[Salagubang]

We need to temporarily remove your Anti-Virus, as it interferes with the fix I want to run. You can reinstall it again later. If you are not happy about doing this, please let me know before proceding

Download AppRemover and run it.

Click Next >>



Ensure "Remove Security Application" is collected and click Next >>



AppRemover will scan all the security applications on your PC


Select Any AVG entries from the applications offered and click Next >> twice.


Follow any further on-screen instructions. If asked to reboot,please do so.

Note: Please do not browse the internet or open any email attachments until your Anti-Virus is re-installed

Next

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
• Double click on Combofix.exe and follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[Advertisements]

ComboFix 11-05-29.04 - Katheen 05/30/2011 11:44:50.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2902 [GMT -5:00]
Running from: c:\users\Katheen\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-30 16:49 . 2011-05-30 16:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-05-30 16:49 . 2011-05-30 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 16:43 . 2011-05-30 16:43 -------- d-----w- C:\32788R22FWJFW
2011-05-30 13:01 . 2011-05-30 13:01 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-05-30 13:00 . 2011-05-30 13:00 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-05-28 14:59 . 2011-05-28 18:09 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-28 14:58 . 2009-10-22 18:54 40464 ----a-w- c:\windows\system32\drivers\70758062.sys
2011-05-28 14:58 . 2009-10-10 04:30 352784 ----a-w- c:\windows\system32\drivers\7075806.sys
2011-05-28 14:58 . 2009-09-25 22:59 157712 ----a-w- c:\windows\system32\drivers\70758061.sys
2011-05-15 22:14 . 2011-05-15 22:14 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-05-15 05:25 . 2011-05-15 05:26 -------- d-----w- c:\program files (x86)\SpeedBit Video Accelerator
2011-05-15 05:25 . 2011-05-15 05:25 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2011-05-15 01:25 . 2011-05-15 22:12 -------- d-----w- c:\users\Katheen\AppData\Roaming\Sammsoft
2011-05-15 00:52 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-05-15 00:52 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-05-15 00:52 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-15 00:52 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-05-15 00:52 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-05-15 00:52 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-05-15 00:52 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-15 00:52 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-05-15 00:52 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-15 00:52 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-05-15 00:43 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-05-15 00:41 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2011-05-15 00:41 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2011-05-15 00:40 . 2010-06-14 06:37 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-05-15 00:39 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll
2011-05-15 00:39 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2011-05-15 00:39 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\SysWow64\msxml3.dll
2011-05-15 00:39 . 2010-06-08 05:36 1877504 ----a-w- c:\windows\system32\msxml3.dll
2011-05-15 00:39 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2011-05-15 00:39 . 2010-08-21 05:36 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll
2011-05-15 00:38 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2011-05-15 00:38 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-05-15 00:38 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2011-05-15 00:38 . 2009-08-29 07:50 46592 ----a-w- c:\windows\system32\msasn1.dll
2011-05-15 00:38 . 2009-08-29 06:57 34816 ----a-w- c:\windows\SysWow64\msasn1.dll
2011-05-14 22:05 . 2011-05-14 22:05 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2011-05-14 21:16 . 2011-05-14 21:16 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-30 13:01 . 2011-04-02 02:50 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-30 13:00 . 2011-04-02 02:49 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-20 02:54 . 2011-04-20 02:54 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-20 02:53 . 2011-04-20 02:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-02 02:50 . 2011-04-02 02:50 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-02 02:49 . 2011-04-02 02:49 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedBitVideoAccelerator"="c:\program files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" [2011-05-15 2098376]
.
c:\users\Katheen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_28.05.2011_16-31(1).lnk - c:\users\Katheen\Desktop\Virus Removal Tool\setup_9.0.0.722_28.05.2011_16-31(1)\startup.exe [2011-5-28 72208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2011-05-15 265928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 70758062;70758062 Boot Guard Driver;c:\windows\system32\DRIVERS\70758062.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 70758061;70758061;c:\windows\system32\DRIVERS\70758061.sys [x]
S1 setup_9.0.0.722_28.05.2011_16-31(1)drv;setup_9.0.0.722_28.05.2011_16-31(1)drv;c:\windows\system32\DRIVERS\7075806.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Katheen\AppData\Roaming\Mozilla\Firefox\Profiles\ad0yk6td.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d4b1d07&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-30 11:51:25
ComboFix-quarantined-files.txt 2011-05-30 16:51
.
Pre-Run: 202,131,873,792 bytes free
Post-Run: 201,768,976,384 bytes free
.
- - End Of File - - FEB423A8977C601F2C0EF70004BE5A7C
THANKS!

