shvhost.exe application error

combofix in safe mode

hi
here is the combofix log that rum in safe mode

ComboFix 10-06-23.01 - Administrator 23/06/2010 22:55:15.8.4 - x86 MINIMAL
Running from: g:\documents and settings\Administrator\Επιφάνεια εργασίας\ComboFix.exe
Command switches used :: g:\documents and settings\Administrator\Επιφάνεια εργασίας\Cfscript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point

FILE ::
"d:\downloads\Pack Indigorose 10in1 (AIO)\Pack Indigorose.exe"
.

((((((((((((((((((((((((( Files Created from 2010-05-23 to 2010-06-23 )))))))))))))))))))))))))))))))
.

2010-06-23 19:33 . 2010-06-23 19:33 -------- d-----w- g:\documents and settings\Administrator\Application Data\Notepad++
2010-06-23 18:33 . 2010-05-24 17:13 51232 ----a-w- g:\windows\system32\RHCoInstXP.dll
2010-06-23 18:33 . 2010-05-24 17:13 1489440 ----a-w- g:\windows\RtaUpd.exe
2010-06-23 18:33 . 2010-05-24 17:09 4003008 ----a-w- g:\windows\system32\drivers\RtKHDMI.sys
2010-06-23 08:36 . 2010-06-23 08:36 -------- d-----w- g:\documents and settings\astra\????????? ????????
2010-06-21 09:56 . 2010-06-21 09:56 132096 ----atw- g:\windows\system32\DarkSpyKernel.sys
2010-06-20 18:42 . 2010-04-29 12:39 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 18:42 . 2010-06-20 18:42 -------- d-----w- g:\program files\Malwarebytes' Anti-Malware
2010-06-20 18:42 . 2010-04-29 12:39 20952 ----a-w- g:\windows\system32\drivers\mbam.sys
2010-06-17 07:36 . 2010-06-19 06:28 -------- d-----w- g:\program files\Safer Networking
2010-06-17 05:29 . 2010-06-17 05:29 -------- d-----w- g:\documents and settings\Administrator\Application Data\Mp3tag
2010-06-16 19:33 . 2010-06-16 19:36 52736 ----a-w- g:\windows\system32\drivers\rk_remover.sys
2010-06-14 20:12 . 2010-06-14 20:12 -------- d-----r- g:\documents and settings\LocalService\Τα έγγραφά μου
2010-06-13 21:05 . 2010-06-13 21:05 12872 ----a-w- g:\windows\system32\bootdelete.exe
2010-06-13 20:27 . 2010-06-13 21:10 15944 ----a-w- g:\windows\system32\drivers\hitmanpro35.sys
2010-06-13 20:27 . 2010-06-13 21:05 -------- d-----w- g:\documents and settings\All Users\Application Data\Hitman Pro
2010-06-13 18:32 . 2010-06-13 18:32 -------- d-----w- g:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-13 18:08 . 2010-06-13 18:08 -------- d-----w- g:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-13 17:25 . 2010-06-13 17:31 -------- d-----w- g:\program files\Windows Live Safety Center
2010-06-12 17:04 . 2010-06-12 17:04 -------- d-----w- g:\program files\JRE
2010-06-12 14:45 . 2010-06-12 14:45 -------- d-----w- g:\program files\iPod
2010-06-12 14:44 . 2010-06-12 14:45 -------- d-----w- g:\program files\iTunes
