There are no any visible problems that would be harmful at the moment, but there is a strange one.. Some pages are not fully loading, for example see here how looks msn.com. Some more details about that: (1) I have tried firefox, chrome, ie - nothing new, (2) using the same wifi, websites and smartphone - the same, (3) system restores seemed to help me twice before but not today, (4) this behaviour is not constant, I.e. it gets worse, better, etc.. At least 1 and 2 would suggest me that it is malware. Also, I have installed some windows, flash player updates recently.. And finally, few days before my router has resetted for some reason, I haven't configured it the first time, but seems that putting the password back was enough. Now some logs. By the way, I have also tried FRST, MSE, Malwarebytes, ESET online, nothing seemed to help..
mbam-log-2013-04-23 (23-07-20)
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.23.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Julius :: TOSHIBA [administrator]
Protection: Enabled
2013.04.23 23:07:20
mbam-log-2013-04-23 (23-07-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 326618
Time elapsed: 21 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS.txtDDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2
Run by Julius at 0:11:47 on 2013-04-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1257.370.1033.18.3070.1573 [GMT 3:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\ASTSRV.EXE
C:\Program Files\VPN Client\VU VPN Client\cvpnd.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Julius\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\julius\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\julius\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\julius\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{BF1FF50A-C97F-42B6-818B-88CE35378CEA} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{BF1FF50A-C97F-42B6-818B-88CE35378CEA}\4554F4D23403543393632363 : DHCPNameServer = 212.59.2.2 212.59.1.1
TCP: Interfaces\{BF1FF50A-C97F-42B6-818B-88CE35378CEA}\4554F4D2542303642453 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{BF1FF50A-C97F-42B6-818B-88CE35378CEA}\8445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BF1FF50A-C97F-42B6-818B-88CE35378CEA}\D49464D2F60756E6 : DHCPNameServer = 10.255.255.254
TCP: Interfaces\{BF1FF50A-C97F-42B6-818B-88CE35378CEA}\D49464D2F60756E6D2431383 : DHCPNameServer = 10.255.255.254
TCP: Interfaces\{D65EA92F-134F-4161-81AB-26B841596401} : DHCPNameServer = 217.9.240.102 213.226.131.131
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\julius\appdata\roaming\mozilla\firefox\profiles\febeprof.bah\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\julius\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\users\julius\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\julius\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\julius\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 MpKsl03bb7c72;MpKsl03bb7c72;c:\programdata\microsoft\microsoft antimalware\definition updates\{c659e4c6-e238-403a-8ccc-4dfefbb67be0}\MpKsl03bb7c72.sys [2013-4-23 29904]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\common files\abbyy\finereader\10.00\licensing\pe\NetworkLicenseServer.exe [2010-7-22 814344]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-3-10 6656]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-9-15 188736]
R2 postgresql-9.1;postgresql-9.1 - PostgreSQL Server 9.1;C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N "postgresql-9.1" -D "C:/Program Files/PostgreSQL/9.1/data" -w --> C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N postgresql-9.1 [?]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-31 2754984]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-10-26 124368]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-12-22 7168]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-23 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-23 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 GdmUWm;GCT Mobile WiMAX NIC USB Driver;c:\windows\system32\drivers\gdmuwm.sys [2009-11-13 92160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-23 22856]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-4 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-4 52224]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-30 176128]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-04-24 05:03:35 -------- d-----w- C:\FRST
2013-04-23 20:05:48 -------- d-----w- c:\users\julius\appdata\roaming\Malwarebytes
2013-04-23 20:05:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-23 20:05:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-23 19:56:46 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c659e4c6-e238-403a-8ccc-4dfefbb67be0}\offreg.dll
2013-04-23 19:56:46 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c659e4c6-e238-403a-8ccc-4dfefbb67be0}\MpKsl03bb7c72.sys
2013-04-23 19:44:27 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c659e4c6-e238-403a-8ccc-4dfefbb67be0}\mpengine.dll
2013-04-23 18:28:09 -------- d-----w- c:\programdata\Malwarebytes
2013-04-23 14:53:20 -------- d-----w- c:\program files\ESET
2013-04-18 15:42:19 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-04-09 16:51:05 -------- d-----w- c:\users\julius\appdata\local\Pandoc
2013-04-07 12:33:16 -------- d-----w- c:\program files\RStudio
2013-04-06 07:29:12 -------- d-----w- c:\program files\Pajek
.
==================== Find3M ====================
.
2013-04-16 18:17:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 18:17:16 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-02 10:33:22 237088 ----a-w- c:\windows\system32\MpSigStub.exe
2013-03-06 16:19:39 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-06 16:19:35 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-06 16:19:34 782240 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 0:12:38,68 ===============
Attach.txt
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2009.08.08 16:59:36
System Uptime: 2013.04.23 22:43:58 (2 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | CPU | 1188/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 139,875 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: GCT WiMax Protocol Driver
Device ID: ROOT\LEGACY_GDMWMPRT\0000
Manufacturer:
Name: GCT WiMax Protocol Driver
PNP Device ID: ROOT\LEGACY_GDMWMPRT\0000
Service: GdmWmPrt
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP537: 2013.04.18 18:39:58 - Windows Update
RP538: 2013.04.20 13:29:39 - Removed Strawberry Perl
RP539: 2013.04.20 13:35:05 - Removed Stata 12
RP540: 2013.04.20 13:42:01 - Removed Python 3.3.0
RP541: 2013.04.20 14:00:27 - Removed Instant Reality Framework 2.2.0.24102
RP542: 2013.04.22 17:56:50 - Restore Operation
RP543: 2013.04.22 18:17:29 - Windows Update
RP544: 2013.04.22 18:55:26 - Windows Update
RP545: 2013.04.23 21:46:41 - Restore Operation
.
==== Installed Programs ======================
.
.
==== Event Viewer Messages From Past Week ========
.
.
==== End Of File ===========================
mbam-log-2013-04-23 (23-07-20)
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.23.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Julius :: TOSHIBA [administrator]
Protection: Enabled
2013.04.23 23:07:20
mbam-log-2013-04-23 (23-07-20).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 326618
Time elapsed: 21 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS.txtDDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2
Run by Julius at 0:11:47 on 2013-04-24
Microsoft Windows 7 Ultimate 6.1.7601.1.1257.370.1033.18.3070.1573 [GMT 3:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\ASTSRV.EXE
C:\Program Files\VPN Client\VU VPN Client\cvpnd.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Program Files\PostgreSQL\9.1\bin\pg_ctl.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\PostgreSQL\9.1\bin\postgres.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Julius\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\julius\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\julius\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\julius\appdata\roaming\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOEMBackground = dword:1
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{BF1FF50A-C97F-42B6-818B-88CE35378CEA} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{BF1FF50A-C97F-42B6-818B-88CE35378CEA}\4554F4D23403543393632363 : DHCPNameServer = 212.59.2.2 212.59.1.1
TCP: Interfaces\{BF1FF50A-C97F-42B6-818B-88CE35378CEA}\4554F4D2542303642453 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{BF1FF50A-C97F-42B6-818B-88CE35378CEA}\8445340205F627471626C6560284F6473707F647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BF1FF50A-C97F-42B6-818B-88CE35378CEA}\D49464D2F60756E6 : DHCPNameServer = 10.255.255.254
TCP: Interfaces\{BF1FF50A-C97F-42B6-818B-88CE35378CEA}\D49464D2F60756E6D2431383 : DHCPNameServer = 10.255.255.254
TCP: Interfaces\{D65EA92F-134F-4161-81AB-26B841596401} : DHCPNameServer = 217.9.240.102 213.226.131.131
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\julius\appdata\roaming\mozilla\firefox\profiles\febeprof.bah\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\julius\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\users\julius\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\julius\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\julius\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 MpKsl03bb7c72;MpKsl03bb7c72;c:\programdata\microsoft\microsoft antimalware\definition updates\{c659e4c6-e238-403a-8ccc-4dfefbb67be0}\MpKsl03bb7c72.sys [2013-4-23 29904]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\common files\abbyy\finereader\10.00\licensing\pe\NetworkLicenseServer.exe [2010-7-22 814344]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-3-10 6656]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-9-15 188736]
