Font problem

[altron]

I hope I will get some help, I am having a strange problem. I closed my computer yesterday and when I activated it again all my fonts were drastically changed. Windows folder style, mozilla, IE etc.. It might be strange but I like my fonts if I have changed them not automatically. I did a system restore and it was back to it old self. Afterwords I decided to shut down the computer and start it up to see if the problem is solved. It was not.



Sorry if it got too big, I hope it is big enough... I am sure you know that old icons are slim and gray... I am not sure how better to explain it.

I have checked for viruses multiple times but no luck.

 

[KSoD]

Spyware Asylum

I would check out this site just to verify that it isnt an infection. It goes beyond just normal scans with anti-virus programs. This is a very unusual problem that wouldnt have just come up like this, especially after doing a restore.

 

[altron]

I am not sure how much of the log should be posted... In case I will post them in their entire form if that is a problem let me know. Also Malwarebytes did not find anything so log for that should not be needed. I will post Hijackthis in the next post because logs take too much space for posting.

ComboFix 10-04-19.08 - kasut 04/21/2010 6:16.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2851 [GMT 3:00]
Running from: d:\documents and settings\kasut\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! antivirus 4.8.1335 [VPS 100420-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-21 to 2010-04-21 )))))))))))))))))))))))))))))))
.

2010-04-20 06:56 . 2010-04-20 06:56 -------- d-----w- d:\documents and settings\kasut\Local Settings\Application Data\4A Games
2010-04-20 06:54 . 2010-02-04 07:01 74072 ----a-w- d:\windows\system32\XAPOFX1_4.dll
2010-04-20 06:54 . 2010-02-04 07:01 528216 ----a-w- d:\windows\system32\XAudio2_6.dll
2010-04-20 06:54 . 2010-02-04 07:01 238936 ----a-w- d:\windows\system32\xactengine3_6.dll
2010-04-20 06:54 . 2010-02-04 07:01 22360 ----a-w- d:\windows\system32\X3DAudio1_7.dll
2010-04-20 03:22 . 2005-06-15 00:00 102400 ----a-w- d:\windows\system32\tsccvid.dll
2010-04-20 03:21 . 2010-04-20 03:39 162816 ----a-w- d:\windows\system32\fmod.dll
2010-04-19 13:31 . 2009-02-05 20:06 23152 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2010-04-19 13:31 . 2009-02-05 20:06 51376 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2010-04-19 13:31 . 2009-02-05 20:05 26944 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2010-04-19 13:31 . 2009-02-05 20:04 97480 ----a-w- d:\windows\system32\AvastSS.scr
2010-04-19 13:31 . 2009-02-05 20:08 93296 ----a-w- d:\windows\system32\drivers\aswmon.sys
2010-04-19 13:31 . 2009-02-05 20:08 94032 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2010-04-19 13:31 . 2009-02-05 20:07 114768 ----a-w- d:\windows\system32\drivers\aswSP.sys
2010-04-19 13:31 . 2009-02-05 20:07 20560 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2010-04-19 13:31 . 2009-02-05 20:11 1256296 ----a-w- d:\windows\system32\aswBoot.exe
2010-04-19 12:30 . 2010-04-19 13:25 -------- d-----w- d:\windows\Left 4 Dead
2010-04-19 12:22 . 2010-04-19 12:22 -------- d-----w- d:\windows\system32\wbem\Repository
2010-04-19 12:20 . 2010-04-19 12:20 -------- d-----w- D:\New.Moon.DVDRip.XviD-NeDiVx
2010-04-17 12:55 . 2010-04-17 12:55 -------- d-----w- d:\documents and settings\kasut\log
2010-04-15 02:02 . 2010-04-15 02:02 -------- d-----w- d:\documents and settings\kasut\Application Data\AVG8
2010-04-03 14:07 . 2009-05-18 10:17 26600 ----a-w- d:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-03 14:07 . 2008-04-17 09:12 107368 ----a-w- d:\windows\system32\GEARAspi.dll
2010-04-03 14:06 . 2010-04-03 14:06 -------- d-----w- d:\program files\iPod
2010-04-03 14:06 . 2010-04-03 14:07 -------- d-----w- d:\program files\iTunes
2010-04-02 16:00 . 2010-04-02 16:01 -------- d-----w- d:\program files\QuickTime
2010-04-02 13:41 . 2010-04-06 06:42 -------- d-----w- d:\documents and settings\kasut\Application Data\Apple Computer
2010-04-02 13:40 . 2010-04-02 13:40 -------- d-----w- d:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 13:38 . 2010-04-02 13:38 -------- d-----w- d:\documents and settings\kasut\Local Settings\Application Data\Apple
2010-04-02 13:38 . 2010-04-02 13:38 -------- d-----w- d:\program files\Apple Software Update
2010-04-02 13:38 . 2010-04-02 13:38 -------- d-----w- d:\program files\Bonjour
2010-04-02 13:38 . 2010-04-03 14:06 -------- d-----w- d:\program files\Common Files\Apple
2010-04-02 13:38 . 2010-04-02 13:38 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple
2010-03-27 11:22 . 2010-03-27 11:22 -------- d-----w- d:\program files\IrfanView
2010-03-25 22:48 . 2010-03-25 22:48 73000 ----a-w- d:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-24 15:59 . 2010-03-24 15:59 0 ----a-w- d:\documents and settings\kasut\jagex__preferences3.dat
2010-03-24 06:27 . 2010-03-24 06:27 1 ----a-w- d:\documents and settings\kasut\SI.bin
2010-03-22 06:29 . 2010-03-22 06:29 -------- d-----w- d:\documents and settings\kasut\Application Data\Ubisoft
2010-03-22 06:28 . 2009-09-04 15:44 515416 ----a-w- d:\windows\system32\XAudio2_5.dll
2010-03-22 06:28 . 2009-09-04 15:44 238936 ----a-w- d:\windows\system32\xactengine3_5.dll
2010-03-22 06:28 . 2009-09-04 15:29 5501792 ----a-w- d:\windows\system32\d3dcsx_42.dll
2010-03-22 06:28 . 2009-09-04 15:29 1974616 ----a-w- d:\windows\system32\D3DCompiler_42.dll
2010-03-22 06:28 . 2009-09-04 15:29 453456 ----a-w- d:\windows\system32\d3dx10_42.dll
2010-03-22 06:28 . 2009-09-04 15:29 235344 ----a-w- d:\windows\system32\d3dx11_42.dll
2010-03-22 06:28 . 2009-09-04 15:29 1892184 ----a-w- d:\windows\system32\D3DX9_42.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-21 03:10 . 2010-01-15 12:14 0 -c--a-w- d:\documents and settings\kasut\Local Settings\Application Data\prvlcl.dat
2010-04-21 03:08 . 2009-09-02 13:50 75 ----a-w- d:\documents and settings\kasut\jagex_runescape_preferences2.dat
