Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Strange things... [Closed]


  • This topic is locked This topic is locked
8 replies to this topic

#1 deparnage

deparnage

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 03 December 2014 - 04:31 PM

Hi - I appreciate your help! I am seeing slow and unexplainable hard drive activity when I restart, even after the screen and different tray programs have seem to be loaded. Also, I seem to be getting intermittent Internet connection at my home...it seems every hour or two the connection (via wifi) on my laptop is dropped and then restarts. I do have my Internet Provider's security program running (Cogeco F-secure), not sure if that could be it detecting malware??

 

Anyhow, here are my logs:

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2014-12-03 12:11:26
-----------------------------
12:11:26.577    OS Version: Windows 6.1.7601 Service Pack 1
12:11:26.577    Number of processors: 2 586 0x1706
12:11:26.577    ComputerName: OVSENNYLAPTOP  UserName: Ovsenny
12:12:00.140    Initialize success
12:12:00.483    VM: initialized successfully
12:12:00.483    VM: Intel CPU supported 
12:24:58.950    VM: supported disk I/O ataport.SYS
12:25:26.065    AVAST engine defs: 14120300
12:25:29.530    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:25:29.546    Disk 0 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 11
12:25:29.546    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
12:25:29.561    Disk 1 Vendor: ST9500420AS 0002SDM1 Size: 476940MB BusType: 11
12:25:29.671    VM: Disk 0 MBR read successfully
12:25:29.686    Disk 0 MBR scan
12:25:29.858    Disk 0 Windows 7 default MBR code
12:25:29.873    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
12:25:29.889    Disk 0 default boot code
12:25:29.967    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       476838 MB offset 206848
12:25:29.983    Disk 0 scanning sectors +976771072
12:25:30.139    Disk 0 scanning C:\Windows\system32\drivers
12:26:10.184    Service scanning
12:26:56.669    Modules scanning
12:26:56.685    Disk 0 trace - called modules:
12:26:56.716    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 
12:26:56.732    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865cd5e8]
12:26:56.732    3 CLASSPNP.SYS[8b20459e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x864b8908]
12:26:58.463    AVAST engine scan C:\Windows
12:27:05.249    AVAST engine scan C:\Windows\system32
12:33:52.915    AVAST engine scan C:\Windows\system32\drivers
12:34:15.082    AVAST engine scan C:\Users\Ovsenny
13:13:03.765    AVAST engine scan C:\ProgramData
13:16:48.217    Disk 0 statistics 3521744/0/274 @ 0.84 MB/s
13:16:48.248    Scan finished successfully
17:13:19.749    Disk 0 MBR has been saved successfully to "C:\Users\Ovsenny\Documents\zMisc\malware remover stuff\MBR.dat"
17:13:19.764    The log file has been saved successfully to "C:\Users\Ovsenny\Documents\zMisc\malware remover stuff\aswMBR log dec 3.txt"
 
-----Farbar stuff----
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2014 01
Ran by Ovsenny (administrator) on OVSENNYLAPTOP on 03-12-2014 17:15:54
Running from C:\Users\Ovsenny\Desktop
Loaded Profile: Ovsenny (Available profiles: Ovsenny)
Platform: Microsoft Windows 7 Enterprise N  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\fshoster32.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Nike) C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\fshoster32.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSM32.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Dropbox, Inc.) C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\slui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Users\Ovsenny\Desktop\aswMBR.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [566112 2014-08-13] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [TRENDnet UDS Control Center] => C:\TRENDnet\USB Control Center Utility\Control Center.exe [5150208 2012-10-08] ()
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.)
HKLM\...\Run: [Nike+ Connect] => C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe [71680 2014-10-06] (Nike)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [F-Secure Hoster (44095)] => C:\Program Files\Cogeco Security Services\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-26] (Google Inc.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [GoogleChromeAutoLaunch_2160BC60D291BD194318917949B5B10E] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll => C:\Program Files\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
Startup: C:\Users\Ovsenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {69925D1B-6A0F-4413-861A-81AB98039DB9} => C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {39D54CC2-69CF-43b4-B167-577D25E7F496} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncSharedPending] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA5E9E8E32CA5CB01
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 - Default Value = {9c6b6c90-8660-87a4-258f-97d82b56cd18}
URLSearchHook: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 - FCToolbarURLSearchHook Class - {9c6b6c90-8660-87a4-258f-97d82b56cd18} - C:\Program Files\Airmiles Toolbar\Helper.dll ()
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...1I7ADFA_enCA411
SearchScopes: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...1I7ADFA_enCA411
BHO: Airmiles Toolbar BHO -> {16BC5BC3-213F-7FA4-A1FB-4274F8DB9AD0} -> C:\Program Files\Airmiles Toolbar\Toolbar.dll ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Airmiles Toolbar - {8D58FFCC-DE8B-3354-7D02-F2A5E9247FCF} - C:\Program Files\Airmiles Toolbar\Toolbar.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> Airmiles Toolbar - {8D58FFCC-DE8B-3354-7D02-F2A5E9247FCF} - C:\Program Files\Airmiles Toolbar\Toolbar.dll ()
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ovsenny\AppData\Roaming\Mozilla\Firefox\Profiles\tskfdjox.default
FF Homepage: hxxp://ca.yahoo.com/?p=us
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No File
FF Plugin HKU\S-1-5-21-2660131799-3171873607-912981114-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ovsenny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-04-15]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.airmiles.ca/arrow/Home
CHR Profile: C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-15]
CHR Extension: (YouTube) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-04]
CHR Extension: (Google Search) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-04]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2014-10-28]
CHR Extension: (Save to Pocket) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-04]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1384992 2013-10-02] (Fitbit, Inc.)
R2 fshoster; C:\Program Files\Cogeco Security Services\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
R3 FSMA; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files\Cogeco Security Services\apps\CCF_Reputation\fsorsp.exe [60352 2014-08-21] (F-Secure Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 OpenVPNService; C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe [32568 2013-09-25] (The OpenVPN Project)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [573280 2014-08-13] (Copyright 2013 SAMSUNG)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 F-Secure Gatekeeper; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [149544 2014-11-18] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\HIPS\drivers\fshs.sys [74920 2014-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2014-08-21] ()
R3 fsni; C:\Program Files\Cogeco Security Services\apps\CCF_Scanning\fsni32.sys [70184 2014-06-19] (F-Secure Corporation)
R1 fsvista; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [12736 2013-08-14] ()
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [295936 2013-01-30] (EldoS Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-11-21] (The OpenVPN Project)
R3 TRENDnetUdsMBus; C:\Windows\System32\Drivers\TRENDnetUdsMBus.sys [88576 2012-09-21] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 TRENDnetUdsTcpBus; C:\Windows\System32\Drivers\TRENDnetUdsTcpBus.sys [151296 2012-09-21] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 catchme; \??\C:\Users\Ovsenny\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\Ovsenny\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Ovsenny\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-03 17:15 - 2014-12-03 17:16 - 00021700 _____ () C:\Users\Ovsenny\Desktop\FRST.txt
2014-12-03 17:15 - 2014-12-03 17:16 - 00000000 ____D () C:\FRST
2014-12-03 12:14 - 2014-12-03 12:14 - 01108992 _____ (Farbar) C:\Users\Ovsenny\Desktop\FRST.exe
2014-12-03 12:11 - 2014-12-03 12:11 - 05198336 _____ (AVAST Software) C:\Users\Ovsenny\Desktop\aswMBR.exe
2014-12-03 12:10 - 2014-12-03 12:10 - 05198336 _____ (AVAST Software) C:\Users\Ovsenny\Downloads\aswMBR.exe
2014-11-19 19:42 - 2014-11-19 19:42 - 00000000 __SHD () C:\Users\Ovsenny\AppData\Local\EmieBrowserModeList
2014-11-18 16:14 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 16:14 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-12 10:10 - 2014-11-12 10:10 - 00051201 _____ () C:\Users\Ovsenny\Downloads\Individual Player Stats 2014-2015 Week 6.xlsx
2014-11-11 19:30 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 19:30 - 2014-10-09 19:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 19:30 - 2014-10-02 20:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 19:30 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 19:30 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 19:30 - 2014-10-02 20:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 19:30 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 19:30 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 19:30 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 19:30 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 19:29 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 19:29 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 19:29 - 2014-11-05 22:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 19:29 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 19:29 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 19:29 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 19:29 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 19:29 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 19:29 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 19:29 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 19:29 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 19:29 - 2014-11-05 21:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 19:29 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 19:29 - 2014-11-05 21:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 19:29 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 19:29 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 19:29 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 19:29 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 19:29 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 19:29 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 19:29 - 2014-11-05 21:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 19:29 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 19:29 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 19:29 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 19:29 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 19:29 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 19:29 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 19:29 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 19:29 - 2014-10-13 20:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 19:29 - 2014-10-13 20:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 19:29 - 2014-10-13 20:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 19:29 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 19:29 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 19:28 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 19:28 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 19:28 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-03 17:13 - 2012-01-28 16:07 - 00000000 ____D () C:\Users\Ovsenny\Documents\zMisc
2014-12-03 17:09 - 2012-11-04 11:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-03 16:48 - 2010-12-26 13:45 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-03 16:24 - 2009-07-13 23:02 - 00010528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 16:24 - 2009-07-13 23:02 - 00010528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 10:57 - 2010-12-26 13:39 - 01232721 _____ () C:\Windows\WindowsUpdate.log
2014-12-02 23:48 - 2010-12-26 13:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-02 09:52 - 2011-08-12 16:53 - 00000000 ____D () C:\Users\Ovsenny\Documents\Max
2014-11-28 08:42 - 2009-07-13 23:51 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-26 13:52 - 2012-11-04 11:32 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-24 20:05 - 2010-12-26 13:40 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-19 21:45 - 2014-02-24 20:23 - 00000000 ____D () C:\Users\Ovsenny\Documents\Outlook Files
2014-11-19 21:41 - 2014-02-24 20:23 - 00000000 ____D () C:\Users\Ovsenny\AppData\Local\F65BDCB8-6AC4-46AE-A8F4-5E5E16883757.aplzod
2014-11-19 19:46 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-19 07:36 - 2014-01-02 19:04 - 00001028 _____ () C:\Users\Ovsenny\Desktop\Dropbox.lnk
2014-11-19 07:36 - 2014-01-02 19:04 - 00000000 ___RD () C:\Users\Ovsenny\Dropbox
2014-11-19 07:36 - 2014-01-02 19:02 - 00000000 ____D () C:\Users\Ovsenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-19 07:36 - 2014-01-02 19:00 - 00000000 ____D () C:\Users\Ovsenny\AppData\Roaming\Dropbox
2014-11-19 07:31 - 2009-07-13 23:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 07:31 - 2009-07-13 23:07 - 00018824 _____ () C:\Windows\setupact.log
2014-11-17 17:35 - 2013-07-01 13:47 - 00000000 ____D () C:\Users\Ovsenny\AppData\Roaming\Ubisoft
2014-11-12 09:26 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-11-12 08:21 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 08:04 - 2010-12-26 15:37 - 00111072 _____ () C:\Users\Ovsenny\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 08:02 - 2009-07-13 23:02 - 00403480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:16 - 2010-12-26 15:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 03:10 - 2013-07-22 05:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:02 - 2010-12-26 15:15 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Ovsenny\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2kk2ce.dll
C:\Users\Ovsenny\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ovsenny\AppData\Local\Temp\Quarantine.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1390003130917.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1394159596224.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1395269018025.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1395441293702.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1400418630759.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1400844469420.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1410484198447.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp0NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp1NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp2NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp3NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\utt50A9.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-26 10:47
 
