Jump to content
Chainrulebites

Infected/Corrupted?

Recommended Posts

So, this weekend I installed a CD game (Impossible Creatures) as well as a few of the probably many-years outdated upgrades for it from microsoft.com (completely legally. I know there is a policy with UTorrent and stuff like that; to the best of my knowledge, that isn't on my computer, I got rid of it last year). The upgrades didn't work, so I just deleted them.

Anyway, right now my computer's files are behaving oddly. Firefox kept freezing when opened, so I had to uninstall/reinstall it to get it to work. Skype kept getting some unable-to-access I/O message, and had to go through deleting my skype username history quite a few times before it would work. And had to restart my computer. Currently, I'm having trouble with opening Opera: it just doesn't open.

This is just a few days old. Malwarebytes and Avast! pick up nothing.

What should I do?

I forgot to add my DDS logs. Will attach now.

Attach.txt

DDS.txt

Share this post


Link to post
Share on other sites

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Share this post


Link to post
Share on other sites

Malware Bytes Log:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.18.07

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Loren Reinoso :: LORENREINOSO-PC [administrator]

2/18/2012 1:55:07 PM

mbam-log-2012-02-18 (13-55-07).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 308427

Time elapsed: 3 hour(s), 1 minute(s), 27 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Do you want me to post the DDS logs, too?

As to the behavior of my computer:

I can't save many files. For example, if I want to save an edited song on Sibelius, it claims the file is read-only (it isn't). My Chrome settings are not found. CommonApp.org was listed as a hazardrous website by Firefox, and I cannot open Opera.

I didn't know that HijackThis could screw up my computer. That might be part of the issue, but the last time I used it (yes, it was unsupervised. I tend to think I can do things I can't...) was a few months ago. Would it take this long for any issue caused by HT to hit me?

Share this post


Link to post
Share on other sites

Have you tried System Restore?

1.

Click Start.

2.

Point to All Programs.

3.

Point to Accessories.

4.

Point to System Tools.

5.

Click System Restore.

6.

Follow the instructions on the wizard.

See if you can find a date the the PC worked.

Share this post


Link to post
Share on other sites

System restore doesn't work. I tried it three times. Each time it says the system failed to restore to the previous restore point. The help section is not working, either. So I can't go to the FAQs for system restore.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Loren Reinoso at 8:35:54 on 2012-02-14

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\SLsvc.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\IPSSVC.EXE

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Windows\System32\TPHDEXLG.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Lenovo\System Update\SUService.exe

C:\Windows\vsnp2uvc.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\BHODemon 2\BHODemon.exe

C:\Program Files\MRU-Blaster\scheduler.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Lenovo\Camera Center\bin\LenovoCameraCenter.exe

C:\Program Files\ThinkPad\Bluetooth Software\BtStackServer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\conime.exe

C:\Users\LORENR~1\AppData\Local\Temp\nsc88F0.tmp\SWREG.DAT

C:\Users\Loren Reinoso\Downloads\dds(2).scr

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://lenovo.live.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://lenovo.live.com

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: CPwmIEBrowserHelper Object: {f040e541-a427-4cf7-85d8-75e3e0f476c5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

TB: {58BECA16-CAE6-4B7A-A0E8-153D0CBBA63A} - No File

TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Google Update] "c:\users\loren reinoso\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r

mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [snp2uvc] c:\windows\vsnp2uvc.exe

mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe

mRun: [<NO NAME>]

mRun: [TpShocks] TpShocks.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [LenovoOobeOffers] c:\swtools\lenovowelcome\lenovooobeoffers.exe /filepath="c:\swshare\firstrun.txt"

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"

mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe /startup

mRun: [CameraApplicationLauncher] c:\program files\lenovo\camera center\bin\CameraApplicationLaunchpadLauncher.exe

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"

mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL

TCP: DhcpNameServer = 10.90.0.2 10.90.0.3

TCP: Interfaces\{6E2FBC04-B306-466F-941E-6EDB082E72BE} : DhcpNameServer = 172.17.239.253

TCP: Interfaces\{DEDCBF05-B248-4D2E-BF8D-3EAB8F9F50B7} : DhcpNameServer = 10.90.0.2 10.90.0.3

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs:

SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll

LSA: Notification Packages = scecli ACGina

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\loren reinoso\appdata\roaming\mozilla\firefox\profiles\1kltf9iz.default\

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\musicnotes\npmusicn.dll

FF - plugin: c:\program files\musicnotes\NPSibelius.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\loren reinoso\appdata\local\google\update\1.3.21.99\npGoogleUpdate3.dll

.

============= SERVICES / DRIVERS ===============

.

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? fssfltr;fssfltr

R? fsssvc;Windows Live Family Safety Service

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

R? McComponentHostService;McAfee Security Scan Component Host Service

R? RDID1093;UM-1G

R? SkypeUpdate;Skype Updater

R? SYMNDISV;SYMNDISV

R? wlcrasvc;Windows Live Mesh remote connections service

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? aswFsBlk;aswFsBlk

S? aswMonFlt;aswMonFlt

S? aswSnx;aswSnx

S? aswSP;aswSP

S? avast! Antivirus;avast! Antivirus

S? dtsoftbus01;DAEMON Tools Virtual Bus Driver

S? FontCache;Windows Font Cache Service

S? lenovo.smi;Lenovo System Interface Driver

S? TPDIGIMN;TPDIGIMN

S? TPHKSVC;On Screen Display

S? TVT Backup Protection Service;TVT Backup Protection Service

S? TVTI2C;Lenovo SM bus driver

.

=============== Created Last 30 ================

.

2012-02-13 12:56:44 -------- d-----w- C:\D

2012-02-12 19:58:57 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{de424d69-f27a-4afe-abb8-292dbfb54631}\offreg.dll

2012-02-12 01:19:01 -------- d-----w- c:\program files\Microsoft Games

2012-02-10 18:42:47 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{de424d69-f27a-4afe-abb8-292dbfb54631}\mpengine.dll

2012-01-31 12:31:06 -------- d-----w- C:\C

2012-01-15 13:36:37 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

2012-01-15 13:36:36 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-01-15 13:36:36 278528 ----a-w- c:\windows\system32\schannel.dll

2012-01-15 13:36:35 9728 ----a-w- c:\windows\system32\lsass.exe

2012-01-15 13:36:35 72704 ----a-w- c:\windows\system32\secur32.dll

2012-01-15 13:36:35 377344 ----a-w- c:\windows\system32\winhttp.dll

2012-01-15 13:36:35 1259008 ----a-w- c:\windows\system32\lsasrv.dll

.

==================== Find3M ====================

.

2012-01-27 05:21:24 237072 ------w- c:\windows\system32\MpSigStub.exe

2011-12-10 20:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr

2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll

2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll

.

============= FINISH: 8:38:27.90 ===============

Share this post


Link to post
Share on other sites

Here's the update: I did the disk check, but it found no files corrupted. I also uinstalled and reinstalled Chrome, and now it's working good as new. I guess it has something to do with the current installations being funky.

Share this post


Link to post
Share on other sites

Cool....

Thank you for taking the time to post back and letting us know thumbup.gif

Peace be with you wavey.gif

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.