I get this error message
---------------------------
Service Pack 3 Setup Error
---------------------------
The file c:\windows\system32\ntdll.dll is open or in use by another application.
Close all other applications and then click Retry.
---------------------------
Retry Cancel
---------------------------
Logs
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5191
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
11/26/2010 3:23:02 AM
mbam-log-2010-11-26 (03-23-02).txt
Scan type: Quick scan
Objects scanned: 132391
Time elapsed: 7 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-26 03:31:11
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvidesm1Port0Path0Target0Lun0 MAXTOR_6 rev.A93.
Running: 22edji9z.exe; Driver: C:\DOCUME~1\Ron\LOCALS~1\Temp\fwldypow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Fastfat \Fat PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
---- EOF - GMER 1.0.15 ----
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-26.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/31/2004 2:24:00 PM
System Uptime: 11/26/2010 3:24:27 AM (0 hours ago)
Motherboard: Shuttle Inc | | FN41SP
Processor: AMD Athlon(tm) XP 1500+ | Socket A | 1293/100mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 29 GiB total, 20.377 GiB free.
D: is FIXED (NTFS) - 45 GiB total, 32.226 GiB free.
E: is CDROM (UDF)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP268: 11/25/2010 9:31:58 AM - Revo Uninstaller's restore point - PayPal Plug-In
RP269: 11/25/2010 9:32:21 AM - Removed PayPal Plug-In
RP270: 11/25/2010 9:33:23 AM - Revo Uninstaller's restore point - Documents To Go
RP271: 11/25/2010 9:33:44 AM - Removed Documents To Go
RP272: 11/25/2010 9:35:28 AM - Revo Uninstaller's restore point - Combat Mission Afrika Korps
RP273: 11/25/2010 9:37:22 AM - Revo Uninstaller's restore point - Motorola Phone Tools
RP274: 11/25/2010 9:37:33 AM - Removed Motorola Phone Tools
RP275: 11/25/2010 9:37:36 AM - Removed Motorola Phone Tools
RP276: 11/25/2010 9:37:39 AM - Removed Motorola Phone Tools
RP277: 11/25/2010 9:38:45 AM - Revo Uninstaller's restore point - Tweak-SE plug-in for Ad-Aware SE
RP278: 11/25/2010 9:39:15 AM - Revo Uninstaller's restore point - Ad-Aware SE Personal
RP279: 11/25/2010 9:40:28 AM - Revo Uninstaller's restore point - Messenger-Control plug-in for Ad-Aware SE
RP280: 11/25/2010 9:41:12 AM - Revo Uninstaller's restore point - OE/W Messengerctrl plug-in for Ad-Aware SE
RP281: 11/25/2010 9:41:39 AM - Revo Uninstaller's restore point - Palm
RP282: 11/25/2010 9:41:55 AM - Removed Palm
RP283: 11/25/2010 9:42:48 AM - Revo Uninstaller's restore point - VX2 Cleaner plug-in for Ad-Aware SE
RP284: 11/25/2010 9:43:41 AM - Revo Uninstaller's restore point - Spybot - Search & Destroy 1.4
==== Installed Programs ======================
7-Zip 4.64
ACDSee Pro 2.5
ACDSee RAW Image Decoder Plug-In Update 4.0
Adaptec UDF Reader
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.7
Apple Software Update
CCleaner
Cda Product Service - shared component
Diskeeper Professional Edition
FileBox eXtender
Garmin City Navigator North America v8
Garmin MapSource
Garmin Trip and Waypoint Manager v3
GeoBuddy 3.0
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Icon Restore 1.0
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 22
Linksys PrintServer Driver
Macromedia Flash Player 8
Magical Jelly Bean KeyFinder
Malwarebytes' Anti-Malware
MapSource
MapSource - US Topo 24K National Parks, West v2
MapSource - US Topo v3.02
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft IntelliPoint 4.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Motherboard Monitor 5
Movielink Manager
Mozilla Firefox (3.0.6)
MSN Music Assistant
NVIDIA Drivers
NvMixer
PowerDVD
PowerQuest Drive Image 7.0
PowerQuest PartitionMagic 7.0
Quicken 2006
QuickTime
RealPlayer
Revo Uninstaller 1.90
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Spell Catcher Plus
SUPERAntiSpyware
Tweakui Powertoy for Windows XP
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinFlash
==== Event Viewer Messages From Past Week ========
11/26/2010 3:36:50 AM, error: Service Control Manager [7016] - The GEARSecurity service has reported an invalid current state 0.