==================== End Of Log ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-12-2014 01
Ran by Ovsenny (administrator) on OVSENNYLAPTOP on 03-12-2014 17:15:54
Running from C:\Users\Ovsenny\Desktop
Loaded Profile: Ovsenny (Available profiles: Ovsenny)
Platform: Microsoft Windows 7 Enterprise N  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\fshoster32.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Nike) C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\fshoster32.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSM32.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Dropbox, Inc.) C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\slui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVAST Software) C:\Users\Ovsenny\Desktop\aswMBR.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [566112 2014-08-13] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [TRENDnet UDS Control Center] => C:\TRENDnet\USB Control Center Utility\Control Center.exe [5150208 2012-10-08] ()
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.)
HKLM\...\Run: [Nike+ Connect] => C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe [71680 2014-10-06] (Nike)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [F-Secure Hoster (44095)] => C:\Program Files\Cogeco Security Services\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-26] (Google Inc.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [GoogleChromeAutoLaunch_2160BC60D291BD194318917949B5B10E] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll => C:\Program Files\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
Startup: C:\Users\Ovsenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {69925D1B-6A0F-4413-861A-81AB98039DB9} => C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {39D54CC2-69CF-43b4-B167-577D25E7F496} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncSharedPending] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA5E9E8E32CA5CB01
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 - Default Value = {9c6b6c90-8660-87a4-258f-97d82b56cd18}
URLSearchHook: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 - FCToolbarURLSearchHook Class - {9c6b6c90-8660-87a4-258f-97d82b56cd18} - C:\Program Files\Airmiles Toolbar\Helper.dll ()
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...1I7ADFA_enCA411
SearchScopes: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...1I7ADFA_enCA411
BHO: Airmiles Toolbar BHO -> {16BC5BC3-213F-7FA4-A1FB-4274F8DB9AD0} -> C:\Program Files\Airmiles Toolbar\Toolbar.dll ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Airmiles Toolbar - {8D58FFCC-DE8B-3354-7D02-F2A5E9247FCF} - C:\Program Files\Airmiles Toolbar\Toolbar.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> Airmiles Toolbar - {8D58FFCC-DE8B-3354-7D02-F2A5E9247FCF} - C:\Program Files\Airmiles Toolbar\Toolbar.dll ()
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ovsenny\AppData\Roaming\Mozilla\Firefox\Profiles\tskfdjox.default
FF Homepage: hxxp://ca.yahoo.com/?p=us
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No File
FF Plugin HKU\S-1-5-21-2660131799-3171873607-912981114-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ovsenny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-04-15]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.airmiles.ca/arrow/Home
CHR Profile: C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-15]
CHR Extension: (YouTube) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-04]
CHR Extension: (Google Search) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-04]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2014-10-28]
CHR Extension: (Save to Pocket) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-04]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1384992 2013-10-02] (Fitbit, Inc.)
R2 fshoster; C:\Program Files\Cogeco Security Services\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
R3 FSMA; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files\Cogeco Security Services\apps\CCF_Reputation\fsorsp.exe [60352 2014-08-21] (F-Secure Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 OpenVPNService; C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe [32568 2013-09-25] (The OpenVPN Project)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [573280 2014-08-13] (Copyright 2013 SAMSUNG)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 F-Secure Gatekeeper; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [149544 2014-11-18] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\HIPS\drivers\fshs.sys [74920 2014-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2014-08-21] ()
R3 fsni; C:\Program Files\Cogeco Security Services\apps\CCF_Scanning\fsni32.sys [70184 2014-06-19] (F-Secure Corporation)
R1 fsvista; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [12736 2013-08-14] ()
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [295936 2013-01-30] (EldoS Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-11-21] (The OpenVPN Project)
R3 TRENDnetUdsMBus; C:\Windows\System32\Drivers\TRENDnetUdsMBus.sys [88576 2012-09-21] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 TRENDnetUdsTcpBus; C:\Windows\System32\Drivers\TRENDnetUdsTcpBus.sys [151296 2012-09-21] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 catchme; \??\C:\Users\Ovsenny\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\Ovsenny\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Ovsenny\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-03 17:15 - 2014-12-03 17:16 - 00021700 _____ () C:\Users\Ovsenny\Desktop\FRST.txt
2014-12-03 17:15 - 2014-12-03 17:16 - 00000000 ____D () C:\FRST
2014-12-03 12:14 - 2014-12-03 12:14 - 01108992 _____ (Farbar) C:\Users\Ovsenny\Desktop\FRST.exe
2014-12-03 12:11 - 2014-12-03 12:11 - 05198336 _____ (AVAST Software) C:\Users\Ovsenny\Desktop\aswMBR.exe
2014-12-03 12:10 - 2014-12-03 12:10 - 05198336 _____ (AVAST Software) C:\Users\Ovsenny\Downloads\aswMBR.exe
2014-11-19 19:42 - 2014-11-19 19:42 - 00000000 __SHD () C:\Users\Ovsenny\AppData\Local\EmieBrowserModeList
2014-11-18 16:14 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 16:14 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-12 10:10 - 2014-11-12 10:10 - 00051201 _____ () C:\Users\Ovsenny\Downloads\Individual Player Stats 2014-2015 Week 6.xlsx
2014-11-11 19:30 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 19:30 - 2014-10-09 19:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 19:30 - 2014-10-02 20:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 19:30 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 19:30 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 19:30 - 2014-10-02 20:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 19:30 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 19:30 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 19:30 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 19:30 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 19:29 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 19:29 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 19:29 - 2014-11-05 22:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 19:29 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 19:29 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 19:29 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 19:29 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 19:29 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 19:29 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 19:29 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 19:29 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 19:29 - 2014-11-05 21:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 19:29 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 19:29 - 2014-11-05 21:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 19:29 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 19:29 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 19:29 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 19:29 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 19:29 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 19:29 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 19:29 - 2014-11-05 21:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 19:29 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 19:29 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 19:29 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 19:29 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 19:29 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 19:29 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 19:29 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 19:29 - 2014-10-13 20:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 19:29 - 2014-10-13 20:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 19:29 - 2014-10-13 20:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 19:29 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 19:29 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 19:28 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 19:28 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 19:28 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-03 17:13 - 2012-01-28 16:07 - 00000000 ____D () C:\Users\Ovsenny\Documents\zMisc
2014-12-03 17:09 - 2012-11-04 11:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-03 16:48 - 2010-12-26 13:45 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-03 16:24 - 2009-07-13 23:02 - 00010528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-03 16:24 - 2009-07-13 23:02 - 00010528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-03 10:57 - 2010-12-26 13:39 - 01232721 _____ () C:\Windows\WindowsUpdate.log
2014-12-02 23:48 - 2010-12-26 13:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-02 09:52 - 2011-08-12 16:53 - 00000000 ____D () C:\Users\Ovsenny\Documents\Max
2014-11-28 08:42 - 2009-07-13 23:51 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-26 13:52 - 2012-11-04 11:32 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-24 20:05 - 2010-12-26 13:40 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-19 21:45 - 2014-02-24 20:23 - 00000000 ____D () C:\Users\Ovsenny\Documents\Outlook Files
2014-11-19 21:41 - 2014-02-24 20:23 - 00000000 ____D () C:\Users\Ovsenny\AppData\Local\F65BDCB8-6AC4-46AE-A8F4-5E5E16883757.aplzod
2014-11-19 19:46 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-19 07:36 - 2014-01-02 19:04 - 00001028 _____ () C:\Users\Ovsenny\Desktop\Dropbox.lnk
2014-11-19 07:36 - 2014-01-02 19:04 - 00000000 ___RD () C:\Users\Ovsenny\Dropbox
2014-11-19 07:36 - 2014-01-02 19:02 - 00000000 ____D () C:\Users\Ovsenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-19 07:36 - 2014-01-02 19:00 - 00000000 ____D () C:\Users\Ovsenny\AppData\Roaming\Dropbox
2014-11-19 07:31 - 2009-07-13 23:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 07:31 - 2009-07-13 23:07 - 00018824 _____ () C:\Windows\setupact.log
2014-11-17 17:35 - 2013-07-01 13:47 - 00000000 ____D () C:\Users\Ovsenny\AppData\Roaming\Ubisoft
2014-11-12 09:26 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-11-12 08:21 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 08:04 - 2010-12-26 15:37 - 00111072 _____ () C:\Users\Ovsenny\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 08:02 - 2009-07-13 23:02 - 00403480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:16 - 2010-12-26 15:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 03:10 - 2013-07-22 05:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:02 - 2010-12-26 15:15 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Ovsenny\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2kk2ce.dll
C:\Users\Ovsenny\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ovsenny\AppData\Local\Temp\Quarantine.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1390003130917.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1394159596224.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1395269018025.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1395441293702.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1400418630759.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1400844469420.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1410484198447.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp0NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp1NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp2NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp3NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\utt50A9.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-26 10:47
 
==================== End Of Log ============================
 
 

    Advertisements

Register to Remove


#2 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 08 December 2014 - 03:33 PM

Hello deparnage, welcome to WhatTheTech's Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1

xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please delete your copy of FRST.exe (right-click + Delete). 
  • Download Farbar Recovery Scan Tool (x32) and save the file to your Desktop.
  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached)

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#3 deparnage

deparnage

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 09 December 2014 - 08:36 AM

Hi Adam - here are the requested logs. I couldn't see where it would let me attach a file for the TDSS stuff, so I saved it as a Google drive link here (https://drive.google...iew?usp=sharing)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2014
Ran by Ovsenny (administrator) on OVSENNYLAPTOP on 09-12-2014 08:43:00
Running from C:\Users\Ovsenny\Desktop
Loaded Profile: Ovsenny (Available profiles: Ovsenny)
Platform: Microsoft Windows 7 Enterprise N  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\fshoster32.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\Fitbit Connect.exe
(Nike) C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\fshoster32.exe
(F-Secure Corporation) C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSM32.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Dropbox, Inc.) C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\slui.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797008 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [380088 2012-07-27] (Citrix Systems, Inc.)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [566112 2014-08-13] (Copyright 2013 SAMSUNG)
HKLM\...\Run: [TRENDnet UDS Control Center] => C:\TRENDnet\USB Control Center Utility\Control Center.exe [5150208 2012-10-08] ()
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.)
HKLM\...\Run: [Nike+ Connect] => C:\Program Files\Nike\Nike+ Connect\Nike+ Connect daemon.exe [71680 2014-10-06] (Nike)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [F-Secure Hoster (44095)] => C:\Program Files\Cogeco Security Services\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-26] (Google Inc.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1804648 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3264544 2013-10-02] (Fitbit, Inc.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Run: [GoogleChromeAutoLaunch_2160BC60D291BD194318917949B5B10E] => C:\Program Files\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
AppInit_DLLs: C:\PROGRA~1\Citrix\ICACLI~1\RSHook.dll => C:\Program Files\Citrix\ICA Client\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
Startup: C:\Users\Ovsenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {69925D1B-6A0F-4413-861A-81AB98039DB9} => C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {39D54CC2-69CF-43b4-B167-577D25E7F496} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncSharedPending] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files\SugarSync\SugarSyncShellExt.dll (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 - Default Value = {9c6b6c90-8660-87a4-258f-97d82b56cd18}
URLSearchHook: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 - FCToolbarURLSearchHook Class - {9c6b6c90-8660-87a4-258f-97d82b56cd18} - C:\Program Files\Airmiles Toolbar\Helper.dll ()
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...1I7ADFA_enCA411
SearchScopes: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...1I7ADFA_enCA411
BHO: Airmiles Toolbar BHO -> {16BC5BC3-213F-7FA4-A1FB-4274F8DB9AD0} -> C:\Program Files\Airmiles Toolbar\Toolbar.dll ()
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Airmiles Toolbar - {8D58FFCC-DE8B-3354-7D02-F2A5E9247FCF} - C:\Program Files\Airmiles Toolbar\Toolbar.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2660131799-3171873607-912981114-1001 -> Airmiles Toolbar - {8D58FFCC-DE8B-3354-7D02-F2A5E9247FCF} - C:\Program Files\Airmiles Toolbar\Toolbar.dll ()
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
 
