Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-12-2015
Ran by User (administrator) on USER-PC (31-12-2015 08:24:05)
Running from C:\Users\User\AppData\Local\Temp\WPDNSE\{00000352-0001-0001-0000-000000000000}
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Comfort Software Group) C:\Program Files\HotVirtualKeyboard\hvk.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [BCSSync] => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-29] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-29] (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL No File
Tcpip\Parameters: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{239856E5-60B8-4CF9-B591-8212CF9FF45A}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{52E928E2-4121-46AF-B14C-7362DCA0B379}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{627FEDE6-4E3F-41D6-A9B2-9EE5AC7E8ABE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{78575C46-E380-4208-8D11-13EC7AE2CABE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8789EBBE-4FE2-49ED-A4CA-6CB28881CAE3}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{8D0716F8-13A1-470D-8825-D6B5517B4D10}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{A65E4E33-E079-4F61-A2DF-A7CA916A206B}: [DhcpNameServer] 10.9.0.1
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-332799431-1520625345-1691349392-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-332799431-1520625345-1691349392-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-332799431-1520625345-1691349392-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://
www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-332799431-1520625345-1691349392-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://
www.google.com/search?q={sear
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-29] (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-03] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-29] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-03] (Oracle Corporation)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-31] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2013-04-03] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @millisecond.com/npInquisit,version=4.0 -> C:\Program Files (x86)\Millisecond Software\Inquisit 4 Web Plugin\npInquisit.dll [2014-03-14] (Millisecond Software)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-09] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-29]
Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HP Product Detection Plugin) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp [2013-10-31]
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-06]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-30]
CHR Extension: (Google Docs Offline) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]
CHR Extension: (AdBlock) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-06]
CHR Extension: (Google Keep - notes and lists) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-10-12]
CHR Extension: (Disconnect) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-08-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-18]
CHR Extension: (MailTrack for Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2015-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-29]
CHR Extension: (Avast Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-12-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-29]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-29] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2015-12-29] (AVAST Software)
S2 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-29] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-12-29] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-29] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2015-12-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-29] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-29] (AVAST Software)