2010-06-12 14:44 . 2010-06-12 14:45 -------- d-----w- g:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-12 14:05 . 2010-06-12 14:05 -------- d-----w- g:\program files\Phyxion.net
2010-06-12 07:34 . 2010-06-13 13:18 -------- d-----w- g:\program files\PeerBlock
2010-06-12 07:23 . 2010-06-12 07:24 -------- d-----w- g:\documents and settings\All Users\Application Data\COMODO
2010-06-12 06:39 . 2010-06-12 07:20 -------- d-----w- g:\documents and settings\All Users\Application Data\Comodo Downloader
2010-06-12 06:14 . 2010-06-12 06:14 -------- d-----w- g:\documents and settings\astra\Application DataComodoGroup
2010-06-11 11:33 . 2010-06-11 11:33 -------- d-----w- g:\program files\zabkat
2010-06-11 08:28 . 2010-06-11 09:08 -------- d-----w- g:\documents and settings\astra\.freeplane
2010-06-10 22:11 . 2010-06-10 22:11 -------- d-----w- g:\windows\SHELLNEW
2010-06-08 20:48 . 2010-06-02 01:55 74072 ----a-w- g:\windows\system32\XAPOFX1_5.dll
2010-06-08 20:48 . 2010-06-02 01:55 527192 ----a-w- g:\windows\system32\XAudio2_7.dll
2010-06-08 20:48 . 2010-06-02 01:55 239960 ----a-w- g:\windows\system32\xactengine3_7.dll
2010-06-08 20:48 . 2010-05-26 08:41 2106216 ----a-w- g:\windows\system32\D3DCompiler_43.dll
2010-06-08 20:48 . 2010-05-26 08:41 1868128 ----a-w- g:\windows\system32\d3dcsx_43.dll
2010-06-08 20:48 . 2010-05-26 08:41 470880 ----a-w- g:\windows\system32\d3dx10_43.dll
2010-06-08 20:48 . 2010-05-26 08:41 248672 ----a-w- g:\windows\system32\d3dx11_43.dll
2010-06-08 20:48 . 2010-05-26 08:41 1998168 ----a-w- g:\windows\system32\D3DX9_43.dll
2010-06-08 20:48 . 2010-02-04 07:01 74072 ----a-w- g:\windows\system32\XAPOFX1_4.dll
2010-06-08 20:48 . 2010-02-04 07:01 528216 ----a-w- g:\windows\system32\XAudio2_6.dll
2010-06-08 20:48 . 2010-02-04 07:01 238936 ----a-w- g:\windows\system32\xactengine3_6.dll
2010-06-08 20:48 . 2010-02-04 07:01 22360 ----a-w- g:\windows\system32\X3DAudio1_7.dll
2010-06-08 18:47 . 2010-05-06 10:33 743424 -c----w- g:\windows\system32\dllcache\iedvtool.dll
2010-06-06 15:26 . 2010-06-06 15:27 -------- d-----w- g:\documents and settings\All Users\Application Data\Nuance
2010-06-06 15:26 . 2010-06-06 15:26 -------- d-----w- g:\documents and settings\All Users\Application Data\Downloaded Installations
2010-06-04 08:55 . 2010-06-04 08:55 229312 ----a-w- g:\windows\system32\drivers\cmdGuard.sys
2010-06-04 07:42 . 2010-06-04 07:42 -------- d-----w- g:\program files\Common Files\ABBYY
2010-06-04 07:40 . 2010-06-04 07:45 -------- d-----w- g:\program files\ABBYY FineReader 9.0
2010-06-01 16:00 . 2010-06-01 16:00 278288 ----a-w- g:\windows\system32\guard32.dll
2010-06-01 16:00 . 2010-06-01 16:00 87824 ----a-w- g:\windows\system32\drivers\inspect.sys
2010-06-01 16:00 . 2010-06-01 16:00 25240 ----a-w- g:\windows\system32\drivers\cmdhlp.sys
