Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Remove Boot.TIDSERV Win 7

Started by Thomas Mohan , Aug 25 2011 01:42 PM

  • This topic is locked This topic is locked

#1
Thomas Mohan
Posted 25 August 2011 - 01:42 PM

Thomas Mohan

    Member

  • Member
  • PipPip
  • 10 posts
My Windows 7 Toshiba Satellite laptop has been infected with this virus.
Norton 360 can not get rid of it.
I have used both tools that Norton suggested to no avail.
I have also tried TDS Killer, Fix TDS, SUPERAntiSpyware.
All with no success.
I do not want to reinstall Windows if I do not have too.
Help please.
Tom
  • 0

Advertisements

#2
Essexboy
Posted 25 August 2011 - 02:12 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
hi there lets see first what the variant is

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Thomas Mohan
Posted 25 August 2011 - 06:39 PM

Thomas Mohan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here are the log files from the scans.
I am looking forward to getting rid of this pain.
Thanks

OTL
OTL logfile created on: 8/25/2011 8:00:29 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\TMohan\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 82.26% Memory free
5.49 Gb Paging File | 5.10 Gb Available in Paging File | 92.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.70 Gb Total Space | 249.26 Gb Free Space | 86.34% Space Free | Partition Type: NTFS

Computer Name: TPM | User Name: TMohan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/25 19:48:37 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\TMohan\Desktop\OTL.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - [2011/06/29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Stopped] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/03/01 17:02:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/09/17 16:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/09/02 01:47:18 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2009/08/21 12:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/17 13:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/11 19:09:54 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2009/08/10 22:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/06 20:04:56 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2009/07/30 02:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 18:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/21 14:30:40 | 000,131,072 | ---- | M] (Visioneer Inc.) [Auto | Stopped] -- C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe -- (OneTouch 4.0 Monitor)


========== Driver Services (SafeList) ==========

DRV - [2011/08/25 18:03:14 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110825.002_60d\navex15.sys -- (NAVEX15)
DRV - [2011/08/25 18:03:14 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110825.002_60d\naveng.sys -- (NAVENG)
DRV - [2011/08/23 14:17:29 | 000,026,872 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\FixTDSS.sys -- (FixTDSS)
DRV - [2011/08/23 00:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110822.031_6a0\IDSvix86.sys -- (IDSVix86)
DRV - [2011/07/27 19:13:54 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/07/27 19:13:54 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 20:27:23 | 000,815,736 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110812.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/07/08 17:44:30 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\windows\system32\drivers\N360\0501000.01D\SYMNETS.SYS -- (SymNetS)
DRV - [2011/05/27 15:07:27 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 23:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 23:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 22:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 02:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 01:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/01 08:53:58 | 000,081,408 | ---- | M] (Gigaware) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Svk2pl.sys -- (Svk2pl)
DRV - [2009/07/30 20:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 15:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/24 18:57:06 | 000,275,536 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2009/07/14 18:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 18:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/07 11:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/24 21:23:12 | 000,159,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009/06/19 22:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)
DRV - [2009/05/05 03:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2008/08/22 11:28:32 | 000,333,824 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-115664273-2740075616-858329361-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-115664273-2740075616-858329361-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-115664273-2740075616-858329361-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig
IE - HKU\S-1-5-21-115664273-2740075616-858329361-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-115664273-2740075616-858329361-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-115664273-2740075616-858329361-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = firewall.cbp.dhs.gov:80

