WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Strange things... [Closed]

Started by deparnage , Dec 03 2014 04:31 PM

This topic is locked

8 replies to this topic

#1 deparnage

New Member

Authentic Member
10 posts

Posted 03 December 2014 - 04:31 PM

Hi - I appreciate your help! I am seeing slow and unexplainable hard drive activity when I restart, even after the screen and different tray programs have seem to be loaded. Also, I seem to be getting intermittent Internet connection at my home...it seems every hour or two the connection (via wifi) on my laptop is dropped and then restarts. I do have my Internet Provider's security program running (Cogeco F-secure), not sure if that could be it detecting malware??

Anyhow, here are my logs:

Run date: 2014-12-03 12:11:26

-----------------------------

12:11:26.577 OS Version: Windows 6.1.7601 Service Pack 1

12:11:26.577 Number of processors: 2 586 0x1706

12:11:26.577 ComputerName: OVSENNYLAPTOP UserName: Ovsenny

12:12:00.140 Initialize success

12:12:00.483 VM: initialized successfully

12:12:00.483 VM: Intel CPU supported

12:24:58.950 VM: supported disk I/O ataport.SYS

12:25:26.065 AVAST engine defs: 14120300

12:25:29.530 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

12:25:29.546 Disk 0 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 11

12:25:29.546 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1

12:25:29.561 Disk 1 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 11

12:25:29.671 VM: Disk 0 MBR read successfully

12:25:29.686 Disk 0 MBR scan

12:25:29.858 Disk 0 Windows 7 default MBR code

12:25:29.873 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

12:25:29.889 Disk 0 default boot code

12:25:29.967 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848

12:25:29.983 Disk 0 scanning sectors +976771072

12:25:30.139 Disk 0 scanning C:\Windows\system32\drivers

12:26:10.184 Service scanning

12:26:56.669 Modules scanning

12:26:56.685 Disk 0 trace - called modules:

12:26:56.716 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys

12:26:56.732 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865cd5e8]

12:26:56.732 3 CLASSPNP.SYS[8b20459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x864b8908]

12:26:58.463 AVAST engine scan C:\Windows

12:27:05.249 AVAST engine scan C:\Windows\system32

12:33:52.915 AVAST engine scan C:\Windows\system32\drivers

12:34:15.082 AVAST engine scan C:\Users\Ovsenny

13:13:03.765 AVAST engine scan C:\ProgramData

13:16:48.217 Disk 0 statistics 3521744/0/274 @ 0.84 MB/s

13:16:48.248 Scan finished successfully

17:13:19.749 Disk 0 MBR has been saved successfully to "C:\Users\Ovsenny\Documents\zMisc\malware remover stuff\MBR.dat"

17:13:19.764 The log file has been saved successfully to "C:\Users\Ovsenny\Documents\zMisc\malware remover stuff\aswMBR log dec 3.txt"

-----Farbar stuff----

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2014 01

Ran by Ovsenny (administrator) on OVSENNYLAPTOP on 03-12-2014 17:15:54

Running from C:\Users\Ovsenny\Desktop

Loaded Profile: Ovsenny (Available profiles: Ovsenny)

Platform: Microsoft Windows 7 Enterprise N Service Pack 1 (X86) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe

(F-Secure Corporation) C:\Program Files\Cogeco Security Services\fshoster32.exe

(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\CCF_Reputation\fsorsp.exe

(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\fsgk32.exe

(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSMA32.EXE

(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\fssm32.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe

(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe

(Nike) C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(F-Secure Corporation) C:\Program Files\Cogeco Security Services\fshoster32.exe

(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSM32.EXE

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe

(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe

(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

(Dropbox, Inc.) C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\System32\slui.exe

(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(AVAST Software) C:\Users\Ovsenny\Desktop\aswMBR.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)

HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)

HKLM\...\Run: [TRENDnet UDS Control Center] => C:\TRENDnet\USB Control Center Utility\Control Center.exe [5150208 2012-10-08] ()

HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.)

HKLM\...\Run: [Nike+ Connect] => C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe [71680 2014-10-06] (Nike)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)

HKLM\...\Run: [F-Secure Hoster (44095)] => C:\Program Files\Cogeco Security Services\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)

HKLM\...\Run: [F-Secure Manager] => C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)

HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-26] (Google Inc.)

HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)

HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.)

HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [GoogleChromeAutoLaunch_2160BC60D291BD194318917949B5B10E] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)

AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll => C:\Program Files\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)

Startup: C:\Users\Ovsenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {69925D1B-6A0F-4413-861A-81AB98039DB9} => C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {39D54CC2-69CF-43b4-B167-577D25E7F496} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: [SugarSyncSharedPending] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-2660131799-3171873607-912981114-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome

HKU\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

HKU\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

HKU\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA5E9E8E32CA5CB01

HKU\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

URLSearchHook: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 - Default Value = {9c6b6c90-8660-87a4-258f-97d82b56cd18}

URLSearchHook: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 - FCToolbarURLSearchHook Class - {9c6b6c90-8660-87a4-258f-97d82b56cd18} - C:\Program Files\Airmiles Toolbar\Helper.dll ()

SearchScopes: HKLM -> DefaultScope value is missing.

SearchScopes: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...1I7ADFA_enCA411

SearchScopes: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...1I7ADFA_enCA411

BHO: Airmiles Toolbar BHO -> {16BC5BC3-213F-7FA4-A1FB-4274F8DB9AD0} -> C:\Program Files\Airmiles Toolbar\Toolbar.dll ()

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKLM - Airmiles Toolbar - {8D58FFCC-DE8B-3354-7D02-F2A5E9247FCF} - C:\Program Files\Airmiles Toolbar\Toolbar.dll ()

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> Airmiles Toolbar - {8D58FFCC-DE8B-3354-7D02-F2A5E9247FCF} - C:\Program Files\Airmiles Toolbar\Toolbar.dll ()

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab

DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab

Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.10.1

FireFox:

========

FF ProfilePath: C:\Users\Ovsenny\AppData\Roaming\Mozilla\Firefox\Profiles\tskfdjox.default

FF Homepage: hxxp://ca.yahoo.com/?p=us

FF NetworkProxy: "no_proxies_on", "*.local"

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No File

FF Plugin HKU\S-1-5-21-2660131799-3171873607-912981114-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ovsenny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-04-15]

Chrome:

=======

CHR HomePage: Default -> https://www.airmiles.ca/arrow/Home

CHR Profile: C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-02]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-15]

CHR Extension: (YouTube) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-04]

CHR Extension: (Google Search) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-04]

CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2014-10-28]

CHR Extension: (Save to Pocket) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-09-09]

CHR Extension: (Google Wallet) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]

CHR Extension: (Gmail) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-04]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]

R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1384992 2013-10-02] (Fitbit, Inc.)

R2 fshoster; C:\Program Files\Cogeco Security Services\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)

R3 FSMA; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)

R2 FSORSPClient; C:\Program Files\Cogeco Security Services\apps\CCF_Reputation\fsorsp.exe [60352 2014-08-21] (F-Secure Corporation)

S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

S3 OpenVPNService; C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe [32568 2013-09-25] (The OpenVPN Project)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 F-Secure Gatekeeper; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [149544 2014-11-18] (F-Secure Corporation)

R1 F-Secure HIPS; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\HIPS\drivers\fshs.sys [74920 2014-11-18] (F-Secure Corporation)

R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2014-08-21] ()

R3 fsni; C:\Program Files\Cogeco Security Services\apps\CCF_Scanning\fsni32.sys [70184 2014-06-19] (F-Secure Corporation)

R1 fsvista; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [12736 2013-08-14] ()

R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [295936 2013-01-30] (EldoS Corporation)

R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-11-21] (The OpenVPN Project)

R3 TRENDnetUdsMBus; C:\Windows\System32\Drivers\TRENDnetUdsMBus.sys [88576 2012-09-21] (Windows ® Codename Longhorn DDK provider) [File not signed]

S3 TRENDnetUdsTcpBus; C:\Windows\System32\Drivers\TRENDnetUdsTcpBus.sys [151296 2012-09-21] (Windows ® Codename Longhorn DDK provider) [File not signed]

S3 catchme; \??\C:\Users\Ovsenny\AppData\Local\Temp\catchme.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

U3 aswMBR; \??\C:\Users\Ovsenny\AppData\Local\Temp\aswMBR.sys [X]

U3 aswVmm; \??\C:\Users\Ovsenny\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 17:15 - 2014-12-03 17:16 - 00021700 _____ () C:\Users\Ovsenny\Desktop\FRST.txt

2014-12-03 17:15 - 2014-12-03 17:16 - 00000000 ____D () C:\FRST

2014-12-03 12:14 - 2014-12-03 12:14 - 01108992 _____ (Farbar) C:\Users\Ovsenny\Desktop\FRST.exe

2014-12-03 12:11 - 2014-12-03 12:11 - 05198336 _____ (AVAST Software) C:\Users\Ovsenny\Desktop\aswMBR.exe

2014-12-03 12:10 - 2014-12-03 12:10 - 05198336 _____ (AVAST Software) C:\Users\Ovsenny\Downloads\aswMBR.exe

2014-11-19 19:42 - 2014-11-19 19:42 - 00000000 __SHD () C:\Users\Ovsenny\AppData\Local\EmieBrowserModeList

2014-11-18 16:14 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-18 16:14 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-12 10:10 - 2014-11-12 10:10 - 00051201 _____ () C:\Users\Ovsenny\Downloads\Individual Player Stats 2014-2015 Week 6.xlsx

2014-11-11 19:30 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2014-11-11 19:30 - 2014-10-09 19:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-11-11 19:30 - 2014-10-02 20:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-11-11 19:30 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-11-11 19:30 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-11-11 19:30 - 2014-10-02 20:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-11-11 19:30 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-11-11 19:30 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-11-11 19:30 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-11-11 19:30 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2014-11-11 19:30 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-11-11 19:30 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-11-11 19:30 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-11-11 19:30 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-11-11 19:30 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-11-11 19:30 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL

2014-11-11 19:29 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-11-11 19:29 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-11-11 19:29 - 2014-11-05 22:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-11-11 19:29 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-11-11 19:29 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-11-11 19:29 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-11-11 19:29 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-11-11 19:29 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-11-11 19:29 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-11-11 19:29 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-11-11 19:29 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-11-11 19:29 - 2014-11-05 21:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-11-11 19:29 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-11-11 19:29 - 2014-11-05 21:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-11-11 19:29 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-11-11 19:29 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-11-11 19:29 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-11-11 19:29 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-11-11 19:29 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-11-11 19:29 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-11-11 19:29 - 2014-11-05 21:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-11-11 19:29 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-11-11 19:29 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-11-11 19:29 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-11-11 19:29 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-11-11 19:29 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-11-11 19:29 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-11-11 19:29 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-11-11 19:29 - 2014-10-13 20:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-11-11 19:29 - 2014-10-13 20:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-11-11 19:29 - 2014-10-13 20:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-11-11 19:29 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2014-11-11 19:29 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2014-11-11 19:28 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-11-11 19:28 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-11-11 19:28 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-03 17:13 - 2012-01-28 16:07 - 00000000 ____D () C:\Users\Ovsenny\Documents\zMisc

2014-12-03 17:09 - 2012-11-04 11:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-12-03 16:48 - 2010-12-26 13:45 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-12-03 16:24 - 2009-07-13 23:02 - 00010528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-12-03 16:24 - 2009-07-13 23:02 - 00010528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-12-03 10:57 - 2010-12-26 13:39 - 01232721 _____ () C:\Windows\WindowsUpdate.log

2014-12-02 23:48 - 2010-12-26 13:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-12-02 09:52 - 2011-08-12 16:53 - 00000000 ____D () C:\Users\Ovsenny\Documents\Max

2014-11-28 08:42 - 2009-07-13 23:51 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-11-26 13:52 - 2012-11-04 11:32 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-11-24 20:05 - 2010-12-26 13:40 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-19 21:45 - 2014-02-24 20:23 - 00000000 ____D () C:\Users\Ovsenny\Documents\Outlook Files

2014-11-19 21:41 - 2014-02-24 20:23 - 00000000 ____D () C:\Users\Ovsenny\AppData\Local\F65BDCB8-6AC4-46AE-A8F4-5E5E16883757.aplzod

2014-11-19 19:46 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF

2014-11-19 07:36 - 2014-01-02 19:04 - 00001028 _____ () C:\Users\Ovsenny\Desktop\Dropbox.lnk

2014-11-19 07:36 - 2014-01-02 19:04 - 00000000 ___RD () C:\Users\Ovsenny\Dropbox

2014-11-19 07:36 - 2014-01-02 19:02 - 00000000 ____D () C:\Users\Ovsenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-11-19 07:36 - 2014-01-02 19:00 - 00000000 ____D () C:\Users\Ovsenny\AppData\Roaming\Dropbox

2014-11-19 07:31 - 2009-07-13 23:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-19 07:31 - 2009-07-13 23:07 - 00018824 _____ () C:\Windows\setupact.log

2014-11-17 17:35 - 2013-07-01 13:47 - 00000000 ____D () C:\Users\Ovsenny\AppData\Roaming\Ubisoft

2014-11-12 09:26 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache

2014-11-12 08:21 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-11-12 08:04 - 2010-12-26 15:37 - 00111072 _____ () C:\Users\Ovsenny\AppData\Local\GDIPFONTCACHEV1.DAT

2014-11-12 08:02 - 2009-07-13 23:02 - 00403480 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-11-12 03:16 - 2010-12-26 15:03 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-11-12 03:10 - 2013-07-22 05:36 - 00000000 ____D () C:\Windows\system32\MRT

2014-11-12 03:02 - 2010-12-26 15:15 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:

====================

C:\Users\Ovsenny\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2kk2ce.dll

C:\Users\Ovsenny\AppData\Local\Temp\i4jdel0.exe

C:\Users\Ovsenny\AppData\Local\Temp\Quarantine.exe

C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1390003130917.exe

C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1394159596224.exe

C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1395269018025.exe

C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1395441293702.exe

C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1400418630759.exe

C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1400844469420.exe

C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1410484198447.exe

C:\Users\Ovsenny\AppData\Local\Temp\temp0NikeConnectconnect6pcupdate.exe

C:\Users\Ovsenny\AppData\Local\Temp\temp1NikeConnectconnect6pcupdate.exe

C:\Users\Ovsenny\AppData\Local\Temp\temp2NikeConnectconnect6pcupdate.exe

C:\Users\Ovsenny\AppData\Local\Temp\temp3NikeConnectconnect6pcupdate.exe

C:\Users\Ovsenny\AppData\Local\Temp\utt50A9.tmp.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-26 10:47

==================== End Of Log ============================