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The V2i Protector service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The UStorage Server Service service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The Movielink Core Service service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The GEARSecurity service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The C-DillaCdaC11BA service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
11/26/2010 3:04:38 AM, error: Service Control Manager [7031] - The Google Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
11/25/2010 9:52:38 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 9:37:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\usbser.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
11/25/2010 9:28:08 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 9:19:31 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 9:04:49 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 8:57:31 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 8:38:41 AM, error: NtServicePack [4373] - Windows XP KB956572 installation failed.
An internal error occurred.
11/25/2010 8:38:16 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 8:33:30 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007054f: Windows XP Service Pack 3 (KB936929).
11/25/2010 8:33:13 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 7:56:35 AM, error: NtServicePack [4373] - Windows XP KB956572 installation failed.
An internal error occurred.
11/25/2010 6:47:22 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB956572).
11/25/2010 6:47:17 AM, error: NtServicePack [4373] - Windows XP KB956572 installation failed.
An internal error occurred.
11/25/2010 6:07:50 AM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
11/25/2010 5:50:05 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
11/25/2010 12:36:27 PM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 11:25:15 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/25/2010 11:25:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/25/2010 11:24:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Fips IPSec mbmiodrvr MpFilter MRxSmb NetBIOS NetBT PQIMount RasAcd Rdbss Tcpip
11/25/2010 11:24:38 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2010 11:24:38 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2010 11:24:38 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2010 11:24:38 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2010 11:23:15 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
==== End Of File ===========================
DDS (Ver_10-11-26.01) - NTFSx86
Run by Ron at 3:36:47.92 on Fri 11/26/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.644 [GMT -7:00]
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\FileBX\FileBX.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
D:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UStorSrv.exe
D:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ron\Desktop\Scans\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.comcast.net/explore.html
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {c333cf63-767f-4831-94ac-e683d962c63c} - CoTGT_BHO Class
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "d:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
mRun: [MBM 5] "d:\program files\motherboard monitor 5\MBM5.EXE"
mRun: [DiskeeperSystray] "d:\program files\executive software\diskeeper\DkIcon.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [POINTER] point32.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [LoadMSvcmm] "d:\program files\movielink\movielinkmanager\Movielink User.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\ron\startm~1\programs\startup\filebo~1.lnk - d:\program files\filebx\FileBX.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxps://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290690552625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/SymAData.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ron\applic~1\mozilla\firefox\profiles\sgyupw4s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\google\google updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npsnapfish.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2003-9-12 132899]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2003-9-12 46810]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 gupdate1c985725098acde;Google Update Service (gupdate1c985725098acde);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]
S2 mrtRate;mrtRate; [x]
=============== Created Last 30 ================
2010-11-26 10:34:15 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{97f1599c-1d61-4690-9448-0aa13af080f9}\mpengine.dll
2010-11-26 10:09:13 -------- d-----w- c:\docume~1\ron\applic~1\Malwarebytes
2010-11-26 10:09:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-26 10:09:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-26 10:09:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-26 10:09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-26 09:53:41 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-26 09:53:41 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-11-25 18:54:38 -------- d-----w- c:\docume~1\ron\applic~1\SUPERAntiSpyware.com
2010-11-25 18:54:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-11-25 18:54:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-25 18:35:41 -------- d-----w- c:\program files\CCleaner
2010-11-25 18:30:37 -------- d-sh--w- c:\documents and settings\ron\IECompatCache
2010-11-25 18:30:07 -------- d-sh--w- c:\documents and settings\ron\PrivacIE
2010-11-25 16:42:03 -------- d-----w- c:\program files\Palm
2010-11-25 14:26:30 -------- d-sh--w- c:\documents and settings\ron\IETldCache
2010-11-25 14:01:28 -------- d-----w- c:\windows\ie8updates
2010-11-25 14:00:54 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-25 14:00:53 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-25 14:00:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-25 13:59:17 -------- dc-h--w- c:\windows\ie8
2010-11-25 13:50:48 -------- d-----w- c:\windows\ServicePackFiles
2010-11-25 13:07:02 -------- d-----w- c:\program files\Magical Jelly Bean
2010-11-25 12:58:30 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-25 12:56:51 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-25 12:38:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
==================== Find3M ====================
2010-09-15 09:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
============= FINISH: 3:37:49.54 ===============
---------------------------
Service Pack 3 Setup Error
---------------------------
The file c:\windows\system32\ntdll.dll is open or in use by another application.
Close all other applications and then click Retry.
