TechSpot

[Closed] Toshiba laptop running slowly - Combo Fix log

By a4007035
Jul 28, 2010
  1. Hi,

    I have followed the necessary steps and was asked to produce a log of the combo fix http://www.techspot.com/vb/topic150338.html

    ComboFix 10-07-27.05 - Alethea Leung 29/07/2010 0:11.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.103 [GMT 1:00]
    Running from: c:\documents and settings\Alethea Leung\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Alethea Leung\c5ovi.exe
    c:\windows\hosts
    c:\windows\system32\browseit.log
    c:\windows\system32\hosts

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
    .

    2010-07-20 22:37 . 2010-07-20 22:37 -------- d-----w- c:\documents and settings\Alethea Leung\Application Data\Malwarebytes
    2010-07-20 22:35 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-20 22:34 . 2010-07-20 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-07-20 22:34 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-20 22:34 . 2010-07-20 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-20 17:23 . 2010-07-20 17:23 -------- d-----w- c:\documents and settings\Alethea Leung\Application Data\Avira
    2010-07-20 17:20 . 2010-03-01 09:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-07-20 17:20 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-07-20 17:20 . 2009-05-11 11:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-07-20 17:20 . 2009-05-11 11:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-07-20 17:20 . 2010-07-20 17:20 -------- d-----w- c:\program files\Avira
    2010-07-20 17:20 . 2010-07-20 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-28 23:25 . 2010-05-26 20:43 57682 ----a-w- c:\windows\system32\drivers\hosts
    2010-07-22 20:45 . 2005-01-01 16:25 -------- d-----w- c:\program files\epson
    2010-07-22 04:14 . 2004-05-18 10:20 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-22 04:07 . 2004-05-18 10:59 -------- d-----w- c:\program files\TOSHIBA
    2010-07-22 04:05 . 2004-12-22 16:58 -------- d-----w- c:\program files\BT Broadband
    2010-07-22 04:05 . 2004-12-22 16:58 -------- d-----w- c:\program files\Motive
    2010-07-22 04:05 . 2004-12-22 16:59 -------- d-----w- c:\program files\Common Files\Motive
    2010-06-28 21:20 . 2005-11-27 23:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-06-28 20:52 . 2008-04-10 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-05-26 20:43 . 2010-05-26 20:43 159744 ----a-w- c:\windows\system32\scvdll.exe
    2010-05-26 16:43 . 2010-05-26 16:43 50354 ----a-w- c:\documents and settings\Alethea Leung\Application Data\Facebook\uninstall.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 335872]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 98304]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 495616]
    "TPSMain"="TPSMain.exe" [2004-04-29 266240]
    "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-04-30 430080]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-04-27 118784]
    "PadTouch"="c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
    "TFncKy"="TFncKy.exe" [BU]
    "AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2004-11-02 1063424]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "c5ovi"="c:\windows\system32\scvdll.exe" [2010-05-26 159744]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2005-12-1 262144]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    R3 iadusb;BT Voyager 205 ADSL Router;c:\windows\system32\DRIVERS\glauiad.sys [2004-12-22 30371]
    S0 atiide;atiide;c:\windows\System32\DRIVERS\atiide.sys [2004-04-14 5632]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

    .
    Contents of the 'Scheduled Tasks' folder

    2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

    2004-09-24 c:\windows\Tasks\Registration reminder 1.job
    - c:\windows\System32\OOBE\oobebaln.exe [2004-05-18 00:12]

    2004-09-24 c:\windows\Tasks\Registration reminder 2.job
    - c:\windows\System32\OOBE\oobebaln.exe [2004-05-18 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.tiscali.co.uk/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = 127.0.0.1
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Alethea Leung\Application Data\Mozilla\Firefox\Profiles\oyx9jv6v.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.co.uk/
    FF - plugin: c:\documents and settings\Alethea Leung\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJPI142_04.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPOJI610.dll
    .
    .
    ------- File Associations -------
    .
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    HKLM-Run-MPFTray - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
    HKLM-Run-DSLAGENTEXE - c:\program files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe
    HKLM-Run-EPSON Stylus Photo RX420 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
    HKLM-Run-MISAggregator - (no file)
    AddRemove-AutoNom 2000 - c:\program files\MDL Information Systems
    AddRemove-ScreensaversInstaller - c:\program files\Screensavers.com\Installer\bin\siuninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-29 00:20
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\system32\hosts 60429 bytes

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\}ݛwӦ*]
    "DisplayName"="?\11\09"
    "DeviceDesc"="?\11\09"
    "ProviderName"="?\15?\11?#8\11??"
    "MFG"="???"
    "ReinstallString"=".10.1000.3"
    "DeviceInstanceIds"=multi:"c:\\pmr400174eu0 en,fr,gr,it osaka20 ssa60 xph cd1\\display driver\\sbdrv\\smbus\\smbusati.inf\00"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(644)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(1468)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\TPwrCfg.DLL
    c:\windows\system32\TPwrReg.dll
    c:\windows\system32\TPSTrace.DLL
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\System32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    c:\windows\AGRSMMSG.exe
    c:\windows\system32\TPSBattM.exe
    .
    **************************************************************************
    .
    Completion time: 2010-07-29 00:32:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-28 23:32

    Pre-Run: 41,107,734,528 bytes free
    Post-Run: 41,098,518,528 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    - - End Of File - - DFF3A0E79A4B4A830F3A2ECB69EC8B7F
     
  2. Broni

    Broni Malware Annihilator Posts: 52,570   +340

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...