patatepile
Posts: 46 +0
Not sure it is a malware / virus problem, but over night, Windows Defender stopped working and I can't start it up manually. I've read that back in 2009 malware used to disable antivirus and such, so thats why I'm here.
so the DDS log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.17.2
Run by Momo at 14:07:38 on 2013-05-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.16365.12474 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Momo\AppData\Local\Akamai\netsession_win.exe
C:\Users\Momo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Momo\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Games\World_of_Tanks\WorldOfTanks.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Akamai NetSession Interface] "C:\Users\Momo\AppData\Local\Akamai\netsession_win.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Momo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Momo\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Momo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Pidgin.lnk - C:\Program Files (x86)\Pidgin\pidgin.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{DBE241F8-54C6-4D81-8DCB-248304065C78} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\1ibnn5gt.default\
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Momo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-1-1 22680]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-12-13 544840]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-1-1 46136]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-1-1 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-1-1 88832]
R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2008-7-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2008-7-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-1 646248]
R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2012-11-7 25600]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2012-11-7 113664]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2012-11-7 23040]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-1-1 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-10-17 112080]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2009-10-9 40320]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-1 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-1 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-1 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-1 1255736]
.
=============== Created Last 30 ================
.
2013-05-11 01:42:4976232----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0E754605-5E38-478E-9329-18D15AE8F47B}\offreg.dll
2013-05-09 23:58:289317456----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0E754605-5E38-478E-9329-18D15AE8F47B}\mpengine.dll
2013-05-08 00:24:379317456----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-03 01:02:51--------d-----w-C:\CrashReport
2013-05-02 22:45:21--------d-----w-C:\Dragons Prophet Beta
2013-05-02 03:09:47--------d-----w-C:\Users\Momo\AppData\Local\Sony Online Entertainment
2013-05-02 02:38:15--------d-----w-C:\Users\Momo\AppData\Local\Aeria Games
2013-05-02 02:38:04--------d-----w-C:\ProgramData\Aeria Games
2013-05-02 01:41:10--------d-sh--w-C:\Windows\SysWow64\AI_RecycleBin
2013-05-02 01:17:08--------d-----w-C:\AeriaGames
2013-04-24 07:30:34905296------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C82FA03B-BA44-40F7-87B4-C58253860D4F}\gapaengine.dll
2013-04-23 21:10:071656680----a-w-C:\Windows\System32\drivers\ntfs.sys
2013-04-23 02:33:43--------d-----w-C:\Users\Momo\AppData\Roaming\Unity
2013-04-23 02:28:32--------d-----w-C:\Users\Momo\AppData\Local\Unity
.
==================== Find3M ====================
.
2013-05-02 15:29:56278800------w-C:\Windows\System32\MpSigStub.exe
2013-04-10 22:28:2271048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 22:28:22691592----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-04 18:50:3225928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-03-19 06:04:065550424----a-w-C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:5643520----a-w-C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:133968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:103913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:506656----a-w-C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33112640----a-w-C:\Windows\System32\smss.exe
2013-03-15 04:16:183477280----a-w-C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:176398240----a-w-C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10877856----a-w-C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:1063776----a-w-C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10237856----a-w-C:\Windows\System32\nvmctray.dll
2013-03-15 02:07:52559904----a-w-C:\Windows\SysWow64\nvStreaming.exe
2013-03-13 16:24:013065455----a-w-C:\Windows\System32\nvcoproc.bin
2013-03-04 22:26:2095648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-04 22:26:18861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2013-03-04 22:26:18782240----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-03-01 03:36:043153408----a-w-C:\Windows\System32\win32k.sys
2013-02-21 10:30:161766912----a-w-C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:392877440----a-w-C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:3761440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:072240512----a-w-C:\Windows\System32\wininet.dll
2013-02-21 10:14:093958784----a-w-C:\Windows\System32\jscript9.dll
2013-02-21 10:14:0567072----a-w-C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05136704----a-w-C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:032706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:142706432----a-w-C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:5371680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:1889600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31474112----a-w-C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:262176512----a-w-C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:0519968----a-w-C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 14:07:43,75 ===============
and the malwarebytes log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.11.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Momo :: MOMO-PC [administrator]
2013-05-11 14:09:19
mbam-log-2013-05-11 (14-09-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231536
Time elapsed: 1 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
hope soemoen can help me out!
so the DDS log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.17.2
Run by Momo at 14:07:38 on 2013-05-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.16365.12474 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Momo\AppData\Local\Akamai\netsession_win.exe
C:\Users\Momo\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\Momo\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Games\World_of_Tanks\WorldOfTanks.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Akamai NetSession Interface] "C:\Users\Momo\AppData\Local\Akamai\netsession_win.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Momo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Momo\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Momo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Pidgin.lnk - C:\Program Files (x86)\Pidgin\pidgin.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{DBE241F8-54C6-4D81-8DCB-248304065C78} : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Momo\AppData\Roaming\Mozilla\Firefox\Profiles\1ibnn5gt.default\
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Momo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-1-1 22680]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-6 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 130008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-12-13 544840]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-1-1 46136]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2013-1-1 65152]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2013-1-1 88832]
R3 lvpepf64;Volume Adapter;C:\Windows\System32\drivers\lv302a64.sys [2008-7-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2008-7-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2008-7-26 50072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-1 646248]
R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2012-11-7 25600]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2012-11-7 113664]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2012-11-7 23040]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-1-1 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2012-10-17 112080]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 LeapFrog-USBLAN;LeapFrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2009-10-9 40320]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-1 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-1 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-1 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-1 1255736]
.
=============== Created Last 30 ================
.
2013-05-11 01:42:4976232----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0E754605-5E38-478E-9329-18D15AE8F47B}\offreg.dll
2013-05-09 23:58:289317456----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0E754605-5E38-478E-9329-18D15AE8F47B}\mpengine.dll
2013-05-08 00:24:379317456----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-03 01:02:51--------d-----w-C:\CrashReport
2013-05-02 22:45:21--------d-----w-C:\Dragons Prophet Beta
2013-05-02 03:09:47--------d-----w-C:\Users\Momo\AppData\Local\Sony Online Entertainment
2013-05-02 02:38:15--------d-----w-C:\Users\Momo\AppData\Local\Aeria Games
2013-05-02 02:38:04--------d-----w-C:\ProgramData\Aeria Games
2013-05-02 01:41:10--------d-sh--w-C:\Windows\SysWow64\AI_RecycleBin
2013-05-02 01:17:08--------d-----w-C:\AeriaGames
2013-04-24 07:30:34905296------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C82FA03B-BA44-40F7-87B4-C58253860D4F}\gapaengine.dll
2013-04-23 21:10:071656680----a-w-C:\Windows\System32\drivers\ntfs.sys
2013-04-23 02:33:43--------d-----w-C:\Users\Momo\AppData\Roaming\Unity
2013-04-23 02:28:32--------d-----w-C:\Users\Momo\AppData\Local\Unity
.
==================== Find3M ====================
.
2013-05-02 15:29:56278800------w-C:\Windows\System32\MpSigStub.exe
2013-04-10 22:28:2271048----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-10 22:28:22691592----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-04 18:50:3225928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-03-19 06:04:065550424----a-w-C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:5643520----a-w-C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:133968856----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:103913560----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:506656----a-w-C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33112640----a-w-C:\Windows\System32\smss.exe
2013-03-15 04:16:183477280----a-w-C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:176398240----a-w-C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10877856----a-w-C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:1063776----a-w-C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10237856----a-w-C:\Windows\System32\nvmctray.dll
2013-03-15 02:07:52559904----a-w-C:\Windows\SysWow64\nvStreaming.exe
2013-03-13 16:24:013065455----a-w-C:\Windows\System32\nvcoproc.bin
2013-03-04 22:26:2095648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-04 22:26:18861088----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2013-03-04 22:26:18782240----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-03-01 03:36:043153408----a-w-C:\Windows\System32\win32k.sys
2013-02-21 10:30:161766912----a-w-C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:392877440----a-w-C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:3761440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:072240512----a-w-C:\Windows\System32\wininet.dll
2013-02-21 10:14:093958784----a-w-C:\Windows\System32\jscript9.dll
2013-02-21 10:14:0567072----a-w-C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05136704----a-w-C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:032706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:142706432----a-w-C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:5371680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:1889600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31474112----a-w-C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:262176512----a-w-C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:0519968----a-w-C:\Windows\System32\drivers\usb8023.sys
.
============= FINISH: 14:07:43,75 ===============
and the malwarebytes log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.11.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Momo :: MOMO-PC [administrator]
2013-05-11 14:09:19
mbam-log-2013-05-11 (14-09-19).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231536
Time elapsed: 1 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
hope soemoen can help me out!