Good. Please post a fresh dds log.
Good. Please post a fresh dds log.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
DDS (Ver_10-03-17.01) - NTFSx86
Run by astra at 16:52:07,87 on Σαβ 26/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.gr/
uInternet Settings,ProxyOverride = local
mWinlogon: UIHost=G:\Yellow flower.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - g:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - g:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - g:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] g:\windows\system32\ctfmon.exe
mRun: [vmware-tray] "g:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [TWCU] "g:\program files\tp-link\tp-link wireless client utility\TWCU.exe" -nogui
mRun: [MSSE] "g:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [COMODO Internet Security] "g:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] g:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "g:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: g:\docume~1\alluse~1\startm~1\f2da~1\599a~1\rainme~1.lnk - g:\program files\rainmeter\Rainmeter.exe
IE: Ε&ξαγωγή στο Microsoft Excel - g:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - g:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: g:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229157474656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239954420281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: g:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - g:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - g:\program files\winfax\WfxSeh32.Dll
================= FIREFOX ===================
FF - ProfilePath - g:\docume~1\astra\applic~1\mozilla\firefox\profiles\pvs1v4h5.default\
FF - plugin: g:\documents and settings\astra\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: g:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: g:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
---- FIREFOX POLICIES ----
g:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
g:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
g:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
g:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
g:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
============== File Associations ===============
.scr=AutoCADLTScriptFile
=============== Created Last 30 ================
2010-06-25 20:26:05 0 d-----w- g:\program files\Speccy
2010-06-25 20:19:12 0 d-----w- g:\docume~1\astra\applic~1\Orca Profiles
2010-06-25 17:38:49 8192 ----a-w- g:\documents and settings\astra\drv.hiv
2010-06-24 06:20:02 7680 --sha-w- g:\windows\Thumbs.db
2010-06-23 19:39:22 98816 ----a-w- g:\windows\sed.exe
2010-06-23 19:39:22 77312 ----a-w- g:\windows\MBR.exe
2010-06-23 19:39:22 256512 ----a-w- g:\windows\PEV.exe
2010-06-23 19:39:22 161792 ----a-w- g:\windows\SWREG.exe
2010-06-23 19:30:53 0 d-sha-r- G:\cmdcons
2010-06-23 18:33:51 51232 ----a-w- g:\windows\system32\RHCoInstXP.dll
2010-06-23 18:33:51 4003008 ----a-w- g:\windows\system32\drivers\RtKHDMI.sys
2010-06-23 18:33:51 1489440 ----a-w- g:\windows\RtaUpd.exe
2010-06-23 08:39:39 555 ----a-w- g:\windows\yap.INI
2010-06-21 09:56:50 132096 ----atw- g:\windows\system32\DarkSpyKernel.sys
2010-06-20 18:42:05 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 18:42:04 20952 ----a-w- g:\windows\system32\drivers\mbam.sys
2010-06-20 18:42:04 0 d-----w- g:\program files\Malwarebytes' Anti-Malware
2010-06-20 17:17:38 0 d-----w- g:\docume~1\astra\applic~1\KeePass
2010-06-17 07:36:37 0 d-----w- g:\program files\Safer Networking
2010-06-16 19:33:44 52736 ----a-w- g:\windows\system32\drivers\rk_remover.sys
2010-06-16 08:41:51 11831757 ----a-w- g:\windows\system32\GKHBVMXGMCMWN
2010-06-15 06:15:13 76 ----a-w- G:\fraglist.luar
2010-06-13 21:05:52 12872 ----a-w- g:\windows\system32\bootdelete.exe
2010-06-13 20:27:44 15944 ----a-w- g:\windows\system32\drivers\hitmanpro35.sys
2010-06-13 20:27:32 0 d-----w- g:\docume~1\alluse~1\applic~1\Hitman Pro
2010-06-13 18:08:31 0 d-----w- g:\docume~1\astra\applic~1\Malwarebytes
2010-06-13 18:08:21 0 d-----w- g:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-12 19:18:47 256 ----a-w- g:\documents and settings\astra\.pulse-cookie
2010-06-12 17:04:00 0 d-----w- g:\program files\JRE
2010-06-12 14:45:01 0 d-----w- g:\program files\iPod
2010-06-12 14:44:57 0 d-----w- g:\program files\iTunes
2010-06-12 14:44:57 0 d-----w- g:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-12 14:05:38 0 d-----w- g:\program files\Phyxion.net
2010-06-12 07:34:54 0 d-----w- g:\program files\PeerBlock
2010-06-12 07:23:54 0 d-----w- g:\docume~1\alluse~1\applic~1\COMODO
2010-06-12 07:11:34 0 d-----w- g:\docume~1\astra\applic~1\ComodoGroup
2010-06-12 06:39:10 0 d-----w- g:\docume~1\alluse~1\applic~1\Comodo Downloader
2010-06-12 06:14:05 0 d-----w- g:\documents and settings\astra\Application DataComodoGroup
2010-06-11 11:33:14 0 d-----w- g:\program files\zabkat
2010-06-11 08:28:57 0 d-----w- g:\documents and settings\astra\.freeplane