FireFox:
========
FF ProfilePath: C:\Users\Ovsenny\AppData\Roaming\Mozilla\Firefox\Profiles\tskfdjox.default
FF Homepage: hxxp://ca.yahoo.com/?p=us
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll No File
FF Plugin HKU\S-1-5-21-2660131799-3171873607-912981114-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ovsenny\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-04-15]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.airmiles.ca/arrow/Home
CHR Profile: C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-15]
CHR Extension: (YouTube) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-04]
CHR Extension: (Google Search) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-04]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2014-10-28]
CHR Extension: (A Journey through Middle-earth) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjgkjeheegjnnmheaflhdocglkiegoni [2014-12-08]
CHR Extension: (Save to Pocket) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-04]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1384992 2013-10-02] (Fitbit, Inc.)
R2 fshoster; C:\Program Files\Cogeco Security Services\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
R3 FSMA; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files\Cogeco Security Services\apps\CCF_Reputation\fsorsp.exe [60352 2014-08-21] (F-Secure Corporation)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 OpenVPNService; C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe [32568 2013-09-25] (The OpenVPN Project)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [573280 2014-08-13] (Copyright 2013 SAMSUNG)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 F-Secure Gatekeeper; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [149544 2014-11-18] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\HIPS\drivers\fshs.sys [74920 2014-11-18] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2014-08-21] ()
R3 fsni; C:\Program Files\Cogeco Security Services\apps\CCF_Scanning\fsni32.sys [70184 2014-06-19] (F-Secure Corporation)
R1 fsvista; C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [12736 2013-08-14] ()
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [295936 2013-01-30] (EldoS Corporation)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-11-21] (The OpenVPN Project)
R3 TRENDnetUdsMBus; C:\Windows\System32\Drivers\TRENDnetUdsMBus.sys [88576 2012-09-21] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 TRENDnetUdsTcpBus; C:\Windows\System32\Drivers\TRENDnetUdsTcpBus.sys [151296 2012-09-21] (Windows ® Codename Longhorn DDK provider) [File not signed]
S3 catchme; \??\C:\Users\Ovsenny\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\Ovsenny\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\Ovsenny\AppData\Local\Temp\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-09 08:43 - 2014-12-09 08:43 - 00021787 _____ () C:\Users\Ovsenny\Desktop\FRST.txt
2014-12-09 08:41 - 2014-12-09 08:41 - 01111040 _____ (Farbar) C:\Users\Ovsenny\Desktop\FRST.exe
2014-12-04 15:47 - 2011-12-12 22:59 - 00062801 _____ () C:\Users\Ovsenny\Documents\Ovsenny Christmas Labels final.csv.xls
2014-12-03 17:16 - 2014-12-03 17:18 - 00032543 _____ () C:\Users\Ovsenny\Desktop\Addition.txt
2014-12-03 17:15 - 2014-12-09 08:43 - 00000000 ____D () C:\FRST
2014-12-03 12:11 - 2014-12-03 12:11 - 05198336 _____ (AVAST Software) C:\Users\Ovsenny\Desktop\aswMBR.exe
2014-12-03 12:10 - 2014-12-03 12:10 - 05198336 _____ (AVAST Software) C:\Users\Ovsenny\Downloads\aswMBR.exe
2014-11-19 19:42 - 2014-11-19 19:42 - 00000000 __SHD () C:\Users\Ovsenny\AppData\Local\EmieBrowserModeList
2014-11-18 16:14 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 16:14 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-12 10:10 - 2014-11-12 10:10 - 00051201 _____ () C:\Users\Ovsenny\Downloads\Individual Player Stats 2014-2015 Week 6.xlsx
2014-11-11 19:30 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 19:30 - 2014-10-09 19:45 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 19:30 - 2014-10-02 20:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 19:30 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 19:30 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 19:30 - 2014-10-02 20:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 19:30 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 19:30 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 19:30 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 19:30 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 19:30 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 19:29 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 19:29 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 19:29 - 2014-11-05 22:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 19:29 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 19:29 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 19:29 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 19:29 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 19:29 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 19:29 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 19:29 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 19:29 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 19:29 - 2014-11-05 21:59 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 19:29 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 19:29 - 2014-11-05 21:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 19:29 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 19:29 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 19:29 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 19:29 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 19:29 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 19:29 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 19:29 - 2014-11-05 21:22 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 19:29 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 19:29 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 19:29 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 19:29 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 19:29 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 19:29 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 19:29 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 19:29 - 2014-10-13 20:56 - 00136632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 19:29 - 2014-10-13 20:50 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 19:29 - 2014-10-13 20:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 19:29 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 19:29 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 19:28 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 19:28 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 19:28 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-09 08:33 - 2010-12-26 13:39 - 01373491 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 08:24 - 2011-08-12 16:53 - 00000000 ____D () C:\Users\Ovsenny\Documents\Max
2014-12-09 08:15 - 2010-12-26 13:40 - 00726444 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-09 08:09 - 2012-11-04 11:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-09 07:49 - 2010-12-26 13:45 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-09 07:49 - 2010-12-26 13:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-09 07:49 - 2009-07-13 23:02 - 00010528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 07:49 - 2009-07-13 23:02 - 00010528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-08 09:29 - 2011-01-23 20:53 - 00000000 ____D () C:\Users\Ovsenny\Documents\Chris
2014-12-07 17:18 - 2014-02-24 20:23 - 00000000 ____D () C:\Users\Ovsenny\Documents\Outlook Files
2014-12-07 16:37 - 2009-07-13 23:51 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-05 08:07 - 2011-02-21 13:16 - 00000000 ____D () C:\Users\Ovsenny\AppData\Roaming\uTorrent
2014-12-03 17:13 - 2012-01-28 16:07 - 00000000 ____D () C:\Users\Ovsenny\Documents\zMisc
2014-11-26 13:52 - 2012-11-04 11:32 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-19 21:41 - 2014-02-24 20:23 - 00000000 ____D () C:\Users\Ovsenny\AppData\Local\F65BDCB8-6AC4-46AE-A8F4-5E5E16883757.aplzod
2014-11-19 19:46 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-19 07:36 - 2014-01-02 19:04 - 00001028 _____ () C:\Users\Ovsenny\Desktop\Dropbox.lnk
2014-11-19 07:36 - 2014-01-02 19:04 - 00000000 ___RD () C:\Users\Ovsenny\Dropbox
2014-11-19 07:36 - 2014-01-02 19:02 - 00000000 ____D () C:\Users\Ovsenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-19 07:36 - 2014-01-02 19:00 - 00000000 ____D () C:\Users\Ovsenny\AppData\Roaming\Dropbox
2014-11-19 07:31 - 2009-07-13 23:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 07:31 - 2009-07-13 23:07 - 00018824 _____ () C:\Windows\setupact.log
2014-11-17 17:35 - 2013-07-01 13:47 - 00000000 ____D () C:\Users\Ovsenny\AppData\Roaming\Ubisoft
2014-11-12 09:26 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-11-12 08:21 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 08:04 - 2010-12-26 15:37 - 00111072 _____ () C:\Users\Ovsenny\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 08:02 - 2009-07-13 23:02 - 00403480 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 03:16 - 2010-12-26 15:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 03:10 - 2013-07-22 05:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:02 - 2010-12-26 15:15 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Ovsenny\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2kk2ce.dll
C:\Users\Ovsenny\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ovsenny\AppData\Local\Temp\Quarantine.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1390003130917.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1394159596224.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1395269018025.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1395441293702.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1400418630759.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1400844469420.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1410484198447.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp0NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp1NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp2NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp3NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\utt50A9.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-06 00:16
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-12-2014
Ran by Ovsenny at 2014-12-09 08:44:09
Running from C:\Users\Ovsenny\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Computer Security (Enabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AS: Computer Security (Enabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\uTorrent) (Version: 3.4.2.32126 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Airmiles Toolbar (HKLM\...\Airmiles Toolbar) (Version:  - )
AllShare Framework DMS (HKLM\...\{1C2A409B-3D00-4EE7-B13C-3C70AB8704B0}) (Version: 1.3.23 - Samsung)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brain Spa (HKLM\...\Brain Spa) (Version:  - )
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 13.3.0.55 - Citrix Systems, Inc.)
Cogeco Security Services (HKLM\...\F-Secure ServiceEnabler 44095) (Version: 1.83.311.0 - F-Secure Corporation)
Cogeco Security Services (Version: 1.83.311.0 - F-Secure Corporation) Hidden
Computer Security 12.83.104.0 (release) (Version: 12.83.104.0 - F-Secure Corporation) Hidden
COWON Media Center - jetAudio Basic VX (HKLM\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.16 - COWON)
Dropbox (HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Easy CD-DA Extractor 15 (HKLM\...\Easy CD-DA Extractor 15) (Version: 15.2.5 - Poikosoft)
Fitbit Connect (HKLM\...\{C257E096-67B0-4122-98F3-EE0D8798E03B}) (Version: 1.0.0.4065 - Fitbit Inc.)
F-Secure CCF Reputation (Version: 1.0.25.1877 - F-Secure) Hidden
F-Secure CCF Scanning 1.43.102.193 (release) (Version: 1.43.102.193 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.128 (Version: 1.02.128 - F-Secure Corporation) Hidden