2010-06-01 16:00 . 2010-06-01 16:00 15464 ----a-w- g:\windows\system32\drivers\cmderd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-23 19:27 . 2004-09-07 12:00 690068 ----a-w- g:\windows\system32\perfh008.dat
2010-06-23 19:27 . 2004-09-07 12:00 147354 ----a-w- g:\windows\system32\perfc008.dat
2010-06-23 19:19 . 2008-11-02 18:40 -------- d-----w- g:\documents and settings\All Users\Application Data\VMware
2010-06-23 19:19 . 2008-11-02 18:41 -------- d-----w- g:\documents and settings\LocalService\Application Data\VMware
2010-06-06 15:32 . 2008-10-28 21:08 -------- d-----w- g:\program files\Common Files\Adobe
2010-06-05 12:56 . 2010-01-02 22:16 -------- d-----w- g:\program files\Notepad++
2010-06-04 11:16 . 2010-02-02 12:29 -------- d-----w- g:\program files\Microsoft Silverlight
2010-06-04 07:48 . 2010-04-10 16:28 -------- d-----w- g:\documents and settings\All Users\Application Data\ABBYY
2010-06-04 06:13 . 2010-05-14 05:41 -------- d-----w- g:\program files\adma
2010-06-01 22:04 . 2008-10-28 07:55 -------- d-----w- g:\program files\CCleaner
2010-05-22 20:01 . 2009-12-06 22:05 256 ----a-w- g:\windows\system32\pool.bin
2010-05-22 19:09 . 2009-07-27 04:41 -------- d-----w- g:\program files\Emerge Desktop
2010-05-21 11:14 . 2009-10-02 06:41 221568 ------w- g:\windows\system32\MpSigStub.exe
2010-05-17 08:31 . 2009-02-15 16:18 -------- d-----w- g:\program files\FMY
2010-05-16 07:18 . 2010-05-16 07:19 411368 ----a-w- g:\windows\system32\deployJava1.dll
2010-05-14 05:03 . 2009-01-09 17:51 25992 ----a-w- g:\windows\system32\pgdfgsvc.exe
2010-05-13 17:48 . 2010-04-25 20:31 -------- d-----w- g:\program files\TP-LINK
2010-05-06 10:33 . 2004-09-07 12:00 916480 ----a-w- g:\windows\system32\wininet.dll
2010-05-02 08:07 . 2004-09-07 12:00 1851520 ----a-w- g:\windows\system32\win32k.sys
2010-04-28 15:45 . 2010-06-23 18:34 1251872 ----a-w- g:\windows\RtlExUpd.dll
2010-04-25 21:00 . 2010-04-25 20:27 -------- d-----w- g:\documents and settings\All Users\Application Data\TP-LINK
2010-04-25 20:31 . 2010-04-25 20:31 -------- d-----w- g:\documents and settings\All Users\Application Data\Atheros
2010-04-20 05:30 . 2004-09-07 12:00 285696 ----a-w- g:\windows\system32\atmfd.dll
2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\UC.PIF
2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\RAR.PIF
2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\PKZIP.PIF
2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\PKUNZIP.PIF
2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\NOCLOSE.PIF
2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\LHA.PIF
2010-04-07 04:55 . 2010-04-10 22:19 545 ----a-w- g:\windows\ARJ.PIF
2008-10-28 20:30 . 2008-10-28 20:30 23 --sha-w- g:\windows\system32\bdcca4_d.dll
.

