dethunter12 Posted July 6, 2014 ID:849809 Share Posted July 6, 2014 okay so recently i got a blue screen on my windows 8 3 times in a row usually when i was in my browser so i completly restored my pc back to factory settings to resolve it but im almost certain there is still a virus or malware or somthing on my system my internet will cut out this is not due to my provider my brother has the same connecction and he is right next to me somtimes the internet says limited or it turns it off compltly and i cant get on ok so i open my task manager and my cpu memory and disk are way above normal when i reinstalled last time my cpu was at about 1-5% now its about 1-60% disk was about 10-20% now its 10-100%so something must be wrong im sure its due to the blue screen it was working fine a few days ago! and i tried going in safe mode running alot of virus removal tools like malwarebites combofix microsoft removal tool norton power eraser none of it is working here is the log from combofix.tex PC Specs: manufacturer : TOSHIBAmodel : Satellite p75-Arating: 5.9processor: intel core i7 4700mq dual core 2.40 ghz8gb ram 64 bit operating system x64 based processor ComboFix 14-07-03.01 - dethunter 07/06/2014 17:41:09.2.8 - x64Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.7944.4333 [GMT -7:00]Running from: e:\lastchaos files(i made them)\ComboFix.exeAV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Roaming..((((((((((((((((((((((((( Files Created from 2014-06-07 to 2014-07-07 )))))))))))))))))))))))))))))))..2014-07-07 00:45 . 2014-07-07 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp2014-07-07 00:12 . 2014-07-07 00:12 13 --sh--r- c:\windows\system32\drivers\fbd.sys2014-07-07 00:08 . 2014-07-07 00:26 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-07-07 00:07 . 2014-07-07 00:07 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-07-07 00:07 . 2014-07-07 00:07 -------- d-----w- c:\programdata\Malwarebytes2014-07-07 00:07 . 2014-05-12 14:26 64216 ----a-w- c:\windows\system32\drivers\mwac.sys2014-07-07 00:07 . 2014-05-12 14:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-07-07 00:07 . 2014-05-12 14:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-07-07 00:02 . 2014-07-07 00:02 -------- d-----w- c:\program files\Common Files\Intel2014-07-07 00:02 . 2014-07-07 00:02 -------- d-----w- c:\program files (x86)\Cisco2014-07-06 23:18 . 2014-06-02 00:17 95414520 ----a-w- c:\windows\system32\MRT.exe2014-07-06 23:11 . 2014-07-06 23:11 390776 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys2014-07-06 22:31 . 2014-07-06 22:31 -------- d-----w- C:\NPE2014-07-06 22:23 . 2014-07-06 22:24 -------- d-----w- c:\program files (x86)\Google2014-07-06 22:00 . 2014-07-06 22:00 -------- d-----w- c:\program files\CCleaner2014-07-06 21:12 . 2014-07-06 21:16 -------- d-----w- c:\users\dethunter2014-07-06 19:56 . 2014-07-06 19:56 -------- d--h--r- c:\users\Public\AccountPictures...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-07-06 21:25 . 2012-07-26 08:13 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0)"EnableCursorSuppression"= 1 (0x1)"ConsentPromptBehaviorUser"= 3 (0x3).R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys;c:\windows\SYSNATIVE\drivers\NMgamingms.sys [x]R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys;c:\windows\SYSNATIVE\DRIVERS\TrufosAlt.sys [x]R4 THAccelSvc;TOSHIBA HDD Accelerator Service;c:\program files\TOSHIBA\HDD Accelerator\THAccelSvc.exe;c:\program files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [x]S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]S0 THAccel;THAccel;c:\windows\system32\DRIVERS\THAccel.sys;c:\windows\SYSNATIVE\DRIVERS\THAccel.sys [x]S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\System32\drivers\Thpevm.SYS;c:\windows\SYSNATIVE\drivers\Thpevm.SYS [x]S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]S2 dts_apo_service;DTS APO Service;c:\program files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe;c:\program files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [x]S2 fbdpinger;fbdpinger;c:\program files (x86)\TOSHIBA\ToshibaFB\fdbpinger.exe;c:\program files (x86)\TOSHIBA\ToshibaFB\fdbpinger.exe [x]S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [x]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\Toshiba\Teco\TecoService.exe;c:\program files\Toshiba\Teco\TecoService.exe [x]S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]S3 NETwNe64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]S3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys;c:\windows\SYSNATIVE\drivers\QIOMem.sys [x]S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]S3 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\System32\drivers\tos_sps64.sys;c:\windows\SYSNATIVE\drivers\tos_sps64.sys [x]S3 usb3Hub;Intel UoIP Bus;c:\windows\System32\drivers\usb3Hub.sys;c:\windows\SYSNATIVE\drivers\usb3Hub.sys [x]S3 XHCIPort;Intel UoIP Host Controller;c:\windows\System32\drivers\XHCIPort.sys;c:\windows\SYSNATIVE\drivers\XHCIPort.sys [x]S4 ccSet_NARA;NARA Settings Manager;c:\windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NARAx64\0403000.00E\ccSetx64.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-07-06 22:24 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]2012-09-24 03:43 214664 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll.Contents of the 'Scheduled Tasks' folder.2014-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-06 22:23]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ThpSrv"="'c:\windows\system32\thpsrv" [X]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-05-13 165872]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-05-13 407536]"Persistence"="c:\windows\system32\igfxpers.exe" [2013-05-13 444400]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2013-01-11 894048]"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]"TCrdMain"="c:\program files\TOSHIBA\Hotkey\TCrdMain_Win8.exe" [2013-04-22 2565472]"TecoResident"="c:\program files\TOSHIBA\Teco\TecoResident.exe" [2013-01-29 170848]"TSleepSrv"="c:\program files (x86)\TOSHIBA\System Setting\TSleepSrv.exe" [2013-03-05 1549392]"TODDMain"="c:\program files (x86)\TOSHIBA\System Setting\TODDMain.exe" [2012-08-04 213136].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://toshiba13.msn.commDefault_Page_URL = hxxp://toshiba13.msn.commStart Page = hxxp://toshiba13.msn.commLocal Page = c:\windows\SysWOW64\blank.htmmWindow Title = Internet Explorer provided by TOSHIBA.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone)@SACL=(02 0000).Completion time: 2014-07-06 17:46:45ComboFix-quarantined-files.txt 2014-07-07 00:46ComboFix2.txt 2014-07-06 22:10.Pre-Run: 694,765,309,952 bytes freePost-Run: 694,291,951,616 bytes free.- - End Of File - - 774CD42C3124B941CF37B5725B3763D45FB38429D5D77768867C76DCBDB35194 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted July 28, 2014 Staff ID:859021 Share Posted July 28, 2014 Hello I would like to apoligize for the delay in getting to you and I would like to find out if you still need help with your problem Gringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted August 3, 2014 Staff ID:861928 Share Posted August 3, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts