8-->C:\Program Files\Calorie Balance Tracker\uninst.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CoyoteWT 1.1-->"C:\Program Files\Coyote\CoyoteWT\unins000.exe"
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dragon NaturallySpeaking 11-->MsiExec.exe /I{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}
Intel(R) Rapid Storage Technology-->C:\Program Files\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020F0}
Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe

/repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-

E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Mozilla Firefox 10.0.2 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MuseScore 1.1 MuseScore score typesetter-->C:\Program Files\MuseScore\Uninstall.exe
Musicnotes Software Suite 1.5.5-->"C:\Program Files\Musicnotes\unins000.exe"
openlp.org 1.2.8-->"C:\Program Files\openlp.org\unins000.exe"
OpenOffice.org 3.2-->MsiExec.exe /I{5A13987D-55F4-4271-A40E-76AC9B1B38FD}
PDF-Viewer-->"C:\Program Files\Tracker Software\PDF Viewer\unins000.exe"
PG Music DirectX Plugins 2.0.0.0-->"C:\Program Files\PowerTracks DirectX Plugins\unins000.exe"
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
RealTracks Shots and Holds 1-->"C:\bb\uninstall\unins006.exe"
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework

\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework

\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework

\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework

\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework

\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework

\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework

\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client
Sibelius Scorch (Firefox, Opera, Netscape only)-->MsiExec.exe /I{10ABE49D-343A-463E-9753-C4C5A05ECEF9}
SmartFTP Client 4.0 Setup Files (remove only)-->C:\Program Files\SmartFTP Client 4.0 Setup Files\uninst-sftp.exe
SmartFTP Client-->MsiExec.exe /X{A78DC0F4-E093-4715-9843-06053F43A8C3}
SONAR X1 Essential-->"C:\Program Files\Cakewalk\SONAR X1 Essential\unins000.exe"
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
TSP_CODEC-->C:\Program Files\Bytescribe\TSP_CODEC\Uninst.exe /pid:{A90C03D6-08E1-4C59-B93B-6919A6C0AC19} /asd
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache

\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache

\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking-->MsiExec.exe /I{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows XP Mode-->MsiExec.exe /X{1374CC63-B520-4f3f-98E8-E9020BF01CFF}

======System event log======

Computer Name: DeanZF-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Ide\IdePort0.
Record Number: 96308
Source Name: atapi
Time Written: 20110809151906.089182-000
Event Type: Error
User:

Computer Name: DeanZF-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Ide\IdePort0.
Record Number: 96307
Source Name: atapi
Time Written: 20110809151906.089182-000
Event Type: Error
User:

Computer Name: DeanZF-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Ide\IdePort0.
Record Number: 96306
Source Name: atapi
Time Written: 20110809151906.089182-000
Event Type: Error
User:

Computer Name: DeanZF-PC
Event Code: 11
Message: The driver detected a controller error on \Device\Ide\IdePort0.
Record Number: 96305
Source Name: atapi
Time Written: 20110809151906.089182-000
Event Type: Error
User:

Computer Name: DeanZF-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
discache
Record Number: 96296
Source Name: Service Control Manager
Time Written: 20110809151853.999161-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Deanszf-PC
Event Code: 11935
Message: Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 -- Error 1935.An error occurred during the

installation of assembly

'Microsoft.VC90.ATL,version="9.0.30729.4148",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="x86",type="win32"'.

Please refer to Help and Support for more information. HRESULT: 0x80070BC9. assembly interface: IAssemblyCacheItem,

function: Commit, component: {A75F2217-AD54-3EA6-AE14-F255F8660531}
Record Number: 227
Source Name: MsiInstaller
Time Written: 20101227163108.000000-000
Event Type: Error
User: DEANZF-PC\Deanszf

Computer Name: Deanszf-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 222
Source Name: MsiInstaller
Time Written: 20101227163052.000000-000
Event Type: Warning
User: DEANZF-PC\Deanszf

Computer Name: Deanszf-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x800401F0
Record Number: 217
Source Name: MsiInstaller
Time Written: 20101227162550.000000-000
Event Type: Warning
User: DEANZF-PC\Deanszf

Computer Name: Deanszf-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded

now. The applications or services that hold your registry file may not function properly afterwards. 

 DETAIL -
 1 user registry handles leaked from \Registry\User\S-1-5-21-562926445-1954571338-4195596783-1000:
Process 420 (\Device

\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-562926445-1954571338-4195596783-1000

Record Number: 197
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101227161849.033673-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Deanszf-PC
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 121
Source Name: Microsoft-Windows-Search
Time Written: 20101228041450.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: DeanZF-PC
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 13502
Source Name: Microsoft-Windows-Eventlog
Time Written: 20110424122354.959443-000
Event Type: Audit Success
User:

Computer Name: DeanZF-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7

Privileges:      SeAssignPrimaryTokenPrivilege
         SeTcbPrivilege
         SeSecurityPrivilege
         SeTakeOwnershipPrivilege
         SeLoadDriverPrivilege
         SeBackupPrivilege
         SeRestorePrivilege
         SeDebugPrivilege
         SeAuditPrivilege
         SeSystemEnvironmentPrivilege
         SeImpersonatePrivilege
Record Number: 13501
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110424122347.892630-000
Event Type: Audit Success
User:

Computer Name: DeanZF-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
   Security ID:      S-1-5-18
   Account Name:      DEANZF-PC$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7

Logon Type:         5

New Logon:
   Security ID:      S-1-5-18
   Account Name:      SYSTEM
   Account Domain:      NT AUTHORITY
   Logon ID:      0x3e7
   Logon GUID:      {00000000-0000-0000-0000-000000000000}

Process Information:
   Process ID:      0x274
   Process Name:      C:\Windows\System32\services.exe

Network Information:
   Workstation Name:   
   Source Network Address:   -
   Source Port:      -

Detailed Authentication Information:
   Logon Process:      Advapi 
   Authentication Package:   Negotiate
   Transited Services:   -
   Package Name (NTLM only):   -
   Key Length:      0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such

as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be

left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
   - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 13500
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110424122347.892630-000
Event Type: Audit Success
User:

Computer Name: DeanZF-PC
Event Code: 4647
Message: User initiated logoff:

Subject:
   Security ID:      S-1-5-21-562926445-1954571338-4195596783-1000
   Account Name:      Deanszf
   Account Domain:      DEANZF-PC
   Logon ID:      0x14d71

This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be

interpreted as a logoff event.
Record Number: 13499
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110424122347.128229-000
Event Type: Audit Success
User:

Computer Name: DeanZF-PC
Event Code: 5061
Message: Cryptographic operation.

Subject:
   Security ID:      S-1-5-18
   Account Name:      DEANZF-PC$
   Account Domain:      WORKGROUP
   Logon ID:      0x3e7

Cryptographic Parameters:
   Provider Name:   Microsoft Software Key Storage Provider
   Algorithm Name:   RSA
   Key Name:   {61D33043-3C50-44BA-B0C9-2E41916C11D9}
   Key Type:   Machine key.

Cryptographic Operation:
   Operation:   Open Key.
   Return Code:   0x0
Record Number: 13498
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110424120919.794847-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%

\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Windows Live\Shared;C:\Program Files

\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

DDS.TXT

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_29
Run by Deanszf at 21:48:20 on 2012-02-19
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3546.2648 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Deanszf\Desktop\SecurityCheck.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\notepad.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex

\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared

\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe

\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex

\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex

\AcroIEFavClient.dll
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking11\ereg\ereg.exe" -r "c:\programdata\nuance

\naturallyspeaking11\Ereg.ini"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex

\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex

\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:

\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{88B0FCA9-AB75-498D-9147-A9C119EBAEE3} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61

209.18.47.62
TCP: Interfaces\{88B0FCA9-AB75-498D-9147-A9C119EBAEE3}\137373630425164696F6 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{88B0FCA9-AB75-498D-9147-A9C119EBAEE3}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{88B0FCA9-AB75-498D-9147-A9C119EBAEE3}\A55627F677962756 : DhcpNameServer = 208.67.222.222 208.67.220.220

4.2.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\deanszf\appdata\roaming\mozilla\firefox\profiles\1pq0i6wu.default\
FF - prefs.js: browser.startup.homepage - hxxp://zionfire.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3949e&i=23&tp=ab&nt=1&q=
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\users\deanszf\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28

315392]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2011-6-5 296808]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-27 1343400]
.
=============== Created Last 30 ================
.
2012-02-20 03:36:34   --------   d-----w-   c:\program files\trend micro
2012-02-19 21:15:19   56200   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{2fff8926-c54e-

46f0-aca8-9cc638100564}\offreg.dll
2012-02-19 21:09:53   6273872   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\backup

\mpengine.dll
2012-02-19 21:09:50   6557240   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{2fff8926-c54e-

46f0-aca8-9cc638100564}\mpengine.dll
2012-02-19 02:40:34   --------   d-----w-   c:\users\deanszf\appdata\local\{9A008C79-8297-40D2-9BBE-35CB52C62ACF}
2012-02-19 02:40:24   --------   d-----w-   c:\users\deanszf\appdata\local\{0BAC75BA-AFB3-419B-B69C-D65AA572F2C6}
2012-02-17 16:32:50   --------   d-----w-   c:\users\deanszf\appdata\local\{2DAA52A8-3BF7-4FA2-A37B-673C060DCF0A}
2012-02-17 16:32:40   --------   d-----w-   c:\users\deanszf\appdata\local\{91320E5E-ED1A-4686-8A1A-A8A75C585027}
2012-02-17 15:52:03   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-02-17 15:52:02   141112   ----a-w-   c:\program files\internet explorer\sqmapi.dll
2012-02-17 15:52:01   194048   ----a-w-   c:\program files\internet explorer\IEShims.dll
2012-02-17 15:52:01   1798656   ----a-w-   c:\windows\system32\jscript9.dll
2012-02-17 15:52:00   1127424   ----a-w-   c:\windows\system32\wininet.dll
2012-02-17 15:51:59   678912   ----a-w-   c:\program files\internet explorer\iedvtool.dll
2012-02-17 15:51:57   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-02-17 04:32:28   --------   d-----w-   c:\users\deanszf\appdata\local\{4FE8F7BE-E7C8-418A-9528-B642EDF5CA4A}
2012-02-17 04:32:17   --------   d-----w-   c:\users\deanszf\appdata\local\{5688EF1B-39FF-4E31-981D-6D5655C9572F}
2012-02-16 16:31:52   --------   d-----w-   c:\users\deanszf\appdata\local\{C0B608E7-6E68-4D2B-9EC9-FDFFB8BE625C}
2012-02-16 16:31:41   --------   d-----w-   c:\users\deanszf\appdata\local\{E080D129-29D5-4906-9768-074A8517572D}
2012-02-16 06:49:42   --------   d-----w-   c:\program files\ReflexiveArcade
2012-02-16 04:31:29   --------   d-----w-   c:\users\deanszf\appdata\local\{C9ABE47B-344B-4939-925C-80E2AE53E0FE}
2012-02-16 04:31:19   --------   d-----w-   c:\users\deanszf\appdata\local\{6DED878D-6B94-455B-B10F-314AB9D9FC84}
2012-02-15 16:30:54   --------   d-----w-   c:\users\deanszf\appdata\local\{226B2AE3-EAB8-4F69-AAEB-7F13E0738529}
2012-02-15 16:29:19   --------   d-----w-   c:\users\deanszf\appdata\local\{716398BB-9B42-4FE4-A3EE-7FD957E5A25F}
2012-02-15 04:28:20   --------   d-----w-   c:\users\deanszf\appdata\local\{03DBED07-5C1E-4249-80D8-108A0CE157F4}
2012-02-15 04:28:09   --------   d-----w-   c:\users\deanszf\appdata\local\{7105EA50-A77D-42DE-AF15-BA6E88FA4E90}
2012-02-15 03:50:09   478720   ----a-w-   c:\windows\system32\timedate.cpl
2012-02-15 03:50:02   690688   ----a-w-   c:\windows\system32\msvcrt.dll
2012-02-15 03:50:00   442880   ----a-w-   c:\windows\system32\ntshrui.dll
2012-02-15 03:49:59   2343424   ----a-w-   c:\windows\system32\win32k.sys
2012-02-14 16:27:58   --------   d-----w-   c:\users\deanszf\appdata\local\{11E6C629-11A4-4B71-9134-FECB131C6CCE}
2012-02-14 16:27:48   --------   d-----w-   c:\users\deanszf\appdata\local\{82324B76-9B02-45DC-B4F1-758575C8AA39}
2012-02-14 04:09:00   --------   d-----w-   c:\users\deanszf\appdata\local\{40ED77DC-5424-43A3-800A-C80781B2F3B1}
2012-02-14 04:08:49   --------   d-----w-   c:\users\deanszf\appdata\local\{8B5486AD-B954-4980-875E-943BFF940A40}
2012-02-13 16:08:37   --------   d-----w-   c:\users\deanszf\appdata\local\{7E749C52-CF4A-426C-83E2-666AEC98CBE2}
2012-02-13 16:08:27   --------   d-----w-   c:\users\deanszf\appdata\local\{68384653-BE9E-489D-AEC3-BCE1F0606756}
2012-02-13 03:32:38   --------   d-----w-   c:\users\deanszf\appdata\local\{860CCECD-0F13-4E27-A689-D5AEE3CE8571}
2012-02-13 03:32:28   --------   d-----w-   c:\users\deanszf\appdata\local\{73483A00-7842-4DF2-ADA0-E215803F380F}
2012-02-12 21:23:11   --------   d-----w-   c:\users\deanszf\appdata\local\{205A25EF-D324-455F-839E-CE99955148A6}
2012-02-12 06:13:58   --------   d-----w-   c:\users\deanszf\appdata\local\{158E515B-3028-4C64-9D35-655942816E4E}
2012-02-12 06:13:47   --------   d-----w-   c:\users\deanszf\appdata\local\{7732C155-BF5F-43B0-A0F2-B32FFD379ED7}
2012-02-11 18:07:26   --------   d-----w-   c:\users\deanszf\appdata\local\{7F766E60-4AA0-44A1-BB2A-11E8906E7A3C}
2012-02-11 18:07:18   --------   d-----w-   c:\users\deanszf\appdata\local\{2A5CF97F-5484-425F-B069-C28F0DC35EC9}
2012-02-11 05:08:30   --------   d-----w-   c:\users\deanszf\appdata\local\{F1BFB50F-C501-4722-BB91-3E8D5B580475}
2012-02-11 05:08:16   --------   d-----w-   c:\users\deanszf\appdata\local\{468A8932-74C7-4989-8B44-7D1DFE04D71C}
2012-02-10 05:08:36   --------   d-----w-   c:\users\deanszf\appdata\local\{F61D4277-0833-414B-B0BA-F7B413BDFCE0}
2012-02-10 05:08:26   --------   d-----w-   c:\users\deanszf\appdata\local\{746C6CF3-5D20-47EC-A5AE-915980DBF886}
2012-02-09 17:08:15   --------   d-----w-   c:\users\deanszf\appdata\local\{7EA29C6B-C3F2-405E-AF32-0014E60E6C21}
2012-02-09 17:08:04   --------   d-----w-   c:\users\deanszf\appdata\local\{CF566871-8471-4729-8ED9-B7BE3CB9702A}
2012-02-09 05:07:53   --------   d-----w-   c:\users\deanszf\appdata\local\{754679F0-EA6E-4338-8F16-B30FB5A9934F}
2012-02-09 05:07:42   --------   d-----w-   c:\users\deanszf\appdata\local\{2F04CBEF-2771-47B5-9727-636B240D78F5}
2012-02-08 17:07:31   --------   d-----w-   c:\users\deanszf\appdata\local\{0D883FBE-3C7B-48D9-BC2E-191A4FFA95AE}
2012-02-08 17:07:22   --------   d-----w-   c:\users\deanszf\appdata\local\{79661749-E5B7-451E-B318-9F8C943F7EFD}
2012-02-08 03:39:44   --------   d-----w-   c:\users\deanszf\appdata\local\{2E575AFC-E332-46E2-A8C0-E4E1D5F6156C}
2012-02-08 03:39:34   --------   d-----w-   c:\users\de
--
DeanZF
aka PastyWhiteGuy

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14675
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Win7Pro, 2-14 Update problems
« Reply #1 on: February 20, 2012, 02:49:08 PM »
Hi, DeanZF.  Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Quote
When the 2/14 update was made available, it did not completely finalize the update.

Have you attempted a system restore point prior to the February 14th updates?  When originally released, there was a problem with the Silverlight update, although it was a "failure to install" message, which was quickly repaired.  In addition, I always recommend installing .NET Framework updates separately from other updates.  While many people have no problems with .NET Framework updates, for some reason, others do.

The DDS.txt log got cut off by the forum software.  Please copy/paste the remainder of the log following 2012-02-08 03:39:44   --------   d-----w-   c:\users\deanszf\appdata\local\{2E575AFC-E332-46E2-A8C0-E4E1D5F6156C} to the end.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 66
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #2 on: February 20, 2012, 03:04:47 PM »
As requested, the rest of that log:

2012-02-08 03:39:34   --------   d-----w-   c:\users\deanszf\appdata\local\{B42D7D0A-0777-41B4-804A-159726DFE37C}
2012-02-07 04:18:41   --------   d-----w-   c:\users\deanszf\appdata\local\{FBCAFD6C-95F2-4059-8832-2944C5DB0EA4}
2012-02-07 04:18:30   --------   d-----w-   c:\users\deanszf\appdata\local\{BCBED0D9-5094-4C7D-BE36-E2CB599909E6}
2012-02-06 16:18:15   --------   d-----w-   c:\users\deanszf\appdata\local\{896AE353-D57E-4173-8420-7ED6E2AB2877}
2012-02-06 16:18:02   --------   d-----w-   c:\users\deanszf\appdata\local\{EF2FCAF2-ABC6-4FBE-B33F-09BE69FEC769}
2012-02-05 19:42:14   --------   d-----w-   c:\users\deanszf\appdata\local\{0D5BFB48-D3ED-457C-A72B-F220DB836317}
2012-02-05 19:42:04   --------   d-----w-   c:\users\deanszf\appdata\local\{77DA27CB-1E8A-48CB-AF87-831B711209D4}
2012-02-05 13:23:49   --------   d-----w-   c:\program files\MSXML 4.0
2012-02-05 06:13:15   --------   d-----w-   c:\users\deanszf\appdata\local\{7C48287C-3840-4479-A725-4933413DB2F1}
2012-02-05 06:13:05   --------   d-----w-   c:\users\deanszf\appdata\local\{8F59CB11-2CC7-4BC5-AB4A-AF9A1380BDB5}
2012-02-05 05:01:30   --------   d-----w-   c:\users\deanszf\appdata\roaming\Nuance
2012-02-04 19:06:06   --------   d-----w-   c:\users\deanszf\appdata\roaming\FLEXnet
2012-02-04 19:04:24   --------   d-----w-   c:\program files\common files\IVA
2012-02-04 19:04:02   --------   d-----w-   c:\program files\common files\Nuance
2012-02-04 18:59:36   --------   d-----w-   c:\programdata\Nuance
2012-02-04 18:59:36   --------   d-----w-   c:\program files\Nuance
2012-02-04 18:12:40   --------   d-----w-   c:\users\deanszf\appdata\local\{74FA868D-401C-49E8-A2E3-D6A2A35BE046}
2012-02-04 18:12:21   --------   d-----w-   c:\users\deanszf\appdata\local\{AAD7B903-6222-4231-8A3C-9E859BD571B0}
2012-02-04 05:48:23   --------   d-----w-   c:\users\deanszf\appdata\local\{33532CB9-361B-4134-A9AA-7DAEDA474606}
2012-02-04 05:48:02   --------   d-----w-   c:\users\deanszf\appdata\local\{70FCF635-D1AA-44D0-85CB-13645F8E3037}
2012-02-03 17:35:14   --------   d-----w-   c:\users\deanszf\appdata\local\{4FFFEFBA-1FC9-45E6-ADBB-8CBA87CC2BBE}
2012-02-03 17:35:03   --------   d-----w-   c:\users\deanszf\appdata\local\{BA95D1E9-3A68-4289-9DCE-B8004DE4D840}
2012-02-03 05:08:40   --------   d-----w-   c:\users\deanszf\appdata\local\{8DB8B7B0-B98D-4C79-9CFE-0C15A4FC2A46}
2012-02-03 05:08:29   --------   d-----w-   c:\users\deanszf\appdata\local\{14A5167C-22C7-4E42-8CA4-8CC1F914988C}
2012-02-02 17:08:17   --------   d-----w-   c:\users\deanszf\appdata\local\{EB787A15-7859-4114-A0D1-C357EC028832}
2012-02-02 17:08:06   --------   d-----w-   c:\users\deanszf\appdata\local\{07705064-186D-4DE4-9B5A-61EE2D5F144E}
2012-02-02 05:07:54   --------   d-----w-   c:\users\deanszf\appdata\local\{8A8F6294-B073-4A6A-A3B9-69E41DB10D19}
2012-02-02 05:07:43   --------   d-----w-   c:\users\deanszf\appdata\local\{F3743F1E-59CB-4DA8-B3BA-E995BD42863F}
2012-02-01 17:07:31   --------   d-----w-   c:\users\deanszf\appdata\local\{7FE3F963-C83A-4B37-8B88-B3A2552C6C29}
2012-02-01 17:07:21   --------   d-----w-   c:\users\deanszf\appdata\local\{59612B47-5570-446F-BC33-84DA0800E166}
2012-02-01 05:07:09   --------   d-----w-   c:\users\deanszf\appdata\local\{D2C52B97-5514-4A1D-96AA-A77D8DA76A09}
2012-02-01 05:06:57   --------   d-----w-   c:\users\deanszf\appdata\local\{35B93567-3653-4EDE-9D1F-63A970ADA3EF}
2012-01-31 17:06:45   --------   d-----w-   c:\users\deanszf\appdata\local\{944305CB-7DBB-4D85-99B2-F08EA6886E9A}
2012-01-31 17:06:34   --------   d-----w-   c:\users\deanszf\appdata\local\{7470E580-2CFA-479B-A284-4EF2B94D2EBD}
