BleepingComputer.com: Noauto.reg

Hey Bill,

Apologies again for the delay--I have been trying to answer another poster for about a week now and it's turned into a small book--still unfinished.

Well, I am glad you got your sound back now and working properly. All I can say is something isn't right at the low levels of your system. You didn't tell me whether your fresh install included a reformat or not. I understand you used your Toshiba Recovery disks, so it reasonable to assume you reformatted, as most of the time that is what recovery disks do, but I need you to confirm to me that it is in fact what happened. It might be helpful if you gave me the model number of the Toshiba.

Also do you have a separate disk for the drivers for the Toshiba? Cause it sounds like you don't have the right drivers. Or maybe the motherboard is going bad.

As soon as I finish my little book I will look over the logs you posted in malware removal--that may shed some light--or not.

We got about eight inches of snow--since I am originally from southeast Arkansas, I really enjoy it. We may have more coming in the next few days.

Here is what Belarc says:

System Security Status
CIS Benchmark Score
Score
1.88 of 10 (details...)


Virus Protection
OK
Up-to-date


Microsoft Security Updates
Alert!
5 missing



Computer Profile Summary
Computer Name: Bill-abaf65ee51 (in WORKGROUP)
Profile Date: Thursday, February 11, 2010 7:47:21 PM
Advisor Version: 8.1e
Windows Logon: Bill Scott

Plan for your next computer refresh...
click for Belarc's System Management products

Operating System System Model
Windows XP Professional Service Pack 3 (build 2600)
Install Language: English (United States)
System Locale: English (United States) TOSHIBA Satellite M35 PSM30U-7100QV
System Serial Number: 54130919P
Enclosure Type: Notebook
Processor a Main Circuit Board b
1.50 gigahertz Intel Pentium M
64 kilobyte primary memory cache
1024 kilobyte secondary memory cache
Not hyper-threaded Board: TOSHIBA Portable PC Version A0
Serial Number: $$T045S057
Bus Clock: 100 megahertz
BIOS: TOSHIBA Version 1.50 05/19/2004
Drives Memory Modules c,d
160.04 Gigabytes Usable Hard Drive Capacity
92.63 Gigabytes Hard Drive Free Space

MATbleepA UJDA750 DVD/CDRW [CD-ROM drive]

Hitachi HTS541616J9AT00 [Hard drive] (160.04 GB) -- drive 0, s/n SB0441SJGV8PKB, rev SB4OA70H, SMART Status: Healthy 2048 Megabytes Usable Installed Memory

Slot 'DIMM 0' has 1024 MB
Slot 'DIMM 1' has 1024 MB
Local Drive Volumes


c: (NTFS on drive 0) 160.04 GB 92.63 GB free
Network Drives
None detected
Users (mouse over user name for details) Printers
local user accounts last logon
Bill Scott 2/11/2010 6:47:59 PM (admin)
local system accounts
Administrator never (admin)
Guest never
HelpAssistant never
SUPPORT_388945a0 never

DISABLED Marks a disabled account; LOCKED OUT Marks a locked account

AdobePS Acrobat Distiller on C:\Documents and Settings\All Users\Desktop\*.pdf
Controllers Display
Intel® 82801DBM Ultra ATA Storage Controller - 24CA
Primary IDE Channel [Controller]
Secondary IDE Channel [Controller] NVIDIA GeForce FX Go5200 [Display adapter]
Default Monitor
Toshiba rnal Panel [Monitor] (15.2"vis)
Bus Adapters Multimedia
Toshiba ToPIC100 CardBus Controller
Intel® 82801DB/DBM USB 2.0 Enhanced Host Controller - 24CD
Intel® 82801DB/DBM USB Universal Host Controller - 24C2
Intel® 82801DB/DBM USB Universal Host Controller - 24C4 SigmaTel C-Major Audio
Virus Protection [Back to Top] new Group Policies
AVG Anti-Virus Free Version 8.5
Virus Definitions Version Up To Date
Realtime File Scanning On
None discovered
Communications Other Devices

1394 Net Adapter
Intel® PRO/100 VE Network Connection
Dhcp Server:
Physical Address:
Intel® PRO/Wireless 2200BG Network Connection
primary Auto IP Address:
Gateway:
Dhcp Server:
Physical Address:

