[Closed] Toshiba laptop running slowly - Combo Fix log

By a4007035
Jul 28, 2010
Topic Status:
Not open for further replies.
  1. Hi,

    I have followed the necessary steps and was asked to produce a log of the combo fix http://www.techspot.com/vb/topic150338.html

    ComboFix 10-07-27.05 - Alethea Leung 29/07/2010 0:11.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.103 [GMT 1:00]
    Running from: c:\documents and settings\Alethea Leung\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Alethea Leung\c5ovi.exe
    c:\windows\hosts
    c:\windows\system32\browseit.log
    c:\windows\system32\hosts

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
    .

    2010-07-20 22:37 . 2010-07-20 22:37 -------- d-----w- c:\documents and settings\Alethea Leung\Application Data\Malwarebytes
    2010-07-20 22:35 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-20 22:34 . 2010-07-20 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-07-20 22:34 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-20 22:34 . 2010-07-20 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-20 17:23 . 2010-07-20 17:23 -------- d-----w- c:\documents and settings\Alethea Leung\Application Data\Avira
    2010-07-20 17:20 . 2010-03-01 09:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-07-20 17:20 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-07-20 17:20 . 2009-05-11 11:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-07-20 17:20 . 2009-05-11 11:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-07-20 17:20 . 2010-07-20 17:20 -------- d-----w- c:\program files\Avira
    2010-07-20 17:20 . 2010-07-20 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-28 23:25 . 2010-05-26 20:43 57682 ----a-w- c:\windows\system32\drivers\hosts
    2010-07-22 20:45 . 2005-01-01 16:25 -------- d-----w- c:\program files\epson
    2010-07-22 04:14 . 2004-05-18 10:20 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-22 04:07 . 2004-05-18 10:59 -------- d-----w- c:\program files\TOSHIBA
    2010-07-22 04:05 . 2004-12-22 16:58 -------- d-----w- c:\program files\BT Broadband
    2010-07-22 04:05 . 2004-12-22 16:58 -------- d-----w- c:\program files\Motive
    2010-07-22 04:05 . 2004-12-22 16:59 -------- d-----w- c:\program files\Common Files\Motive
    2010-06-28 21:20 . 2005-11-27 23:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-06-28 20:52 . 2008-04-10 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-05-26 20:43 . 2010-05-26 20:43 159744 ----a-w- c:\windows\system32\scvdll.exe
    2010-05-26 16:43 . 2010-05-26 16:43 50354 ----a-w- c:\documents and settings\Alethea Leung\Application Data\Facebook\uninstall.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 335872]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 98304]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 495616]
    "TPSMain"="TPSMain.exe" [2004-04-29 266240]
    "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-04-30 430080]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-04-27 118784]
    "PadTouch"="c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
    "TFncKy"="TFncKy.exe" [BU]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2004-11-02 1063424]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "c5ovi"="c:\windows\system32\scvdll.exe" [2010-05-26 159744]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2005-12-1 262144]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R3 iadusb;BT Voyager 205 ADSL Router;c:\windows\system32\DRIVERS\glauiad.sys [2004-12-22 30371]
    S0 atiide;atiide;c:\windows\System32\DRIVERS\atiide.sys [2004-04-14 5632]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

    2004-09-24 c:\windows\Tasks\Registration reminder 1.job
    - c:\windows\System32\OOBE\oobebaln.exe [2004-05-18 00:12]

    2004-09-24 c:\windows\Tasks\Registration reminder 2.job
    - c:\windows\System32\OOBE\oobebaln.exe [2004-05-18 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.tiscali.co.uk/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 127.0.0.1
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Alethea Leung\Application Data\Mozilla\Firefox\Profiles\oyx9jv6v.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.co.uk/
    FF - plugin: c:\documents and settings\Alethea Leung\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJPI142_04.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPOJI610.dll
    .
    .
    ------- File Associations -------
    .
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    HKLM-Run-MPFTray - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
    HKLM-Run-DSLAGENTEXE - c:\program files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe
    HKLM-Run-EPSON Stylus Photo RX420 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    HKLM-Run-MISAggregator - (no file)
    AddRemove-AutoNom 2000 - c:\program files\MDL Information Systems
    AddRemove-ScreensaversInstaller - c:\program files\Screensavers.com\Installer\bin\siuninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-29 00:20
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\system32\hosts 60429 bytes

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\}ݛwӦ*]
    "DisplayName"="?\11\09"
    "DeviceDesc"="?\11\09"
    "ProviderName"="?\15?\11?#8\11??"
    "MFG"="???"
    "ReinstallString"=".10.1000.3"
    "DeviceInstanceIds"=multi:"c:\\pmr400174eu0 en,fr,gr,it osaka20 ssa60 xph cd1\\display driver\\sbdrv\\smbus\\smbusati.inf\00"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(644)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(1468)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\TPwrCfg.DLL
    c:\windows\system32\TPwrReg.dll
    c:\windows\system32\TPSTrace.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    c:\windows\AGRSMMSG.exe
    c:\windows\system32\TPSBattM.exe
    .
    **************************************************************************
    .
    Completion time: 2010-07-29 00:32:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-28 23:32

    Pre-Run: 41,107,734,528 bytes free
    Post-Run: 41,098,518,528 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    - - End Of File - - DFF3A0E79A4B4A830F3A2ECB69EC8B7F
  2. Broni

    Broni Malware Annihilator Posts: 46,132   +251

Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.