Inactive Avast Antivirus, Multiple detections

W

Weirdiolio

Posts: 7   +0
Hey there! My avast antivirus has been acting rather strangely as of late, and I'm suspicious of having a trojan.

For example, 1 or 2 sites recently (Ign.com, gamespot.com), I've gotten a threat detected message, which I assumed was a false positive.

Next, however, got me on guard, this morning, when I booted up my laptop, avast detected a certain winbios.exe in c/ programfiles/lenovo, and put it in the chest.

I've already ran malwarebytes (Full scan), and I've got no detections there.
So I was wondering, do I have a trojan/malware infection?
 
We can check.
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/22/2014
Scan Time: 4:50:05 PM
Logfile: Log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.22.08
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: Wyatt

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312403
Time Elapsed: 7 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17054
Run by Weirdiolio at 17:00:37 on 2014-08-22
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.7912.4828 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\dashost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\dwm.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\RTFTrack.exe
C:\Windows\SysWOW64\UMonit64.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\WLANExt.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\ctfmon.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://lenovo13.msn.com
mWinlogon: Userinit = userinit.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Wyatt\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CLOUDP~1.LNK - C:\Users\Wyatt\AppData\Roaming\CloudPanel\CloudPanelLauncher.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8C4DAC37-6B91-4DC2-87A2-C4907D4584DC} : DHCPNameServer = 168.94.0.14 168.94.0.15
TCP: Interfaces\{8FB38D57-20FC-497A-B5A4-DDCE33C5C6E2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8FB38D57-20FC-497A-B5A4-DDCE33C5C6E2}\D49636B65697E45647 : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{8FB38D57-20FC-497A-B5A4-DDCE33C5C6E2}\D696B656A65616E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8FB38D57-20FC-497A-B5A4-DDCE33C5C6E2}\D696B656A65616E6D27657563747 : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{8FB38D57-20FC-497A-B5A4-DDCE33C5C6E2}\D6A67657563747 : DHCPNameServer = 192.168.7.1
TCP: Interfaces\{8FB38D57-20FC-497A-B5A4-DDCE33C5C6E2}\E45445745414253343F5548545 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [SynLenovoGestureMgr] "C:\Program Files (x86)\Synaptics\SynTP\SynLenovoGestureMgr.exe" /m
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [UMonit64] C:\windows\SysWOW64\UMonit64.exe
x64-Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe -start
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\windows\System32\rundll32.exe C:\windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-12-2 9216]
R0 aswRvrt;avast! Revert;C:\windows\System32\Drivers\aswRvrt.sys [2013-7-22 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\Drivers\aswVmm.sys [2013-7-22 224896]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-1-31 652784]
R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2013-5-29 39008]
R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2014-7-29 32544]
R1 aswSnx;aswSnx;C:\windows\System32\Drivers\aswsnx.sys [2013-7-22 1041168]
R1 aswSP;aswSP;C:\windows\System32\Drivers\aswsp.sys [2013-7-22 427360]
R2 aswHwid;avast! HardwareID;C:\windows\System32\Drivers\aswHwid.sys [2014-5-15 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\Drivers\aswMonFlt.sys [2013-7-22 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-15 50344]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-8-26 1137016]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-8-26 1157496]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-31 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-5-29 131544]
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;Intel(R) Wireless Bluetooth(R) 4.0 Radio Management;C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [2013-9-18 157128]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-5-29 169432]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1720608]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-19 18956064]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-8-28 3378416]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2013-7-22 140600]
R3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2012-10-1 1390904]
R3 ibtfltcoex;ibtfltcoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 69088]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2013-1-25 118936]
R3 NETwNe64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2013-10-8 3345376]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-6-2 20256]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\Drivers\nvvad64v.sys [2014-6-2 40392]
R3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\Drivers\rtsuvc.sys [2013-5-29 8243272]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2013-3-22 33008]
R3 WSDScan;WSD Scan Support;C:\windows\System32\Drivers\WSDScan.sys [2013-3-25 23552]
S2 aswStm;aswStm;C:\windows\System32\Drivers\aswstm.sys [2014-5-15 92008]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2013-4-11 165344]
S3 GeneStor;Genesys Logic Storage Driver;C:\windows\System32\Drivers\GeneStor.sys [2013-5-29 91368]
S3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-3-26 442368]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-8-28 273136]
S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2013-5-29 102376]
S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\windows\System32\Drivers\xusb22.sys [2012-7-25 89088]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-08-22 20:49:35 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-22 20:49:25 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-08-22 20:49:25 64216 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-08-22 20:49:25 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-08-22 20:49:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-21 01:06:18 -------- d-----w- C:\Users\Wyatt\AppData\Local\Ronin
2014-08-19 00:18:41 -------- d-----w- C:\Rodina
2014-08-15 14:09:01 43152 ----a-w- C:\windows\avastSS.scr
2014-08-15 12:41:52 105440 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-15 12:41:51 704480 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-08-13 16:09:59 71168 ----a-w- C:\windows\System32\drivers\hdaudbus.sys