Networking Dns Servers:

Texas Instruments OHCI Compliant IEEE 1394 Host Controller
Microsoft AC Adapter
Microsoft ACPI-Compliant Control Method Battery
Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PS/2 Compatible Mouse
TOSHIBA SD Card Controller Type-A
TOSHIBA ACPI-Compliant Value Added Logical and General Purpose Device
USB Root Hub (3x)

See your entire network map...
click for Belarc's System Management products

new Network Map (mouse over IP address for physical address) [Back to Top]
IP Device Type Device Details Device Roles
Router Cisco Linksys DHCP Server, Gateway, Web Server
Windows XP Workstation (in WORKGROUP),

Find your security vulnerabilities...
click for Belarc's System Management products

This post has been edited by bsgranpa: 12 February 2010 - 09:30 AM

Also,



Autorun Eater finally triggered my AntiVirus after a week. I just clicked on "Ignore". OK?

Then, I noticed that Belarc showed five missing critical downloads. However, when I try the Microsoft site.....

Papakid, the AutoRun Eater continues to trigger my AVG Free antivirus. This last time, I clicked on "Move to Vault". OK?

If you move it to the Vault then you effectively disable AE so that it won't work. You need to report this to AVG as a false positive as soon as possible. You may be able to send a sample of the file from the Vault to AVG so they can test it and give it the correct identification. I don't use AVG so I can't tell you how--Antivir makes it easy--so check any help buttons. If you have to, go to the AVG forums to report it.

I saw somewhere that AVG will now let you exclude certain files from detection, which would be a workaround that would allow you to re-enable AE and use it till the false positive is corrected. It didn't used to let you do that, so again I can't give instructions on how to configure it yet. You would have to restore it back from the Vault and then configure it to exclude, ignore, make an exception or whatever term they use. Til you hear back from AVG it would probably be better to just leave it in the vault and not plug in any USB drives for the nonce. There is a slight possibility that the AE file has been overwritten by malware, in which case you would need to attempt to repair it--or simply re-install. But it is most likely a FP.

I would also strongly suggest you edit your post with the Belarc log and delete any IP addresses listed--it is better those aren't made public.

The Belarc log doesn't tell me if you reformatted or not. Or if you have a disk of just drivers. Do you have any kind of owner's manual? The information should be there if you aren't sure. Meanwhile I'll see if I can find a manual on the web.

Papakid, last fall when my sound stopped working, I sent the laptop in for service to see if it needed a new sound card. The sound card tested as good, so the service place suggested that a fresh install would perhaps reset the system and solve the sound problem. Since all my data was backed up, I gave the go ahead. A few weeks after the laptop came back, it started having sound problems again. The service tech had placed a folder on my desktop with all of the Toshiba drivers. At that point, I became resigned to having to reinstall the driver from time to time and figured it was just part and parcel of having a five plus year old computer.

You mentioned Malware. Is there anything in the issues I am reporting that would indicate that I have become infected? If so, suggestions?

Bill, thanks for the info but it still doesn't tell me if the notebook was reformatted or not as I don't know exactly what the tech did. He could have installed Windows "over the top" without reformatting the hard drive first to erase all that was on it.

I couldn't find anything on your specific model but did find a manual for M30/M35. However, it wasn't much help. I got more info on your recovery options here:
Toshiba Laptop Forums
System Recovery and Recovery Media
Recovery media

That refreshed my memory that you have to use the Toshiba recovery partition on the hard drive or if you want disks you can make them from that partition. Otherwise you have to pay shipping for Toshiba to send you recovery disks. There is still no mention of a separate driver disk.

I am not much of a hardware guy. I just wonder about this because your registry would have been totally replaced with a reformat, so any reg file should have nothing to do with solving a hardware issue like your sound card drivers. On the other hand, I thought the "fresh install" was more recent than last fall. Also looking around last night it appears there are quite a few people having issues with the sound card on Toshiba Satellites.