---------------------------
Retry Cancel
---------------------------
Logs
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5191
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
11/26/2010 3:23:02 AM
mbam-log-2010-11-26 (03-23-02).txt
Scan type: Quick scan
Objects scanned: 132391
Time elapsed: 7 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-26 03:31:11
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Scsi\nvidesm1Port0Path0Target0Lun0 MAXTOR_6 rev.A93.
Running: 22edji9z.exe; Driver: C:\DOCUME~1\Ron\LOCALS~1\Temp\fwldypow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \FileSystem\Fastfat \Fat PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
---- EOF - GMER 1.0.15 ----
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-26.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/31/2004 2:24:00 PM
System Uptime: 11/26/2010 3:24:27 AM (0 hours ago)
Motherboard: Shuttle Inc | | FN41SP
Processor: AMD Athlon(tm) XP 1500+ | Socket A | 1293/100mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 29 GiB total, 20.377 GiB free.
D: is FIXED (NTFS) - 45 GiB total, 32.226 GiB free.
E: is CDROM (UDF)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP268: 11/25/2010 9:31:58 AM - Revo Uninstaller's restore point - PayPal Plug-In
RP269: 11/25/2010 9:32:21 AM - Removed PayPal Plug-In
RP270: 11/25/2010 9:33:23 AM - Revo Uninstaller's restore point - Documents To Go
RP271: 11/25/2010 9:33:44 AM - Removed Documents To Go
RP272: 11/25/2010 9:35:28 AM - Revo Uninstaller's restore point - Combat Mission Afrika Korps
RP273: 11/25/2010 9:37:22 AM - Revo Uninstaller's restore point - Motorola Phone Tools
RP274: 11/25/2010 9:37:33 AM - Removed Motorola Phone Tools
RP275: 11/25/2010 9:37:36 AM - Removed Motorola Phone Tools
RP276: 11/25/2010 9:37:39 AM - Removed Motorola Phone Tools
RP277: 11/25/2010 9:38:45 AM - Revo Uninstaller's restore point - Tweak-SE plug-in for Ad-Aware SE
RP278: 11/25/2010 9:39:15 AM - Revo Uninstaller's restore point - Ad-Aware SE Personal
RP279: 11/25/2010 9:40:28 AM - Revo Uninstaller's restore point - Messenger-Control plug-in for Ad-Aware SE
RP280: 11/25/2010 9:41:12 AM - Revo Uninstaller's restore point - OE/W Messengerctrl plug-in for Ad-Aware SE
RP281: 11/25/2010 9:41:39 AM - Revo Uninstaller's restore point - Palm
RP282: 11/25/2010 9:41:55 AM - Removed Palm
RP283: 11/25/2010 9:42:48 AM - Revo Uninstaller's restore point - VX2 Cleaner plug-in for Ad-Aware SE
RP284: 11/25/2010 9:43:41 AM - Revo Uninstaller's restore point - Spybot - Search & Destroy 1.4
==== Installed Programs ======================
7-Zip 4.64
ACDSee Pro 2.5
ACDSee RAW Image Decoder Plug-In Update 4.0
Adaptec UDF Reader
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.7
Apple Software Update
CCleaner
Cda Product Service - shared component
Diskeeper Professional Edition
FileBox eXtender
Garmin City Navigator North America v8
Garmin MapSource
Garmin Trip and Waypoint Manager v3
GeoBuddy 3.0
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Icon Restore 1.0
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 22
Linksys PrintServer Driver
Macromedia Flash Player 8
Magical Jelly Bean KeyFinder
Malwarebytes' Anti-Malware
MapSource
MapSource - US Topo 24K National Parks, West v2
MapSource - US Topo v3.02
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft IntelliPoint 4.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Essentials
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Motherboard Monitor 5
Movielink Manager
Mozilla Firefox (3.0.6)
MSN Music Assistant
NVIDIA Drivers
NvMixer
PowerDVD
PowerQuest Drive Image 7.0
PowerQuest PartitionMagic 7.0
Quicken 2006
QuickTime
RealPlayer
Revo Uninstaller 1.90
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Spell Catcher Plus
SUPERAntiSpyware
Tweakui Powertoy for Windows XP
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinFlash
==== Event Viewer Messages From Past Week ========
11/26/2010 3:36:50 AM, error: Service Control Manager [7016] - The GEARSecurity service has reported an invalid current state 0.
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The V2i Protector service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The UStorage Server Service service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The Movielink Core Service service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The GEARSecurity service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7034] - The C-DillaCdaC11BA service terminated unexpectedly. It has done this 1 time(s).
