Jump to content

Malware/virus removal


Recommended Posts

okay so recently i got a blue screen on my windows 8  3 times in a row usually when i was in my browser so i completly restored my pc back to factory settings to resolve it but im almost certain there is still a virus  or malware or somthing on my system  my internet will cut out this is not due to my provider my brother has the same connecction and he is right next to me somtimes the internet says limited or it turns it off compltly and i cant get on  ok so i open my task manager and my cpu memory and disk are way above normal when i reinstalled last time my cpu was at about 1-5% now its about 1-60% disk was about 10-20% now its 10-100%

so something must be wrong  im sure its due to the blue screen it was working fine a few days ago! and i tried going in safe mode running alot of virus removal tools like malwarebites combofix  microsoft removal tool norton power eraser none of it is working here is the log from combofix.tex

 

PC Specs: manufacturer : TOSHIBA

model : Satellite p75-A

rating: 5.9

processor: intel core i7 4700mq  dual core 2.40 ghz

8gb ram

 64 bit operating system x64 based processor

 

ComboFix 14-07-03.01 - dethunter 07/06/2014  17:41:09.2.8 - x64
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.7944.4333 [GMT -7:00]
Running from: e:\lastchaos files(i made them)\ComboFix.exe
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-07 to 2014-07-07  )))))))))))))))))))))))))))))))
.
.
2014-07-07 00:45 . 2014-07-07 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-07 00:12 . 2014-07-07 00:12 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2014-07-07 00:08 . 2014-07-07 00:26 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-07-07 00:07 . 2014-07-07 00:07 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-07-07 00:07 . 2014-07-07 00:07 -------- d-----w- c:\programdata\Malwarebytes
2014-07-07 00:07 . 2014-05-12 14:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-07-07 00:07 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-07-07 00:07 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-07-07 00:02 . 2014-07-07 00:02 -------- d-----w- c:\program files\Common Files\Intel
2014-07-07 00:02 . 2014-07-07 00:02 -------- d-----w- c:\program files (x86)\Cisco
2014-07-06 23:18 . 2014-06-02 00:17 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-07-06 23:11 . 2014-07-06 23:11 390776 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2014-07-06 22:31 . 2014-07-06 22:31 -------- d-----w- C:\NPE
2014-07-06 22:23 . 2014-07-06 22:24 -------- d-----w- c:\program files (x86)\Google
2014-07-06 22:00 . 2014-07-06 22:00 -------- d-----w- c:\program files\CCleaner
2014-07-06 21:12 . 2014-07-06 21:16 -------- d-----w- c:\users\dethunter
2014-07-06 19:56 . 2014-07-06 19:56 -------- d--h--r- c:\users\Public\AccountPictures
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-06 21:25 . 2012-07-26 08:13 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys;c:\windows\SYSNATIVE\drivers\NMgamingms.sys [x]
R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys;c:\windows\SYSNATIVE\DRIVERS\TrufosAlt.sys [x]
R4 THAccelSvc;TOSHIBA HDD Accelerator Service;c:\program files\TOSHIBA\HDD Accelerator\THAccelSvc.exe;c:\program files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 THAccel;THAccel;c:\windows\system32\DRIVERS\THAccel.sys;c:\windows\SYSNATIVE\DRIVERS\THAccel.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\System32\drivers\Thpevm.SYS;c:\windows\SYSNATIVE\drivers\Thpevm.SYS [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 dts_apo_service;DTS APO Service;c:\program files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe;c:\program files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [x]
S2 fbdpinger;fbdpinger;c:\program files (x86)\TOSHIBA\ToshibaFB\fdbpinger.exe;c:\program files (x86)\TOSHIBA\ToshibaFB\fdbpinger.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\Toshiba\Teco\TecoService.exe;c:\program files\Toshiba\Teco\TecoService.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NETwNe64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys;c:\windows\SYSNATIVE\drivers\QIOMem.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\System32\drivers\tos_sps64.sys;c:\windows\SYSNATIVE\drivers\tos_sps64.sys [x]
S3 usb3Hub;Intel UoIP Bus;c:\windows\System32\drivers\usb3Hub.sys;c:\windows\SYSNATIVE\drivers\usb3Hub.sys [x]
S3 XHCIPort;Intel UoIP Host Controller;c:\windows\System32\drivers\XHCIPort.sys;c:\windows\SYSNATIVE\drivers\XHCIPort.sys [x]
S4 ccSet_NARA;NARA Settings Manager;c:\windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NARAx64\0403000.00E\ccSetx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-06 22:24 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2012-09-24 03:43 214664 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-06 22:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="'c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-13 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-13 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-13 444400]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2013-01-11 894048]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"TCrdMain"="c:\program files\TOSHIBA\Hotkey\TCrdMain_Win8.exe" [2013-04-22 2565472]
"TecoResident"="c:\program files\TOSHIBA\Teco\TecoResident.exe" [2013-01-29 170848]
"TSleepSrv"="c:\program files (x86)\TOSHIBA\System Setting\TSleepSrv.exe" [2013-03-05 1549392]
"TODDMain"="c:\program files (x86)\TOSHIBA\System Setting\TODDMain.exe" [2012-08-04 213136]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://toshiba13.msn.com
mDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = hxxp://toshiba13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Internet Explorer provided by TOSHIBA
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-07-06  17:46:45
ComboFix-quarantined-files.txt  2014-07-07 00:46
ComboFix2.txt  2014-07-06 22:10
.
Pre-Run: 694,765,309,952 bytes free
Post-Run: 694,291,951,616 bytes free
.
- - End Of File - - 774CD42C3124B941CF37B5725B3763D4
5FB38429D5D77768867C76DCBDB35194
 
Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.