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\TMohan\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\TMohan\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/05/03 12:24:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/08/24 11:05:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_1_3 [2011/08/25 17:57:55 | 000,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient_2.dll (Yontoo LLC)
O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-115664273-2740075616-858329361-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-115664273-2740075616-858329361-1003..\Run: [MyTOSHIBA] C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - HKU\S-1-5-21-115664273-2740075616-858329361-1003..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKU\S-1-5-21-115664273-2740075616-858329361-1003..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-115664273-2740075616-858329361-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-115664273-2740075616-858329361-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.50.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/25 19:48:35 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\TMohan\Desktop\OTL.exe
[2011/08/25 15:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Productivity_3.1
[2011/08/25 13:38:27 | 000,000,000 | ---D | C] -- C:\Users\TMohan\AppData\Roaming\SUPERAntiSpyware.com
[2011/08/25 13:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/08/25 13:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/25 12:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/08/25 12:51:10 | 000,000,000 | ---D | C] -- C:\Users\TMohan\Desktop\tdsskiller
[2011/08/24 07:12:30 | 000,000,000 | ---D | C] -- C:\Users\TMohan\AppData\Roaming\Tific
[2011/08/24 07:06:46 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/08/23 22:51:29 | 000,000,000 | ---D | C] -- C:\windows\System32\N360_BACKUP
[2011/08/23 21:13:22 | 000,000,000 | ---D | C] -- C:\NBRT
[2011/08/23 16:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Bootable Recovery Tool Wizard
[2011/08/23 14:30:08 | 000,000,000 | ---D | C] -- C:\Users\TMohan\AppData\Local\NPE
[2011/08/23 14:17:29 | 000,026,872 | ---- | C] (Symantec Corporation) -- C:\windows\System32\drivers\FixTDSS.sys
[2011/08/23 14:06:01 | 000,000,000 | ---D | C] -- C:\Users\TMohan\AppData\Roaming\FixTDSS
[2011/08/23 14:02:46 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\TMohan\Desktop\FixTDSS.exe
[2011/08/23 13:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Yontoo Layers Runtime
[2011/08/23 13:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/08/06 11:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/08/06 11:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/08/06 11:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/08/04 09:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Medic
[2011/07/27 13:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ErrorEND
[2011/07/27 13:27:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ErrorEND
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/25 19:48:37 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\TMohan\Desktop\OTL.exe
[2011/08/25 19:01:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/25 19:00:55 | 2211,577,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/25 18:00:27 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/25 17:57:42 | 108,771,698 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/08/25 07:48:19 | 001,390,139 | ---- | M] () -- C:\Users\TMohan\Desktop\tdsskiller.zip
[2011/08/24 07:07:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-115664273-2740075616-858329361-1003UA.job
[2011/08/23 14:39:07 | 000,023,572 | ---- | M] () -- C:\Users\TMohan\AppData\Roaming\SMRResults210.dat
[2011/08/23 14:26:31 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 14:26:31 | 000,015,792 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/23 14:24:02 | 000,624,178 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/08/23 14:24:02 | 000,106,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/08/23 14:17:29 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\FixTDSS.sys
[2011/08/23 14:02:52 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\TMohan\Desktop\FixTDSS.exe
[2011/08/23 13:35:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/22 20:07:00 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-115664273-2740075616-858329361-1003Core.job
[2011/08/21 17:05:26 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2011/08/21 08:48:46 | 000,019,667 | ---- | M] () -- C:\Users\TMohan\Desktop\NDA27329.pdf
[2011/08/21 08:03:12 | 000,000,384 | ---- | M] () -- C:\windows\tasks\ErrorEND.job
[2011/08/06 11:44:06 | 000,001,786 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/02 09:09:10 | 000,129,096 | ---- | M] () -- C:\Users\TMohan\Desktop\application.pdf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/25 07:48:16 | 001,390,139 | ---- | C] () -- C:\Users\TMohan\Desktop\tdsskiller.zip
[2011/08/24 07:06:31 | 108,771,698 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/08/23 14:39:06 | 000,023,572 | ---- | C] () -- C:\Users\TMohan\AppData\Roaming\SMRResults210.dat
[2011/08/21 08:48:45 | 000,019,667 | ---- | C] () -- C:\Users\TMohan\Desktop\NDA27329.pdf
[2011/08/06 11:44:05 | 000,001,786 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/08/02 09:09:10 | 000,129,096 | ---- | C] () -- C:\Users\TMohan\Desktop\application.pdf
[2011/07/27 13:28:05 | 000,000,384 | ---- | C] () -- C:\windows\tasks\ErrorEND.job
[2011/07/08 15:37:42 | 000,000,487 | ---- | C] () -- C:\windows\cdplayer.ini
[2011/07/08 15:30:39 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/05/18 17:25:55 | 000,001,940 | ---- | C] () -- C:\Users\TMohan\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/03/21 13:22:06 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/05/24 07:55:13 | 000,077,901 | ---- | C] () -- C:\windows\hpfins05.dat
[2010/05/24 07:55:12 | 000,001,395 | ---- | C] () -- C:\windows\hpfmdl05.dat
[2010/05/19 10:48:15 | 000,237,568 | ---- | C] () -- C:\windows\System32\hppapr02.DLL
[2010/05/19 10:48:15 | 000,000,526 | ---- | C] () -- C:\windows\System32\hppapr02.DAT
[2010/03/01 18:41:32 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2010/02/02 11:28:57 | 000,000,098 | ---- | C] () -- C:\Users\TMohan\AppData\Roaming\wklnhst.dat
[2010/01/12 13:33:45 | 000,000,312 | ---- | C] () -- C:\windows\quickscn.ini
[2010/01/12 13:29:05 | 000,004,944 | ---- | C] () -- C:\windows\pixcache.ini
[2009/11/19 18:50:28 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2009/09/17 13:02:37 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/09/17 12:33:22 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2009/09/17 12:33:22 | 000,000,176 | ---- | C] () -- C:\windows\System32\drivers\RTHDAEQ0.dat
[2009/09/17 12:24:31 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/09/02 01:22:18 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\windows\System32\OGAEXEC.exe
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 00:33:53 | 000,382,592 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,624,178 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,522 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2008/04/21 13:21:46 | 000,327,680 | ---- | C] () -- C:\windows\System32\ZSHP2600.EXE
[2008/04/21 13:21:44 | 011,194,368 | ---- | C] () -- C:\windows\System32\ZHHP_RES.DLL
[2008/04/21 13:21:43 | 000,241,664 | ---- | C] () -- C:\windows\System32\ZHHP2600.EXE
[2008/04/21 13:21:43 | 000,114,688 | ---- | C] () -- C:\windows\System32\VSHP2600.DLL
[2008/04/21 13:21:40 | 000,749,568 | ---- | C] () -- C:\windows\System32\AGISSI.DLL
[2007/12/21 14:27:30 | 000,065,536 | ---- | C] () -- C:\windows\System32\DM510.dll
[2003/08/28 16:11:42 | 000,000,702 | ---- | C] () -- C:\windows\Cm3.ini
[2003/08/26 16:56:32 | 000,000,260 | ---- | C] () -- C:\windows\SETSCAN.INI
[2003/08/26 16:56:32 | 000,000,036 | ---- | C] () -- C:\windows\WS40.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/12/19 14:27:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\eMusic
[2011/08/23 14:17:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FixTDSS
[2009/12/09 11:26:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\LinkManager 4.0
[2009/11/19 18:50:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2010/05/31 10:31:03 | 000,000,000 | ---D | M] -- C:\Users\TMohan\AppData\Roaming\eMusic
[2011/08/24 11:05:16 | 000,000,000 | ---D | M] -- C:\Users\TMohan\AppData\Roaming\FixTDSS
[2009/12/09 11:33:39 | 000,000,000 | ---D | M] -- C:\Users\TMohan\AppData\Roaming\LinkManager 4.0
[2011/06/23 14:30:40 | 000,000,000 | ---D | M] -- C:\Users\TMohan\AppData\Roaming\Sony
[2010/02/02 11:29:00 | 000,000,000 | ---D | M] -- C:\Users\TMohan\AppData\Roaming\Template
[2011/08/24 07:12:30 | 000,000,000 | ---D | M] -- C:\Users\TMohan\AppData\Roaming\Tific
[2011/08/07 21:47:45 | 000,000,000 | ---D | M] -- C:\Users\TMohan\AppData\Roaming\toshiba
[2010/02/18 15:26:41 | 000,000,000 | ---D | M] -- C:\Users\TMohan\AppData\Roaming\WinBatch
[2010/12/02 08:39:15 | 000,000,000 | ---D | M] -- C:\Users\TMohan\AppData\Roaming\Windows Live Writer
[2011/08/21 08:03:12 | 000,000,384 | ---- | M] () -- C:\windows\Tasks\ErrorEND.job
[2010/08/28 20:24:41 | 000,032,656 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 08:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


Extras
OTL Extras logfile created on: 8/25/2011 7:51:09 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\TMohan\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 86.72% Memory free
5.49 Gb Paging File | 5.17 Gb Available in Paging File | 94.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.70 Gb Total Space | 249.31 Gb Free Space | 86.36% Space Free | Partition Type: NTFS

Computer Name: TPM | User Name: TMohan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistPlayItAll] -- "C:\Program Files\PlayItAll\playitall.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithPlayItAll] -- "C:\Program Files\PlayItAll\playitall.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13EB4BEC-7DB4-44C3-A46A-459E35999448}" = QuickScan 3.0
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4C2BB796-A02C-4AD5-847C-0FC307EB79D1}" = OneTouch 4.0
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.6
"{51C77E17-3337-6409-16A9-A90CA8B9BBF6}" = ccc-utility
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D62ABA3-35EC-623E-2C5F-1B3332CB705B}" = Media Go Video Playback Engine 1.64.109.02280
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2BB21FB-F0AF-4354-8FDC-7C9140A113C9}" = OneTouch 4.0
"{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}" = ATI Catalyst Install Manager
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB257573-7809-4208-8531-F7A1738D2F37}" = RadioShack USB to Serial Driver
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE82A5FA-FEE8-40CD-9A7D-D59EC55DB8AE}" = XEROX DocuMate 510
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{DE82A5FA-FEE8-40CD-9A7D-D59EC55DB8AE}" = XEROX DocuMate 510
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton 360 Premier Edition
"PlayItAll media player" = PlayItAll media player 1.0.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/22/2011 12:32:00 AM | Computer Name = TPM | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\sony ericsson\sony
ericsson pc companion\Drivers\DPInst64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/23/2011 2:14:54 PM | Computer Name = TPM | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/23/2011 2:15:02 PM | Computer Name = TPM | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/23/2011 2:15:02 PM | Computer Name = TPM | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 8/23/2011 2:15:31 PM | Computer Name = TPM | Source = ESENT | ID = 215
Description = WinMail (2660) WindowsMail0: The backup has been stopped because it
was halted by the client or the connection with the client failed.

Error - 8/25/2011 12:55:20 PM | Computer Name = TPM | Source = PerfNet | ID = 2004
Description =

Error - 8/25/2011 12:57:23 PM | Computer Name = TPM | Source = PerfNet | ID = 2004
Description =

Error - 8/25/2011 1:03:23 PM | Computer Name = TPM | Source = PerfNet | ID = 2004
Description =

Error - 8/25/2011 3:54:11 PM | Computer Name = TPM | Source = PerfNet | ID = 2004
Description =

Error - 8/25/2011 7:52:28 PM | Computer Name = TPM | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 8/25/2010 5:31:09 PM | Computer Name = TPM | Source = MCUpdate | ID = 0
Description = 5:31:03 PM - Error connecting to the internet. 5:31:03 PM - Unable
to contact server..

Error - 9/4/2010 8:08:03 AM | Computer Name = TPM | Source = MCUpdate | ID = 0
Description = 8:08:03 AM - Error connecting to the internet. 8:08:03 AM - Unable
to contact server..

Error - 9/4/2010 8:08:34 AM | Computer Name = TPM | Source = MCUpdate | ID = 0
Description = 8:08:32 AM - Error connecting to the internet. 8:08:32 AM - Unable
to contact server..

Error - 9/23/2010 6:32:07 PM | Computer Name = TPM | Source = MCUpdate | ID = 0
Description = 6:32:07 PM - Error connecting to the internet. 6:32:07 PM - Unable
to contact server..

Error - 9/23/2010 6:32:18 PM | Computer Name = TPM | Source = MCUpdate | ID = 0
Description = 6:32:12 PM - Error connecting to the internet. 6:32:12 PM - Unable
to contact server..

Error - 9/23/2010 7:32:23 PM | Computer Name = TPM | Source = MCUpdate | ID = 0
Description = 7:32:23 PM - Error connecting to the internet. 7:32:23 PM - Unable
to contact server..

Error - 9/23/2010 7:32:29 PM | Computer Name = TPM | Source = MCUpdate | ID = 0
Description = 7:32:28 PM - Error connecting to the internet. 7:32:28 PM - Unable
to contact server..

Error - 5/15/2011 6:45:21 AM | Computer Name = TPM | Source = MCUpdate | ID = 0
Description = 6:45:21 AM - Error connecting to the internet. 6:45:21 AM - Unable
to contact server..