------- Sigcheck -------

[-] 2009-08-11 . CBEEBEB899E31EF52B962CB31FC8CA5C . 361600 . . [5.1.2600.5625] . . g:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . g:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . g:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . g:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . g:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . g:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . g:\windows\ServicePackFiles\i386\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray"="g:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-01-22 129584]
"TWCU"="g:\program files\TP-LINK\TP-LINK Wireless Client Utility\TWCU.exe" [2010-02-04 561263]
"MSSE"="g:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]
"COMODO Internet Security"="g:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2010-06-08 19552872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="g:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="g:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-03 435096]

g:\documents and settings\All Users\Start Menu\�¨¦š¨α££˜«˜\„΅΅ε¤ž©ž\
Rainmeter.lnk - g:\program files\Rainmeter\Rainmeter.exe [2010-2-28 119296]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "g:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="G:\Yellow flower.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=g:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pgdfgsvc G 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\G:^Documents and Settings^astra^Start Menu^Προγράμματα^Εκκίνηση^MagicDisc.lnk]
backup=g:\windows\pss\MagicDisc.lnkStartup
path=g:\documents and settings\astra\Start Menu\Προγράμματα\Εκκίνηση\MagicDisc.lnk

[HKLM\~\startupfolder\G:^Documents and Settings^astra^Start Menu^Προγράμματα^Εκκίνηση^OpenOffice.org 3.1.lnk]
backup=g:\windows\pss\OpenOffice.org 3.1.lnkStartup
path=g:\documents and settings\astra\Start Menu\Προγράμματα\Εκκίνηση\OpenOffice.org 3.1.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- g:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- g:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- g:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-12 12:53 133104 ----atw- g:\documents and settings\astra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
2007-11-02 12:52 36864 ----a-w- g:\program files\HP\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 16:30 1695232 ------w- g:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-06-08 14:16 19552872 ----a-w- g:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MDM"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Autodesk Licensing Service"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ABBYY.Licensing.FineReader.Professional.10.0"=2 (0x2)
"iPod Service"=3 (0x3)
"ABBYY.Licensing.FineReader.Professional.9.0"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"wfxsvc"=2 (0x2)
"ose"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"d:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"d:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"g:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 CFRMD;CFRMD;g:\windows\System32\drivers\CFRMD.sys [x]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;g:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;g:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 25240]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;g:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 vmci;VMware vmci;g:\windows\system32\Drivers\vmci.sys [2010-01-22 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;g:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-01-22 563760]
R3 Ambfilt;Ambfilt;g:\windows\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
R3 aswArKrn;aswArKrn;g:\docume~1\ADMINI~1\LOCALS~1\Temp\aswArKrn.sys [x]
R3 CheckFSD;Antiy Labs FSD Service;g:\documents and settings\astra\Επιφάνεια εργασίας\αντιροοτκιτ\atool\CheckFSD.sys [2008-04-09 8728]
R3 CheckSSDT;Antiy Labs SSDT Service;g:\documents and settings\astra\Επιφάνεια εργασίας\αντιροοτκιτ\atool\SSDT.sys [2008-04-09 8856]
R3 CMC AntiRootkit Service;CMC AntiRootkit Servic;g:\windows\system32\drivers\cmcantirootkit.sys [x]
R3 DarkSpy;DarkSpy;g:\windows\system32\DarkSpyKernel.sys [2010-06-21 132096]
R3 HookMsg;Antiy Labs MsgHook Service;g:\documents and settings\astra\Επιφάνεια εργασίας\αντιροοτκιτ\atool\ABaseDrv.sys [2008-04-09 8472]
R3 IRPFile;Antiy Labs IRP FILE;g:\documents and settings\astra\Επιφάνεια εργασίας\αντιροοτκιτ\atool\IrpFile.sys [2008-07-25 11848]
R3 pbfilter;pbfilter;g:\program files\PeerBlock\pbfilter.sys [2010-06-09 18544]
R3 rk_remover-boot;rk_remover-boot;g:\windows\system32\drivers\rk_remover.sys [2010-06-16 52736]
R3 SunkFilt62;Alcor Micro Corp - 6362;g:\windows\System32\Drivers\sunkfilt62.sys [2004-07-23 46536]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;g:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-11-30 100048]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;g:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;g:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2007-12-06 660768]
R4 sptd;sptd;g:\windows\system32\Drivers\sptd.sys [2009-11-14 691696]

.
Contents of the 'Scheduled Tasks' folder

2010-06-23 g:\windows\Tasks\COMODO System Cleaner Update.job
- g:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-03-09 12:41]

2010-06-23 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-261903793-839522115-1003Core.job
- g:\documents and settings\astra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 12:53]

2010-06-23 g:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-261903793-839522115-1003UA.job
- g:\documents and settings\astra\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-12 12:53]

2010-06-23 g:\windows\Tasks\MP Scheduled Scan.job
- g:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 16:02]
.
.
------- Supplementary Scan -------
.
LSP: g:\program files\VMware\VMware Workstation\vsocklib.dll
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
g:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
g:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
g:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
g:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-23 22:57
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="g:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ΐ•€|ω•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32]
@DACL=(02 0012)
@Denied: (Read) (Administrators)
@Denied: (B E 1 4 5) (Administrators)
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="g:\\WINDOWS\\system32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="g:\\WINDOWS\\system32\\l3codeca.acm"
"VIDC.I420"="i420vfw.dll"
"MSVideo8"="VfWWDM32.dll"
"MSVideo"="vfwwdm32.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"wave3"="wdmaud.drv"
"midi3"="wdmaud.drv"
"mixer3"="wdmaud.drv"
"aux3"="wdmaud.drv"
"vidc.yv12"="yv12vfw.dll"
"wave6"="serwvdrv.dll"
"VIDC.FFDS"="ff_vfw.dll"
"VIDC.VMnc"="vmnc.dll"
"wave4"="wdmaud.drv"
"mixer4"="wdmaud.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(256)
g:\windows\system32\guard32.dll
g:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(312)
g:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(928)
g:\windows\system32\guard32.dll
.
Completion time: 2010-06-23 22:58:47
ComboFix-quarantined-files.txt 2010-06-23 19:58
ComboFix2.txt 2010-06-23 19:47

