Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IE 8 and desktop icons locking up. [Solved]


  • This topic is locked This topic is locked

#31
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
badlaptop log for your reading pleasure.

TDSSKiller Quarantine Information log
Version 1.0.0.4
***** START SCAN Sat 04/28/2012 10:10:45.75 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.7.33.0_27.04.2012_13.45.56_log.txt
TDSSKiller.2.7.33.0_27.04.2012_13.53.34_log.txt
TDSSKiller.2.7.33.0_27.04.2012_14.00.02_log.txt
TDSSKiller.2.7.33.0_27.04.2012_19.05.21_log.txt

---------- TDSSStarter logs ----------


---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\27.04.2012_19.05.21
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0003
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0002
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0001
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0000
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0000\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0000\svc0000
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0001\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0001\svc0000
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0001\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0001\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0001\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0002\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0002\svc0000
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0002\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0002\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0002\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0003\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0003\svc0000
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0003\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0003\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0003\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0003
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0002
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0001
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0000
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0000\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0000\svc0000
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0001\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0001\svc0000
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0001\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0001\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0001\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0002\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0002\svc0000
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0002\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0002\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0002\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0003\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0003\svc0000
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0003\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0003\svc0000\object.ini
C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0003\svc0000\tsk0000.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0000\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: InstallFilterService
Type: n/a (0x10)
Start: Auto (0x2)
ImagePath: C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe


=== C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
md5: 987a2cc8ec0e86caa2d8068b1ed7b441


=== C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0001\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0001\svc0000\object.ini

[InfectedObject]
Type: Service
Name: Pml Driver HPZ12
Type: n/a (0x10)
Start: Auto (0x2)
ImagePath: %SystemRoot%\System32\svchost.exe -k HPZ12


=== C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0001\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\HPZipm12.dll
md5: 13fbe33e8ab8284c6a3c6ce86fa59ea0


=== C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0002\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0002\svc0000\object.ini

[InfectedObject]
Type: Service
Name: SecureStorageService
Type: n/a (0x10)
Start: Demand (0x3)
ImagePath: "C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe"


=== C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0002\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
md5: f6a6dbd275ec9ef7b573e48b3fd8d3df


=== C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0003\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0003\svc0000\object.ini

[InfectedObject]
Type: Service
Name: tcsd_win32.exe
Type: n/a (0x10)
Start: Auto (0x2)
ImagePath: "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe"


=== C:\TDSSKiller_Quarantine\27.04.2012_13.53.34\susp0003\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
md5: 69f1a38a6dbfe682491cb61a596662e3


=== C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0000\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: InstallFilterService
Type: n/a (0x10)
Start: Auto (0x2)
ImagePath: C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe


=== C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
md5: 987a2cc8ec0e86caa2d8068b1ed7b441


=== C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0001\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0001\svc0000\object.ini

[InfectedObject]
Type: Service
Name: Pml Driver HPZ12
Type: n/a (0x10)
Start: Auto (0x2)
ImagePath: %SystemRoot%\System32\svchost.exe -k HPZ12


=== C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0001\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Windows\system32\HPZipm12.dll
md5: 13fbe33e8ab8284c6a3c6ce86fa59ea0


=== C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0002\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0002\svc0000\object.ini

[InfectedObject]
Type: Service
Name: SecureStorageService
Type: n/a (0x10)
Start: Demand (0x3)
ImagePath: "C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe"


=== C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0002\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
md5: f6a6dbd275ec9ef7b573e48b3fd8d3df


=== C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0003\object.ini

[InfectedObject]
Verdict: UnsignedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0003\svc0000\object.ini

[InfectedObject]
Type: Service
Name: tcsd_win32.exe
Type: n/a (0x10)
Start: Auto (0x2)
ImagePath: "C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe"


=== C:\TDSSKiller_Quarantine\27.04.2012_19.05.21\susp0003\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
md5: 69f1a38a6dbfe682491cb61a596662e3
  • 0

Advertisements


#32
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Thanks for the log.

The prep for the fix will take a little while, please be patient with me it involves compiling several DOS like commands.

I will be working on it without interruption until I post it.

Regards,

CompCav
  • 0

#33
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Using your good laptop:
Please download the attached file (tdssunq.txt) to your USB flash drive.Attached File  tdssunq.txt   959bytes   28 downloads
Remove the USB flash drive from the good laptop

Using your bad laptop:
Copy tdssunq.txt from the USB drive to your desktop
Run TDSSQ again.
Type B
Press Enter and a notepad window will open.
Click file open and open tdssunq.txt
Click file save and close the window.
Your files are now returned to their correct location.
Type Q
Press Enter
Remove the USB flash drive.
Reboot the bad laptop.