Error - 5/15/2011 6:45:54 AM | Computer Name = TPM | Source = MCUpdate | ID = 0
Description = 6:45:50 AM - Error connecting to the internet. 6:45:50 AM - Unable
to contact server..

Error - 5/15/2011 7:46:26 AM | Computer Name = TPM | Source = MCUpdate | ID = 0
Description = 7:46:26 AM - Error connecting to the internet. 7:46:26 AM - Unable
to contact server..

[ System Events ]
Error - 8/25/2011 7:46:27 PM | Computer Name = TPM | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/25/2011 7:46:27 PM | Computer Name = TPM | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/25/2011 7:46:27 PM | Computer Name = TPM | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/25/2011 7:46:28 PM | Computer Name = TPM | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 8/25/2011 7:51:19 PM | Computer Name = TPM | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/25/2011 7:51:19 PM | Computer Name = TPM | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/25/2011 7:51:19 PM | Computer Name = TPM | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/25/2011 7:53:27 PM | Computer Name = TPM | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/25/2011 7:53:27 PM | Computer Name = TPM | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 8/25/2011 7:53:27 PM | Computer Name = TPM | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >

aswMBR
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-08-25 20:12:54
-----------------------------
20:12:54.839 OS Version: Windows 6.1.7601 Service Pack 1
20:12:54.839 Number of processors: 2 586 0x602
20:12:54.839 ComputerName: TPM UserName:
20:12:57.475 Initialize success
20:14:53.025 AVAST engine defs: 11082501
20:16:58.886 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
20:16:58.901 Disk 0 Vendor: TOSHIBA_MK3263GSX FG020M Size: 305245MB BusType: 11
20:17:00.945 Disk 0 MBR read successfully
20:17:00.945 Disk 0 MBR scan
20:17:00.945 Disk 0 Windows VISTA default MBR code
20:17:00.945 Disk 0 scanning sectors +625141760
20:17:01.070 Disk 0 scanning C:\windows\system32\drivers
20:17:11.974 Service scanning
20:17:13.269 Modules scanning
20:17:24.267 Disk 0 trace - called modules:
20:17:24.283 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
20:17:24.283 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a43658]
20:17:24.298 3 CLASSPNP.SYS[8a89159e] -> nt!IofCallDriver -> [0x859db638]
20:17:24.298 5 ACPI.sys[82baf3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x859e4338]
20:17:25.437 AVAST engine scan C:\windows
20:17:28.448 AVAST engine scan C:\windows\system32
20:19:21.127 AVAST engine scan C:\windows\system32\drivers
20:19:32.468 AVAST engine scan C:\Users\TMohan
20:24:43.782 AVAST engine scan C:\ProgramData
20:25:45.153 Scan finished successfully
20:32:01.753 Disk 0 MBR has been saved successfully to "C:\Users\TMohan\Desktop\MBR.dat"
20:32:01.753 The log file has been saved successfully to "C:\Users\TMohan\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 26 August 2011 - 06:32 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is not a run of the mill variant. So lets try to narrow it down

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
Thomas Mohan
Posted 26 August 2011 - 09:21 AM

Thomas Mohan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the Combo Fix Log.
My computer will blue screen when I try to boot it normally.
I then restart and click on Launch Repair, restore.
It will run for a few minutes and then lock up.
I had to run all the scans you have requested while in Safe Mode.
Let me know what to do next.
Thanks