GameMaker 8.1 (HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\GameMaker81) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HandBrake 0.9.3 (HKLM\...\HandBrake) (Version: 0.9.3 - HandBrake)
HMA! Pro VPN 2.8.6.0 (HKLM\...\HMA! Pro VPN) (Version: 2.8.6.0 - Privax Ltd)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{9C55C629-6C4F-48A9-8840-C897DF6187ED}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
K-Lite Codec Pack 9.3.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Logitech Harmony Remote Software 7 (HKLM\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{00F93853-D9D3-4795-A89E-84CCBA0205C9}) (Version: 8.0.225.0 - Microsoft)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARDR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 10.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 10.0.2 (x86 en-US)) (Version: 10.0.2 - Mozilla)
Nike+ Connect (HKLM\...\Nike+ Connect) (Version: 6.6.21 - Nike)
NVIDIA Graphics Driver 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 260.99 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.1.9.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.9.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 260.99 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 260.99 - NVIDIA Corporation)
Online Plug-in (Version: 13.3.0.55 - Citrix Systems, Inc.) Hidden
Online Safety 2.83.1346.10 (Version: 2.83.1346.10 - F-Secure Corporation) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Samsung Link 2.0.0.1408131423 (HKLM\...\8474-7877-9059-0204) (Version: 2.0.0.1408131423 - Copyright 2013 SAMSUNG)
Self-service Plug-in (Version: 3.3.0.27839 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonos Controller (HKLM\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 24.0.69180 - Sonos, Inc.)
SugarSync (HKLM\...\SugarSync) (Version: 2.0.42.120603 - SugarSync, Inc.)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
TRENDnet USB Control Center Utility  (HKLM\...\{D4606DAD-9BF8-463B-94F8-1E69854A622C}) (Version: 2.41 - TRENDnet, INC)
TurboTax 2010 (HKLM\...\{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}) (Version: 1.00.0000 - Intuit Canada)
Unity Web Player (HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 1.1.7 (HKLM\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WBFS Manager 3.0 (HKLM\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
WebEx (HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
Xilisoft iPod Video Converter (HKU\S-1-5-21-2660131799-3171873607-912981114-1001\...\Xilisoft iPod Video Converter) (Version: 7.0.1.1219 - Xilisoft)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2660131799-3171873607-912981114-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2660131799-3171873607-912981114-1001_Classes\CLSID\{0067DBFC-A752-458C-AE6E-B9C7E63D4824}\InprocServer32 -> C:\Users\Ovsenny\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\LogitechDeviceDetection32.ocx (Logitech, Inc.)
CustomCLSID: HKU\S-1-5-21-2660131799-3171873607-912981114-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> c:\programdata\webex\WebEx\1224\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-2660131799-3171873607-912981114-1001_Classes\CLSID\{33DDB83C-9959-4AC1-990C-00D28FFBB37F}\InprocServer32 -> C:\Users\Ovsenny\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\LogitechDeviceDetection32.ocx (Logitech, Inc.)
CustomCLSID: HKU\S-1-5-21-2660131799-3171873607-912981114-1001_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Ovsenny\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2660131799-3171873607-912981114-1001_Classes\CLSID\{b2b568c8-3712-4a75-b806-4b3c2fdb06d5}\localserver32 -> C:\Users\Ovsenny\AppData\Local\Temp\{e9513610-f218-4dda-b954-2c7e6ba7cabb}\IDriver.NonElevated.exe N (the data entry has 6 more characters).
CustomCLSID: HKU\S-1-5-21-2660131799-3171873607-912981114-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2660131799-3171873607-912981114-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2660131799-3171873607-912981114-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2660131799-3171873607-912981114-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2660131799-3171873607-912981114-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2660131799-3171873607-912981114-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2660131799-3171873607-912981114-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2660131799-3171873607-912981114-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
12-11-2014 08:00:39 Windows Update
17-11-2014 06:00:30 Windows Backup
19-11-2014 08:00:12 Windows Update
24-11-2014 06:00:26 Windows Backup
01-12-2014 13:34:56 Windows Backup
08-12-2014 06:00:34 Windows Backup
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2014-01-09 22:17 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {012BB2AB-EE47-4C0D-9565-C49B6B161966} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {1B2EDE65-83C3-4654-B56F-249EEC9E9704} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {53F02DAC-A86F-4C1C-A15F-7582DF74DCE7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E47AF9A-A56C-4329-92E0-B23984ABD874} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {82C6F515-20AA-45DD-8917-31ADDD297D9E} - System32\Tasks\{EDC572F9-15DC-4129-A551-75BE1A44D9D2} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {A805B9EB-4BC4-4149-AB3A-49129D55FF82} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2010-07-21] (Microsoft Corporation)
Task: {D09095DB-E1BB-4829-90CB-A54C0AD3F7AB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D8598500-9254-424F-9877-1C65573C992B} - System32\Tasks\hpUrlLauncher.exe_{1D4AB095-886A-471C-BE35-DB27557E04B0} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {DF7EFC4B-18F4-49A2-8E9D-680917BBF52A} - System32\Tasks\Installation App Launcher => C:\Program Files\Dell V505\dldwamon.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-21 07:12 - 2013-08-14 07:22 - 00045504 _____ () C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\FSAVHRES.ENG
2013-05-15 15:05 - 2013-05-15 15:05 - 00220096 _____ () C:\Program Files\Cogeco Security Services\daas2.dll
2013-11-23 08:00 - 2014-08-13 13:23 - 00022016 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2013-11-23 08:00 - 2014-08-13 13:23 - 01595392 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2013-11-23 08:00 - 2014-08-13 13:23 - 01165824 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-12-21 11:15 - 2013-12-21 11:15 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\JNIInterface.dll
2013-12-21 11:15 - 2013-12-21 11:15 - 00119296 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ASFAPI.dll
2013-12-21 11:17 - 2013-12-21 11:17 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB_Manager.dll
2013-10-01 09:46 - 2013-10-01 09:46 - 00025600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MediaDB.dll
2013-10-22 09:48 - 2013-10-22 09:48 - 00707072 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ContentDirectoryPresenter.dll
2013-12-21 11:17 - 2013-12-21 11:17 - 00589824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMS_Manager.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll
2014-05-18 10:18 - 2014-05-18 10:18 - 00640512 _____ () C:\Windows\Temp\sqlite-3.7.151-x86-sqlitejdbc.dll
2014-08-21 07:17 - 2014-08-21 07:17 - 00030888 _____ () C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2014-08-21 07:12 - 2014-08-21 07:17 - 00212008 _____ () C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Spam Control\fsas.dll
2014-08-21 07:12 - 2014-11-18 16:01 - 00949288 _____ () C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2013-11-23 08:00 - 2014-08-13 13:23 - 00041472 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
2014-08-21 07:10 - 2014-08-21 07:10 - 00593464 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
2014-08-21 07:12 - 2013-08-14 07:22 - 00056256 _____ () C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\FSGUI\fsavures.ENG
2014-08-21 07:12 - 2013-08-14 07:22 - 00154560 _____ () C:\Program Files\Cogeco Security Services\apps\ComputerSecurity\FSGUI\flyerres.ENG
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\FolderCDP.dll
2013-12-11 16:46 - 2013-12-11 16:46 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MetadataFramework.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\sqlite3.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\MoodExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DCMImgExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AutoChaptering.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexpat.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoThumb.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avcodec-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avutil-50.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\avformat-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\swscale-0.dll
2013-10-25 19:49 - 2013-10-25 19:49 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AudioExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ID3Driver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\tag.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libThumbnail.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RichInfoDriver.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoExtractor.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ThumbnailMaker.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 01033728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageMagickWrapper.dll
2013-12-11 16:45 - 2013-12-11 16:45 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\VideoMetadataDriver.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libKeyFrame.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\SECMetaDriver.dll
2013-10-25 19:53 - 2013-10-25 19:53 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\ImageExtractor.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\photoDriver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\libexif-12.dll.dll
2013-10-25 19:48 - 2013-10-25 19:48 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\TextExtractor.dll
2013-10-24 16:53 - 2013-10-24 16:53 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\Autobackup.dll
2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\RosettaAllShare.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_serialization-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\boost_thread-vc90-mt-1_47.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\us.dll
2014-11-19 07:36 - 2014-11-19 07:36 - 00043008 _____ () c:\users\ovsenny\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2kk2ce.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Ovsenny\AppData\Roaming\Dropbox\bin\libcef.dll
2011-01-09 17:53 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2011-07-12 06:19 - 2011-07-12 06:20 - 00108344 _____ () C:\Program Files\Easy CD-DA Extractor 15\ezcddax32.dll
2014-11-26 13:52 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-26 13:52 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-26 13:52 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-26 13:52 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:6B9ADB51
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^Users^Ovsenny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: SugarSync => "C:\Program Files\SugarSync\SugarSync.exe" -startInTray -usedelay=true
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2660131799-3171873607-912981114-500 - Administrator - Disabled)
Guest (S-1-5-21-2660131799-3171873607-912981114-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2660131799-3171873607-912981114-1003 - Limited - Enabled)
Ovsenny (S-1-5-21-2660131799-3171873607-912981114-1001 - Administrator - Enabled) => C:\Users\Ovsenny
Sonos (S-1-5-21-2660131799-3171873607-912981114-1004 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/09/2014 08:42:20 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 2  2014-12-09  08:42:19-04:00  OVSENNYLAPTOP  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\users\ovsenny\desktop\frst.exe
 File hash: eb62e0040d47682e05baf8c60ec0e76beabd319c
 