2010-04-21 03:08 . 2009-07-21 11:39 69 ----a-w- d:\documents and settings\kasut\jagex_runescape_preferences.dat
2010-04-20 18:46 . 2009-11-28 08:17 -------- d-----w- d:\documents and settings\kasut\Application Data\vlc
2010-04-20 09:46 . 2009-07-21 04:52 -------- d-----w- d:\documents and settings\kasut\Application Data\uTorrent
2010-04-20 06:51 . 2010-02-11 16:42 -------- d-----w- d:\program files\NVIDIA Corporation
2010-04-20 06:51 . 2009-07-21 14:04 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2010-04-20 05:34 . 2009-12-31 05:12 -------- d-----w- d:\program files\PowerArchiver
2010-04-19 13:37 . 2009-08-13 09:47 -------- d-----w- d:\program files\GameSpy
2010-04-19 13:33 . 2009-07-20 17:54 45176 -c--a-w- d:\documents and settings\kasut\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-19 13:06 . 2009-07-20 18:57 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-04-06 08:08 . 2010-01-07 11:23 -------- d-----w- d:\program files\Sonne Video Converter
2010-04-06 06:43 . 2009-10-10 07:46 -------- d-----w- d:\documents and settings\kasut\Application Data\AVI ReComp
2010-04-02 13:40 . 2010-01-07 11:23 -------- d-----w- d:\documents and settings\All Users\Application Data\Apple Computer
2010-03-24 09:01 . 2009-07-20 17:58 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-03-16 16:30 . 2009-07-31 13:07 -------- d-----w- d:\documents and settings\All Users\Application Data\Ubisoft
2010-03-12 09:26 . 2009-07-21 04:35 600144 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-03-11 04:14 . 2009-07-21 04:37 1324 ----a-w- d:\windows\system32\d3d9caps.dat
2010-03-08 17:19 . 2010-03-08 17:19 -------- d-----w- d:\documents and settings\kasut\Application Data\enchant
2010-03-08 17:18 . 2009-12-22 11:43 -------- d-----w- d:\program files\AbiWord
2010-03-08 12:31 . 2010-03-04 16:38 -------- d-----w- d:\program files\Common Files\Blizzard Entertainment
2010-03-08 12:31 . 2009-07-21 04:53 -------- d-----w- d:\program files\uTorrent
2010-03-04 16:37 . 2010-03-04 16:37 -------- d-----w- d:\documents and settings\All Users\Application Data\Blizzard
2010-02-12 08:46 . 2010-02-12 08:46 91424 ----a-w- d:\windows\system32\dnssd.dll
2010-02-12 08:46 . 2010-02-12 08:46 107808 ----a-w- d:\windows\system32\dns-sd.exe
2010-02-12 05:51 . 2010-02-12 05:51 88064 -c--a-w- d:\documents and settings\kasut\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.62.0A.dll
2010-02-04 09:40 . 2010-02-04 09:40 138240 -c--a-w- d:\documents and settings\kasut\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2010-02-04 09:40 . 2010-02-04 09:40 138240 -c--a-w- d:\documents and settings\kasut\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2010-02-04 09:40 . 2010-02-04 09:40 138240 -c--a-w- d:\documents and settings\kasut\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2010-02-04 09:40 . 2010-02-04 09:40 138240 -c--a-w- d:\documents and settings\kasut\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-10-17 12:56 . 2009-10-17 12:56 164352 -csh--w- d:\windows\system32\SC.dll
.