S3 copperhd; C:\Windows\System32\drivers\copperhd.sys [13824 2006-05-24] (Razer (Asia-Pacific) Pte Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [249856 2010-03-24] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 tapse01; C:\Windows\System32\DRIVERS\tapse01.sys [39048 2015-03-05] (The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-30] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-30 16:13 - 2015-12-30 16:13 - 00017842 _____ C:\ComboFix.txt
2015-12-30 15:54 - 2011-06-26 17:45 - 00256000 _____ C:\Windows\PEV.exe
2015-12-30 15:54 - 2010-11-08 04:20 - 00208896 _____ C:\Windows\MBR.exe
2015-12-30 15:54 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-12-30 15:54 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-12-30 15:54 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-12-30 15:54 - 2000-08-31 11:00 - 00098816 _____ C:\Windows\sed.exe
2015-12-30 15:54 - 2000-08-31 11:00 - 00080412 _____ C:\Windows\grep.exe
2015-12-30 15:54 - 2000-08-31 11:00 - 00068096 _____ C:\Windows\zip.exe
2015-12-30 15:53 - 2015-12-30 16:13 - 00000000 ____D C:\Qoobox
2015-12-30 15:53 - 2015-12-30 16:09 - 00000000 ____D C:\Windows\erdnt
2015-12-30 15:52 - 2015-12-30 15:51 - 05643545 ____R (Swearware) C:\Users\User\Desktop\ComboFix.exe
2015-12-30 15:50 - 2015-12-30 15:51 - 05643545 _____ (Swearware) C:\Users\User\Downloads\ComboFix.exe
2015-12-30 14:28 - 2015-12-30 14:28 - 00003929 _____ C:\Users\User\Desktop\malware.txt
2015-12-30 14:20 - 2015-12-30 14:20 - 00000758 _____ C:\Users\User\Desktop\JRT.txt
2015-12-30 14:15 - 2015-12-30 13:41 - 01599336 ____N (Malwarebytes) C:\Users\User\Desktop\JRT.exe
2015-12-30 13:40 - 2015-12-30 13:41 - 01743360 _____ C:\Users\User\Downloads\adwcleaner_5.026.exe
2015-12-30 13:04 - 2015-12-30 13:04 - 00003930 _____ C:\Users\User\Desktop\next reply.txt
2015-12-30 10:19 - 2015-12-30 10:24 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-12-30 10:19 - 2015-12-30 10:21 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-30 10:18 - 2015-12-30 10:18 - 20835400 _____ C:\Users\User\Downloads\RogueKiller.exe
2015-12-29 18:54 - 2015-12-29 18:54 - 00003030 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1451375648
2015-12-29 18:54 - 2015-12-29 18:54 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2015-12-29 18:54 - 2015-12-29 18:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-29 18:50 - 2015-12-29 18:49 - 00028144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2015-12-29 18:50 - 2015-12-29 18:36 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-12-29 18:49 - 2015-12-29 18:49 - 00466400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2015-12-29 18:38 - 2015-12-29 18:38 - 00000000 ____D C:\Users\User\AppData\Roaming\AVAST Software
2015-12-29 18:37 - 2015-12-29 18:37 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-29 18:36 - 2015-12-29 18:50 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-12-29 18:36 - 2015-12-29 18:37 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-12-29 18:36 - 2015-12-29 18:37 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-12-29 18:36 - 2015-12-29 18:36 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2015-12-29 18:36 - 2015-12-29 18:36 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-12-29 18:36 - 2015-12-29 18:36 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-12-29 18:36 - 2015-12-29 18:36 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2015-12-29 18:36 - 2015-12-29 18:36 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2015-12-29 18:36 - 2015-12-29 18:36 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-29 18:36 - 2015-12-29 18:35 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2015-12-29 18:35 - 2015-12-29 18:35 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-12-29 18:32 - 2015-12-29 18:49 - 00000000 ____D C:\Program Files\AVAST Software
2015-12-29 18:31 - 2015-12-29 18:50 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-29 18:31 - 2015-12-29 18:31 - 05066096 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_online.exe
2015-12-29 16:16 - 2015-12-29 16:16 - 00003304 _____ C:\bootsqm.dat
2015-12-29 15:50 - 2015-12-29 15:50 - 00000000 ____D C:\Users\User\Documents\tweaking.com_windows_repair_aio
2015-12-28 22:12 - 2015-12-28 22:12 - 00262144 _____ C:\Windows\Minidump\122815-25662-01.dmp
2015-12-27 17:16 - 2015-12-30 14:06 - 00000000 ____D C:\AdwCleaner
2015-12-27 17:14 - 2015-12-27 17:14 - 00000000 ____D C:\zoek_backup
2015-12-27 17:11 - 2015-12-31 08:24 - 00000000 ____D C:\FRST
2015-12-27 17:05 - 2015-12-27 17:08 - 00389162 _____ C:\TDSSKiller.3.1.0.9_27.12.2015_17.05.35_log.txt
2015-12-14 11:54 - 2015-12-14 11:55 - 00000720 _____ C:\DelFix.txt
2015-12-13 23:51 - 2015-12-30 14:26 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-13 23:51 - 2015-12-13 23:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-13 23:51 - 2015-12-13 23:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-13 23:51 - 2015-12-13 23:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-13 23:51 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-12-13 23:51 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-12-13 23:51 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-12-13 23:29 - 2015-12-13 23:49 - 00000000 ____D C:\zoek
2015-12-13 19:53 - 2015-12-13 19:53 - 00003148 _____ C:\Windows\System32\Tasks\{D19222F7-393E-46E5-817F-D657D32F3978}
2015-12-13 17:49 - 2015-12-13 22:52 - 00001258 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fc32h45r31o78m97e.lnk
2015-12-13 17:40 - 2015-12-13 19:26 - 00944642 _____ C:\Windows\ntbtlog.txt
2015-12-13 17:28 - 2015-12-13 17:28 - 00000000 ____D C:\Users\User\.MCTranscodingSDK
2015-12-13 17:25 - 2015-12-13 17:48 - 00004840 _____ C:\Windows\SysWOW64\Papogaj.ini
2015-12-13 17:25 - 2015-12-13 17:48 - 00002560 _____ C:\Windows\SysWOW64\PapogajOff.ini
2015-12-13 17:25 - 2015-12-13 17:48 - 00002560 _____ C:\Windows\system32\PapogajOff.ini
2015-12-13 17:24 - 2015-12-30 13:33 - 00000000 ____D C:\Users\User\AppData\Roaming\WiiccuAtifi
2015-12-13 17:24 - 2015-12-13 17:25 - 00000000 ____D C:\Users\User\AppData\Local\Tempfolder
2015-12-13 17:24 - 2015-12-13 17:24 - 00000000 ____D C:\Windows\system32\mut
2015-12-13 17:23 - 2015-12-13 17:23 - 00003336 _____ C:\Windows\System32\Tasks\Dedketde
2015-12-13 17:17 - 2015-12-13 17:17 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1449987422
2015-12-13 17:14 - 2015-12-13 17:57 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-13 17:13 - 2015-12-13 17:19 - 00000000 ____D C:\Users\User\AppData\Roaming\DivX
2015-12-13 17:10 - 2015-12-13 17:10 - 00000973 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-12-13 17:06 - 2015-12-13 22:22 - 00000000 ____D C:\Program Files (x86)\DivX
2015-12-11 13:24 - 2015-12-11 13:25 - 00173281 _____ C:\Users\User\Downloads\Resume_THIS ONE.pdf
2015-12-11 13:23 - 2015-12-11 13:23 - 00061024 _____ C:\Users\User\Downloads\passport certified.pdf
2015-12-11 13:20 - 2015-12-11 13:21 - 00626898 _____ C:\Users\User\Downloads\counselling certified.pdf
2015-12-11 13:16 - 2015-12-11 13:17 - 00223781 _____ C:\Users\User\Downloads\VCE certfied.pdf
2015-12-11 13:09 - 2015-12-11 13:09 - 00457835 _____ C:\Users\User\Downloads\mentoring certified.pdf
2015-12-09 16:50 - 2015-12-09 16:51 - 00385537 _____ C:\Users\User\Downloads\mental_status_exam (1).ppt
2015-12-09 16:34 - 2015-12-09 16:35 - 00385537 _____ C:\Users\User\Downloads\mental_status_exam.ppt
2015-12-09 13:06 - 2015-12-09 13:06 - 00402030 _____ C:\Users\User\Downloads\106207-148082-1-PB (1).pdf
2015-12-08 15:53 - 2015-12-08 15:54 - 00402030 _____ C:\Users\User\Downloads\106207-148082-1-PB.pdf
2015-12-06 16:17 - 2015-12-06 16:19 - 03127032 _____ C:\Users\User\Downloads\The_relationship_between_accul.PDF
2015-12-02 16:10 - 2015-12-02 16:10 - 00848896 _____ C:\Users\User\Downloads\PRESENTATION WITHOUT NOTES.ppt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-31 08:20 - 2013-02-20 21:41 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-31 08:20 - 2013-02-20 21:41 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-30 16:07 - 2009-07-14 14:20 - 00000000 ____D C:\Windows
2015-12-30 16:07 - 2009-07-14 13:34 - 00000215 _____ C:\Windows\system.ini