ComboFix 11-08-26.04 - TMohan 08/26/2011 10:48:33.1.2 - x86 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2812.2075 [GMT -4:00]
Running from: c:\users\TMohan\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 Premier Edition *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\TMohan\AppData\Roaming\Microsoft\Windows\Recent\WECT TV6 - WECT.com - Wilmington, NC news and weather - - Homepage WECT.url
c:\windows\explorer.log
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-07-26 to 2011-08-26 )))))))))))))))))))))))))))))))
.
.
2011-08-26 14:53 . 2011-08-26 14:54 -------- d-----w- c:\users\TMohan\AppData\Local\temp
2011-08-26 14:53 . 2011-08-26 14:53 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-08-26 14:53 . 2011-08-26 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-26 11:26 . 2011-08-26 11:26 -------- d-----w- c:\users\TMohan\AppData\Roaming\ParetoLogic
2011-08-26 11:26 . 2011-08-26 11:26 -------- d-----w- c:\users\TMohan\AppData\Roaming\DriverCure
2011-08-26 11:26 . 2011-08-26 11:26 -------- d-----w- c:\program files\Common Files\ParetoLogic
2011-08-26 11:26 . 2011-08-26 11:26 -------- d-----w- c:\programdata\ParetoLogic
2011-08-26 11:26 . 2011-08-26 11:26 -------- d-----w- c:\program files\ParetoLogic
2011-08-25 19:30 . 2011-08-25 19:30 -------- d-----w- c:\program files\Productivity_3.1
2011-08-25 17:38 . 2011-08-25 17:38 -------- d-----w- c:\users\TMohan\AppData\Roaming\SUPERAntiSpyware.com
2011-08-25 17:38 . 2011-08-26 00:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-25 17:38 . 2011-08-25 17:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-24 11:12 . 2011-08-24 11:12 -------- d-----w- c:\users\TMohan\AppData\Roaming\Tific
2011-08-24 02:51 . 2011-08-24 02:51 -------- d-----w- c:\windows\system32\N360_BACKUP
2011-08-24 01:13 . 2011-08-24 01:13 -------- d-----w- C:\NBRT
2011-08-23 20:56 . 2011-08-24 05:28 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard
2011-08-23 18:30 . 2011-08-23 21:08 -------- d-----w- c:\users\TMohan\AppData\Local\NPE
2011-08-23 18:25 . 2011-08-23 18:30 -------- d-----w- c:\users\Owner\AppData\Local\NPE
2011-08-23 18:17 . 2011-08-23 18:17 -------- d-----w- c:\users\Owner\AppData\Roaming\FixTDSS
2011-08-23 18:17 . 2011-08-23 18:17 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2011-08-23 18:06 . 2011-08-24 15:05 -------- d-----w- c:\users\TMohan\AppData\Roaming\FixTDSS
2011-08-23 17:47 . 2011-08-23 17:47 -------- d-----w- c:\program files\Yontoo Layers Runtime
2011-08-06 15:44 . 2011-08-06 15:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-06 15:44 . 2011-08-06 15:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-06 15:44 . 2011-08-06 15:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-06 15:44 . 2011-08-06 15:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-06 15:44 . 2011-08-06 15:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-06 15:44 . 2011-08-06 15:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-06 15:44 . 2011-08-06 15:44 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-08-06 15:43 . 2011-08-06 15:44 -------- d-----w- c:\program files\QuickTime
2011-08-06 15:43 . 2011-08-06 15:43 -------- d-----w- c:\programdata\Apple Computer
2011-08-04 14:01 . 2009-06-22 22:58 89600 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2011-08-04 13:34 . 2011-08-04 13:34 -------- d-----w- c:\programdata\Driver Medic
2011-07-27 17:28 . 2011-07-27 17:28 -------- d-----w- c:\programdata\ErrorEND
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 21:44 . 2011-05-27 19:07 299640 ----a-w- c:\windows\system32\drivers\N360\0501000.01D\symnets.sys
2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-11 02:29 . 2011-07-13 11:03 2334208 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-07-15 04:46 195360 ----a-w- c:\program files\Yontoo Layers Runtime\YontooIEClient_2.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-02 39408]
"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" [2011-07-25 433360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-08-07 611672]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-08-11 1324384]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NortonOnlineBackupReminder]
2009-07-16 19:04 529256 ----a-w- c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe
.
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [2011-07-23 815736]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110824.030_f5f\IDSvix86.sys [2011-08-24 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0501000.01D\Ironx86.SYS [2011-01-27 136312]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360\0501000.01D\SYMNETS.SYS [2011-07-08 299640]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-30 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 136176]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 185712]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-27 105592]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 136176]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-09-02 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
R3 Svk2pl;GigawareX USB to Serial Driver;c:\windows\system32\DRIVERS\Svk2pl.sys [2010-04-01 81408]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-07 685424]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1343400]
S0 FixTDSS;TDSS Fixtool driver;c:\windows\system32\drivers\FixTDSS.sys [2011-08-23 26872]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0501000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-03-21 362600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LPDService REG_MULTI_SZ LPDSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 16:24]
.
2011-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 16:24]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-115664273-2740075616-858329361-1003Core.job
- c:\users\TMohan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-06 10:34]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-115664273-2740075616-858329361-1003UA.job
- c:\users\TMohan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-06 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyServer = firewall.cbp.dhs.gov:80
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.50.1
TCP: Interfaces\{6624F29C-A47D-48E5-8F2B-5BE70EECEC17}: NameServer = 4.2.2.1
TCP: Interfaces\{6624F29C-A47D-48E5-8F2B-5BE70EECEC17}\37579647563707565646: NameServer = 4.2.2.1
TCP: Interfaces\{6624F29C-A47D-48E5-8F2B-5BE70EECEC17}\7457563747143636563737: NameServer = 4.2.2.1
TCP: Interfaces\{6624F29C-A47D-48E5-8F2B-5BE70EECEC17}\8686F6E6F62737: NameServer = 4.2.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\progra~2\TARMAI~1\{889DF~1\Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-26 10:56:09
ComboFix-quarantined-files.txt 2011-08-26 14:56
.
Pre-Run: 266,745,430,016 bytes free
Post-Run: 266,461,978,624 bytes free
.
- - End Of File - - 828D5F08A6F1BBB2F780299F79E008B4
  • 0