[tikker]

ComboFix 11-05-29.04 - Katheen 05/30/2011 11:44:50.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2902 [GMT -5:00]
Running from: c:\users\Katheen\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2011-04-28 to 2011-05-30 )))))))))))))))))))))))))))))))
.
.
2011-05-30 16:49 . 2011-05-30 16:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2011-05-30 16:49 . 2011-05-30 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-30 16:43 . 2011-05-30 16:43 -------- d-----w- C:\32788R22FWJFW
2011-05-30 13:01 . 2011-05-30 13:01 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-05-30 13:00 . 2011-05-30 13:00 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-05-28 14:59 . 2011-05-28 18:09 -------- d-----w- c:\programdata\Kaspersky Lab
2011-05-28 14:58 . 2009-10-22 18:54 40464 ----a-w- c:\windows\system32\drivers\70758062.sys
2011-05-28 14:58 . 2009-10-10 04:30 352784 ----a-w- c:\windows\system32\drivers\7075806.sys
2011-05-28 14:58 . 2009-09-25 22:59 157712 ----a-w- c:\windows\system32\drivers\70758061.sys
2011-05-15 22:14 . 2011-05-15 22:14 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-05-15 05:25 . 2011-05-15 05:26 -------- d-----w- c:\program files (x86)\SpeedBit Video Accelerator
2011-05-15 05:25 . 2011-05-15 05:25 172032 ----a-w- c:\windows\SysWow64\AniGIF.ocx
2011-05-15 01:25 . 2011-05-15 22:12 -------- d-----w- c:\users\Katheen\AppData\Roaming\Sammsoft
2011-05-15 00:52 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2011-05-15 00:52 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2011-05-15 00:52 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2011-05-15 00:52 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2011-05-15 00:52 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2011-05-15 00:52 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-05-15 00:52 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-05-15 00:52 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2011-05-15 00:52 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2011-05-15 00:52 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-05-15 00:43 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-05-15 00:41 . 2010-08-31 04:32 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
2011-05-15 00:41 . 2010-08-31 04:32 954288 ----a-w- c:\windows\SysWow64\mfc40u.dll
2011-05-15 00:40 . 2010-06-14 06:37 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-05-15 00:39 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll
2011-05-15 00:39 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2011-05-15 00:39 . 2010-06-08 06:02 1233920 ----a-w- c:\windows\SysWow64\msxml3.dll
2011-05-15 00:39 . 2010-06-08 05:36 1877504 ----a-w- c:\windows\system32\msxml3.dll
2011-05-15 00:39 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2011-05-15 00:39 . 2010-08-21 05:36 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll
2011-05-15 00:38 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2011-05-15 00:38 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-05-15 00:38 . 2010-05-05 06:46 363520 ----a-w- c:\windows\SysWow64\StructuredQuery.dll
2011-05-15 00:38 . 2009-08-29 07:50 46592 ----a-w- c:\windows\system32\msasn1.dll
2011-05-15 00:38 . 2009-08-29 06:57 34816 ----a-w- c:\windows\SysWow64\msasn1.dll
2011-05-14 22:05 . 2011-05-14 22:05 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2011-05-14 21:16 . 2011-05-14 21:16 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-30 13:01 . 2011-04-02 02:50 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-30 13:00 . 2011-04-02 02:49 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-04-20 02:54 . 2011-04-20 02:54 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-04-20 02:53 . 2011-04-20 02:53 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-04-02 02:50 . 2011-04-02 02:50 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-04-02 02:49 . 2011-04-02 02:49 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedBitVideoAccelerator"="c:\program files (x86)\SpeedBit Video Accelerator\VideoAccelerator.exe" [2011-05-15 2098376]
.
c:\users\Katheen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
setup_9.0.0.722_28.05.2011_16-31(1).lnk - c:\users\Katheen\Desktop\Virus Removal Tool\setup_9.0.0.722_28.05.2011_16-31(1)\startup.exe [2011-5-28 72208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [2011-05-15 265928]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S0 70758062;70758062 Boot Guard Driver;c:\windows\system32\DRIVERS\70758062.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 70758061;70758061;c:\windows\system32\DRIVERS\70758061.sys [x]
S1 setup_9.0.0.722_28.05.2011_16-31(1)drv;setup_9.0.0.722_28.05.2011_16-31(1)drv;c:\windows\system32\DRIVERS\7075806.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-12 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Katheen\AppData\Roaming\Mozilla\Firefox\Profiles\ad0yk6td.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d4b1d07&v=6.103.018.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-30 11:51:25
ComboFix-quarantined-files.txt 2011-05-30 16:51
.
Pre-Run: 202,131,873,792 bytes free
Post-Run: 201,768,976,384 bytes free
.
- - End Of File - - FEB423A8977C601F2C0EF70004BE5A7C
THANKS!