11/26/2010 3:04:38 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
11/26/2010 3:04:38 AM, error: Service Control Manager [7031] - The Google Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
11/25/2010 9:52:38 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 9:37:55 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\usbser.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2180.
11/25/2010 9:28:08 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 9:19:31 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 9:04:49 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 8:57:31 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 8:38:41 AM, error: NtServicePack [4373] - Windows XP KB956572 installation failed.
An internal error occurred.
11/25/2010 8:38:16 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 8:33:30 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007054f: Windows XP Service Pack 3 (KB936929).
11/25/2010 8:33:13 AM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 7:56:35 AM, error: NtServicePack [4373] - Windows XP KB956572 installation failed.
An internal error occurred.
11/25/2010 6:47:22 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB956572).
11/25/2010 6:47:17 AM, error: NtServicePack [4373] - Windows XP KB956572 installation failed.
An internal error occurred.
11/25/2010 6:07:50 AM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
11/25/2010 5:50:05 AM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
11/25/2010 12:36:27 PM, error: NtServicePack [4373] - Windows XP Service Pack 3 installation failed.
An internal error occurred.
11/25/2010 11:25:15 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/25/2010 11:25:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
11/25/2010 11:24:38 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 Fips IPSec mbmiodrvr MpFilter MRxSmb NetBIOS NetBT PQIMount RasAcd Rdbss Tcpip
11/25/2010 11:24:38 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2010 11:24:38 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2010 11:24:38 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2010 11:24:38 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
11/25/2010 11:23:15 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
==== End Of File ===========================
DDS (Ver_10-11-26.01) - NTFSx86
Run by Ron at 3:36:47.92 on Fri 11/26/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.644 [GMT -7:00]
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
D:\Program Files\Movielink\MovielinkManager\Movielink User.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\FileBX\FileBX.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
D:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UStorSrv.exe
D:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ron\Desktop\Scans\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.comcast.net/explore.html
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {c333cf63-767f-4831-94ac-e683d962c63c} - CoTGT_BHO Class
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "d:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
mRun: [MBM 5] "d:\program files\motherboard monitor 5\MBM5.EXE"
mRun: [DiskeeperSystray] "d:\program files\executive software\diskeeper\DkIcon.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [POINTER] point32.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [LoadMSvcmm] "d:\program files\movielink\movielinkmanager\Movielink User.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\ron\startm~1\programs\startup\filebo~1.lnk - d:\program files\filebx\FileBX.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxps://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290690552625
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/asa/SymAData.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ron\applic~1\mozilla\firefox\profiles\sgyupw4s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\google\google updater\2.4.1439.6872\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.37\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: d:\program files\mozilla firefox\plugins\npsnapfish.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2003-9-12 132899]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2003-9-12 46810]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 gupdate1c985725098acde;Google Update Service (gupdate1c985725098acde);c:\program files\google\update\GoogleUpdate.exe [2009-2-2 133104]
S2 mrtRate;mrtRate; [x]
=============== Created Last 30 ================
2010-11-26 10:34:15 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{97f1599c-1d61-4690-9448-0aa13af080f9}\mpengine.dll
2010-11-26 10:09:13 -------- d-----w- c:\docume~1\ron\applic~1\Malwarebytes
2010-11-26 10:09:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-26 10:09:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-26 10:09:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-26 10:09:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-26 09:53:41 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-11-26 09:53:41 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-11-25 18:54:38 -------- d-----w- c:\docume~1\ron\applic~1\SUPERAntiSpyware.com
2010-11-25 18:54:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-11-25 18:54:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-11-25 18:35:41 -------- d-----w- c:\program files\CCleaner
2010-11-25 18:30:37 -------- d-sh--w- c:\documents and settings\ron\IECompatCache
2010-11-25 18:30:07 -------- d-sh--w- c:\documents and settings\ron\PrivacIE
2010-11-25 16:42:03 -------- d-----w- c:\program files\Palm
2010-11-25 14:26:30 -------- d-sh--w- c:\documents and settings\ron\IETldCache
2010-11-25 14:01:28 -------- d-----w- c:\windows\ie8updates
2010-11-25 14:00:54 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-11-25 14:00:53 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-11-25 14:00:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-11-25 13:59:17 -------- dc-h--w- c:\windows\ie8
2010-11-25 13:50:48 -------- d-----w- c:\windows\ServicePackFiles
2010-11-25 13:07:02 -------- d-----w- c:\program files\Magical Jelly Bean
2010-11-25 12:58:30 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-25 12:56:51 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-25 12:38:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
==================== Find3M ====================
2010-09-15 09:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
============= FINISH: 3:37:49.54 ===============