2014-08-13 16:07:45 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 16:07:45 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-13 11:53:59 1300992 ----a-w- C:\windows\System32\gdi32.dll
2014-08-08 17:35:08 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-08-02 14:40:52 -------- d-----w- C:\Program Files (x86)\Overwolf
2014-07-31 04:16:14 -------- d-----w- C:\Users\Wyatt\AppData\Local\Adobe
2014-07-30 15:54:44 -------- d-----w- C:\Program Files (x86)\Facepalm Games
2014-07-30 04:02:19 -------- d-----w- C:\windows\SysWow64\NV
2014-07-30 04:02:19 -------- d-----w- C:\windows\System32\NV
2014-07-29 16:29:15 -------- d-----w- C:\Users\Wyatt\AppData\Local\TeamSpeak 3 Client
2014-07-27 18:31:00 394624 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-27 18:31:00 3262464 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-26 23:07:08 -------- d-----w- C:\Program Files (x86)\Xiph.Org
2014-07-26 03:49:24 -------- d-----w- C:\Users\Wyatt\AppData\Local\Blizzard
2014-07-26 03:37:39 -------- d-----w- C:\Users\Wyatt\AppData\Local\Blizzard Entertainment
2014-07-26 03:37:31 -------- d-----w- C:\Users\Wyatt\AppData\Roaming\Battle.net
2014-07-26 03:37:31 -------- d-----w- C:\Users\Wyatt\AppData\Local\Battle.net
2014-07-26 03:37:11 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-07-26 03:29:25 -------- d-----w- C:\ProgramData\Battle.net
.
==================== Find3M ====================
.
2014-08-15 14:09:02 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-08-15 14:09:02 92008 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-08-15 14:09:02 79184 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-08-15 14:09:02 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-08-15 14:09:02 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-08-15 14:09:02 224896 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-08-15 14:09:02 1041168 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-07-29 04:45:25 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-07-29 04:45:25 144384 ----a-w- C:\windows\System32\wuwebv.dll
2014-07-29 04:45:25 128000 ----a-w- C:\windows\SysWow64\wuwebv.dll
2014-07-29 04:45:24 40448 ----a-w- C:\windows\System32\wuapp.exe
2014-07-29 04:45:11 100352 ----a-w- C:\windows\System32\wudriver.dll
2014-07-29 04:45:09 253440 ----a-w- C:\windows\System32\WUSettingsProvider.dll
2014-07-29 04:45:09 1623040 ----a-w- C:\windows\System32\wucltux.dll
2014-07-29 04:45:06 86528 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-07-29 04:45:05 176640 ----a-w- C:\windows\System32\storewuauth.dll
2014-07-25 13:50:29 1291280 ----a-w- C:\windows\SysWow64\nvspbridge.dll
2014-07-25 13:50:29 1126480 ----a-w- C:\windows\SysWow64\nvspcap.dll
2014-07-25 13:50:11 1715224 ----a-w- C:\windows\System32\nvspbridge64.dll
2014-07-25 13:50:11 1283136 ----a-w- C:\windows\System32\nvspcap64.dll
2014-07-24 12:10:54 2240000 ----a-w- C:\windows\System32\wininet.dll
2014-07-24 12:10:46 915968 ----a-w- C:\windows\System32\uxtheme.dll
2014-07-24 12:10:46 53760 ----a-w- C:\windows\System32\UXInit.dll
2014-07-24 12:09:37 3959296 ----a-w- C:\windows\System32\jscript9.dll
2014-07-24 12:09:33 67072 ----a-w- C:\windows\System32\iesetup.dll
2014-07-24 12:09:33 136704 ----a-w- C:\windows\System32\iesysprep.dll
2014-07-24 12:09:00 1508864 ----a-w- C:\windows\System32\inetcpl.cpl
2014-07-24 10:52:27 1766400 ----a-w- C:\windows\SysWow64\wininet.dll
2014-07-24 10:52:20 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2014-07-24 10:51:27 2861568 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-07-24 10:51:22 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-07-24 10:51:22 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-07-24 10:51:02 1440768 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-07-24 10:33:52 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-07-24 10:29:20 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-07-24 08:03:01 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2014-07-15 22:55:08 4035072 ----a-w- C:\windows\System32\win32k.sys
2014-07-12 02:36:04 1023488 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-07-02 18:55:43 6783776 ----a-w- C:\windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\windows\System32\nvvsvc.exe
2014-07-02 18:55:41 67072 ----a-w- C:\windows\System32\nv3dappshextr.dll
2014-07-02 18:55:41 62808 ----a-w- C:\windows\System32\nvshext.dll
2014-07-02 18:55:41 618440 ----a-w- C:\windows\SysWow64\oemdspif.dll
2014-07-02 18:55:41 386520 ----a-w- C:\windows\System32\nvmctray.dll
2014-07-02 18:55:41 2559960 ----a-w- C:\windows\System32\nvsvcr.dll
2014-07-02 18:55:41 1084704 ----a-w- C:\windows\System32\nv3dappshext.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\windows\System32\nvcoproc.bin
2014-06-19 23:35:37 1312768 ----a-w- C:\windows\System32\rpcrt4.dll
2014-06-19 22:24:17 694272 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-06-17 23:27:37 1440256 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-17 23:24:48 1557504 ----a-w- C:\windows\System32\osk.exe
2014-06-13 01:57:00 1453400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-06-13 01:55:08 199680 ----a-w- C:\windows\System32\cdd.dll
2014-06-06 14:06:38 596480 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 10:17:56 497152 ----a-w- C:\windows\SysWow64\qedit.dll
2014-06-05 17:56:51 112984 ----a-w- C:\windows\System32\consent.exe
2014-06-05 17:30:38 10116608 ----a-w- C:\windows\System32\twinui.dll
2014-06-05 17:29:42 393216 ----a-w- C:\windows\System32\msihnd.dll
2014-06-05 17:29:42 2885632 ----a-w- C:\windows\System32\msi.dll
2014-06-05 17:28:30 2306560 ----a-w- C:\windows\System32\authui.dll
2014-06-05 17:28:25 2146304 ----a-w- C:\windows\System32\actxprxy.dll
2014-06-05 13:12:09 8857600 ----a-w- C:\windows\SysWow64\twinui.dll
2014-06-05 13:11:28 295424 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-06-05 13:11:27 2416128 ----a-w- C:\windows\SysWow64\msi.dll
2014-06-05 13:10:41 2037760 ----a-w- C:\windows\SysWow64\authui.dll
2014-06-05 13:10:36 754176 ----a-w- C:\windows\SysWow64\actxprxy.dll
2014-06-02 22:33:45 265216 ----a-w- C:\windows\System32\InkEd.dll
2014-05-29 23:31:26 452608 ----a-w- C:\windows\SysWow64\SHCore.dll
2014-05-29 23:03:04 588288 ----a-w- C:\windows\System32\SHCore.dll
2014-05-29 23:02:28 439808 ----a-w- C:\windows\System32\lsm.dll
2014-05-29 23:02:27 1281536 ----a-w- C:\windows\System32\lsasrv.dll
2014-05-29 22:24:46 576512 ----a-w- C:\windows\System32\drivers\afd.sys
2014-05-29 04:04:53 94552 ----a-w- C:\windows\System32\drivers\mountmgr.sys
.
============= FINISH: 17:00:47.83 ===============
 
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 7/22/2013 10:51:48 PM
System Uptime: 8/15/2014 8:40:06 AM (177 hours ago)
.
Motherboard: LENOVO | | 20217
Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz | U3E1 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 884 GiB total, 721.928 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 22.107 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP96: 8/10/2014 2:22:14 PM - Scheduled Checkpoint
RP97: 8/11/2014 9:48:14 PM - Installed DirectX
RP98: 8/14/2014 6:52:17 PM - Installed DirectX
RP99: 8/18/2014 12:39:51 PM - Installed DirectX
RP100: 8/19/2014 5:25:45 PM - Installed DirectX
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.08)
avast! Free Antivirus
CCleaner
Counter-Strike: Source
Distance Beta
Dual-Core Optimizer
Energy Management
Firefall
Fistful of Frags
Garry's Mod
GCFScape 1.8.5
Genesys USB Mass Storage Device
Globeat
Goat Simulator
Google Chrome
Google Update Helper
Guacamelee! Gold Edition
Gunpoint
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life Dedicated Server Update Tool
Hi-Rez Studios Authenticate and Update Service
Intel AppUp(SM) center
Intel(R) Manageability Engine Firmware Recovery Agent
Intel(R) Management Engine Components
Intel(R) PRO/Wireless Driver
Intel(R) Processor Graphics
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) Rapid Storage Technology
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Java 7 Update 25 (64-bit)
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo PowerDVD10
Lenovo YouCam
LUFTRAUSERS
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
Microsoft Office
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Monaco
Monokrome version 1.0
NVIDIA Control Panel 340.52
NVIDIA GeForce Experience 2.1.1
NVIDIA Graphics Driver 340.52
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA Optimus Update 15.3.33
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.1220
NVIDIA ShadowPlay 15.3.33
NVIDIA Update 15.3.33
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.23
Onekey Theater
OpenAL
Origin
PlanetSide 2
PlanetSide 2 Live Test
Portal 2
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Realtek High Definition Audio Driver
Rodina
Shared C Run-time for x64
SHIELD Streaming
Skype™ 6.16
Space Run
Starseed Pilgrim
Steam
Surgeon Simulator 2013
Synaptics Pointing Device Driver
TeamSpeak 3 Client
The Stanley Parable
Ubisoft Game Launcher
Unity Web Player
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733)
Xiph.Org Open Codecs 0.85.17777
.
==== Event Viewer Messages From Past Week ========
.
8/22/2014 8:18:45 AM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.
8/15/2014 8:40:07 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
8/15/2014 2:12:22 PM, Error: Service Control Manager [7031] - The Windows Connect Now - Config Registrar service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/15/2014 2:12:22 PM, Error: Service Control Manager [7031] - The UPnP Device Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/15/2014 2:12:22 PM, Error: Service Control Manager [7031] - The Time Broker service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/15/2014 2:12:22 PM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/15/2014 2:12:22 PM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================


This should cover it.... Also, I'd like to refrain from downloading too many programs if possible
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url][b][url=https://www.techspot.com/downloads/5603-malwarebytes-anti-rootkit.html][color=#0000FF]Malwarebytes Anti-Rootkit[/color][/url][/b] to your desktop.
[LIST]
[*][b][color=#FF0000]Warning![/color][/b] [I]Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.[/I]
[*]Double click on downloaded file. OK self extracting prompt.
[*]MBAR will start. Click "[b]Next[/b]" to continue.
[*]Click in the following screen "[b]Update[/b]" to obtain the latest malware definitions.
[*]Once the update is complete select "[b]Next[/b]" and click "[b]Scan[/b]".
[*]When the scan is finished and no malware has been found select "[b]Exit[/b]".
[*]If malware was detected, make sure to check all the items and click "[b]Cleanup[/b]". Reboot your computer.
[*]Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
[LIST]
[*][b]"mbar-log-[I]{date} (xx-xx-xx)[/I].txt"[/b]
[*][b]"system-log.txt"[/b]
[/LIST]
[/LIST]
 
Uh... Hey.. About rogue killer... It killed a process called "RFTTracker.exe" And apparently, it's related to the lenovo built in camera. At this point, and with winbios.exe, I'm getting the idea that lenovo's files are all false positives, as they have not been detected as malicious, only suspicious. Any thoughts on this?
 
You must log in or register to reply here.

Similar threads

C
Solved Pcupgradenow popups?
Replies
12
Views
3K
Superdave1941
S
AArrowwood
  • Locked
Inactive-A AArrowwood laptop Malware/Virus infection
2
Replies
48
Views
6K
Broni
Broni
T
  • Locked
Inactive-A Multiple explorer.exe and dllhost.exe *32 Instances in Task Manager.
Replies
13
Views
7K
Broni
Broni

Latest posts

Back