Error: (12/09/2014 02:21:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21620600
 
Error: (12/09/2014 02:21:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21620600
 
Error: (12/09/2014 02:21:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/09/2014 02:21:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21608245
 
Error: (12/09/2014 02:21:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21608245
 
Error: (12/09/2014 02:21:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/08/2014 01:06:02 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).
 
Error: (12/04/2014 00:32:31 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".Error in manifest or policy file "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" on line Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition is Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/03/2014 05:14:34 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1  2014-12-03  17:14:32-04:00  OVSENNYLAPTOP  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\users\ovsenny\desktop\frst.exe
 File hash: ead6723940c1c50666a25548b9f1abfdd7ad3251
 
 
System errors:
=============
Error: (12/04/2014 00:03:33 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
 
Error: (11/29/2014 03:37:10 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
 
Error: (11/19/2014 03:16:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (11/12/2014 03:33:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (11/04/2014 06:53:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:46:06 PM on ‎11/‎4/‎2014 was unexpected.
 
Error: (10/31/2014 01:49:12 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
 
Error: (10/30/2014 07:00:00 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000019 (0x00000020, 0x85bc5db0, 0x85bc5e48, 0x08130008)C:\Windows\MEMORY.DMP103014-41855-01
 
Error: (10/30/2014 06:59:51 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:26:45 AM on ‎10/‎30/‎2014 was unexpected.
 
Error: (10/25/2014 02:27:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Fitbit Connect service.
 
Error: (10/19/2014 05:30:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
 
 
Microsoft Office Sessions:
=========================
Error: (12/09/2014 08:42:20 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 2  2014-12-09  08:42:19-04:00  OVSENNYLAPTOP  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\users\ovsenny\desktop\frst.exe
 File hash: eb62e0040d47682e05baf8c60ec0e76beabd319c
 
Error: (12/09/2014 02:21:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21620600
 
Error: (12/09/2014 02:21:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21620600
 
Error: (12/09/2014 02:21:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/09/2014 02:21:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21608245
 
Error: (12/09/2014 02:21:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21608245
 
Error: (12/09/2014 02:21:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (12/08/2014 01:06:02 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005)
 
Error: (12/04/2014 00:32:31 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\easy cd-da extractor 15\register64.exec:\program files\easy cd-da extractor 15\Microsoft.VC90.CRT.MANIFEST11
 
Error: (12/03/2014 05:14:34 PM) (Source: FSecure-FSecure-F-Secure DeepGuard) (EventID: 103) (User: )
Description: 1  2014-12-03  17:14:32-04:00  OVSENNYLAPTOP  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\users\ovsenny\desktop\frst.exe
 File hash: ead6723940c1c50666a25548b9f1abfdd7ad3251
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 50%
Total physical RAM: 3066.88 MB
Available physical RAM: 1510.87 MB
Total Pagefile: 6132.05 MB
Available Pagefile: 3760.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.13 MB
 
==================== Drives ================================
 
Drive b: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive c: () (Fixed) (Total:465.66 GB) (Free:251.57 GB) NTFS
Drive z: (Backup) (Fixed) (Total:465.76 GB) (Free:0 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 40D42941)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 90E4DE60)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 09 December 2014 - 08:54 AM

Hello, 
 
Whilst I go through your logs, please upload the large TDSSKiller log to my channel.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#5 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 09 December 2014 - 09:20 AM

In addition to doing the above - 
 
Are you aware the drive you use to backup data is full?
Drive z: (Backup) (Fixed) (Total:465.76 GB) (Free:0 GB) NTFS
 
------------------------------
 
Please consider the following:
 

goGMWSt.gifP2P Warning

------------------------------

I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infected and infested with malware - wormsbackdoor TrojansIRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. The best way to reduce the risk of infection is to avoid these types of web sites and not use P2P applications. Please read the following articles for more information.

Your P2P software can be removed by following the instructions below.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the aforementioned programme(s), right-click and click Uninstall.
If you choose not to, please refrain from using the programme(s) during this process.

 
I'm not seeing any malware, so we may be dealing with non-malware issues. 
 

Also, I seem to be getting intermittent Internet connection at my home

Do you experience the same issue with other devices (eg. Mobile device, desktop, etc) connected to the same network? 
 
STEP 1
xfuv55DC.png.pagespeed.ic.utHP7dQtHY.jpg Creating System Restore Point (W7/Vista)

  • Click the Windows Start Button 29Fou9c.jpg. Right-click Computer and click Properties.
  • Click System protection in the panel on the left. 
  • Click the System Protection tab, followed by Create.
  • In the System Protection dialog box, type a description, and click Create.
  • Upon completion, close the window.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-2660131799-3171873607-912981114-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope value is missing.
    FF Homepage: hxxp://ca.yahoo.com/?p=us
    FF NetworkProxy: "no_proxies_on", "*.local"
    FF NetworkProxy: "type", 0
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2014-11-19 19:42 - 2014-11-19 19:42 - 00000000 __SHD () C:\Users\Ovsenny\AppData\Local\EmieBrowserModeList
    C:\Users\Ovsenny\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2kk2ce.dll
    C:\Users\Ovsenny\AppData\Local\Temp\i4jdel0.exe
    C:\Users\Ovsenny\AppData\Local\Temp\Quarantine.exe
    C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1390003130917.exe
    C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1394159596224.exe
    C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1395269018025.exe
    C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1395441293702.exe
    C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1400418630759.exe
    C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1400844469420.exe
    C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1410484198447.exe
    C:\Users\Ovsenny\AppData\Local\Temp\temp0NikeConnectconnect6pcupdate.exe
    C:\Users\Ovsenny\AppData\Local\Temp\temp1NikeConnectconnect6pcupdate.exe
    C:\Users\Ovsenny\AppData\Local\Temp\temp2NikeConnectconnect6pcupdate.exe
    C:\Users\Ovsenny\AppData\Local\Temp\temp3NikeConnectconnect6pcupdate.exe
    C:\Users\Ovsenny\AppData\Local\Temp\utt50A9.tmp.exe
    AlternateDataStreams: C:\ProgramData\TEMP:6B9ADB51
    CMD: type C:\ComboFix.txt
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    EmptyTemp:
    end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for anything removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 
 
STEP 4
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Please download the Malwarebytes Anti-Malware setup file to your Desktop.
  • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme. 
  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 5
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x32) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • TDSSKiller log (uploaded to channel!)
  • Fixlog.txt
  • AdwCleaner[S0].txt
  • MBAM Scan log
  • RKreport.txt

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#6 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 10 December 2014 - 01:28 PM

Thank you for the TDSSKiller log. 

Please proceed with the instructions above.


50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#7 deparnage

deparnage

    New Member

  • Authentic Member
  • Pip
  • 10 posts

Posted 10 December 2014 - 04:09 PM

OK, thank you!

1. I did not notice my backup drive was full....thank you!

2. I dont think I have noticed any issues with other devices on the network, I will watch for that.

3. Restore point created.

4. All the logs posted below.

Thanks!