Pre-Run: 13 Κατάλογοι 434.478.141.440 διαθέσιμα byte
Post-Run: 15 Κατάλογοι 434.464.268.288 διαθέσιμα byte

- - End Of File - - CE30540D4F27328437907D888F7CA71B
 
Hi,

Click start->run->type regedit.exe and press enter.
Navigate to HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32 key, right click it and select permissions. Check what groups are listed there (screenshot might be helpful) and what permissions they have with "allow" selected. Report back to me.
 
Hi,

Click start->run->type cmd.exe. In command prompt window type the following command (and press enter):
Code: 
swreg acl "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" /reset

After that type the following command:
Code: 
swreg acl "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" >"%userprofile%\desktop\log.txt"

Second command should generate log.txt file to your desktop. Attach it to your post, please.
 
Permissions log

hi


*******************************************************************************
Registrykey: HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32

Permissions:
*******************************************************************************
Username
Type Permissions Inheritance
*******************************************************************************
ASTRATIC\Administrators
Denied Read This Key Only
ASTRATIC\Administrators
Denied Read Subkeys only
ASTRATIC\Users
Allowed Read This Key Only
ASTRATIC\Users
Allowed Special (Unknown) Subkeys only
ASTRATIC\Power Users
Allowed Read This Key Only
ASTRATIC\Power Users
Allowed Special (Unknown) Subkeys only
NT AUTHORITY\SYSTEM
Allowed Full Control This Key Only
NT AUTHORITY\SYSTEM
Allowed Special (Unknown) Subkeys only
\CREATOR OWNER
Allowed Special (Unknown) Subkeys only
ASTRATIC\Users
Allowed Read This Key Only (Inherited)
ASTRATIC\Users
Allowed Special (Unknown) Subkeys only (Inherited)
ASTRATIC\Power Users
Allowed Special (BA54321) This Key Only (Inherited)
ASTRATIC\Power Users
Allowed Special (A) Subkeys only (Inherited)
ASTRATIC\Administrators
Allowed Full Control This Key Only (Inherited)
ASTRATIC\Administrators
Allowed Special (Unknown) Subkeys only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Full Control This Key Only (Inherited)
NT AUTHORITY\SYSTEM
Allowed Special (Unknown) Subkeys only (Inherited)
\CREATOR OWNER
Allowed Special (Unknown) Subkeys only (Inherited)
Perms

No Auditing set

Owner: Administrators (ASTRATIC\Administrators)
 
Hi,


Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.

Code: 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Drivers32Dummy]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="g:\\WINDOWS\\system32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="g:\\WINDOWS\\system32\\l3codeca.acm"
"VIDC.I420"="i420vfw.dll"
"MSVideo8"="VfWWDM32.dll"
"MSVideo"="vfwwdm32.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"wave3"="wdmaud.drv"
"midi3"="wdmaud.drv"
"mixer3"="wdmaud.drv"
"aux3"="wdmaud.drv"
"vidc.yv12"="yv12vfw.dll"
"wave6"="serwvdrv.dll"
"VIDC.FFDS"="ff_vfw.dll"
"VIDC.VMnc"="vmnc.dll"
"wave4"="wdmaud.drv"
"mixer4"="wdmaud.drv"

It should look like this ->
reg.gif


Doubleclick fix.reg, press Yes and ok.