------- Sigcheck -------

[-] 2008-08-29 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . d:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 11:02 1230080 ----a-w- d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "d:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="d:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"AlcoholAutomount"="d:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"RTHDCPL"="RTHDCPL.EXE" [2008-03-26 16859136]
"AVG8_TRAY"="d:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-18 2046816]
"AVGIDS"="d:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-02-26 1579528]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"DownloadStudio"="d:\program files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe" [2009-07-09 156312]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"amd_dc_opt"="d:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NeroFilterCheck"="d:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"CAPON"="d:\windows\system32\Spool\Drivers\w32x86\3\CAPONN.EXE" [2000-04-19 22528]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Canon LBP-800 Status Window.LNK - d:\windows\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [2009-8-8 112640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-31 06:16 11952 ----a-w- d:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Steam\\steamapps\\common\\baboinvasion\\BaboInvasion.exe"=

R0 AVGIDSErHr;AVGIDSErHr;d:\windows\system32\drivers\AVGIDSErHr.sys [2/26/2009 12:46 PM 25608]
R0 AvgRkx86;avgrkx86.sys;d:\windows\system32\drivers\avgrkx86.sys [7/21/2009 8:03 AM 12552]
R0 pavboot;pavboot;d:\windows\system32\drivers\pavboot.sys [8/9/2009 3:45 PM 28544]
R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [4/19/2010 4:31 PM 114768]
R1 AvgLdx86;AVG AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [7/21/2009 8:03 AM 335240]
R1 AvgTdiX;AVG8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys [7/21/2009 8:03 AM 108552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [7/21/2009 8:08 AM 108289]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [4/19/2010 4:31 PM 20560]
R2 avg8emc;AVG8 E-mail Scanner;d:\progra~1\AVG\AVG8\avgemc.exe [7/21/2009 8:03 AM 908056]
R2 avg8wd;AVG8 WatchDog;d:\progra~1\AVG\AVG8\avgwdsvc.exe [7/31/2009 9:16 AM 297752]
R2 avgfws8;AVG8 Firewall;d:\progra~1\AVG\AVG8\avgfws8.exe [7/31/2009 9:16 AM 1370488]
R2 RapidPort;RapidPort;d:\windows\system32\drivers\CAPLPTN.SYS [1/27/2010 10:18 AM 23008]
R3 Avgfwdx;Avgfwdx;d:\windows\system32\drivers\avgfwdx.sys [7/21/2009 8:02 AM 29208]
R3 AVGIDSDriver;AVGIDSDriver;d:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [2/26/2009 12:46 PM 121352]
R3 AVGIDSFilter;AVGIDSFilter;d:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [2/26/2009 12:46 PM 30216]
R3 AVGIDSShim;AVGIDSShim;d:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [2/26/2009 12:46 PM 27232]
S0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [8/9/2009 4:42 PM 721904]
S2 AVGIDSAgent;AVGIDSAgent;d:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [2/26/2009 12:46 PM 5576712]
S2 AVGIDSWatcher;AVGIDSWatcher;d:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2/26/2009 12:46 PM 563720]
S3 Avgfwfd;AVG network filter service;d:\windows\system32\drivers\avgfwdx.sys [7/21/2009 8:02 AM 29208]
S3 cpuz130;cpuz130;\??\d:\docume~1\kasut\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> d:\docume~1\kasut\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [11/6/2007 11:22 PM 34064]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\kasut\Application Data\Mozilla\Firefox\Profiles\ygovtb28.default\
FF - component: d:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: d:\program files\Sonne Video Converter\codec\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\Sonne Video Converter\codec\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-UIWatcher - d:\program files\Ashampoo\Ashampoo UnInstaller 4\UIWatcher.exe
HKCU-Run-RGSC - d:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
HKLM-Run-nwiz - d:\program files\NVIDIA Corporation\nView\nwiz.exe
AddRemove-DAEMON Tools Toolbar - d:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-NVIDIA nView Desktop Manager - d:\program files\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-QuicktimeAlt_is1 - d:\program files\Sonne Video Converter\codec\quicktime\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-04-21 06:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-1965331169-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4278CC6E-EC43-311C-5A37-EFB25CE80A21}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1547161642-1965331169-682003330-1004\Software\SecuROM\License information*]
"datasecu"=hex:19,e4,89,9f,08,0a,1f,db,3c,c0,6f,f9,50,d7,bd,95,64,63,ad,c8,93,
41,40,70,c8,86,69,17,bf,36,14,28,36,07,24,27,d0,be,1b,b5,3a,55,4d,67,ad,25,\
"rkeysecu"=hex:29,19,a1,af,88,25,43,b6,eb,d1,00,82,c1,e1,57,21
.
Completion time: 2010-04-21 06:20:19
ComboFix-quarantined-files.txt 2010-04-21 03:20

Pre-Run: 4,459,175,936 bytes free
Post-Run: 4,489,142,272 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(2)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /usepmtimer /NoExecute=OptOut

- - End Of File - - 5F35ADD683C618CA25C16D3405BEC143

 

[altron]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:33:55 AM, on 4/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\WINDOWS\system32\CAPRPCSK.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\AVG\AVG8\avgam.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
D:\PROGRA~1\AVG\AVG8\avgfws8.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Java\jre6\bin\jucheck.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Java\jre6\bin\javaw.exe
D:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSUI.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Documents and Settings\kasut\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Download Studio Click Monitor - {8170D7DC-BDD6-461e-88EB-F047257898C9} - D:\Program Files\Conceiva\DownloadStudio\DLMonitr.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - D:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [GEST] =
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AVGIDS] "D:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DownloadStudio] D:\Program Files\Conceiva\DownloadStudio\DownloadStudioScheduleMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CAPON] D:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Canon LBP-800 Status Window.LNK = D:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: AVGIDSAgent - AVG - D:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - D:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10597 bytes