 

 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-12-2014

Ran by Ovsenny at 2014-12-10 13:11:47 Run:1
Running from C:\Users\Ovsenny\Desktop
Loaded Profile: Ovsenny (Available profiles: Ovsenny)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2660131799-3171873607-912981114-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
FF Homepage: hxxp://ca.yahoo.com/?p=us
FF NetworkProxy: "no_proxies_on", "*.local"
FF NetworkProxy: "type", 0
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-11-19 19:42 - 2014-11-19 19:42 - 00000000 __SHD () C:\Users\Ovsenny\AppData\Local\EmieBrowserModeList
C:\Users\Ovsenny\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2kk2ce.dll
C:\Users\Ovsenny\AppData\Local\Temp\i4jdel0.exe
C:\Users\Ovsenny\AppData\Local\Temp\Quarantine.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1390003130917.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1394159596224.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1395269018025.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1395441293702.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1400418630759.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1400844469420.exe
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1410484198447.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp0NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp1NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp2NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\temp3NikeConnectconnect6pcupdate.exe
C:\Users\Ovsenny\AppData\Local\Temp\utt50A9.tmp.exe
AlternateDataStreams: C:\ProgramData\TEMP:6B9ADB51
CMD: type C:\ComboFix.txt
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2660131799-3171873607-912981114-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
Firefox homepage deleted successfully.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Ovsenny\AppData\Local\EmieBrowserModeList => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2kk2ce.dll => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\i4jdel0.exe => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1390003130917.exe => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1394159596224.exe => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1395269018025.exe => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1395441293702.exe => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1400418630759.exe => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1400844469420.exe => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\SamsungAPInstaller_1410484198447.exe => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\temp0NikeConnectconnect6pcupdate.exe => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\temp1NikeConnectconnect6pcupdate.exe => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\temp2NikeConnectconnect6pcupdate.exe => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\temp3NikeConnectconnect6pcupdate.exe => Moved successfully.
C:\Users\Ovsenny\AppData\Local\Temp\utt50A9.tmp.exe => Moved successfully.
C:\ProgramData\TEMP => ":6B9ADB51" ADS removed successfully.
 
=========  type C:\ComboFix.txt =========
 
ComboFix 14-01-08.03 - Ovsenny 01/09/2014  21:54:22.1.2 - x86
Microsoft Windows 7 Enterprise N   6.1.7601.1.1252.1.1033.18.3067.1879 [GMT -5:00]
Running from: c:\users\Ovsenny\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL248D.tmp
c:\programdata\SPL8ED8.tmp
c:\programdata\SPL9137.tmp
c:\programdata\SPLD95F.tmp
c:\programdata\SPLE7E.tmp
c:\programdata\SPLED4A.tmp
c:\users\Ovsenny\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3A8FFB05-4125-4C7A-9E6E-95BA2D2FDBA9}.xps
c:\users\Ovsenny\AppData\Local\Temp\7zS47C7\HPSLPSVC32.DLL
c:\windows\system32\Tasks\BackgroundContainer Startup Task
c:\windows\TEMP\sqlite-3.7.2-sqlitejdbc.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-10 to 2014-01-10  )))))))))))))))))))))))))))))))
.
.
2014-01-10 03:10 . 2014-01-10 03:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-09 08:07 . 2014-01-09 08:07 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFBCF0CE-FBD8-4D5A-A8A8-1DD42DD48652}\offreg.dll
2014-01-08 02:58 . 2014-01-08 02:59 -------- d-----w- C:\AdwCleaner
2014-01-06 01:19 . 2014-01-06 01:19 -------- d-----w- c:\program files\iPod
2014-01-06 01:19 . 2014-01-06 01:19 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-01-06 01:19 . 2014-01-06 01:19 -------- d-----w- c:\program files\iTunes
2014-01-06 01:15 . 2014-01-06 01:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-01-06 01:15 . 2014-01-06 01:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-01-06 01:15 . 2014-01-06 01:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-01-06 01:15 . 2014-01-06 01:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-01-06 01:15 . 2014-01-06 01:15 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-01-06 01:15 . 2014-01-06 01:15 -------- d-----w- c:\program files\QuickTime
2014-01-04 19:42 . 2014-01-04 19:42 -------- d-----w- c:\programdata\Malwarebytes
2014-01-04 19:42 . 2014-01-04 20:49 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-04 19:42 . 2014-01-04 19:42 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-04 19:41 . 2014-01-04 19:41 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-04 15:52 . 2014-01-04 15:52 -------- d-----w- c:\programdata\Nike
2014-01-04 15:52 . 2014-01-04 15:52 -------- d-----w- c:\program files\Nike
2014-01-04 15:46 . 2014-01-04 15:46 -------- d-----w- c:\programdata\FitbitConnect
2014-01-04 15:46 . 2014-01-04 15:46 -------- d-----w- c:\program files\Fitbit Connect
2014-01-03 00:04 . 2014-01-06 01:24 -------- d-----r- c:\users\Ovsenny\Dropbox
2014-01-03 00:00 . 2014-01-07 00:47 -------- d-----w- c:\users\Ovsenny\AppData\Roaming\Dropbox
2014-01-02 21:28 . 2014-01-04 19:41 -------- d-----w- c:\users\Ovsenny\AppData\Local\SugarSync
2014-01-02 21:28 . 2013-01-30 18:12 225024 ----a-w- c:\windows\system32\SSCbFsNetRdr3.dll
2014-01-02 21:28 . 2013-01-30 18:12 159488 ----a-w- c:\windows\system32\SSCbFsMntNtf3.dll
2014-01-02 21:27 . 2013-01-30 18:11 295936 ----a-w- c:\windows\system32\drivers\sscbfs3.sys
2014-01-02 21:27 . 2014-01-02 21:28 -------- d-----w- c:\program files\SugarSync
2014-01-02 21:10 . 2014-01-02 21:10 -------- d-----w- c:\program files\K-Lite Codec Pack
2014-01-02 17:36 . 2014-01-02 17:36 -------- d-----w- c:\users\Ovsenny\AppData\Local\IsolatedStorage
2014-01-02 17:35 . 2014-01-02 17:36 -------- d-----w- c:\program files\HMA! Pro VPN
2013-12-29 01:13 . 2013-12-29 01:13 -------- d-----w- C:\TRENDnet
2013-12-15 14:37 . 2013-11-26 09:23 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-12-12 03:38 . 2013-11-12 02:07 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-12 03:38 . 2013-10-12 02:04 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-12 03:38 . 2013-10-12 02:03 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-12 03:38 . 2013-10-12 01:15 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-12 03:38 . 2013-10-12 01:15 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-12 03:38 . 2013-10-19 01:36 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-12 03:38 . 2013-10-30 01:27 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-12 03:38 . 2013-10-04 01:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-12 03:38 . 2013-10-04 01:17 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 04:09 . 2012-08-25 13:06 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 04:09 . 2011-06-17 19:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-28 22:33 . 2013-11-28 22:33 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-28 22:33 . 2013-11-28 22:33 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-28 22:33 . 2013-11-28 22:33 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-28 22:33 . 2013-11-28 22:33 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-28 22:33 . 2013-11-28 22:33 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-28 22:33 . 2013-11-28 22:33 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-28 22:33 . 2013-11-28 22:33 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-11-28 22:33 . 2013-11-28 22:33 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-28 22:33 . 2013-11-28 22:33 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 22:33 . 2013-11-28 22:33 337408 ----a-w- c:\windows\system32\html.iec
2013-11-28 22:33 . 2013-11-28 22:33 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-28 22:33 . 2013-11-28 22:33 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-28 22:33 . 2013-11-28 22:33 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-28 22:33 . 2013-11-28 22:33 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-28 22:33 . 2013-11-28 22:33 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-28 22:33 . 2013-11-28 22:33 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-28 22:33 . 2013-11-28 22:33 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-28 22:33 . 2013-11-28 22:33 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-28 22:33 . 2013-11-28 22:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-28 22:33 . 2013-11-28 22:33 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-28 22:32 . 2013-11-28 22:32 640512 ----a-w- c:\windows\system32\advapi32.dll
2013-11-28 22:32 . 2013-11-28 22:32 619520 ----a-w- c:\windows\system32\tdh.dll
2013-11-28 22:32 . 2013-11-28 22:32 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-11-28 22:32 . 2013-11-28 22:32 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-11-28 22:32 . 2013-11-28 22:32 1289096 ----a-w- c:\windows\system32\ntdll.dll
2013-11-28 22:31 . 2013-11-28 22:31 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-28 22:31 . 2013-11-28 22:31 231424 ----a-w- c:\windows\system32\mswsock.dll
2013-11-28 22:31 . 2013-11-28 22:31 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-11-28 22:31 . 2013-11-28 22:31 1505280 ----a-w- c:\windows\system32\d3d11.dll
2013-11-21 13:44 . 2013-11-21 13:44 35288 ----a-w- c:\windows\system32\drivers\tap0901.sys
2013-11-18 06:28 . 2013-12-06 02:52 7772552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CFBCF0CE-FBD8-4D5A-A8A8-1DD42DD48652}\mpengine.dll
2012-11-24 02:42 . 2011-09-16 23:21 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9c6b6c90-8660-87a4-258f-97d82b56cd18}"= "c:\program files\Airmiles Toolbar\Helper.dll" [2012-05-01 360960]
.
[HKEY_CLASSES_ROOT\clsid\{9c6b6c90-8660-87a4-258f-97d82b56cd18}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{635AEB71-5292-95A4-ADC6-8E21130DC245}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{16BC5BC3-213F-7FA4-A1FB-4274F8DB9AD0}]
2012-05-01 03:01 1618944 ----a-w- c:\program files\Airmiles Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8D58FFCC-DE8B-3354-7D02-F2A5E9247FCF}"= "c:\program files\Airmiles Toolbar\Toolbar.dll" [2012-05-01 1618944]
.
[HKEY_CLASSES_ROOT\clsid\{8d58ffcc-de8b-3354-7d02-f2a5e9247fcf}]
[HKEY_CLASSES_ROOT\FCTB000100577.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{BD3C9087-9808-1F74-AD57-C0B76CF4A164}]
[HKEY_CLASSES_ROOT\FCTB000100577.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8D58FFCC-DE8B-3354-7D02-F2A5E9247FCF}"= "c:\program files\Airmiles Toolbar\Toolbar.dll" [2012-05-01 1618944]
.
[HKEY_CLASSES_ROOT\clsid\{8d58ffcc-de8b-3354-7d02-f2a5e9247fcf}]
[HKEY_CLASSES_ROOT\FCTB000100577.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{BD3C9087-9808-1F74-AD57-C0B76CF4A164}]
[HKEY_CLASSES_ROOT\FCTB000100577.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ovsenny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ovsenny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Ovsenny\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2013-01-30 18:12 159488 ----a-w- c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-11-21 01:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-11-21 01:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-11-21 01:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-11-21 01:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-11-21 01:22 2090848 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-26 39408]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 1804648]
"BackgroundContainer"="c:\users\Ovsenny\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-10-14 319264]
"SugarSync"="c:\program files\SugarSync\SugarSync.exe" [2013-11-21 13134176]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2013-10-02 3264544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2012-07-27 380088]
"Samsung Link"="c:\program files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" [2013-11-06 567368]
"TRENDnet UDS Control Center"="c:\trendnet\USB Control Center Utility\Control Center.exe" [2012-10-08 5150208]
"Fitbit Connect"="c:\program files\Fitbit Connect\Fitbit Connect.exe" [2013-10-02 3264544]
"Nike+ Connect"="c:\program files\Nike\Nike+ Connect\Nike+ Connect daemon.exe" [2013-12-11 70656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\users\Ovsenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Ovsenny\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-17 30714312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\system32\SSCbFsMntNtf3.dll [2013-01-30 159488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Citrix\ICACLI~1\RSHook.dll
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-08-02 18432]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TRENDnetUdsTcpBus;TRENDnetUdsTcpBus;c:\windows\system32\Drivers\TRENDnetUdsTcpBus.sys [2012-09-21 151296]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-29 1343400]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2012-04-25 67960]
S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe [2013-10-11 401800]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files\Fitbit Connect\FitbitConnectService.exe [2013-10-02 1384992]
S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe [2013-11-06 574536]
S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\DRIVERS\sscbfs3.sys [2013-01-30 295936]
S3 TRENDnetUdsMBus;UDS Master Bus of Kernel USB Software Bus by TCP;c:\windows\system32\Drivers\TRENDnetUdsMBus.sys [2012-09-21 88576]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
HPService REG_MULTI_SZ   HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-08 00:03 1211672 ----a-w- c:\program files\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 04:09]
.
2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-26 18:45]
.
2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-26 18:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: loyalty.com\remote
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Ovsenny\AppData\Roaming\Mozilla\Firefox\Profiles\tskfdjox.default\
FF - prefs.js: browser.startup.homepage - hxxp://ca.yahoo.com/?p=us
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKCU-Run-Easy-Hide-IP - c:\program files\Easy-Hide-IP\easy-hide-ip.exe
HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5296)
c:\windows\system32\SSCbFsMntNtf3.dll
c:\windows\system32\SSCbFsNetRdr3.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2014-01-09  22:25:10 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-10 03:25
.
Pre-Run: 308,481,826,816 bytes free
Post-Run: 309,368,143,872 bytes free
.
- - End Of File - - B12CFB4A9218E10B743B03FA603BF98E
A36C5E4F47E84449FF07ED3517B43A31
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 2.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
# AdwCleaner v4.105 - Report created 10/12/2014 at 13:38:30
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Live]
# Operating System : Windows 7 Enterprise N Service Pack 1 (32 bits)
# Username : Ovsenny - OVSENNYLAPTOP
# Running from : C:\Users\Ovsenny\Desktop\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
File Deleted : C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Ovsenny\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : BackgroundContainer Startup Task
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Mozilla Firefox v10.0.2 (en-US)
 
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R0].txt - [4189 octets] - [07/01/2014 21:58:42]
AdwCleaner[R1].txt - [3936 octets] - [12/01/2014 12:57:33]
AdwCleaner[R2].txt - [1574 octets] - [10/12/2014 13:34:22]
AdwCleaner[S0].txt - [3978 octets] - [12/01/2014 13:34:39]
AdwCleaner[S1].txt - [1507 octets] - [10/12/2014 13:38:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1567 octets] ##########
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/10/2014
Scan Time: 1:52:30 PM
Logfile: malware bytes log.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.10.07
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Ovsenny
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322213
Time Elapsed: 15 min, 45 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.BundleInstaller.DW, C:\Users\Ovsenny\Downloads\SportHunterTVApp_setup(43).exe, Quarantined, [6a5d4b15fe7e12246c1851d024dd32ce], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
RogueKiller V10.0.9.0 [Dec  8 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Ovsenny [Administrator]
Mode : Scan -- Date : 12/10/2014  16:14:31
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 15 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\Ovsenny\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\Ovsenny\AppData\Local\Temp\catchme.sys) -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\Ovsenny\AppData\Local\Temp\catchme.sys) -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{E62FF8CC-7E64-49D6-99AE-998FE51E71D8} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E62FF8CC-7E64-49D6-99AE-998FE51E71D8} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{E62FF8CC-7E64-49D6-99AE-998FE51E71D8} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2660131799-3171873607-912981114-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500420AS ATA Device +++++
--- User ---
[MBR] be6fc19992306c7c15714c3faa08e085
[BSP] 9edae2bc6e98938b41ea9c9f86dfb350 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 476838 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: ST9500420AS ATA Device +++++
--- User ---
[MBR] b7956a4777dd7fca8527b524c4648c70
[BSP] c7e16b28a806481f9253f79d2006d2dc : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: SMI USB DISK USB Device +++++
--- User ---
[MBR] a4ab3da973c7ea52c65fadd804fcd037
[BSP] 9d20b71b0955d4fce59d717894cf5a44 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2168 | Size: 3819 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
 


#8 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 10 December 2014 - 08:15 PM

Hello, 

 

Lets run a couple more scans. 

However, it doesn't look as if malware is involved here. 

 

STEP 1
7D2ig3K.png Emsisoft Emergency Kit (Portable)

  • Please download Emsisoft Emergency Kit and save the file to a your Desktop.
  • Double-click EmsisoftEmergencyKit.exe.
  • Click Extract.
  • Upon completion, double-click the Emsisoft Emergency Kit shortcut on your Desktop to start the programme.
  • Click Yes to update the programme definitions.
  • Click Yes to detect Potentially Unwanted Programs (PUP's).
  • Click Scan now.
  • Select Full Scan and click Scan.
  • Close any High Risk notification screen that may appear.
  • When the scan is finished click Quarantine selected objects if malicious objects were found.
  • Click View Report, and open the most recent log. 
  • Copy the contents of the log and paste in your next reply.
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Emsisoft log
  • ESET Online Scan log

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!


#9 LiquidTension

LiquidTension

    SuperMember

  • Retired Classroom Teacher
  • 2,566 posts

Posted 14 December 2014 - 09:32 PM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

50QfLth.png

 

Would you like to help others with malware removal? Join our Classroom and learn how!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users