2015-12-30 14:13 - 2009-07-14 15:45 - 00024800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-30 14:13 - 2009-07-14 15:45 - 00024800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-30 14:12 - 2009-07-14 16:13 - 00772352 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-30 14:12 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\inf
2015-12-30 14:08 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-29 18:49 - 2013-03-26 13:34 - 00001945 _____ C:\Windows\epplauncher.mif
2015-12-29 18:00 - 2013-02-16 17:53 - 00065992 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-29 18:00 - 2009-07-14 15:45 - 00304416 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-29 17:28 - 2013-02-20 20:06 - 00003160 _____ C:\Windows\System32\Tasks\SidebarExecute
2015-12-29 17:24 - 2009-07-14 13:34 - 00000423 _____ C:\Windows\win.ini
2015-12-28 23:19 - 2013-03-02 15:20 - 00000000 ____D C:\Users\User\AppData\Roaming\vlc
2015-12-28 22:12 - 2013-08-27 13:47 - 317394209 _____ C:\Windows\MEMORY.DMP
2015-12-28 22:12 - 2013-08-27 13:47 - 00000000 ____D C:\Windows\Minidump
2015-12-28 16:17 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-28 15:21 - 2009-07-14 13:34 - 00000835 _____ C:\Windows\system32\Drivers\etc\hosts_bak_792
2015-12-27 12:58 - 2009-07-14 16:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-12-14 11:03 - 2009-07-14 16:32 - 00000000 ____D C:\Windows\Offline Web Pages
2015-12-13 20:58 - 2014-11-01 12:13 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2015-12-13 20:50 - 2014-11-26 16:36 - 00000000 __SHD C:\Users\User\AppData\LocalLow\EmieBrowserModeList
2015-12-13 17:56 - 2013-02-16 12:54 - 00001413 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-13 17:33 - 2013-02-20 21:41 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-12-13 17:31 - 2013-02-16 12:54 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2015-12-13 17:10 - 2009-07-14 13:34 - 00000973 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2015-12-13 17:06 - 2015-10-06 13:52 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-13 17:06 - 2013-02-20 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-09 14:39 - 2010-11-21 14:27 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-12-02 16:35 - 2013-02-20 21:41 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 16:35 - 2013-02-20 21:41 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-12-20 13:36
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-12-2015
Ran by User (2015-12-31 08:25:33)
Running from C:\Users\User\AppData\Local\Temp\WPDNSE\{00000352-0001-0001-0000-000000000000}
Windows 7 Home Premium Service Pack 1 (X64) (2013-02-16 01:53:59)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-332799431-1520625345-1691349392-500 - Administrator - Disabled)
Guest (S-1-5-21-332799431-1520625345-1691349392-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-332799431-1520625345-1691349392-1002 - Limited - Enabled)
User (S-1-5-21-332799431-1520625345-1691349392-1000 - Administrator - Enabled) => C:\Users\User
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29126 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-332799431-1520625345-1691349392-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.224 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
AVG 2013 (Version: 13.0.2641 - AVG Technologies) Hidden
Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Gail Howard's Smart Luck Wheel Gold™ version Smart Luck Wheel G (HKLM-x32\...\{47D357C6-2AC9-4AC6-A46C-9C8F14ABC734}_is1) (Version: Smart Luck Wheel Gold™ Version 4.0.0.30 - Gail Howard's)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HandBrake 0.9.5 (HKLM-x32\...\HandBrake) (Version: 0.9.5 - )
Hot Virtual Keyboard 8.0.1.0 (HKLM\...\{0F896F26-E9C0-4331-BB90-28CDDA490C93}_is1) (Version: 8.0 - Comfort Software Group)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{F294770E-F869-400F-81C3-614B5F13CA54}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Product Detection (HKLM-x32\...\{42D10994-A566-495D-A5E7-D0C6B5C6B35C}) (Version: 11.14.0006 - HP)
Inquisit 4 Web Plugin (HKLM-x32\...\{5C106AB3-C513-45B1-8D5A-C6DDFCE706AF}) (Version: 4.0.5.0 - Millisecond Software)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