#6
Essexboy
Posted 26 August 2011 - 09:56 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I can see no sign of the TDL on the logs, when you boot what does the blue screen reference as it crashes i.e. does it give a driver/file name
  • 0

#7
Thomas Mohan
Posted 26 August 2011 - 10:20 AM

Thomas Mohan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
There is nothing said about a driver. Tells me to check disc space and Vendor for BIOS update. Neither is a problem
  • 0

#8
Essexboy
Posted 26 August 2011 - 11:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK what we will do now is run Chkdisc from safemode - you will need to schedule it to run on next boot and see if that clears that starting problem

A step by step guide on running Chkdisc is here

Could you confirm that the malware alert is no longer appearing
  • 0

#9
Thomas Mohan
Posted 26 August 2011 - 02:23 PM

Thomas Mohan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I have not seen anything that said that the malware is still there.
I am still blue screening at start up and only able to start the computer in safe mode.
  • 0

#10
Essexboy
Posted 26 August 2011 - 03:15 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you have a look in C:\Windows\minidump and upload the latest minidump file from there please (you may have to zip and attach)
  • 0

Advertisements

#11
Thomas Mohan
Posted 26 August 2011 - 04:29 PM

Thomas Mohan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the file that you requested.
By the way the computer has booted normally and has not frozen.
I ran a Norton scan and it came up clean.
I'm going to reboot and see what happens.

Attached Files


  • 0

#12
Thomas Mohan
Posted 26 August 2011 - 04:35 PM

Thomas Mohan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The computer just rebooted fine.
Go figure
  • 0

#13
Essexboy
Posted 27 August 2011 - 04:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The failing element was part of Norton idsvix86.sys

On Fri 8/26/2011 7:59:19 PM GMT your computer crashed
crash dump file: C:\Windows\Minidump\082611-19422-01.dmp
This was probably caused by the following module: idsvix86.sys (IDSvix86+0x5703E)
Bugcheck code: 0x1000007E (0xFFFFFFFFC0000005, 0xFFFFFFFF9445F03E, 0xFFFFFFFF807868F4, 0xFFFFFFFF807864D0)
Error: SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M
Bug check description: This indicates that a system thread generated an exception which the error handler did not catch.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
A third party driver was identified as the probable root cause of this system error. It is suggested you look for an update for the following driver: idsvix86.sys .
Google query: idsvix86.sys SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M


Although it appears to be fixed it would be well worth updating or repairing Norton to ensure that you do not get this again

What are the remaining problems ?
  • 0

#14
Thomas Mohan
Posted 27 August 2011 - 07:43 AM

Thomas Mohan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The computer seems to running fine at this time. I will work on getting the fix for Norton. There are no other problems.
Thank you for your help.
  • 0

#15
Essexboy
Posted 27 August 2011 - 08:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thank you for the donation 'tis gratefully received :unsure:

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :yes:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP