hey guys so yesterday i was on my laptop not sure of what happened but my facebook.com redirects to meat spin. and my anti virus isnt picking it up
here is there dds
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2
Run by 100403428 at 1:12:51 on 2013-04-09
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.2.1033.18.3983.1670 [GMT -4:00]
.
AV: F-Secure Client Security 9.31 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Client Security 9.31 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\F-Secure\Device Control\fsdevcon64.exe
C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
C:\Windows\SysWOW64\CBA\pds.exe
C:\PROGRA~2\LANDesk\LDClient\issuser.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\LANDesk\LDClient\softmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\PROGRA~2\LANDesk\LDClient\collector.exe
C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE
C:\PROGRA~2\LANDesk\LDClient\LDregwatch.exe
C:\Program Files (x86)\F-Secure\Common\FSHDLL64.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE
C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
C:\Program Files (x86)\F-Secure\Common\FIH32.EXE
C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~2\LANDesk\LDClient\rcgui.exe
C:\PROGRA~2\LANDesk\LDClient\issclipexec.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\F-Secure\common\FSM32.EXE
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Adobe\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.uoit.ca/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\100403~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoWindowsUpdate = dword:1
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: NoStartMenuNetworkPlaces = dword:1
uPolicies-Explorer: NoSecurityTab = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0BCFAF6C-8379-4AD7-B569-B16E8E0B1095} : DHCPNameServer = 10.120.200.62 10.120.200.63 10.120.200.66 10.120.200.65 10.120.200.64 10.120.200.61
TCP: Interfaces\{4207094C-DE52-4B50-971D-0CFCCCADC27C} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\100403428\AppData\Roaming\Mozilla\Firefox\Profiles\qhxbzhju.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.uoit.ca/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-2-29 31344]
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2012-5-11 56016]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-3-29 23664]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [2012-4-9 62016]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2012-4-9 46848]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2012-4-9 95136]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2012-4-9 15040]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2012-2-29 15472]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]
R2 CBA8;LANDesk(R) Management Agent;C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe [2010-10-15 147456]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-2-29 198784]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [2012-4-9 221888]
R2 fsdevcon;F-Secure Device Control Daemon;C:\Program Files (x86)\F-Secure\Device Control\fsdevcon64.exe [2012-4-9 517824]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe [2013-3-28 205312]
R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [2013-3-28 178688]
R2 LANDesk(R) Out-of-Band Monitor Service;LANDesk(R) Out-of-Band Monitor Service;C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe [2013-3-28 1058304]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-2-29 101736]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-2-29 133992]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-8 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-8 682344]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-2-29 101888]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-3-19 3289208]
R2 Softmon;LANDesk(R) Software Monitoring Service;C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe [2013-3-28 385024]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-2-29 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-2-29 142696]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-29 2656280]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-12-20 1155088]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-12-20 248840]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-12-20 1178128]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2012-2-29 166016]
R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-4-19 478056]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2012-4-9 200760]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;C:\Program Files (x86)\F-Secure\common\FNRB32.exe [2012-4-9 189120]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [2012-4-9 62144]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-29 317440]
R3 ldmirror;ldmirror;C:\Windows\System32\drivers\ldmirror.sys [2012-3-29 5120]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-8 24176]
R3 mirrorflt;Mirror Filter Driver for Uninstall;C:\Windows\System32\drivers\mirrorflt.sys [2012-3-29 6656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-3 116072]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ldblank;Screen Blanking driver for Remote Control;C:\Windows\System32\drivers\ldblank.sys [2012-3-29 20480]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-2-29 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-2-29 175168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-29 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2012-12-20 14464]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsfilter.sys [2012-4-9 42048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsrec.sys [2012-4-9 27328]
.
=============== Created Last 30 ================
.
2013-04-08 17:39:33 -------- d-----w- C:\Users\100403428\AppData\Roaming\Malwarebytes
2013-04-08 17:39:20 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-08 17:39:16 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-08 17:39:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-08 17:39:04 -------- d-----w- C:\Users\100403428\AppData\Local\Programs
2013-04-06 15:06:18 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-04-06 15:05:49 -------- d-----w- C:\Program Files\iPod
2013-04-06 15:05:48 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-06 15:05:48 -------- d-----w- C:\Program Files\iTunes
2013-04-06 15:05:48 -------- d-----w- C:\Program Files (x86)\iTunes
2013-04-06 15:02:29 -------- d-----w- C:\Program Files\Bonjour
2013-04-06 15:02:29 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-04-04 18:15:13 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-04 18:15:04 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-03 23:17:27 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2013-04-03 15:42:03 -------- d-----w- C:\Users\100403428\AppData\Local\Western_Digital
2013-04-02 19:07:34 -------- d--h--w- C:\Windows\System32\WLANProfiles
2013-04-02 18:03:29 -------- d-----w- C:\Users\100403428\AppData\Local\Apps
2013-04-02 18:03:28 -------- d-----w- C:\Users\100403428\AppData\Local\Deployment
2013-04-02 18:02:41 -------- d-----w- C:\Program Files (x86)\SopCast
2013-04-01 16:33:06 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2013-04-01 16:30:46 52568 ----a-w- C:\Windows\System32\AdobePDF.dll
2013-04-01 13:34:19 -------- d-----w- C:\Users\100403428\AppData\Roaming\uTorrent
2013-03-31 17:21:07 -------- d-----w- C:\Program Files\Western Digital
2013-03-31 17:21:07 -------- d-----w- C:\Program Files (x86)\Western Digital
2013-03-31 17:19:53 -------- d-----w- C:\ProgramData\Western Digital
2013-03-30 15:51:30 -------- d-----r- C:\Program Files (x86)\Skype
2013-03-30 15:36:50 -------- d-----w- C:\Windows\SysWow64\ldevents
2013-03-30 15:25:18 -------- d-----w- C:\Users\100403428\AppData\Local\Google
2013-03-28 16:52:03 -------- d-----w- C:\Users\100403428\AppData\Roaming\LANDesk
2013-03-28 15:39:13 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{09F3C4B1-2750-485D-8308-8C4F2C20A8D3}\offreg.dll
2013-03-28 15:30:12 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-03-28 15:25:40 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-03-28 15:25:30 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-03-28 15:25:30 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-03-28 15:22:19 -------- d-----w- C:\Windows\wlansvc
2013-03-20 02:30:46 6066296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2013-04-04 18:14:48 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-30 15:51:35 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-30 15:51:35 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-28 15:35:25 56016 ----a-w- C:\Windows\System32\drivers\fsbts.sys
.
============= FINISH: 1:14:03.78 ===============
here is there dds
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.17.2
Run by 100403428 at 1:12:51 on 2013-04-09
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.2.1033.18.3983.1670 [GMT -4:00]
.
AV: F-Secure Client Security 9.31 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Client Security 9.31 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\F-Secure\Device Control\fsdevcon64.exe
C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
C:\Windows\SysWOW64\CBA\pds.exe
C:\PROGRA~2\LANDesk\LDClient\issuser.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\LANDesk\LDClient\softmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\PROGRA~2\LANDesk\LDClient\collector.exe
C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE
C:\PROGRA~2\LANDesk\LDClient\LDregwatch.exe
C:\Program Files (x86)\F-Secure\Common\FSHDLL64.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE
C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
C:\Program Files (x86)\F-Secure\Common\FIH32.EXE
C:\Program Files (x86)\F-Secure\FWES\Program\fsdfwd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~2\LANDesk\LDClient\rcgui.exe
C:\PROGRA~2\LANDesk\LDClient\issclipexec.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\F-Secure\common\FSM32.EXE
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Adobe\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.uoit.ca/
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\F-Secure\NRS\iescript\baselitmus.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\100403~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoWindowsUpdate = dword:1
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: NoStartMenuNetworkPlaces = dword:1
uPolicies-Explorer: NoSecurityTab = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{0BCFAF6C-8379-4AD7-B569-B16E8E0B1095} : DHCPNameServer = 10.120.200.62 10.120.200.63 10.120.200.66 10.120.200.65 10.120.200.64 10.120.200.61
TCP: Interfaces\{4207094C-DE52-4B50-971D-0CFCCCADC27C} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [ForteConfig] C:\Program Files\Conexant\ForteConfig\fmapp.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\100403428\AppData\Roaming\Mozilla\Firefox\Profiles\qhxbzhju.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.uoit.ca/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-2-29 31344]
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2012-5-11 56016]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-3-29 23664]
R1 F-Secure HIPS;F-Secure HIPS Driver;C:\Program Files (x86)\F-Secure\HIPS\drivers\fshs.sys [2012-4-9 62016]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\System32\drivers\fses.sys [2012-4-9 46848]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\System32\drivers\fsdfw.sys [2012-4-9 95136]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsvista.sys [2012-4-9 15040]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2012-2-29 15472]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]
R2 CBA8;LANDesk(R) Management Agent;C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe [2010-10-15 147456]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-2-29 198784]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe [2012-4-9 221888]
R2 fsdevcon;F-Secure Device Control Daemon;C:\Program Files (x86)\F-Secure\Device Control\fsdevcon64.exe [2012-4-9 517824]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-7 210896]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;C:\Program Files (x86)\LANDesk\LDClient\policy.client.invoker.exe [2013-3-28 205312]
R2 LANDesk Targeted Multicast;LANDesk Targeted Multicast;C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [2013-3-28 178688]
R2 LANDesk(R) Out-of-Band Monitor Service;LANDesk(R) Out-of-Band Monitor Service;C:\Program Files (x86)\LANDesk\LDClient\amtmon.exe [2013-3-28 1058304]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-2-29 101736]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-2-29 133992]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-8 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-8 682344]
R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-2-29 101888]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SAsrv.exe --> C:\Windows\System32\SAsrv.exe [?]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-3-19 3289208]
R2 Softmon;LANDesk(R) Software Monitoring Service;C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe [2013-3-28 385024]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-2-29 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-2-29 142696]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-29 2656280]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-12-20 1155088]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-12-20 248840]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-12-20 1178128]
R3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2012-2-29 166016]
R3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-4-19 478056]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2012-4-9 200760]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;C:\Program Files (x86)\F-Secure\common\FNRB32.exe [2012-4-9 189120]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [2012-4-9 62144]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-2-29 317440]
R3 ldmirror;ldmirror;C:\Windows\System32\drivers\ldmirror.sys [2012-3-29 5120]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-8 24176]
R3 mirrorflt;Mirror Filter Driver for Uninstall;C:\Windows\System32\drivers\mirrorflt.sys [2012-3-29 6656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-3 116072]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ldblank;Screen Blanking driver for Remote Control;C:\Windows\System32\drivers\ldblank.sys [2012-3-29 20480]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-2-29 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-2-29 175168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-29 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2012-12-20 14464]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsfilter.sys [2012-4-9 42048]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files (x86)\F-Secure\Anti-Virus\win2k\fsrec.sys [2012-4-9 27328]
.
=============== Created Last 30 ================
.
2013-04-08 17:39:33 -------- d-----w- C:\Users\100403428\AppData\Roaming\Malwarebytes
2013-04-08 17:39:20 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-08 17:39:16 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-08 17:39:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-08 17:39:04 -------- d-----w- C:\Users\100403428\AppData\Local\Programs
2013-04-06 15:06:18 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-04-06 15:05:49 -------- d-----w- C:\Program Files\iPod
2013-04-06 15:05:48 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-04-06 15:05:48 -------- d-----w- C:\Program Files\iTunes
2013-04-06 15:05:48 -------- d-----w- C:\Program Files (x86)\iTunes
2013-04-06 15:02:29 -------- d-----w- C:\Program Files\Bonjour
2013-04-06 15:02:29 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-04-04 18:15:13 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-04 18:15:04 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-03 23:17:27 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2013-04-03 15:42:03 -------- d-----w- C:\Users\100403428\AppData\Local\Western_Digital
2013-04-02 19:07:34 -------- d--h--w- C:\Windows\System32\WLANProfiles
2013-04-02 18:03:29 -------- d-----w- C:\Users\100403428\AppData\Local\Apps
2013-04-02 18:03:28 -------- d-----w- C:\Users\100403428\AppData\Local\Deployment
2013-04-02 18:02:41 -------- d-----w- C:\Program Files (x86)\SopCast
2013-04-01 16:33:06 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2013-04-01 16:30:46 52568 ----a-w- C:\Windows\System32\AdobePDF.dll
2013-04-01 13:34:19 -------- d-----w- C:\Users\100403428\AppData\Roaming\uTorrent
2013-03-31 17:21:07 -------- d-----w- C:\Program Files\Western Digital
2013-03-31 17:21:07 -------- d-----w- C:\Program Files (x86)\Western Digital
2013-03-31 17:19:53 -------- d-----w- C:\ProgramData\Western Digital
2013-03-30 15:51:30 -------- d-----r- C:\Program Files (x86)\Skype
2013-03-30 15:36:50 -------- d-----w- C:\Windows\SysWow64\ldevents
2013-03-30 15:25:18 -------- d-----w- C:\Users\100403428\AppData\Local\Google
2013-03-28 16:52:03 -------- d-----w- C:\Users\100403428\AppData\Roaming\LANDesk
2013-03-28 15:39:13 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{09F3C4B1-2750-485D-8308-8C4F2C20A8D3}\offreg.dll
2013-03-28 15:30:12 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-03-28 15:25:40 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-03-28 15:25:30 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-03-28 15:25:30 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-03-28 15:22:19 -------- d-----w- C:\Windows\wlansvc
2013-03-20 02:30:46 6066296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2013-04-04 18:14:48 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-30 15:51:35 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-30 15:51:35 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-28 15:35:25 56016 ----a-w- C:\Windows\System32\drivers\fsbts.sys
.
============= FINISH: 1:14:03.78 ===============