Let me know what issues remain with the bad laptop.

  • 0

#34
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Compcav, when I ran the txt file in tdssqlook, I received a warning message after I saved the txt file and closed the window. The warning message said input.txt is too small, hit any key to continue. I hit any key, got to the prompt to enter a,b,q, etc. Hit Q and am posting now to you. The bad laptop is still bad. Google opens but I cant do anything on it and have to ctrl alt del. to close it.
  • 0

#35
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Step 1.

Download the tdssmanual.txt file to your good laptop and place it on the USB drive.Attached File  tdssmanual.txt   987bytes   27 downloads
Remove the drive from the good laptop.


Step 2.

Insert the USB drive in the bad laptop and copy the file tdssmanual.txt to the desktop.

Run an elevated command prompt
Go to Start, All programs, Accessories
Right click command prompt and select run as administrator
Posted Image

The black box will open

Open tdssmanual.txt with notepad.


Copy and paste each line in tdssmanual.txt one at a time into the black box and press enter.

If it says the file already exists then do not copy it just type N for no and go on to the next line.


Step 3.

On the good laptop download Farbar Services scanner from here.
Copy it to the USB drive.
Remove the drive and inserted it in the bad laptop.
Copy FSS.exe to the desktop and run it.

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) on the desktop.
Copy it to the USB drive
Remove the drive from the bad laptop

Step 4.

Insert the USB drive in the good laptop and open the file FSS.txt with notepad.
Please copy and paste the log to your reply
  • 0

#36
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
IN Step 2, im copying the 2nd line into the administrator command prompt. When I hit enter, I get a filename directory name or volume label syntax is incorrect, 0. Do you want me to continue with this step?
  • 0

#37
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
I meant to add after the 0, 0 files copied.
  • 0

#38
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Delete the old tdssmanual.txt off the good laptop, the bad laptop, and the USB drive.

Please download a corrected version of tdssmanual.txt to your good laptop.Attached File  tdssmanual.txt   988bytes   45 downloads
Copy it to the USB drive.
Remove the drive from the good laptop.


Insert the USB drive in the bad laptop and copy the corrected tdssmanual.txt to the desktop.

Start with line 2 of the corrected file and continue step 2.
  • 0

#39
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
ok, I copied line 2 onto the command prompt. The error message is different. It only states now that the syntax of the command is incorrect. It does not say anything about the filenam, directory or volume is incorrect, nor does it say anything about how many files were or were not copied. Do you want me to continue?
  • 0

#40
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Skip it for now and do step 3 and post the log please.
  • 0

Advertisements


#41
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
After doing step 3 please try step 2 with this file:
Attached File  tdssmanualrev1.txt   982bytes   36 downloads
  • 0

#42
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
There is no link to download farbar in step 3. Can you post it please?
  • 0

#43
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Download farbar service scanner to your desktop
  • 0

#44
helpme1962

helpme1962

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 154 posts
Here is the fss log. Please let me know, when I copy lines from the tss log into the administrator comand promt for step 2, which line do you want me to start with, 1st line or 2nd line?

Farbar Service Scanner Version: 24-04-2012
Ran by Chris' laptop (administrator) on 28-04-2012 at 13:56:43
Running from "C:\Users\Chris' laptop\Desktop"
Microsoft Windows 7 Professional (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 09:12] - [2011-09-29 11:43] - 1285488 ____A (Microsoft Corporation) 56C198AC82EFA622DD93E9E43575F79C

C:\Windows\system32\dnsrslvr.dll
[2011-04-15 08:23] - [2011-03-03 01:29] - 0132608 ____A (Microsoft Corporation) B15BE77A2BACF9C3177D27518AFE26A9

C:\Windows\system32\mpssvc.dll
[2009-07-13 19:53] - [2009-07-13 21:15] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-13 19:54] - [2009-07-13 21:14] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-13 19:23] - [2009-07-13 21:16] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-13 19:24] - [2009-07-13 21:14] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll
[2011-02-09 07:44] - [2010-12-21 01:38] - 0073728 ____A (Microsoft Corporation) A661A76333057B383A06E65F0073222F

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-13 20:15] - [2009-07-13 21:16] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-13 19:30] - [2009-07-13 21:16] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#45
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
If the first line was run successfully earlier start with the second.

If the first line had problems start with it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP