[Closed] Toshiba laptop running slowly - Combo Fix log

Status
Not open for further replies.

a4007035

Posts: 84   +0
Hi,

I have followed the necessary steps and was asked to produce a log of the combo fix https://www.techspot.com/vb/topic150338.html

ComboFix 10-07-27.05 - Alethea Leung 29/07/2010 0:11.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.447.103 [GMT 1:00]
Running from: c:\documents and settings\Alethea Leung\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alethea Leung\c5ovi.exe
c:\windows\hosts
c:\windows\system32\browseit.log
c:\windows\system32\hosts

.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-28 )))))))))))))))))))))))))))))))
.

2010-07-20 22:37 . 2010-07-20 22:37 -------- d-----w- c:\documents and settings\Alethea Leung\Application Data\Malwarebytes
2010-07-20 22:35 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-20 22:34 . 2010-07-20 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-20 22:34 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 22:34 . 2010-07-20 22:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-20 17:23 . 2010-07-20 17:23 -------- d-----w- c:\documents and settings\Alethea Leung\Application Data\Avira
2010-07-20 17:20 . 2010-03-01 09:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-20 17:20 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-20 17:20 . 2009-05-11 11:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-20 17:20 . 2009-05-11 11:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-20 17:20 . 2010-07-20 17:20 -------- d-----w- c:\program files\Avira
2010-07-20 17:20 . 2010-07-20 17:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-28 23:25 . 2010-05-26 20:43 57682 ----a-w- c:\windows\system32\drivers\hosts
2010-07-22 20:45 . 2005-01-01 16:25 -------- d-----w- c:\program files\epson
2010-07-22 04:14 . 2004-05-18 10:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-22 04:07 . 2004-05-18 10:59 -------- d-----w- c:\program files\TOSHIBA
2010-07-22 04:05 . 2004-12-22 16:58 -------- d-----w- c:\program files\BT Broadband
2010-07-22 04:05 . 2004-12-22 16:58 -------- d-----w- c:\program files\Motive
2010-07-22 04:05 . 2004-12-22 16:59 -------- d-----w- c:\program files\Common Files\Motive
2010-06-28 21:20 . 2005-11-27 23:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-28 20:52 . 2008-04-10 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-26 20:43 . 2010-05-26 20:43 159744 ----a-w- c:\windows\system32\scvdll.exe
2010-05-26 16:43 . 2010-05-26 16:43 50354 ----a-w- c:\documents and settings\Alethea Leung\Application Data\Facebook\uninstall.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-09 335872]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-01-22 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-01-22 495616]
"TPSMain"="TPSMain.exe" [2004-04-29 266240]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2004-04-30 430080]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-04-27 118784]
"PadTouch"="c:\program files\TOSHIBA\PadTouch\PadExe.exe" [2004-02-12 1019904]
"TFncKy"="TFncKy.exe" [BU]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 88363]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2004-11-02 1063424]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"c5ovi"="c:\windows\system32\scvdll.exe" [2010-05-26 159744]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2005-12-1 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 iadusb;BT Voyager 205 ADSL Router;c:\windows\system32\DRIVERS\glauiad.sys [2004-12-22 30371]
S0 atiide;atiide;c:\windows\System32\DRIVERS\atiide.sys [2004-04-14 5632]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

.
Contents of the 'Scheduled Tasks' folder

2009-02-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2004-09-24 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-05-18 00:12]

2004-09-24 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-05-18 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.tiscali.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Alethea Leung\Application Data\Mozilla\Firefox\Profiles\oyx9jv6v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.co.uk/
FF - plugin: c:\documents and settings\Alethea Leung\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPJPI142_04.dll
FF - plugin: c:\program files\Java\j2re1.4.2_04\bin\NPOJI610.dll
.
.
------- File Associations -------
.
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKLM-Run-MPFTray - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
HKLM-Run-DSLAGENTEXE - c:\program files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe
HKLM-Run-EPSON Stylus Photo RX420 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
HKLM-Run-MISAggregator - (no file)
AddRemove-AutoNom 2000 - c:\program files\MDL Information Systems
AddRemove-ScreensaversInstaller - c:\program files\Screensavers.com\Installer\bin\siuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-29 00:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\hosts 60429 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\}ݛwӦ*]
"DisplayName"="?\11\09"
"DeviceDesc"="?\11\09"
"ProviderName"="?\15?\11?#8\11??"
"MFG"="???"
"ReinstallString"=".10.1000.3"
"DeviceInstanceIds"=multi:"c:\\pmr400174eu0 en,fr,gr,it osaka20 ssa60 xph cd1\\display driver\\sbdrv\\smbus\\smbusati.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1468)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\TPSBattM.exe
.
**************************************************************************
.
Completion time: 2010-07-29 00:32:21 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-28 23:32

Pre-Run: 41,107,734,528 bytes free
Post-Run: 41,098,518,528 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - DFF3A0E79A4B4A830F3A2ECB69EC8B7F
 
Status
Not open for further replies.
Back