Jump to content

Recommended Posts

So, this weekend I installed a CD game (Impossible Creatures) as well as a few of the probably many-years outdated upgrades for it from microsoft.com (completely legally. I know there is a policy with UTorrent and stuff like that; to the best of my knowledge, that isn't on my computer, I got rid of it last year). The upgrades didn't work, so I just deleted them.

Anyway, right now my computer's files are behaving oddly. Firefox kept freezing when opened, so I had to uninstall/reinstall it to get it to work. Skype kept getting some unable-to-access I/O message, and had to go through deleting my skype username history quite a few times before it would work. And had to restart my computer. Currently, I'm having trouble with opening Opera: it just doesn't open.

This is just a few days old. Malwarebytes and Avast! pick up nothing.

What should I do?

I forgot to add my DDS logs. Will attach now.

Attach.txt

DDS.txt

Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Malware Bytes Log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.18.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Loren Reinoso :: LORENREINOSO-PC [administrator]

2/18/2012 1:55:07 PM

mbam-log-2012-02-18 (13-55-07).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 308427

Time elapsed: 3 hour(s), 1 minute(s), 27 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Do you want me to post the DDS logs, too?

As to the behavior of my computer:

I can't save many files. For example, if I want to save an edited song on Sibelius, it claims the file is read-only (it isn't). My Chrome settings are not found. CommonApp.org was listed as a hazardrous website by Firefox, and I cannot open Opera.

I didn't know that HijackThis could screw up my computer. That might be part of the issue, but the last time I used it (yes, it was unsupervised. I tend to think I can do things I can't...) was a few months ago. Would it take this long for any issue caused by HT to hit me?

Link to post
Share on other sites

System restore doesn't work. I tried it three times. Each time it says the system failed to restore to the previous restore point. The help section is not working, either. So I can't go to the FAQs for system restore.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Loren Reinoso at 8:35:54 on 2012-02-14

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\SLsvc.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\IPSSVC.EXE

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Windows\System32\TPHDEXLG.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Windows\vsnp2uvc.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\BHODemon 2\BHODemon.exe

C:\Program Files\MRU-Blaster\scheduler.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\conime.exe

C:\Users\LORENR~1\AppData\Local\Temp\nsc88F0.tmp\SWREG.DAT

C:\Users\Loren Reinoso\Downloads\dds(2).scr

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://lenovo.live.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://lenovo.live.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

TB: {58BECA16-CAE6-4B7A-A0E8-153D0CBBA63A} - No File

TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Google Update] "c:\users\loren reinoso\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [snp2uvc] c:\windows\vsnp2uvc.exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt"

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"

mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup

mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"

mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

TCP: DhcpNameServer = 10.90.0.2 10.90.0.3

TCP: Interfaces\{6E2FBC04-B306-466F-941E-6EDB082E72BE} : DhcpNameServer = 172.17.239.253

TCP: Interfaces\{DEDCBF05-B248-4D2E-BF8D-3EAB8F9F50B7} : DhcpNameServer = 10.90.0.2 10.90.0.3

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs:

SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

LSA: Notification Packages = scecli ACGina

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\loren reinoso\appdata\roaming\mozilla\firefox\profiles\1kltf9iz.default\

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\musicnotes\npmusicn.dll

FF - plugin: c:\program files\musicnotes\NPSibelius.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\loren reinoso\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? fssfltr;fssfltr

R? fsssvc;Windows Live Family Safety Service

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

R? McComponentHostService;McAfee Security Scan Component Host Service

R? RDID1093;UM-1G

R? SkypeUpdate;Skype Updater

R? SYMNDISV;SYMNDISV

R? wlcrasvc;Windows Live Mesh remote connections service

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? aswFsBlk;aswFsBlk

S? aswMonFlt;aswMonFlt

S? aswSnx;aswSnx

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

S? dtsoftbus01;DAEMON Tools Virtual Bus Driver

S? FontCache;Windows Font Cache Service

S? lenovo.smi;Lenovo System Interface Driver

S? TPDIGIMN;TPDIGIMN

S? TPHKSVC;On Screen Display

S? TVT Backup Protection Service;TVT Backup Protection Service

S? TVTI2C;Lenovo SM bus driver

.

=============== Created Last 30 ================

.

2012-02-13 12:56:44 -------- d-----w- C:\D

2012-02-12 19:58:57 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{de424d69-f27a-4afe-abb8-292dbfb54631}\offreg.dll

2012-02-12 01:19:01 -------- d-----w- c:\program files\Microsoft Games

2012-02-10 18:42:47 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{de424d69-f27a-4afe-abb8-292dbfb54631}\mpengine.dll

2012-01-31 12:31:06 -------- d-----w- C:\C

2012-01-15 13:36:37 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-01-15 13:36:36 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-15 13:36:36 278528 ----a-w- c:\windows\system32\schannel.dll

2012-01-15 13:36:35 9728 ----a-w- c:\windows\system32\lsass.exe

2012-01-15 13:36:35 72704 ----a-w- c:\windows\system32\secur32.dll

2012-01-15 13:36:35 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-01-15 13:36:35 1259008 ----a-w- c:\windows\system32\lsasrv.dll

.

==================== Find3M ====================

.

2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe

2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll

2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll

.

============= FINISH: 8:38:27.90 ===============

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.