pocketwifi (HKLM-x32\...\pocketwifi) (Version: TOOL-ConnLaucher_WIN1.01.01.737 - Huawei Technologies Co.,Ltd)
PSPP (HKLM-x32\...\PSPP) (Version: 0.8.4 - Free Software Foundation, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.40.126.2011 - Realtek)
SafeZone Stable 1.46.1990.139 (x32 Version: 1.46.1990.139 - Avast Software) Hidden
SpaceSoundPro Service (HKLM-x32\...\zz.10811.ssp) (Version: 1.0.0 - CSDI) <==== ATTENTION
SurfEasy VPN 3.1.401 (HKLM-x32\...\SurfEasy VPN) (Version: 3.1.401 - SurfEasy Inc)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
28-12-2015 16:48:45 Scheduled Checkpoint
29-12-2015 16:47:33 Tweaking.com - Windows Repair
29-12-2015 18:10:05 Windows Update
29-12-2015 18:51:53 Device Driver Package Install: Avast Network Service
30-12-2015 14:15:38 JRT Pre-Junkware Removal
30-12-2015 14:16:14 JRT Pre-Junkware Removal
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 13:34 - 2015-12-29 17:25 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0861D7E4-4791-41AB-99F5-24E8D6F4A37B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-29] (AVAST Software)
Task: {0DF82C09-8B69-4D3F-8939-515027E351FB} - System32\Tasks\Dedketde => C:\PROGRA~1\SHOPPE~1\Shsiwb.bat
Task: {39F0989C-B2D7-442F-BF10-EF50D42F1028} - System32\Tasks\Opera scheduled Autoupdate 1449987422 => C:\Program Files (x86)\Opera\launcher.exe
Task: {49C31E8F-D1CE-46E4-9561-B3CC41C91962} - System32\Tasks\{78232B2D-515F-48A0-A5C7-4A9232ED95F9} => pcalua.exe -a G:\HTCDrivers\HTCDriverInstaller.exe -d G:\HTCDrivers
Task: {4DF498D3-9E0E-475C-B7DA-21883670BBEF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6C5A5D1D-D20E-43CC-B1B6-B368378BC5C8} - System32\Tasks\SafeZone scheduled Autoupdate 1451375648 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2015-12-01] (Avast Software)
Task: {6DC4E6B4-65E5-40E4-B609-7EB60E81E7C9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-29] (AVAST Software)
Task: {70784624-1E14-48DB-AB73-C07B6873506E} - System32\Tasks\VPNReactor => C:\Program Files (x86)\VPNReactor\VPNReactor.exe
Task: {8767DBA3-A68C-4638-8D02-5F6FA8E9F894} - System32\Tasks\{D8E31926-A991-4586-AE95-F40EAE9A01A0} => pcalua.exe -a C:\Users\User\Downloads\Nokia_PC_Suite_ALL.exe -d C:\Users\User\Downloads
Task: {8BECCAE8-8A7E-4FC9-88E0-ABA5951458F9} - System32\Tasks\{991093C2-89E5-47B0-A722-58DB69489B36} => pcalua.exe -a F:\HTCDrivers\HTCDriverInstaller.exe -d F:\HTCDrivers
Task: {AA0A879F-6D58-49B7-954B-C5DF9C1B2ADD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {B7092169-DE29-438D-AD92-75BE97E65CFD} - System32\Tasks\{D19222F7-393E-46E5-817F-D657D32F3978} => pcalua.exe -a C:\Users\User\AppData\Roaming\yoursearching\UninstallManager.exe -c -ptid=face
Task: {E4E080CD-702A-4647-AF9C-25ADFDCB7754} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {E926BD8A-57D4-4475-9927-D8416BC58781} - System32\Tasks\{CF48E146-1385-4CC2-B076-6B9B36AF1F6E} => pcalua.exe -a C:\Users\User\Downloads\ADE_2.0_Installer.exe -d C:\Users\User\Downloads
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-05-15 17:26 - 2015-05-15 17:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 17:26 - 2015-05-15 17:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-05 19:17 - 2015-03-05 19:17 - 03272048 _____ () C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
2015-12-29 18:35 - 2015-12-29 18:35 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-29 18:35 - 2015-12-29 18:35 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-30 10:15 - 2015-12-30 10:15 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\15122901\algo.dll
2015-12-29 18:35 - 2015-12-29 18:35 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-12-31 08:22 - 2015-12-31 08:22 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\15123001\algo.dll
2015-12-29 18:35 - 2015-12-29 18:35 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-27 18:47 - 2015-12-11 14:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-27 18:47 - 2015-12-11 14:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2013-02-20 22:06 - 2012-12-06 20:12 - 00035160 _____ () C:\Program Files\HotVirtualKeyboard\hvkH.dll