Hi again,
Went through all steps, they completed without error, but SP1 still freezes at "installing windows vista service pack 1". Here's the log you need:
----
ComboFix 10-09-23.01 - Chiso 24/09/2010 13:28:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.44.1033.18.1015.415 [GMT 1:00]
Running from: c:\users\Chiso\Desktop\zzz.exe
Command switches used :: c:\users\Chiso\Desktop\CFScript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
SP: Microsoft Security Essentials *disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDE}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\Tasks\PBReg.job"
"c:\windows\Tasks\PBRegbk.job"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Alwil Software
c:\program files\Alwil Software\Avast5\Setup\setup.ini
c:\program files\AVG
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.html
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
c:\program files\Common Files\Symantec Shared\DecABI\dec46DB.tmp
c:\program files\Spybot - Search & Destroy
c:\program files\Spybot - Search & Destroy\advcheck.dll
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Spybot - Search & Destroy\TeaTimer.exe
c:\programdata\Alwil Software
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Logs\Checks.100919-2132.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.100919-2202.txt
c:\programdata\Spybot - Search & Destroy\Logs\Checks.100920-1230.log
c:\programdata\Spybot - Search & Destroy\Logs\Checks.100920-1315.txt
c:\programdata\Spybot - Search & Destroy\Logs\Fixes.100919-2203.txt
c:\programdata\Spybot - Search & Destroy\Logs\Resident.log
c:\programdata\Spybot - Search & Destroy\Logs\Update downloads.log
c:\programdata\Spybot - Search & Destroy\ProcCache.sbc
c:\programdata\Spybot - Search & Destroy\Recovery\Overview.ini
c:\windows\Tasks\PBReg.job
c:\windows\Tasks\PBRegbk.job
.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.
2010-09-20 11:14 . 2010-09-24 05:41 -------- d-----w- C:\ComboFix
2010-09-20 10:38 . 2010-09-20 10:38 -------- d-----w- C:\765d1831cc2017207fa002d71a817b
2010-09-20 10:38 . 2010-09-20 10:38 -------- d-----w- C:\b8f3105040b672621e
2010-09-20 10:37 . 2010-09-20 10:39 -------- d-----w- C:\0e44e0005f2de4692b8e04171fef9c
2010-09-20 10:28 . 2010-09-20 10:29 -------- d-----w- C:\21aab065f5c62690569f
2010-09-20 10:27 . 2010-09-20 10:29 -------- d-----w- C:\3e1978efbd501ee0ec858a3782aa4c
2010-09-19 22:37 . 2010-09-19 22:37 -------- d-----w- C:\d0e52ff577b496e1a2
2010-09-19 22:37 . 2010-09-19 22:37 -------- d-----w- C:\8aa4b133b6e5b3925a4c60
2010-09-19 22:11 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-19 22:11 . 2010-09-19 22:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-19 22:11 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-19 21:20 . 2010-09-20 10:46 3847043 ----a-r- C:\ComboFix.exe
2010-09-19 20:12 . 2010-09-19 20:12 -------- d-----w- c:\program files\Trend Micro
2010-09-19 19:52 . 2010-08-30 13:33 43008 ----a-w- c:\users\Chiso\AppData\Roaming\Mozilla\Firefox\Profiles\2qj7ko0n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-09-19 19:52 . 2010-08-30 13:33 338944 ----a-w- c:\users\Chiso\AppData\Roaming\Mozilla\Firefox\Profiles\2qj7ko0n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-09-19 19:52 . 2010-08-30 13:34 1496064 ----a-w- c:\users\Chiso\AppData\Roaming\Mozilla\Firefox\Profiles\2qj7ko0n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-09-19 19:52 . 2010-08-30 13:33 346112 ----a-w- c:\users\Chiso\AppData\Roaming\Mozilla\Firefox\Profiles\2qj7ko0n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-09-19 17:29 . 2010-09-19 17:29 -------- d-----w- c:\program files\O2_Installer
2010-09-19 16:56 . 2010-09-19 16:56 -------- d-----w- C:\b6523998e3a3e59fe6326553d91ef8
2010-09-19 16:56 . 2010-09-19 16:56 -------- d-----w- C:\89c2732418d824a6944d
2010-09-04 10:55 . 2010-09-04 10:55 -------- d-----w- C:\91206a0e1fefaf618823
2010-09-04 10:54 . 2010-09-04 10:54 -------- d-----w- C:\7ad210a7f5feda2b2e0fc2
2010-09-04 10:12 . 2010-09-04 10:12 -------- d-----w- C:\b357c3b75c2ba9f8a1d57a86
2010-09-04 10:11 . 2010-09-04 10:11 -------- d-----w- C:\05c16f86301004bedc7273489345
2010-09-04 09:58 . 2010-09-04 09:58 -------- d-----w- C:\e6053a7a3ac326d2e4f8bcb9cbfbec
2010-08-28 07:39 . 2010-08-28 07:39 -------- d-----w- c:\users\Chiso\AppData\Roaming\Malwarebytes
2010-08-28 07:39 . 2010-08-28 07:39 -------- d-----w- c:\programdata\Malwarebytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 19:06 . 2007-09-25 16:22 5676 ----a-w- c:\users\Chiso\AppData\Local\d3d9caps.dat
2010-09-23 17:59 . 2010-09-23 17:59 77312 ----a-w- C:\mbr.exe
2010-09-20 12:44 . 2010-09-20 12:44 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-09-19 21:09 . 2007-05-31 22:15 -------- d-----w- c:\program files\Google
2010-09-19 20:08 . 2010-08-23 00:57 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-09-05 19:02 . 2010-06-27 21:28 -------- d-----w- c:\users\Chiso\AppData\Roaming\Spotify
2010-06-27 21:47 . 2010-06-27 21:47 655360 ----a-w- c:\users\Chiso\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll
2010-06-27 21:47 . 2010-06-27 21:47 282624 ----a-w- c:\users\Chiso\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll
2010-06-27 21:46 . 2010-06-27 21:46 208896 ----a-w- c:\users\Chiso\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll
2006-10-11 08:04 . 2007-05-31 22:08 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2007-05-31 22:08 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2007-05-31 22:08 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2007-05-31 22:08 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2007-05-31 22:08 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2007-06-01 06:47 . 2007-06-01 06:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2010-09-24_05.54.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-31 22:30 . 2010-09-24 08:55 51196 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-24 08:55 57668 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-09-24 05:56 57668 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-25 15:07 . 2010-09-24 08:55 10292 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3949710415-2586599352-147448324-1002_UserData.bin
- 2007-09-25 15:17 . 2010-09-24 05:52 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-25 15:17 . 2010-09-24 08:51 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-25 15:17 . 2010-09-24 05:52 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-25 15:17 . 2010-09-24 08:51 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-25 15:17 . 2010-09-24 05:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-25 15:17 . 2010-09-24 08:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-25 16:18 . 2010-09-24 08:18 3048 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2007-09-25 16:18 . 2010-09-24 05:50 3048 c:\windows\System32\WDI\ERCQueuedResolutions.dat
- 2010-09-24 05:51 . 2010-09-24 05:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-24 08:51 . 2010-09-24 08:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-24 08:51 . 2010-09-24 08:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-24 05:51 . 2010-09-24 05:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-24 06:21 . 2010-09-24 06:21 262144 c:\windows\System32\config\TxR\NTUSER.DAT
+ 2010-09-24 06:21 . 2010-09-24 06:21 262144 c:\windows\System32\config\RegBack\NTUSER.DAT
+ 2010-09-24 06:21 . 2010-09-24 06:21 262144 c:\windows\System32\config\Journal\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 2159104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-29 171448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-11-02 1196032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-10-17 1006264]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-19 185896]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-13 133912]
"PCMService"="c:\program files\Powercinema\PCMService.exe" [2007-02-14 159744]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-13 154392]
"HostManager"="c:\program files\Common Files\AOL\1180649401\ee\AOLSoftware.exe" [2006-11-14 50736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 136176]
S2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [2007-06-07 202280]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-19 21:08]
2010-09-24 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-05-31 16:34]
2010-09-24 c:\windows\Tasks\User_Feed_Synchronization-{0490A102-D081-49FD-87F5-BF9F7C9949D7}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.hotmail.com/uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Chiso\AppData\Roaming\Mozilla\Firefox\Profiles\2qj7ko0n.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\Chiso\AppData\Roaming\Mozilla\Firefox\Profiles\2qj7ko0n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-24 13:34
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-09-24 13:37:11
ComboFix-quarantined-files.txt 2010-09-24 12:37
ComboFix2.txt 2010-09-24 05:59
Pre-Run: 10,874,732,544 bytes free
Post-Run: 10,836,213,760 bytes free
- - End Of File - - 78256B2B3EB8ADCD82C5785BDCC40DE1