After merging successfully done, click start->run->type cmd.exe. In command prompt window type the following command (and enter):
Code: 
reg save "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32dummy" drv.hiv

then this (and enter):
Code: 
reg restore "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" drv.hiv

finally, type these two commands (press enter after each one):
Code: 
swreg query "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" /s >"%userprofile%\desktop\logKey.txt"
swreg acl "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" >>"%userprofile%\desktop\logKey.txt"


After all those steps done attach/post contents of logKey.txt that should exist now on your desktop.
 
reg restore "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" drv.hiv

When i am trying to apply this command
Code: 
reg restore "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" drv.hiv

i get an error message access is not allowed
 
Hi,

1. Click start->run->type cmd.exe.
2. Highlight following contents in code box->right click->copy
3. Right click command prompt window, select paste. After commands have been executed there should be new log.txt file on your desktop. Post back its contents.

Code: 
swreg acl "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" /E /OM
swreg acl "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" /E /GM:F
swreg acl "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" /E /RA:R
swreg acl "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" /E /GA:F
swreg acl "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" >"%userprofile%\desktop\log.txt"
 
fresh dds log

DDS (Ver_10-03-17.01) - NTFSx86
Run by astra at 16:52:07,87 on Σαβ 26/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.gr/
uInternet Settings,ProxyOverride = local
mWinlogon: UIHost=G:\Yellow flower.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - g:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - g:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - g:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] g:\windows\system32\ctfmon.exe
mRun: [vmware-tray] "g:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [TWCU] "g:\program files\tp-link\tp-link wireless client utility\TWCU.exe" -nogui
mRun: [MSSE] "g:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [COMODO Internet Security] "g:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] g:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "g:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: g:\docume~1\alluse~1\startm~1\f2da~1\599a~1\rainme~1.lnk - g:\program files\rainmeter\Rainmeter.exe
IE: Ε&ξαγωγή στο Microsoft Excel - g:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - g:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - g:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: g:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229157474656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239954420281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: g:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - g:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - g:\program files\winfax\WfxSeh32.Dll

================= FIREFOX ===================

FF - ProfilePath - g:\docume~1\astra\applic~1\mozilla\firefox\profiles\pvs1v4h5.default\
FF - plugin: g:\documents and settings\astra\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: g:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: g:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - g:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
g:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
g:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
g:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
g:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
g:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