Do you remember updating your sound drivers before the fresh install? Have you updated any drivers at all since you've had the laptop? The display issue you mentioned is something that I am experiencing on my old desktop as well and appears to be because of outdated video drivers--I'm hoping it's not the monitor. So it's possible the tech pulled the original, outdated drivers from the recovery partition and put them in that folder on the desktop instead of the up to date ones you may have installed. Let me know about this as upgrading your drivers could solve some of this and you would probably get better help from someone else in the hardware forum; we are kind of straying from the topic subject tho it is still somewhat related.

No I don't see any indication of malware, but I can't rule it out 100% at this point either. I only mention it last post because there is a slight possibility that AVG's detection of AE is not a false positive. I am 99.5% sure that it is an FP. I you don't want to wait on AVG, I can give you a better idea. Does the file in the Vault list the file size and other properties? If not you can restore it to its original location from the vault then look at it's properties. You may have to disable AVG temporarily--it is safe to do so long enough to get the properties information and as long as you don't use your computer to do anything else, especially surf the web.

Also, the cutting edge malware out there now is affecting hardware controllers so that symptoms appear to be a hardware problem instead of a software one. That is why I want to look at your logs in the malware removal forum altho I am pretty sure your helper there covered all bases. I just haven't had time to get to it yet but will try to today.

Papakid, I have not submitted any logs in any other forum related to infestation. Are you suggesting that I should? I do not have any slow-down or redirects or other typical symptoms.

Well, I was just looking at topic titles you had posted and in which forum and saw this one from November, but I see now by reading some posts it is for an IBM Thinkpad and I guess is the computer your daughter gave your wife:
http://www.bleepingcomputer.com/forums/ind...=265331&hl=

You posted logs for your computer back in March but weren't infected and before that way back in 2007, but those logs are too old to do us much good as I can tell a lot has changed; still some interesting nuggets of information--so you aren't Ghosting anymore?
http://www.bleepingcomputer.com/forums/ind...=203720&hl=
http://www.bleepingcomputer.com/forums/ind...=113131&hl=

The '07 log you had a LOP infection which is high level adware but overall nothing very serious in any of them.

So relax, it's very unlikely you have any infections, especially of you have no symptoms. If I have a good idea that there is something there I'll ask you to post some diagnostic logs--I may do that anyway as there is usually some info that I can use to diagnose issues other than malware infestations.

So at this point, just tell me what the file size is for C:\Program Files\Autorun Eater\oldmcdonald.exe? Mine is 536 KB. What is the modification date? Is it different from the creation date? To get this information, right click oldmcdonald.exe/properties/General tab after you have restored it from the AVG Vault.

Also let me know if you had upgraded your drivers for video and sound before you had the laptop sent to the tech. I'm in the process of reading your IRQL_NOT_LESS_OR_EQUAL thread which may also shed some more light--that is for the Toshiba, correct?

[quote name='Also let me know if you had upgraded your drivers for video and sound before you had the laptop sent to the tech. I'm in the process of reading your IRQL_NOT_LESS_OR_EQUAL thread which may also shed some more light--that is for the Toshiba, correct?
[/quote]

Papakid, the above was for the IBM and is still a project I'm working on per this topic:

http://www.bleepingcomputer.com/forums/topic285555.html

As far as OldMcdonald...



As far as the sound last fall, I went through several different installs and driver updates trying to solve the problem. I didn't have the drivers on any disk. I was looking both on the SigMatel and Toshiba websites for help and for current drivers. I first thought that Service Pack 3 and my old sound card driver had a conflict. That turned out to still be the most likely prospect. So my choice (until now) has been to stay current with all updates and service packs and reinstall the sound card driver anytime I knew I would want to have sound. In any case, something we have done has steadied the situation and I am currently five days plus and counting without losing my sound. I find that I like it.

Papakid, I am feeling a little selfish diverting your time and expertise away from someone who's problems might be much worse than mine. Please understand that I am perfectly comfortable with a very leisurely approach and at a pace which satisfies your curiosity and expands your understanding. I enjoy the interplay and the opportunity to learn a little as we go. I am very appreciative of you willingness to help and patience with someone who is clearly over his head with all this tech stuff.

Oops and darn. Just after I wrote the last post, I was on Yahoo and wanted to listen to the new "We are the World". Guess what, I just had to reinstall my driver. Oh well, just one of life's little annoyances.