2010-06-10 22:11:05 0 d-----w- g:\windows\SHELLNEW
2010-06-08 20:48:18 74072 ----a-w- g:\windows\system32\XAPOFX1_5.dll
2010-06-08 20:48:18 527192 ----a-w- g:\windows\system32\XAudio2_7.dll
2010-06-08 20:48:18 239960 ----a-w- g:\windows\system32\xactengine3_7.dll
2010-06-08 20:48:17 2106216 ----a-w- g:\windows\system32\D3DCompiler_43.dll
2010-06-08 20:48:17 1868128 ----a-w- g:\windows\system32\d3dcsx_43.dll
2010-06-08 20:48:16 470880 ----a-w- g:\windows\system32\d3dx10_43.dll
2010-06-08 20:48:16 248672 ----a-w- g:\windows\system32\d3dx11_43.dll
2010-06-08 20:48:16 1998168 ----a-w- g:\windows\system32\D3DX9_43.dll
2010-06-08 20:48:15 74072 ----a-w- g:\windows\system32\XAPOFX1_4.dll
2010-06-08 20:48:15 528216 ----a-w- g:\windows\system32\XAudio2_6.dll
2010-06-08 20:48:15 238936 ----a-w- g:\windows\system32\xactengine3_6.dll
2010-06-08 20:48:14 22360 ----a-w- g:\windows\system32\X3DAudio1_7.dll
2010-06-08 18:47:50 743424 -c----w- g:\windows\system32\dllcache\iedvtool.dll
2010-06-06 15:53:24 0 d-----w- g:\docume~1\astra\applic~1\Search Settings
2010-06-06 15:26:51 0 d-----w- g:\docume~1\astra\applic~1\Zeon
2010-06-06 15:26:49 0 d-----w- g:\docume~1\alluse~1\applic~1\Nuance
2010-06-06 15:26:16 0 d-----w- g:\docume~1\alluse~1\applic~1\Downloaded Installations
2010-06-04 08:55:58 229312 ----a-w- g:\windows\system32\drivers\cmdGuard.sys
2010-06-04 07:42:55 0 d-----w- g:\program files\common files\ABBYY
2010-06-04 07:40:19 0 d-----w- g:\program files\ABBYY FineReader 9.0
2010-06-01 16:00:52 278288 ----a-w- g:\windows\system32\guard32.dll
2010-06-01 16:00:22 25240 ----a-w- g:\windows\system32\drivers\cmdhlp.sys
2010-06-01 16:00:20 15464 ----a-w- g:\windows\system32\drivers\cmderd.sys
==================== Find3M ====================
2010-06-25 15:54:54 692282 ----a-w- g:\windows\system32\perfh008.dat
2010-06-25 15:54:54 148356 ----a-w- g:\windows\system32\perfc008.dat
2010-06-08 14:16:38 84584 ----a-w- g:\windows\SOUNDMAN.EXE
2010-06-08 14:16:38 359016 ----a-w- g:\windows\vncutil.exe
2010-06-08 14:16:38 1833576 ----a-w- g:\windows\SkyTel.exe
2010-06-08 14:16:32 9721960 ----a-w- g:\windows\RTLCPL.EXE
2010-06-08 14:16:32 1489512 ----a-w- g:\windows\RtlUpd.exe
2010-06-08 14:16:26 6056040 ----a-w- g:\windows\system32\drivers\RtkHDAud.sys
2010-06-08 14:16:20 52840 ----a-w- g:\windows\system32\RtkCoInstXP.dll
2010-06-08 14:16:20 19552872 ----a-w- g:\windows\RTHDCPL.EXE
2010-06-08 14:16:20 129640 ----a-w- g:\windows\RtkAudioService.exe
2010-06-08 14:16:14 2180712 ----a-w- g:\windows\MicCal.exe
2010-06-08 14:16:08 64104 ----a-w- g:\windows\ALCMTR.EXE
2010-06-08 14:16:08 2815592 ----a-w- g:\windows\ALCWZRD.EXE
2010-05-21 11:14:28 221568 ------w- g:\windows\system32\MpSigStub.exe
2010-05-16 07:18:53 411368 ----a-w- g:\windows\system32\deployJava1.dll
2010-05-14 05:03:56 25992 ----a-w- g:\windows\system32\pgdfgsvc.exe
2010-05-06 10:33:33 916480 ----a-w- g:\windows\system32\wininet.dll
2010-05-02 08:07:34 1851520 ----a-w- g:\windows\system32\win32k.sys
2010-04-28 15:45:24 1251872 ----a-w- g:\windows\RtlExUpd.dll
2010-04-20 05:30:47 285696 ----a-w- g:\windows\system32\atmfd.dll
2008-10-28 20:30:56 23 --sha-w- g:\windows\system32\bdcca4_d.dll
============= FINISH: 16:52:32,62 ===============
Hi,
1. Click start->run->type cmd.exe.
2. Highlight following contents in code box->right click->copy
3. Right click command prompt window, select paste. After commands have been executed there should be new log.txt file on your desktop. Post back its contents. Are there still symptoms remaining?
Code:swreg acl "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" /E /OA reg delete "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32dummy" /f swreg acl "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" >"%userprofile%\desktop\log.txt"
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Yes the symptoms are still remaining
I can't install programs with window installer. When i tray to i get an error message that access to windows installer service is not allowed.
Also when i am trying to open my systems primary browser i get an error message and it terminate the process.
Hi,
1. Download Dial-a-Fix archive file here.
2. Extract contents to suitable place (e.g. your desktop) and navigate to that location.
3. Double-click Dial-a-Fix.exe file to execute the program.
4. Checkmark Fix Windows Installer -checkbox. It's possible that the program checks some options automatically after that. Leave those untouched and click GO -button.
When tool has finished, reboot and see if same problem still occurs when you try to install program.
See if you are able to run IE in no add-ons mode:
Click Start -> All Programs -> Accessories -> System Tools, and then click Internet Explorer (No Add-ons).
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Are you still there?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Due to inactivity, this thread will now be closed.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.