2012-01-31 05:06:22   --------   d-----w-   c:\users\deanszf\appdata\local\{B2076DB1-78DB-4698-B017-37F9437C6C6B}
2012-01-31 05:06:11   --------   d-----w-   c:\users\deanszf\appdata\local\{2486142A-FC3C-41B7-9585-258602564E97}
2012-01-30 17:05:57   --------   d-----w-   c:\users\deanszf\appdata\local\{F2D347F5-DE3F-41AC-A985-30D1A3079277}
2012-01-30 17:05:29   --------   d-----w-   c:\users\deanszf\appdata\local\{37BA1F06-9BE8-494F-9775-24C9C91C33C3}
2012-01-30 04:49:21   --------   d-----w-   c:\users\deanszf\appdata\local\{993BF766-3ABC-4FAE-936B-1C185706F863}
2012-01-30 04:49:11   --------   d-----w-   c:\users\deanszf\appdata\local\{CEBBED22-E2A9-4107-AF79-39D6CD9C1ACF}
2012-01-29 16:40:56   --------   d-----w-   c:\users\deanszf\appdata\local\{601A3795-8787-44AC-A984-869BBCB86C6C}
2012-01-29 04:40:45   --------   d-----w-   c:\users\deanszf\appdata\local\{72605994-A0F0-4ED3-A845-BAC9CA0D8EAE}
2012-01-29 04:40:33   --------   d-----w-   c:\users\deanszf\appdata\local\{030FBE94-D4E9-4D20-B04F-0CB78E1942F7}
2012-01-28 16:40:17   --------   d-----w-   c:\users\deanszf\appdata\local\{F2A249BB-72F3-43B4-AA6C-0605F0E88B57}
2012-01-28 16:40:00   --------   d-----w-   c:\users\deanszf\appdata\local\{2E0A788D-AA17-4C8E-AEF5-DB360F49A61A}
2012-01-28 04:36:23   --------   d-----w-   c:\users\deanszf\appdata\local\{42A5A35B-9039-4CF0-BD50-1B5F17C0FFB9}
2012-01-28 04:36:13   --------   d-----w-   c:\users\deanszf\appdata\local\{5A570E5A-5482-4C53-A0CD-981F406E6594}
2012-01-27 16:36:01   --------   d-----w-   c:\users\deanszf\appdata\local\{8352F7B0-64D0-4EE8-BC0A-F13C4EA6AFC1}
2012-01-27 16:35:49   --------   d-----w-   c:\users\deanszf\appdata\local\{EBBFC1BF-C55B-42E1-886A-3FC58C2BE7FC}
2012-01-27 04:35:37   --------   d-----w-   c:\users\deanszf\appdata\local\{2BB25A46-67E1-4F80-94EF-7F3A9FA570CE}
2012-01-27 04:35:27   --------   d-----w-   c:\users\deanszf\appdata\local\{913C5912-DB11-4D75-9916-39F72AC16E44}
2012-01-27 04:20:25   --------   d-----w-   c:\program files\common files\Macrovision Shared
2012-01-27 04:20:07   22872   ----a-r-   c:\windows\system32\AdobePDFUI.dll
2012-01-26 16:35:02   --------   d-----w-   c:\users\deanszf\appdata\local\{467A71B9-7713-4D00-8A2F-1FC830A5B0B2}
2012-01-26 16:34:48   --------   d-----w-   c:\users\deanszf\appdata\local\{71FDA1DB-E436-416C-9F8D-04DCA21CAD1E}
2012-01-26 04:34:04   --------   d-----w-   c:\users\deanszf\appdata\local\{48E824F3-C00E-44E6-8D43-9953C4B2983D}
2012-01-26 04:33:53   --------   d-----w-   c:\users\deanszf\appdata\local\{5014B2EE-D83E-44E3-AF62-DE7FAC4D2E93}
2012-01-25 16:33:42   --------   d-----w-   c:\users\deanszf\appdata\local\{9C04206D-DD87-432B-85B8-456514962E82}
2012-01-25 16:33:29   --------   d-----w-   c:\users\deanszf\appdata\local\{2C36C459-1FB2-4F55-BFAB-B21111A2D7DE}
2012-01-25 04:18:23   --------   d-----w-   c:\users\deanszf\appdata\local\{CB59DA8A-D9D5-4D6F-8EA9-7EDA4C7E70E4}
2012-01-25 04:18:13   --------   d-----w-   c:\users\deanszf\appdata\local\{822A9A34-4A0E-47BE-87BD-49969734F609}
2012-01-24 16:18:01   --------   d-----w-   c:\users\deanszf\appdata\local\{AE88DC8C-42B8-449C-B3D1-7941F62F55B1}
2012-01-24 16:17:48   --------   d-----w-   c:\users\deanszf\appdata\local\{37EF5FF6-BC29-47CF-9A05-82522E4B76DC}
2012-01-24 03:44:29   --------   d-----w-   c:\users\deanszf\appdata\local\{6B78AE1C-98F0-4505-82A9-2148C9835069}
2012-01-24 03:44:18   --------   d-----w-   c:\users\deanszf\appdata\local\{78DF9519-F71F-40D5-ACA9-18F113721530}
2012-01-23 15:44:07   --------   d-----w-   c:\users\deanszf\appdata\local\{18651752-E39E-4BB6-8E12-14DCA2C35C6C}
2012-01-23 15:43:56   --------   d-----w-   c:\users\deanszf\appdata\local\{33CDBC36-CE08-472F-BC2E-5177024315A2}
2012-01-23 03:43:44   --------   d-----w-   c:\users\deanszf\appdata\local\{35F9A7E2-3A7E-4DE4-BE3D-23A6BA5889A4}
2012-01-23 03:43:34   --------   d-----w-   c:\users\deanszf\appdata\local\{F16B3226-EC1E-4D01-B78A-675C05CAD748}
2012-01-22 15:43:21   --------   d-----w-   c:\users\deanszf\appdata\local\{7DBC57E7-34C6-48C6-BC88-2C550534A146}
2012-01-22 15:42:58   --------   d-----w-   c:\users\deanszf\appdata\local\{BA89FD56-5404-484F-8D2C-5DB4215796B6}
2012-01-22 03:42:47   --------   d-----w-   c:\users\deanszf\appdata\local\{759E7816-0FF8-454E-9CAC-0BB39D43BCBA}
2012-01-22 03:42:36   --------   d-----w-   c:\users\deanszf\appdata\local\{2EBC071D-5A45-4428-B79B-10B8C0501FA1}
2012-01-21 15:42:24   --------   d-----w-   c:\users\deanszf\appdata\local\{1E89A4BB-BD78-41CE-9832-87548A57955E}
2012-01-21 15:42:00   --------   d-----w-   c:\users\deanszf\appdata\local\{472A3E57-0BEF-469F-88B2-F05388B245DF}
.
==================== Find3M  ====================
.
2012-01-29 11:10:42   237072   ------w-   c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:49:29.60 ===============
--
DeanZF
aka PastyWhiteGuy