[Salagubang]

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click on Standard Output at the top
• Under the Extra Registry section ensure that Safelist is selected
• Select All Users
• Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
• Double click inside the Custom Scan box at the bottom
• A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
• Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
• Select scan.txt and click Open. Writing will now appear under the Custom Scan box
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

[tikker]

Hi, O.K. You lost me. I did great up till select all users. Was I suppose to scan something at this point & then download it?

[Salagubang]

OK

After selecting all users, you may click on the run scan the post the logs that pop out named OTL.txt and Extras.txt for review.

[tikker]

Here is the first scan
OTL Extras logfile created on: 5/30/2011 7:34:45 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Guest\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.86 Gb Available Physical Memory | 73.80% Memory free
7.74 Gb Paging File | 6.65 Gb Available in Paging File | 85.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.35 Gb Total Space | 187.75 Gb Free Space | 84.44% Space Free | Partition Type: NTFS

Computer Name: KATHEEN-PC | User Name: Katheen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2731422010-3250883408-696411113-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2731422010-3250883408-696411113-501\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DC7333D1-596A-404D-876D-446E6D27BA20}" = AVG 2011
"{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FF74BAA3-4185-437E-92CC-A442BAF0FE83}" = AVG 2011
"AVG" = AVG 2011
"HDMI" = Intel® Graphics Media Accelerator Driver
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
"{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}" = TOSHIBA Supervisor Password
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{D0387727-C89D-4774-B643-B9333EAA09DE}" = TOSHIBA Hardware Setup
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"TOSHIBA Game Console" = WildTangent ORB Game Console
"VLC media player" = VLC media player 1.1.5
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WT078087" = Blackhawk Striker 2
"WT078109" = FATE Undiscovered Realms
"WT078123" = Monopoly
"WT078129" = Polar Bowler
"WT078130" = Virtual Families
"WT078308" = Bejeweled 2 Deluxe
"WT078349" = Mystery P.I. - The Vegas Heist
"WT078385" = Virtual Villagers - The Secret City
"WT078475" = Scrabble Plus
"WT078491" = Faerie Solitaire

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/3/2011 3:35:44 AM | Computer Name = WIN-92VQDC25H28 | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/8/2011 4:04:55 PM | Computer Name = Katheen-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/8/2011 4:05:05 PM | Computer Name = Katheen-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 2/14/2011 2:47:07 PM | Computer Name = Katheen-PC | Source = Application Error | ID = 1000
Description = Faulting application name: TeaTimer.exe, version: 1.6.4.26, time stamp:
0x2a425e19 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x14cc Faulting application
start time: 0x01cbcc754c6d01bc Faulting application path: C:\Program Files (x86)\Spybot
- Search & Destroy\TeaTimer.exe Faulting module path: unknown Report Id: d210d778-386a-11e0-815a-00266c4e9401

Error - 2/22/2011 2:22:11 PM | Computer Name = Katheen-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 2/22/2011 2:22:20 PM | Computer Name = Katheen-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/7/2011 3:32:52 PM | Computer Name = Katheen-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/7/2011 3:33:01 PM | Computer Name = Katheen-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 4/19/2011 10:29:16 PM | Computer Name = Katheen-PC | Source = Application Hang | ID = 1002
Description = The program wmplayer.exe version 12.0.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d08 Start
Time: 01cbfefea09fc333 Termination Time: 17181 Application Path: C:\Program Files
(x86)\Windows Media Player\wmplayer.exe Report Id: dc6a330f-6af5-11e0-b378-00266c4e9401


Error - 4/19/2011 10:30:24 PM | Computer Name = Katheen-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7600.16385 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 910 Start
Time: 01cbfefd79baead8 Termination Time: 35724 Application Path: C:\windows\Explorer.EXE

Report
Id: 0bd1024c-6af6-11e0-b378-00266c4e9401

[ Media Center Events ]
Error - 5/29/2011 4:35:37 PM | Computer Name = Katheen-PC | Source = MCUpdate | ID = 0
Description = 3:35:36 PM - Error connecting to the internet. 3:35:37 PM - Unable
to contact server..

Error - 5/29/2011 4:36:33 PM | Computer Name = Katheen-PC | Source = MCUpdate | ID = 0
Description = 3:36:21 PM - Error connecting to the internet. 3:36:21 PM - Unable
to contact server..

Error - 5/29/2011 5:38:37 PM | Computer Name = Katheen-PC | Source = MCUpdate | ID = 0
Description = 4:38:37 PM - Error connecting to the internet. 4:38:37 PM - Unable
to contact server..

Error - 5/29/2011 5:39:23 PM | Computer Name = Katheen-PC | Source = MCUpdate | ID = 0
Description = 4:39:22 PM - Error connecting to the internet. 4:39:22 PM - Unable
to contact server..

Error - 5/29/2011 6:40:21 PM | Computer Name = Katheen-PC | Source = MCUpdate | ID = 0
Description = 5:40:21 PM - Error connecting to the internet. 5:40:21 PM - Unable
to contact server..

Error - 5/29/2011 6:41:07 PM | Computer Name = Katheen-PC | Source = MCUpdate | ID = 0
Description = 5:41:06 PM - Error connecting to the internet. 5:41:06 PM - Unable
to contact server..

Error - 5/29/2011 10:15:49 PM | Computer Name = Katheen-PC | Source = MCUpdate | ID = 0
Description = 9:15:49 PM - Error connecting to the internet. 9:15:49 PM - Unable
to contact server..

Error - 5/29/2011 10:16:41 PM | Computer Name = Katheen-PC | Source = MCUpdate | ID = 0
Description = 9:16:34 PM - Error connecting to the internet. 9:16:34 PM - Unable
to contact server..

[ System Events ]
Error - 4/19/2011 10:42:58 PM | Computer Name = Katheen-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume E:.

Error - 4/19/2011 10:42:59 PM | Computer Name = Katheen-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume E:.

Error - 4/19/2011 10:43:07 PM | Computer Name = Katheen-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume E:.

Error - 4/19/2011 10:43:08 PM | Computer Name = Katheen-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume E:.

Error - 4/19/2011 10:43:17 PM | Computer Name = Katheen-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume E:.

Error - 4/19/2011 10:43:20 PM | Computer Name = Katheen-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume E:.

Error - 5/6/2011 2:25:05 PM | Computer Name = Katheen-PC | Source = DCOM | ID = 10016
Description =

Error - 5/6/2011 2:25:44 PM | Computer Name = Katheen-PC | Source = DCOM | ID = 10016
Description =

Error - 5/14/2011 4:26:11 PM | Computer Name = Katheen-PC | Source = DCOM | ID = 10016
Description =

Error - 5/15/2011 1:26:10 AM | Computer Name = Katheen-PC | Source = Service Control Manager | ID = 7030
Description = The VideoAcceleratorService service is marked as an interactive service.
However, the system is configured to not allow interactive services. This service
may not function properly.


< End of report >

[tikker]

O.K. I have tried both ways to download this file & when I tried to save it , I was only saving the link. This is what I got.
Geeks to Go Forums > Downloads

• Terms of Use
• View New Content

An Error Occurred
Sorry, an error occurred. If you are unsure on how to use a feature, or don't know why you got this error message, try looking through the help files for more information.


[#10845] We could not find the file specified

Useful Links

• Forgotten Password Recovery
• Register a new account
• Our help documentation
• Contact the forums administrator

[Salagubang]

Did you install the SpeedBit Video Accelerator program or it came with the laptop when you bought it?

[tikker]

I installed it.

[Salagubang]

Lets try doing a clean boot and see if it improves boot performance.

Step 1: Start the System Configuration Utility
1. Click Start, on the search box, type msconfig, and then click OK.
2. The System Configuration Utility dialog box is displayed.

Step 2: Configure selective startup options
1. In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
2. Click to clear the Process SYSTEM.INI File check box.
3. Click to clear the Process WIN.INI File check box.
4. Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.
5. Click the Services tab.
6. Click to select the Hide All Microsoft Services check box.
7. Click Disable All, and then click OK.
When you are prompted, click Restart to restart the computer.

Step 3: Log on to Windows
If you are prompted, log on to Windows.
When you receive the following message, click to select the Don't show this message or launch the System Configuration Utility when Windows start check box, and then click OK.

You have used the System Configuration Utility to make changes to the way Windows starts.
The System Configuration Utility is currently in Diagnostic or Selective Startup mode, causing this message to be displayed and the utility to run every time Windows starts.

STEP 4: Troubleshoot

• Now restart and test the issue at hand. Without the extra load, the machine should perform speedy.
• If no problems, run msconfig and recheck half the disabled items on the Services tab. Reboot to test again. If the problem recurs, Uncheck half the items you just checked to narrow down the culprit.
• If the problem does not re-occur, check the other half, so all the Services are enabled. Reboot to test again. If the problem recurs, Uncheck half the items you just checked to narrow down the culprit.

Tell me how it goes.

[tikker]

Salagubang, Under the general tab, under selective startup there are only 3 things to click on
, load system services,
load start up items & use original boot.

I never saw,
2. Click to clear the Process SYSTEM.INI File check box.
3. Click to clear the Process WIN.INI File check box.

Are we on the same page? Are you looking at the same System Configuration Utility dialog box that I am?

There are 5 tabs at the top of my dialog box, they are General, Boot, Services, Startup, & Tools

Under the Services tab, there were many things running. I just want to make sure we are on the same page with all of this before going on to step 3.

Thanks Tikker

[Salagubang]

You may skip steps two and three (they're only visible on XP).

• Click to clear the Load Startup Items check box.
  Note The Use Original Boot.ini check box is unavailable.
• Click the Services tab.
• Click to select the Hide All Microsoft Services check box.
• Click Disable All, and then click OK.
• When you are prompted, click Restart.

[Salagubang]

You may skip steps two and three (they're only visible on XP).

• Click to clear the Load Startup Items check box.
  Note The Use Original Boot.ini check box is unavailable.
• Click the Services tab.
• Click to select the Hide All Microsoft Services check box.
• Click Disable All, and then click OK.
• When you are prompted, click Restart.

[tikker]

Hi, I am now back in the swing of things. This part is over my head. You had me turn off all firewalls right before combofix. Do I turn them back on now, or wait until we do all this other stuff? The reason I ask is because this computer says windows firewall is turned on in the main domain but turned off in networking. I apologize for being so anal about all this but it is real confusing.

[Salagubang]

Yes you may turn on your Antivirus and Firewall.

Does performing a clean boot improved system performance?