============== File Associations ===============

.scr=AutoCADLTScriptFile

=============== Created Last 30 ================

2010-06-25 20:26:05 0 d-----w- g:\program files\Speccy
2010-06-25 20:19:12 0 d-----w- g:\docume~1\astra\applic~1\Orca Profiles
2010-06-25 17:38:49 8192 ----a-w- g:\documents and settings\astra\drv.hiv
2010-06-24 06:20:02 7680 --sha-w- g:\windows\Thumbs.db
2010-06-23 19:39:22 98816 ----a-w- g:\windows\sed.exe
2010-06-23 19:39:22 77312 ----a-w- g:\windows\MBR.exe
2010-06-23 19:39:22 256512 ----a-w- g:\windows\PEV.exe
2010-06-23 19:39:22 161792 ----a-w- g:\windows\SWREG.exe
2010-06-23 19:30:53 0 d-sha-r- G:\cmdcons
2010-06-23 18:33:51 51232 ----a-w- g:\windows\system32\RHCoInstXP.dll
2010-06-23 18:33:51 4003008 ----a-w- g:\windows\system32\drivers\RtKHDMI.sys
2010-06-23 18:33:51 1489440 ----a-w- g:\windows\RtaUpd.exe
2010-06-23 08:39:39 555 ----a-w- g:\windows\yap.INI
2010-06-21 09:56:50 132096 ----atw- g:\windows\system32\DarkSpyKernel.sys
2010-06-20 18:42:05 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 18:42:04 20952 ----a-w- g:\windows\system32\drivers\mbam.sys
2010-06-20 18:42:04 0 d-----w- g:\program files\Malwarebytes' Anti-Malware
2010-06-20 17:17:38 0 d-----w- g:\docume~1\astra\applic~1\KeePass
2010-06-17 07:36:37 0 d-----w- g:\program files\Safer Networking
2010-06-16 19:33:44 52736 ----a-w- g:\windows\system32\drivers\rk_remover.sys
2010-06-16 08:41:51 11831757 ----a-w- g:\windows\system32\GKHBVMXGMCMWN
2010-06-15 06:15:13 76 ----a-w- G:\fraglist.luar
2010-06-13 21:05:52 12872 ----a-w- g:\windows\system32\bootdelete.exe
2010-06-13 20:27:44 15944 ----a-w- g:\windows\system32\drivers\hitmanpro35.sys
2010-06-13 20:27:32 0 d-----w- g:\docume~1\alluse~1\applic~1\Hitman Pro
2010-06-13 18:08:31 0 d-----w- g:\docume~1\astra\applic~1\Malwarebytes
2010-06-13 18:08:21 0 d-----w- g:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-12 19:18:47 256 ----a-w- g:\documents and settings\astra\.pulse-cookie
2010-06-12 17:04:00 0 d-----w- g:\program files\JRE
2010-06-12 14:45:01 0 d-----w- g:\program files\iPod
2010-06-12 14:44:57 0 d-----w- g:\program files\iTunes
2010-06-12 14:44:57 0 d-----w- g:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-12 14:05:38 0 d-----w- g:\program files\Phyxion.net
2010-06-12 07:34:54 0 d-----w- g:\program files\PeerBlock
2010-06-12 07:23:54 0 d-----w- g:\docume~1\alluse~1\applic~1\COMODO
2010-06-12 07:11:34 0 d-----w- g:\docume~1\astra\applic~1\ComodoGroup
2010-06-12 06:39:10 0 d-----w- g:\docume~1\alluse~1\applic~1\Comodo Downloader
2010-06-12 06:14:05 0 d-----w- g:\documents and settings\astra\Application DataComodoGroup
2010-06-11 11:33:14 0 d-----w- g:\program files\zabkat
2010-06-11 08:28:57 0 d-----w- g:\documents and settings\astra\.freeplane
2010-06-10 22:11:05 0 d-----w- g:\windows\SHELLNEW
2010-06-08 20:48:18 74072 ----a-w- g:\windows\system32\XAPOFX1_5.dll
2010-06-08 20:48:18 527192 ----a-w- g:\windows\system32\XAudio2_7.dll
2010-06-08 20:48:18 239960 ----a-w- g:\windows\system32\xactengine3_7.dll
2010-06-08 20:48:17 2106216 ----a-w- g:\windows\system32\D3DCompiler_43.dll
2010-06-08 20:48:17 1868128 ----a-w- g:\windows\system32\d3dcsx_43.dll
2010-06-08 20:48:16 470880 ----a-w- g:\windows\system32\d3dx10_43.dll
2010-06-08 20:48:16 248672 ----a-w- g:\windows\system32\d3dx11_43.dll
2010-06-08 20:48:16 1998168 ----a-w- g:\windows\system32\D3DX9_43.dll
2010-06-08 20:48:15 74072 ----a-w- g:\windows\system32\XAPOFX1_4.dll
2010-06-08 20:48:15 528216 ----a-w- g:\windows\system32\XAudio2_6.dll
2010-06-08 20:48:15 238936 ----a-w- g:\windows\system32\xactengine3_6.dll
2010-06-08 20:48:14 22360 ----a-w- g:\windows\system32\X3DAudio1_7.dll
2010-06-08 18:47:50 743424 -c----w- g:\windows\system32\dllcache\iedvtool.dll
2010-06-06 15:53:24 0 d-----w- g:\docume~1\astra\applic~1\Search Settings
2010-06-06 15:26:51 0 d-----w- g:\docume~1\astra\applic~1\Zeon
2010-06-06 15:26:49 0 d-----w- g:\docume~1\alluse~1\applic~1\Nuance
2010-06-06 15:26:16 0 d-----w- g:\docume~1\alluse~1\applic~1\Downloaded Installations
2010-06-04 08:55:58 229312 ----a-w- g:\windows\system32\drivers\cmdGuard.sys
2010-06-04 07:42:55 0 d-----w- g:\program files\common files\ABBYY
2010-06-04 07:40:19 0 d-----w- g:\program files\ABBYY FineReader 9.0
2010-06-01 16:00:52 278288 ----a-w- g:\windows\system32\guard32.dll
2010-06-01 16:00:22 25240 ----a-w- g:\windows\system32\drivers\cmdhlp.sys
2010-06-01 16:00:20 15464 ----a-w- g:\windows\system32\drivers\cmderd.sys