R2 postgresql-9.1;postgresql-9.1 - PostgreSQL Server 9.1;C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N "postgresql-9.1" -D "C:/Program Files/PostgreSQL/9.1/data" -w --> C:/Program Files/PostgreSQL/9.1/bin/pg_ctl.exe runservice -N postgresql-9.1 [?]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-8-31 2754984]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-10-26 124368]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-12-22 7168]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-1-13 6755840]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-23 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-23 701512]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 GdmUWm;GCT Mobile WiMAX NIC USB Driver;c:\windows\system32\drivers\gdmuwm.sys [2009-11-13 92160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-23 22856]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 100328]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-4 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-4 52224]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-30 176128]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-04-24 05:03:35 -------- d-----w- C:\FRST
2013-04-23 20:05:48 -------- d-----w- c:\users\julius\appdata\roaming\Malwarebytes
2013-04-23 20:05:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-23 20:05:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-23 19:56:46 60872 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c659e4c6-e238-403a-8ccc-4dfefbb67be0}\offreg.dll
2013-04-23 19:56:46 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c659e4c6-e238-403a-8ccc-4dfefbb67be0}\MpKsl03bb7c72.sys
2013-04-23 19:44:27 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c659e4c6-e238-403a-8ccc-4dfefbb67be0}\mpengine.dll
2013-04-23 18:28:09 -------- d-----w- c:\programdata\Malwarebytes
2013-04-23 14:53:20 -------- d-----w- c:\program files\ESET
2013-04-18 15:42:19 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-04-09 16:51:05 -------- d-----w- c:\users\julius\appdata\local\Pandoc
2013-04-07 12:33:16 -------- d-----w- c:\program files\RStudio
2013-04-06 07:29:12 -------- d-----w- c:\program files\Pajek
.
==================== Find3M ====================
.
2013-04-16 18:17:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-16 18:17:16 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-04-02 10:33:22 237088 ----a-w- c:\windows\system32\MpSigStub.exe
2013-03-06 16:19:39 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-06 16:19:35 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-06 16:19:34 782240 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 0:12:38,68 ===============
Attach.txt
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2009.08.08 16:59:36
System Uptime: 2013.04.23 22:43:58 (2 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Core(TM)2 Duo CPU T6600 @ 2.20GHz | CPU | 1188/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 139,875 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: GCT WiMax Protocol Driver
Device ID: ROOT\LEGACY_GDMWMPRT\0000
Manufacturer:
Name: GCT WiMax Protocol Driver
PNP Device ID: ROOT\LEGACY_GDMWMPRT\0000
Service: GdmWmPrt
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP537: 2013.04.18 18:39:58 - Windows Update
RP538: 2013.04.20 13:29:39 - Removed Strawberry Perl
RP539: 2013.04.20 13:35:05 - Removed Stata 12
RP540: 2013.04.20 13:42:01 - Removed Python 3.3.0
RP541: 2013.04.20 14:00:27 - Removed Instant Reality Framework 2.2.0.24102
RP542: 2013.04.22 17:56:50 - Restore Operation
RP543: 2013.04.22 18:17:29 - Windows Update
RP544: 2013.04.22 18:55:26 - Windows Update
RP545: 2013.04.23 21:46:41 - Restore Operation
.
==== Installed Programs ======================
.
.
==== Event Viewer Messages From Past Week ========
.
.
==== End Of File ===========================