Win7Pro, 2-14 Update problems

[PastyWhiteGuy]

Next adventure. Started the process in normal mode (silly me). It ran through all of the 50... where those segments?? It deleted 3 filed and showed as deleting a folder, all having to do with OpenCandy. It got to the deleting the folder portion and froze. Sigh. (saying this with a Sgt Schultz accent, "I touched NUTHINK mit mine mouse!" It just flat stalled. I let it alone for 10 minutes, maybe more, and when NUTHINK happened, I restarted. Sigh again.

Restarted in safe mode and ran it to completion. I did have to restart the machine as it thought that I should delete both IE & FireFox!

BTW, System Restore again says that no restore points have been created.

The new log, from the second round of the script, run in safe mode:

ComboFix 12-02-19.02 - Deanszf 02/21/2012  22:11:17.3.2 - x86 MINIMAL
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3546.3037 [GMT -6:00]
Running from: c:\users\Deanszf\Desktop\ComboFix.exe
Command switches used :: c:\users\Deanszf\Desktop\CFScript.txt
AV: AVG Anti-Virus 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-22 to 2012-02-22  )))))))))))))))))))))))))))))))
.
.
2012-02-22 04:19 . 2012-02-22 04:19   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-02-22 03:59 . 2012-02-22 04:19   --------   d-----w-   c:\users\Deanszf\AppData\Local\temp
2012-02-20 23:55 . 2012-02-20 23:55   --------   d-----w-   c:\program files\ESET
2012-02-20 23:50 . 2012-02-20 23:50   --------   d-----w-   c:\program files\Common Files\Java
2012-02-20 23:50 . 2012-02-20 23:50   476904   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-20 03:36 . 2012-02-20 03:39   --------   d-----w-   C:\rsit
2012-02-20 03:36 . 2012-02-20 03:37   --------   d-----w-   c:\program files\trend micro
2012-02-19 21:09 . 2012-01-17 10:39   6557240   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FFF8926-C54E-46F0-ACA8-9CC638100564}\mpengine.dll
2012-02-17 15:52 . 2011-12-14 02:50   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-02-17 15:52 . 2011-12-14 03:32   141112   ----a-w-   c:\program files\Internet Explorer\sqmapi.dll
2012-02-17 15:52 . 2011-12-14 03:04   1798656   ----a-w-   c:\windows\system32\jscript9.dll
2012-02-17 15:52 . 2011-12-14 02:54   194048   ----a-w-   c:\program files\Internet Explorer\IEShims.dll
2012-02-17 15:52 . 2011-12-14 02:57   1127424   ----a-w-   c:\windows\system32\wininet.dll
2012-02-17 15:51 . 2011-12-14 02:59   678912   ----a-w-   c:\program files\Internet Explorer\iedvtool.dll
2012-02-17 15:51 . 2011-12-14 02:56   1427456   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-02-16 06:49 . 2012-02-16 06:49   --------   d-----w-   c:\program files\ReflexiveArcade
2012-02-15 03:50 . 2011-12-30 05:27   478720   ----a-w-   c:\windows\system32\timedate.cpl
2012-02-15 03:50 . 2011-12-16 07:52   690688   ----a-w-   c:\windows\system32\msvcrt.dll
2012-02-15 03:50 . 2012-01-04 08:58   442880   ----a-w-   c:\windows\system32\ntshrui.dll
2012-02-15 03:49 . 2012-01-14 03:35   2343424   ----a-w-   c:\windows\system32\win32k.sys
2012-02-05 13:23 . 2012-02-05 13:23   --------   d-----w-   c:\program files\MSXML 4.0
2012-02-05 05:01 . 2012-02-05 05:01   --------   d-----w-   c:\users\Deanszf\AppData\Roaming\Nuance
2012-02-04 19:06 . 2012-02-04 19:06   --------   d-----w-   c:\users\Deanszf\AppData\Roaming\FLEXnet
2012-02-04 19:04 . 2012-02-04 19:04   --------   d-----w-   c:\program files\Common Files\IVA
2012-02-04 19:04 . 2012-02-04 19:04   --------   d-----w-   c:\program files\Common Files\Nuance
2012-02-04 18:59 . 2012-02-04 18:59   --------   d-----w-   c:\programdata\Nuance
2012-02-04 18:59 . 2012-02-04 18:59   --------   d-----w-   c:\program files\Nuance
2012-01-27 04:21 . 2012-02-04 18:59   --------   d-----w-   c:\programdata\FLEXnet
2012-01-27 04:20 . 2012-01-27 04:20   --------   d-----w-   c:\program files\Common Files\Macrovision Shared
2012-01-27 04:20 . 2008-04-07 11:38   22872   ----a-r-   c:\windows\system32\AdobePDFUI.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-20 23:50 . 2010-12-29 19:16   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2012-01-29 11:10 . 2010-12-27 16:33   237072   ------w-   c:\windows\system32\MpSigStub.exe
2012-02-18 05:16 . 2011-10-17 01:30   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 172568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages   REG_MULTI_SZ      kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [2011-06-06 296808]
R3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-27 1343400]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
.
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Deanszf\AppData\Roaming\Mozilla\Firefox\Profiles\1pq0i6wu.default\
FF - prefs.js: browser.startup.homepage - hxxp://zionfire.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dc3949e&i=23&tp=ab&nt=1&q=
.
.
Completion time: 2012-02-21  22:20:34
ComboFix-quarantined-files.txt  2012-02-22 04:20
ComboFix2.txt  2012-02-20 19:18
.
Pre-Run: 263,577,014,272 bytes free
Post-Run: 263,507,202,048 bytes free
.
- - End Of File - - D4AF278CA2E11E8A8CAD819357BB01A5

[Corrine]

Hi, DeanZF. 

Please run the System File Checker tool. The System File Checker tool scans system files and replaces incorrect versions of the system files by using the correct versions.

To run the System File Checker tool, follow these steps:

• Click Start, and then type cmd in the Start Search box.
  
• Right-click cmd in the Programs list, and then click Run as administrator.
  
• If you are prompted for an administrator password or confirmation, type your password or click Continue
  
• At the command prompt, type the following line, and then press ENTER:
  sfc /scannow (note the space before the forward slash)
  
• When the scan is complete, test to see whether the issue that you are experiencing is resolved.
  

Note:  If the System File Checker Tool finds errors, shutdown/restart and run the tool up to three times until no errors are found.

Please let me know if anything is found.

[PastyWhiteGuy]

 :(

Nothing found. Did the scan in normal mode. Scan froze at 66%. Restarted, scanned again in normal mode. Froze at 66%. Did it twice more, same result.

Looking for a next step, and have a quandry. It looks like it's time to install Windows patches again. Do I install that stuff prior to any other steps?

Blessings upon you!

[Corrine]

Hi, Dean ZF.  You may need to do a repair install.   However, let's try a couple of other things first.

First, follow the illustrated instructions at Fix Missing System Restore Points in Windows Vista and 7 to see if that repairs System Restore.

Next. please run CheckDisk, following the illustrated instructions at Disk Check - Windows 7 Forums, using option 8:

8. To Scan and Automatically Attempt to Fix Errors and Recover Bad Sectors
NOTE: This will scan for both file errors and physical errors (steps 6 and 7). It will then attempt to repair problems with files and folders, and recover physical errors.

    A) Check the Automatically fix file system errors box. (See screenshot below step 4)

    B) Check the Scan for and attempt recovery of bad sectors box.

As your hard disk will be in use, follow the steps in item 11 to run the scheduled scan and restart the computer.

11. If the selected hard disk is in use, then click on the Schedule disk check button. (See screenshot below)
NOTE: If the hard disk that you selected in step 2 is in use (for example, the C: drive or partition that contains Windows 7), you'll be prompted to reschedule the disk check for the next time you restart your computer.

[PastyWhiteGuy]

Hours later, it's done, per your instruction. I set the SR up to create a set point at 10pm local time, while I was still preparing the machine for the big scan. nearly four hours later, it finished without seizing. Yay for that.

Two questions:

• The obvious question is "What's next?"   :sos:
• The other question has to do with updates. There is a java update waiting for me to say yes, and there are Windows 2/21 updates waiting.

Just trying NOT to jump ahead, but to be sure to follow the instructions.

Again, so many thank yous for your help.

[Corrine]

Hi, Dean.

With CheckDisk was completed, are you able to work in normal mode?  What is the status of your computer now?

As to Windows updates, the February 14th release had .NET Framework updates for Windows 7.  Please install the other updates first, restart and then install the .NET Framework updates and restart.

Regarding Java, because of the problems you were having, I didn't address it before.  Yes, you can update Java.  First, however, uninstall Java(TM) 6 Update 20.  After the update,  Java(TM) 6 Update 29 should be replaced with Java 6, Update 31.

[PastyWhiteGuy]

Good morning, Corrine,

So far, so good. I'm running in normal mode, I've installed the overnight Windows update (with was a .NET Framework update). The Java piece will be updated when it reappears. I had already removed the Update 20 piece of the puzzle.

I'll run only for a bit before going to work, and then more tonight. If it survives the test or freezes, I'll report later.

Again, many thanks for your services!

[Corrine]

Hi, DeanZF.

It is sounding like CheckDisk solved the remaining problems.  We'll take care of the last bits after you confirm all is still well.