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 66
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #3 on: February 20, 2012, 03:27:46 PM »
In response to the other points, no I have not tried to go backward. I'd likely need instructions for that, too. Currently, my Win7 does everything automatically. How do I set it up to allow me to steer how those updates are installed?

Also, based on MS' forum advice, I did run MS Windows Defender to no avail. I'm not working through them any longer. Glad to be "loyal" to LDForums. I promise to take no additional actions other than as directed here!  :goodie:
--
DeanZF
aka PastyWhiteGuy

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14675
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Win7Pro, 2-14 Update problems
« Reply #4 on: February 20, 2012, 04:03:01 PM »
Hi, DeanZF.

Thank you for the rest of that log.  Let's start first with System Restore.
  • Open System Restore by clicking the Start button.
  • In the search box, type System Restore and wait while it loads
  • Click Next at the first prompt where System Restore is explained.
  • The date we are looking for may not appear in the list of results, so please check the box "Show more restore points" and click Next.
  • Select a Date and Time prior to February 14 and click Next.
Note:  System Restore will restart your PC so save any open files and close all programs.

Can you get to Normal mode now?  If not, please try the instructions for starting the computer using LKGC,  Using Last Known Good Configuration.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 66
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #5 on: February 20, 2012, 04:30:44 PM »
says that there ARE no restore points yet and tells me to open system protector, but that set of tabs does not give me an obvious place to create restore points.
--
DeanZF
aka PastyWhiteGuy

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14675
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Win7Pro, 2-14 Update problems
« Reply #6 on: February 20, 2012, 04:45:56 PM »
Windows 7 does not include "System Protector".  That is a fake/rogue, although I do not see signs of it in your logs. 

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

Now, please run ComboFix:
  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 66
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #7 on: February 20, 2012, 05:28:28 PM »
What a mess! Running in Safe Mode, one cannot disable AVG. I uninstalled it. Will reinstall after I send this.

Ran ComboFix. Log:

ComboFix 12-02-19.02 - Deanszf 02/20/2012  13:07:42.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3546.2790 [GMT -6:00]
Running from: c:\users\Deanszf\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\VDM93BB.tmp
C:\VDM93BC.tmp
C:\VDME6D1.tmp
C:\VDME6E1.tmp
c:\windows\system32\SET8809.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-20 to 2012-02-20  )))))))))))))))))))))))))))))))
.
.
2012-02-20 03:36 . 2012-02-20 03:39   --------   d-----w-   C:\rsit
2012-02-20 03:36 . 2012-02-20 03:37   --------   d-----w-   c:\program files\trend micro
2012-02-19 21:09 . 2012-01-17 10:39   6557240   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FFF8926-C54E-46F0-ACA8-9CC638100564}\mpengine.dll
2012-02-17 15:52 . 2011-12-14 02:50   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-02-17 15:52 . 2011-12-14 03:32   141112   ----a-w-   c:\program files\Internet Explorer\sqmapi.dll
2012-02-17 15:52 . 2011-12-14 03:04   1798656   ----a-w-   c:\windows\system32\jscript9.dll
2012-02-17 15:52 . 2011-12-14 02:54   194048   ----a-w-   c:\program files\Internet Explorer\IEShims.dll
2012-02-17 15:52 . 2011-12-14 02:57   1127424   ----a-w-   c:\windows\system32\wininet.dll
2012-02-17 15:51 . 2011-12-14 02:59   678912   ----a-w-   c:\program files\Internet Explorer\iedvtool.dll
2012-02-17 15:51 . 2011-12-14 02:56   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-02-16 06:49 . 2012-02-16 06:49   --------   d-----w-   c:\program files\ReflexiveArcade
2012-02-15 03:50 . 2011-12-30 05:27   478720   ----a-w-   c:\windows\system32\timedate.cpl
2012-02-15 03:50 . 2011-12-16 07:52   690688   ----a-w-   c:\windows\system32\msvcrt.dll
2012-02-15 03:50 . 2012-01-04 08:58   442880   ----a-w-   c:\windows\system32\ntshrui.dll
2012-02-15 03:49 . 2012-01-14 03:35   2343424   ----a-w-   c:\windows\system32\win32k.sys
2012-02-05 13:23 . 2012-02-05 13:23   --------   d-----w-   c:\program files\MSXML 4.0
2012-02-05 05:01 . 2012-02-05 05:01   --------   d-----w-   c:\users\Deanszf\AppData\Roaming\Nuance
2012-02-04 19:06 . 2012-02-04 19:06   --------   d-----w-   c:\users\Deanszf\AppData\Roaming\FLEXnet
2012-02-04 19:04 . 2012-02-04 19:04   --------   d-----w-   c:\program files\Common Files\IVA
2012-02-04 19:04 . 2012-02-04 19:04   --------   d-----w-   c:\program files\Common Files\Nuance
2012-02-04 18:59 . 2012-02-04 18:59   --------   d-----w-   c:\programdata\Nuance
2012-02-04 18:59 . 2012-02-04 18:59   --------   d-----w-   c:\program files\Nuance
2012-01-27 04:21 . 2012-02-04 18:59   --------   d-----w-   c:\programdata\FLEXnet
2012-01-27 04:20 . 2012-01-27 04:20   --------   d-----w-   c:\program files\Common Files\Macrovision Shared
2012-01-27 04:20 . 2008-04-07 11:38   22872   ----a-r-   c:\windows\system32\AdobePDFUI.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 11:10 . 2010-12-27 16:33   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-02-18 05:16 . 2011-10-17 01:30   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1343400]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2011-06-06 296808]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Deanszf\AppData\Roaming\Mozilla\Firefox\Profiles\1pq0i6wu.default\
FF - prefs.js: browser.startup.homepage - hxxp://zionfire.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3949e&i=23&tp=ab&nt=1&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-20  13:18:26
ComboFix-quarantined-files.txt  2012-02-20 19:18
.
Pre-Run: 263,058,948,096 bytes free
Post-Run: 263,861,444,608 bytes free
.
- - End Of File - - 4B005A49F95B81B9DDD874468226E268
--
DeanZF
aka PastyWhiteGuy

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 66
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #8 on: February 20, 2012, 06:47:27 PM »
I've reinstalled AVG 2012 (sigh) after running ComboFix. I looked for a new restore point and it says the only restore point is 2/20.

Do I need to re-run ComboFix or something else? I'd love to go back to 2/13.

I am running in normal mode at the moment, but FireFox continues to show up very often as not responding. Many hesitations, even writing this post. 5-10 seconds to add a period to the end of the sentence.
--
DeanZF
aka PastyWhiteGuy

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14675
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Win7Pro, 2-14 Update problems
« Reply #9 on: February 20, 2012, 09:40:50 PM »
I hope you didn't include AVG PC Tuneup 2011 in the reinstall.  I'll hold off on the registry cleaner "lecture" for the moment and only stay that they do more damage than good.  I specifically don't think I'd feel confident with an AVG registry cleaner when AVG left files behind when you did the uninstall before running ComboFix the first time.

I will want you to run ComboFix again, but let's hold off for the moment.  Since you located a restore point, I'd like you to try something else.
  • Relaunch System Restore.
  • Seeing only the date of 2/20, first try clicking "Show more restore points".
  • If none appear, click back and click "Scan for affected programs".
  • Should any affected programs be listed, if the date is prior to 2/14, try that restore point.
  • If none appear, click Close on that window and again click "Show more restore points".

Hopefully, this time you will get earlier restore points.

Following that, please uninstall the left-behind Java(TM) 6 Update 20 and update the remaining version Java SE Runtime Environment 6u31.

I see that the version of Firefox installed is outdated.  What version of Firefox do you have installed?  The current release is Firefox 10.0.2 and includes security updates.

Next, please go here to run an on-line scan from ESET.
  • Note: It is easiest if you use Internet explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also let me know how things are now.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 66
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #10 on: February 20, 2012, 11:40:15 PM »
Okay. To the best of my knowledge, I did not include the PC Tuneup 2011. I don't do registry things without specific instructions!

Did ComboFix again and did not get a better date.
Got rid of the Java Update 20 and did the Java SE RE 31.

FireFox is 10.0.2, and Java Console for FF also updated.

Ran ESET. 80 minutes into the scan, with 1/8" at the end of the progress bar remaining, it crashed. :cry:

The only part of the log that was on the drive was:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

It was WAY down into the end of the windows files, past system32. It did find five instances of OpenCandy. The ESET site says that it will find this and that it may or may not be a threat. Actually four instances and a variant on it something about CoreD?? The blue screen of freezing death hit and the computer restarted. Should I start the ESET again?? It was in stage 3 of 4.

Thanks for your patient help with this thing.   :blink:
--
DeanZF
aka PastyWhiteGuy

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14675
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Win7Pro, 2-14 Update problems
« Reply #11 on: February 21, 2012, 12:53:04 AM »
Open Candy is Adware.  Undesirable but not damaging.  I'd like to see the ESET results but why don't you try a full system scan with AVG first to see if it finds something.  If it doesn't find anything, then try ESET again after a shutdown/restart.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 66
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #12 on: February 21, 2012, 01:13:13 AM »
Did a scan with AVG. Found nothing.

After the freeze in ESET and the self-initiated restart, I'm back in safe mode and am running the ESET again. 44 minutes in, 88500 files scanned thus far. More when it finishes.

Thanks.
--
DeanZF
aka PastyWhiteGuy

Offline PastyWhiteGuy

  • Full Member
  • ***
  • Posts: 66
  • Related to, but not 2B confused w/PastyWhiteGurl
    • View Profile
Re: Win7Pro, 2-14 Update problems
« Reply #13 on: February 21, 2012, 01:42:26 AM »
ESET scan was again quite long, but successful this time. It paused for a VERY long time, sufficiently long that IE thought it was non-responsive and offered to restart the window for me. At least it waited until the scan was completed.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=021e831794c6fc41b03ad4ea25b5a4a1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-21 03:36:34
# local_time=2012-02-20 09:36:34 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 11554041 11554041 0 0
# compatibility_mode=5893 16776574 100 94 0 81336139 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=144149
# found=5
# cleaned=0
# scan_time=4045
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll   Win32/OpenCandy application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Deanszf\AppData\Roaming\OpenCandy\OpenCandy_8B10B76F11484E29A43CA4F1A1915B72\GameHouseSupercollapse3_p1v7.exe   Win32/OpenCandy application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Deanszf\Downloads\cnet_setupcalorietrackerA_exe.exe   a variant of Win32/InstallCore.D application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Deanszf\Downloads\CNET_TechTracker_2_0_4_Setup.exe   Win32/OpenCandy application (unable to clean)   00000000000000000000000000000000   I
C:\Users\Deanszf\Downloads\MusicnotesSuite.exe   Win32/OpenCandy application (unable to clean)   00000000000000000000000000000000   I

That's all I have. I hope it's a complete scan.

Thanks!!
--
DeanZF
aka PastyWhiteGuy

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 14675
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Win7Pro, 2-14 Update problems
« Reply #14 on: February 21, 2012, 10:03:19 PM »
Thank you, DeanZF. 

Fortunately, the only finding was OpenCandy, which we'll address with ComboFix.  I suggest that where possible you go to the vendor site rather than third-party sites to download programs.  (See Win32/InstallCore.D + Win32/OpenCandy - CNET CNET TechTracker Forums)

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:
Code: [Select]
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

File::
MusicnotesSuite.exe
CNET_TechTracker_2_0_4_Setup.exe
cnet_setupcalorietrackerA_exe.exe
OCSetupHlp.dll

Folder::
C:\Users\Deanszf\AppData\Roaming\OpenCandy
  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.




  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.