==================== Find3M ====================

2010-06-25 15:54:54 692282 ----a-w- g:\windows\system32\perfh008.dat
2010-06-25 15:54:54 148356 ----a-w- g:\windows\system32\perfc008.dat
2010-06-08 14:16:38 84584 ----a-w- g:\windows\SOUNDMAN.EXE
2010-06-08 14:16:38 359016 ----a-w- g:\windows\vncutil.exe
2010-06-08 14:16:38 1833576 ----a-w- g:\windows\SkyTel.exe
2010-06-08 14:16:32 9721960 ----a-w- g:\windows\RTLCPL.EXE
2010-06-08 14:16:32 1489512 ----a-w- g:\windows\RtlUpd.exe
2010-06-08 14:16:26 6056040 ----a-w- g:\windows\system32\drivers\RtkHDAud.sys
2010-06-08 14:16:20 52840 ----a-w- g:\windows\system32\RtkCoInstXP.dll
2010-06-08 14:16:20 19552872 ----a-w- g:\windows\RTHDCPL.EXE
2010-06-08 14:16:20 129640 ----a-w- g:\windows\RtkAudioService.exe
2010-06-08 14:16:14 2180712 ----a-w- g:\windows\MicCal.exe
2010-06-08 14:16:08 64104 ----a-w- g:\windows\ALCMTR.EXE
2010-06-08 14:16:08 2815592 ----a-w- g:\windows\ALCWZRD.EXE
2010-05-21 11:14:28 221568 ------w- g:\windows\system32\MpSigStub.exe
2010-05-16 07:18:53 411368 ----a-w- g:\windows\system32\deployJava1.dll
2010-05-14 05:03:56 25992 ----a-w- g:\windows\system32\pgdfgsvc.exe
2010-05-06 10:33:33 916480 ----a-w- g:\windows\system32\wininet.dll
2010-05-02 08:07:34 1851520 ----a-w- g:\windows\system32\win32k.sys
2010-04-28 15:45:24 1251872 ----a-w- g:\windows\RtlExUpd.dll
2010-04-20 05:30:47 285696 ----a-w- g:\windows\system32\atmfd.dll
2008-10-28 20:30:56 23 --sha-w- g:\windows\system32\bdcca4_d.dll

============= FINISH: 16:52:32,62 ===============
 
Hi,

1. Click start->run->type cmd.exe.
2. Highlight following contents in code box->right click->copy
3. Right click command prompt window, select paste. After commands have been executed there should be new log.txt file on your desktop. Post back its contents. Are there still symptoms remaining?

Code: 
swreg acl "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" /E /OA
reg delete "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32dummy" /f
swreg acl "HKLM\software\Microsoft\Windows NT\CurrentVersion\Drivers32" >"%userprofile%\desktop\log.txt"
 
Are there still symptoms remaining?

Yes the symptoms are still remaining

I can't install programs with window installer. When i tray to i get an error message that access to windows installer service is not allowed.

Also when i am trying to open my systems primary browser i get an error message and it terminate the process.
 
Hi,

1. Download Dial-a-Fix archive file here.
2. Extract contents to suitable place (e.g. your desktop) and navigate to that location.
3. Double-click Dial-a-Fix.exe file to execute the program.
4. Checkmark Fix Windows Installer -checkbox. It's possible that the program checks some options automatically after that. Leave those untouched and click GO -button.

When tool has finished, reboot and see if same problem still occurs when you try to install program.

See if you are able to run IE in no add-ons mode:
Click Start -> All Programs -> Accessories -> System Tools, and then click Internet Explorer (No Add-ons).
 
Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top