Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Administrator (administrator) on DESKTOP (03-02-2016 12:15:34)
Running from C:\Users\administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator & admin)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(FileZilla Project) C:\xampp\FileZillaFTP\FileZillaServer.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
() C:\xampp\mysql\bin\mysqld.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.1.4.4\WsAppService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Apache Software Foundation) C:\xampp\apache\bin\httpd.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\Unhackme.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\reanimator.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\reanimator.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe [254024 2014-02-13] ()
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [888344 2016-01-07] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-08-14] (VMware, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [3 2015-11-16] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-02-02] (AVAST Software)
HKLM-x32\...\runonceex: [Flags] => 128
HKLM-x32\...\runonceex: [Title] => UnHackMe Rootkit Check
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1494889691-692003638-653252256-500\...\Run: [] => 0
HKU\S-1-5-21-1494889691-692003638-653252256-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
AppInit_DLLs: C:\ProgramData\caMyciloP\SunEco.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-02] (AVAST Software)
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\csruzfnoasaw.dll No File
ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\csruzfnoasaw.dll No File
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMG003.exe [2016-02-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IMG001.exe [2016-02-03] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\trzE8CA.tmp [2016-02-02] ()
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\trzFD81.tmp [2016-01-29] ()
BootExecute: autocheck autochk * PartizanaswBoot.exe /M:d1db4dd7 /wow /dir:"C:\Program Files\AVAST Software\Avast"
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-1494889691-692003638-653252256-500] => http=127.0.0.1:7070;https=127.0.0.1:7070
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.50.20 10.0.50.1
Tcpip\..\Interfaces\{6b61dd6f-a92c-43ce-96ed-13e727e68dc0}: [NameServer] 208.67.222.123,208.67.220.123
Tcpip\..\Interfaces\{6b61dd6f-a92c-43ce-96ed-13e727e68dc0}: [DhcpNameServer] 10.0.50.20 10.0.50.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1447116458&z=05dc53dfd99b0ef39a8701agczaz4magfgfq8zcw6b&from=amt&uid=st500dm002-1bd142_z3t1dzj1xxxxz3t1dzj1&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1447116458&z=05dc53dfd99b0ef39a8701agczaz4magfgfq8zcw6b&from=amt&uid=st500dm002-1bd142_z3t1dzj1xxxxz3t1dzj1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1447116458&z=05dc53dfd99b0ef39a8701agczaz4magfgfq8zcw6b&from=amt&uid=st500dm002-1bd142_z3t1dzj1xxxxz3t1dzj1&q={searchTerms}
HKU\S-1-5-21-1494889691-692003638-653252256-500\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTwkzwGbNf1O2UG-AHkz9L_6JLDGl3QHWE_YncMUuZdb9n4qnnjLSSsQq-B09yJmK2glZrRpUdf5TA4GPxMy8D99Kf6VXVMm8_1cMrDx6EvoTUDA7JWBjjC4UPkP92AgaIQlw07TNnvvkbreQu-vaOyHetmzk5L4UFm757Q,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1494889691-692003638-653252256-500 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrrSIp6Q_F_qNNzE_IAXOeC5kU8r2IH2g-mGX-Aq138T3F7uJIQ6ne-8DgU-EbZVJz2AKj3906UAWgsqICrlgQ8BCMX1-A8A7e-IlACF2BM9UytwL_K2h-KVsuYyWv4aBRCUxiSO8oxXfFHzgGVCgnaCHUw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1494889691-692003638-653252256-500 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWrrSIp6Q_F_qNNzE_IAXOeC5kU8r2IH2g-mGX-Aq138T3F7uJIQ6ne-8DgU-EbZVJz2AKj3906UAWgsqICrlgQ8BCMX1-A8A7e-IlACF2BM9UytwL_K2h-KVsuYyWv4aBRCUxiSO8oxXfFHzgGVCgnaCHUw,,&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-10-07] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-05-21] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-02] (AVAST Software)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-01-23] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-02-01] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-02-01] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-05-21] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-05-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-02]

Chrome: 
=======
CHR Profile: C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-25]
CHR Extension: (Google) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-25]
CHR Extension: (Google) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-25]
CHR Extension: (Google) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-10-24]
CHR Extension: (Google) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-10-09]
CHR Extension: (Google) - C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-25]
CHR HKLM-x32\...\Chrome\Extension: [fcgnigmofekcllgbiejhmigggmgehkip] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2013-11-21] (Apache Software Foundation) [File not signed]
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2015-12-11] (Autodesk)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-02-02] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109520 2016-02-02] (AVAST Software)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433688 2016-01-07] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413208 2016-01-07] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [859672 2016-01-07] (BlueStack Systems, Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-12-12] (Microsoft Corporation)
R2 FileZillaServer; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-02-26] (FileZilla Project) [File not signed]
S4 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-11-10] (IObit)
R2 mysql; C:\xampp\mysql\bin\mysqld.exe [10966528 2014-01-14] () [File not signed]
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
S4 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465344 2015-08-14] ()
S4 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87736 2014-04-30] (Microsoft Corporation)
S3 wampapache; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [22016 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [10959360 2014-05-01] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.1.4.4\WsAppService.exe [382464 2015-11-19] (Wondershare) [File not signed]
S2 MobogenieService; C:\Program Files (x86)\Mobogenie3\MobogenieService.exe [X]
S2 rsEngineSvc; no ImagePath

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-02-02] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2016-02-02] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-02-02] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [466400 2016-02-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-02-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-02-02] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-02-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-02-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-02-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-02-02] (AVAST Software)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-01-07] (BlueStack Systems)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c65x64.sys [488736 2015-12-08] (Intel Corporation)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-11-11] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-12] (REALiX(tm))
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-11-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-22] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
R2 NEWDRIVER; C:\Windows\SysWow64\WinVDEdrv6.sys [197648 2015-11-23] ()
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2016-02-02] (Greatis Software)
R1 rsktdi; C:\Windows\system32\drivers\rsktdi.sys [23704 2015-08-20] (Beijing Rising Information Technology Co., Ltd.)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [84672 2015-09-06] (Beijing Rising Information Technology Co., Ltd.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2015-09-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [119168 2015-08-27] (Beijing Rising Information Technology Co., Ltd.)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-08-13] (Oracle Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-08-04] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-11-17] (wisecleaner.com)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-03 12:16 - 2016-01-29 12:37 - 03844176 _____ C:\Users\IMG001.exe
2016-02-03 12:15 - 2016-02-03 12:16 - 00022858 _____ C:\Users\administrator\Desktop\FRST.txt
2016-02-03 12:15 - 2016-02-03 12:15 - 00000000 ____D C:\FRST
2016-02-03 12:14 - 2016-02-03 12:14 - 02370560 _____ (Farbar) C:\Users\administrator\Downloads\FRST64.exe
2016-02-03 12:14 - 2016-02-03 12:14 - 02370560 _____ (Farbar) C:\Users\administrator\Desktop\FRST64.exe
2016-02-03 12:08 - 2016-02-03 12:08 - 04749366 _____ C:\Users\administrator\Downloads\remove self starting exe files from your start up folder (VLD).flv
2016-02-03 12:07 - 2016-02-03 12:07 - 00925696 _____ (Prog Lite Installer ) C:\Users\administrator\Downloads\FreeShortcutRemover.exe
2016-02-03 12:07 - 2016-02-03 12:07 - 00339360 _____ C:\Users\administrator\Downloads\Virus_Remover.zip
2016-02-03 12:03 - 2016-02-03 12:03 - 00002791 _____ C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-02-03 11:51 - 2016-02-03 12:03 - 00000000 ____D C:\Users\administrator\AppData\Roaming\BitTorrent
2016-02-03 11:50 - 2016-02-03 11:50 - 00014685 _____ C:\Users\administrator\Downloads\[kat.cr]vikings.season.1.complete.480p.hdtv.x264.vector.torrent
2016-02-03 08:50 - 2016-02-03 08:51 - 17418226 _____ C:\Users\administrator\Desktop\unhackme.zip
2016-02-03 08:17 - 2016-02-03 08:19 - 00000000 ____D C:\Users\administrator\AppData\Roaming\TeraCopy
2016-02-03 08:15 - 2016-02-03 08:15 - 00000000 ____D C:\Users\administrator\AppData\Roaming\IObit
2016-02-03 00:32 - 2016-02-03 00:32 - 00000000 ____D C:\Users\administrator\AppData\Roaming\ProductData
2016-02-02 13:48 - 2016-02-02 13:48 - 00000000 ____D C:\Users\administrator\AppData\Roaming\AVG
2016-02-02 13:47 - 2016-02-03 08:55 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Adobe
2016-02-02 13:47 - 2016-02-02 13:47 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Macromedia
2016-02-02 13:38 - 2016-02-03 12:09 - 00000000 ____D C:\Users\administrator\AppData\Roaming\vlc
2016-02-02 13:27 - 2016-02-02 13:27 - 10213219 _____ (Asoftech ) C:\Users\administrator\Downloads\video-converter.exe
2016-02-02 13:27 - 2016-02-02 13:27 - 00000840 _____ C:\Users\Public\Desktop\Asoftech Data Recovery.lnk
2016-02-02 13:27 - 2016-02-02 13:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asoftech Data Recovery
2016-02-02 13:26 - 2016-02-02 13:26 - 04328880 _____ (Asoftech ) C:\Users\administrator\Downloads\adr.exe
2016-02-02 13:25 - 2016-02-02 13:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-02 13:25 - 2016-02-02 13:29 - 00000000 ____D C:\Users\administrator\AppData\Roaming\asoftech
2016-02-02 13:25 - 2016-02-02 13:29 - 00000000 ____D C:\Program Files (x86)\Asoftech
2016-02-02 13:23 - 2016-02-02 13:24 - 04311560 _____ (Asoftech Photo Recovery ) C:\Users\administrator\Downloads\apr.exe
2016-02-02 12:17 - 2016-02-03 08:46 - 00000473 _____ C:\Users\administrator\Desktop\DNS.txt
2016-02-02 12:13 - 2016-02-02 12:13 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2016-02-02 12:02 - 2016-02-03 12:12 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-02-02 12:02 - 2016-02-03 12:06 - 00003414 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2016-02-02 12:02 - 2016-02-03 12:06 - 00001072 _____ C:\Users\administrator\Desktop\UnHackMe.lnk
2016-02-02 12:02 - 2016-02-03 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-02-02 12:02 - 2016-02-03 12:06 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-02-02 12:02 - 2015-12-15 12:26 - 00012800 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2016-02-02 12:02 - 2015-09-17 13:47 - 00047920 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2016-02-02 11:24 - 2016-02-02 11:24 - 00000000 ____D C:\Program Files\Reason
2016-02-02 11:22 - 2016-02-02 11:23 - 03855576 _____ (Reason Software Company Inc.) C:\Users\administrator\Downloads\reason-core-security-setup_1.1.1.0.exe
2016-02-02 09:41 - 2016-02-02 09:41 - 00003146 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1454395245
2016-02-02 09:41 - 2016-02-02 09:41 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk
2016-02-02 09:41 - 2016-02-02 09:41 - 00001082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-02-02 09:39 - 2016-02-02 09:46 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-02-02 09:38 - 2016-02-02 09:39 - 01065208 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-02-02 09:38 - 2016-02-02 09:39 - 00464256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-02-02 09:38 - 2016-02-02 09:39 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2016-02-02 09:38 - 2016-02-02 09:38 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-02-02 09:38 - 2016-02-02 09:38 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-02-02 09:38 - 2016-02-02 09:38 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-02-02 09:38 - 2016-02-02 09:38 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-02-02 09:38 - 2016-02-02 09:38 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-02-02 09:38 - 2016-02-02 09:38 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-02-02 09:38 - 2016-02-02 09:38 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-02-02 09:38 - 2016-02-02 09:37 - 00028144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-02-02 09:37 - 2016-02-02 09:37 - 00466400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys
2016-02-02 09:36 - 2016-02-02 09:36 - 00450504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\gkajurwx.sys
2016-02-01 11:41 - 2016-02-01 11:41 - 00000000 ____D C:\àäìèíèñòðàòîð
2016-02-01 11:37 - 2016-02-01 11:37 - 00000000 ____D C:\admin
2016-02-01 11:36 - 2016-02-01 11:36 - 00000000 ____D C:\1
2016-02-01 11:35 - 2016-02-01 11:41 - 00000000 ____D C:\Documents and Settings
2016-02-01 11:35 - 2016-02-01 11:35 - 00000000 ____D C:\administrator
2016-02-01 09:40 - 2016-02-01 09:51 - 00000000 ____D C:\Users\administrator\AppData\Local\ROX Player
2016-02-01 09:40 - 2016-02-01 09:40 - 00001209 _____ C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ROX Player.lnk
2016-02-01 09:40 - 2016-02-01 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROX Player
2016-02-01 09:39 - 2016-02-01 09:39 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2016-02-01 09:16 - 2016-02-01 11:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-01 09:14 - 2016-02-01 09:14 - 00450504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\zqknrxel.sys
2016-02-01 09:14 - 2016-02-01 09:14 - 00450504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\vsvjhesi.sys
2016-02-01 09:14 - 2016-02-01 09:14 - 00450504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aqaaeear.sys
2016-01-31 05:52 - 2016-01-31 05:48 - 01229312 _____ C:\Users\administrator\Downloads\install-roxplayer.msi
2016-01-30 18:26 - 2016-01-30 18:26 - 00098304 _____ (Hewlett-Packard Company) C:\Users\administrator\Downloads\HPUSBDisk.exe
2016-01-30 18:23 - 2016-01-30 18:23 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RARBG Player
2016-01-30 18:18 - 2016-01-30 18:20 - 96154592 _____ (Torch Media, Inc) C:\Users\administrator\Downloads\TorchSetupFull-r0-n-bf.exe
2016-01-30 18:04 - 2016-01-30 18:05 - 56873887 _____ C:\Users\administrator\Downloads\Shaun the Sheep - ChampionSheeps [20 MINUTE COMPILATION] (VLD).flv
2016-01-30 18:00 - 2016-01-30 18:02 - 89940059 _____ C:\Users\administrator\Downloads\Shaun the Sheep Full episodes English Episode Compilation 2 (VLD).flv
2016-01-30 17:59 - 2016-01-30 18:00 - 23130023 _____ C:\Users\administrator\Downloads\Sheep In The Island 1 [HD] (VLD).flv
2016-01-30 17:58 - 2016-01-30 17:58 - 02424101 _____ C:\Users\administrator\Downloads\Funny!!! Lion King Song!!! ( The lion sleeps tonight) (LD).mp4
2016-01-30 17:47 - 2016-01-30 17:47 - 00000042 _____ C:\WINDOWS\SysWOW64\AK083E209605E394C.lie
2016-01-30 17:46 - 2016-01-30 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller
2016-01-30 16:35 - 2016-01-30 16:36 - 00162676 _____ C:\Users\administrator\Documents\cc_20160130_163548.reg
2016-01-30 14:06 - 2016-02-01 09:16 - 00000000 ____D C:\Users\1
2016-01-30 14:05 - 2016-02-01 09:16 - 00000000 ____D C:\Users\àäìèíèñòðàòîð
2016-01-30 14:04 - 2016-01-30 14:04 - 00000000 ___HD C:\$AVG
2016-01-30 13:52 - 2016-01-30 13:52 - 00003062 _____ C:\WINDOWS\System32\Tasks\0615piUpdateInfo
2016-01-30 13:52 - 2016-01-30 13:52 - 00000000 ____D C:\ProgramData\Avg_Update_0615pi
2016-01-30 13:50 - 2016-01-30 13:50 - 00000000 ____D C:\Users\Documents and Settings\àäìèíèñòðàòîð
2016-01-30 13:37 - 2016-01-30 13:37 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-01-30 13:37 - 2016-01-30 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-01-30 13:31 - 2016-02-03 08:52 - 00000000 ____D C:\ProgramData\MFAData
2016-01-30 13:31 - 2016-01-30 13:31 - 00000000 ____D C:\Users\administrator\AppData\Local\MFAData
2016-01-30 13:30 - 2016-02-01 09:13 - 00000000 ____D C:\Program Files (x86)\AVG
2016-01-30 13:30 - 2016-01-30 13:35 - 00000000 ____D C:\ProgramData\Avg
2016-01-30 13:29 - 2016-01-30 13:41 - 00000000 ____D C:\Users\administrator\AppData\Local\Avg
2016-01-30 13:29 - 2016-01-30 13:30 - 00000000 ____D C:\Users\administrator\AppData\Local\AvgSetupLog
2016-01-30 12:29 - 2016-01-30 12:29 - 00000000 ____D C:\Users\Documents and Settings\1
2016-01-30 11:24 - 2016-02-03 11:45 - 00000248 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2016-01-30 11:13 - 2016-02-03 12:11 - 00000000 ____D C:\ProgramData\RegRun
2016-01-30 11:06 - 2016-02-03 12:12 - 00000000 ____D C:\Users\administrator\Documents\RegRun2
2016-01-30 11:06 - 2016-02-03 12:06 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2016-01-30 11:06 - 2016-02-03 12:06 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2016-01-30 11:06 - 2016-02-03 12:06 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2016-01-30 11:05 - 2016-02-02 11:32 - 00000000 ____D C:\Users\administrator\Downloads\unhackme
2016-01-30 11:03 - 2016-01-30 11:04 - 17418226 _____ C:\Users\administrator\Downloads\unhackme.zip
2016-01-30 10:47 - 2016-01-30 11:24 - 00000000 ____D C:\Users\administrator\AppData\Local\TORCH.del
2016-01-29 18:49 - 2016-01-29 18:49 - 00000000 ____D C:\Users\administrator\Desktop\Bluetooth
2016-01-29 18:30 - 2016-01-30 10:31 - 00000000 ____D C:\Users\administrator\Desktop\recommendation
2016-01-27 19:58 - 2016-01-27 19:58 - 00000000 ____D C:\Users\Documents and Settings\admin
2016-01-27 19:25 - 2016-01-27 19:25 - 00000000 ____D C:\Users\Documents and Settings\administrator
2016-01-27 16:16 - 2016-02-01 09:16 - 00000000 ____D C:\Users\Documents and Settings
2016-01-27 16:14 - 2016-02-01 09:16 - 00000000 ____D C:\Users\ProgramData
2016-01-27 10:36 - 2016-01-27 17:36 - 00000000 ____D C:\Users\administrator\Documents\tsunami
2016-01-26 17:54 - 2016-01-30 12:31 - 00000000 ____D C:\QUARANTINE
2016-01-25 12:20 - 2016-02-01 11:01 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-01-25 12:20 - 2016-01-25 12:19 - 00118416 _____ (McAfee, Inc.) C:\WINDOWS\system32\MfeOtlkAddin.dll
2016-01-25 12:20 - 2016-01-25 12:19 - 00090576 _____ (McAfee, Inc.) C:\WINDOWS\SysWOW64\MfeOtlkAddin.dll
2016-01-25 12:20 - 2016-01-25 12:19 - 00024168 _____ (McAfee, Inc.) C:\WINDOWS\SysWOW64\MFEOtlk.dll
2016-01-25 12:18 - 2016-01-30 13:24 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-01-25 10:58 - 2016-01-25 10:58 - 00000000 ____D C:\Users\administrator\AppData\Local\AviraResume
2016-01-23 15:33 - 2016-01-23 15:33 - 00000000 ____D C:\Users\administrator\AppData\Roaming\AVAST Software
2016-01-23 15:28 - 2016-02-02 09:37 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-23 15:28 - 2016-01-23 15:21 - 03451936 ____N (Avast Software s.r.o.) C:\Users\Public\Documents\aswOfferTool.exe
2016-01-23 08:54 - 2016-01-30 11:28 - 00000000 ____D C:\Users\administrator\AppData\LocalLow\uTorrent
2016-01-14 10:28 - 2016-01-14 10:28 - 00001742 _____ C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-01-14 10:28 - 2016-01-14 10:28 - 00000000 ____D C:\ProgramData\BlueStacksGameManager
2016-01-14 10:24 - 2016-01-14 10:26 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2016-01-13 09:56 - 2016-02-03 08:28 - 00000000 ____D C:\Users\administrator\Desktop\indonesia-bali
2016-01-12 08:32 - 2016-01-19 22:14 - 00000000 ____D C:\Users\administrator\Desktop\card tricks
2016-01-11 12:10 - 2016-01-11 12:13 - 00000000 ____D C:\Users\administrator\AppData\Local\ashampoo
2016-01-11 12:10 - 2016-01-11 12:10 - 00001902 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk
2016-01-11 12:10 - 2016-01-11 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2016-01-11 12:09 - 2016-01-11 12:09 - 00000000 ____D C:\Program Files (x86)\Ashampoo
2016-01-09 09:18 - 2016-01-09 09:18 - 00000136 _____ C:\Users\administrator\Documents\unhide.zip
2016-01-05 10:25 - 2016-02-01 09:51 - 00000000 ____D C:\Users\administrator\Desktop\x-mas
2016-01-04 14:16 - 2016-01-04 14:16 - 00002005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 9.lnk
2016-01-04 14:16 - 2014-05-19 13:26 - 00029704 _____ (Nitro PDF Software) C:\WINDOWS\system32\nitrolocalmon9.dll
2016-01-04 14:16 - 2014-05-19 13:26 - 00017928 _____ (Nitro PDF Software) C:\WINDOWS\system32\nitrolocalui9.dll
2016-01-04 14:14 - 2016-01-04 14:14 - 00000000 ____D C:\ProgramData\Nitro
2016-01-04 14:14 - 2016-01-04 14:14 - 00000000 ____D C:\Program Files\Nitro
2016-01-04 14:14 - 2016-01-04 14:14 - 00000000 ____D C:\Program Files\Common Files\Nitro
2016-01-04 14:14 - 2016-01-04 14:14 - 00000000 ____D C:\Program Files (x86)\Nitro

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-03 12:03 - 2015-12-04 15:47 - 00002791 _____ C:\Users\administrator\Desktop\BitTorrent.lnk
2016-02-03 11:49 - 2015-03-04 02:42 - 00000000 ____D C:\Users\administrator\Downloads\voucher printed
2016-02-03 11:47 - 2015-09-22 16:02 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-02-03 11:46 - 2015-10-15 09:36 - 00000000 ____D C:\ProgramData\VMware
2016-02-03 11:45 - 2015-12-11 21:40 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-03 11:45 - 2015-09-22 10:35 - 00003650 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-02-03 11:44 - 2015-10-30 09:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-03 11:43 - 2015-09-22 11:26 - 00000000 ____D C:\Users\administrator\Documents\Outlook Files
2016-02-03 11:23 - 2015-10-14 02:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-03 08:26 - 2015-09-22 11:06 - 00002278 ____H C:\Users\administrator\Documents\Default.rdp
2016-02-03 08:10 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-03 08:10 - 2015-10-09 04:06 - 00000000 ____D C:\Users\administrator\AppData\Local\ElevatedDiagnostics
2016-02-03 08:09 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-02 13:47 - 2015-11-20 08:18 - 00000000 ____D C:\Users\administrator\AppData\Roaming\Maxthon3
2016-02-02 13:35 - 2015-09-22 10:39 - 00000000 ____D C:\Users\administrator\Desktop\short cutz
2016-02-02 13:31 - 2015-11-20 10:33 - 00000304 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2016-02-02 12:44 - 2015-12-11 20:54 - 00980448 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-02 12:44 - 2015-10-30 10:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-02 12:14 - 2015-10-07 04:47 - 00000000 ____D C:\Program Files\Common Files\qkpcv1f1
2016-02-02 11:55 - 2015-11-13 02:54 - 00000000 ____D C:\Users\administrator\Downloads\system tools
2016-02-02 11:55 - 2015-10-07 03:47 - 00000000 ____D C:\ProgramData\IObit
2016-02-02 10:07 - 2015-10-30 10:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-02 09:38 - 2015-10-07 08:46 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-02 07:16 - 2015-10-30 10:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-01 20:50 - 2015-10-30 09:28 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-01 12:15 - 2015-10-14 02:59 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-02-01 11:37 - 2015-10-30 10:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-01 11:37 - 2015-10-07 03:46 - 00000000 ____D C:\Program Files (x86)\IObit
2016-02-01 09:50 - 2015-12-04 15:47 - 00000000 ____D C:\Users\administrator\AppData\LocalLow\BitTorrent
2016-02-01 09:16 - 2015-07-10 12:05 - 00000000 ____D C:\Users\Default.migrated
2016-01-30 18:41 - 2015-12-11 20:55 - 00000000 ____D C:\Users\administrator
2016-01-30 17:50 - 2015-12-31 22:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-30 17:08 - 2015-09-22 16:10 - 00000000 ____D C:\Program Files (x86)\Power Ge'ez 2010
2016-01-30 15:20 - 2015-10-12 02:57 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-01-30 13:26 - 2015-10-02 06:59 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-30 13:24 - 2015-10-14 02:59 - 00000000 ____D C:\ProgramData\McAfee
2016-01-30 13:09 - 2015-09-25 07:42 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-01-30 12:20 - 2015-11-18 06:30 - 00000000 ____D C:\ProgramData\ProductData
2016-01-30 11:24 - 2015-09-26 04:42 - 00000000 ____D C:\Program Files (x86)\MOBOGENIE3.del
2016-01-29 17:06 - 2015-11-12 03:42 - 00000000 ____D C:\Program Files\PowerDataRecovery
2016-01-29 16:49 - 2015-12-02 04:14 - 00000000 ____D C:\Program Files\KMSpico
2016-01-29 16:19 - 2015-11-09 09:44 - 00000000 ____D C:\Users\administrator\Desktop\identix
2016-01-29 15:05 - 2015-11-23 11:32 - 00000000 ____D C:\Users\administrator\Desktop\HBD
2016-01-29 12:34 - 2015-05-30 07:21 - 00000000 ____D C:\Users\administrator\Desktop\adv
2016-01-28 16:45 - 2015-05-29 04:09 - 00000000 ____D C:\Users\administrator\Desktop\proj-data
2016-01-26 20:15 - 2015-08-20 09:50 - 00000000 ____D C:\Users\administrator\Desktop\tiens
2016-01-26 18:00 - 2015-09-22 10:35 - 00000000 ____D C:\Users\administrator\AppData\Local\Packages
2016-01-25 11:56 - 2015-06-04 07:21 - 00000000 ____D C:\Users\administrator\Desktop\ssih-files
2016-01-23 15:03 - 2015-09-26 10:16 - 00000000 ____D C:\Users\administrator\Desktop\pic-
2016-01-19 23:01 - 2015-10-07 05:02 - 00000000 ____D C:\KMPlayer
2016-01-19 20:41 - 2015-11-09 12:07 - 00000000 ____D C:\Users\administrator\Desktop\Ahadu IT Solutions
2016-01-14 10:26 - 2015-10-30 10:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-01-14 10:24 - 2015-10-12 02:59 - 00000000 ____D C:\ProgramData\BlueStacks
2016-01-13 14:33 - 2015-10-15 09:52 - 00000000 ____D C:\Users\administrator\AppData\Local\VMware
2016-01-12 19:24 - 2015-11-13 08:52 - 00000000 ____D C:\Users\administrator\Downloads\diff tutorial
2016-01-12 17:39 - 2015-12-23 13:36 - 00000000 ____D C:\Users\administrator\Desktop\daniel 7
2016-01-04 10:39 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp

==================== Files in the root of some directories =======

2015-11-16 04:26 - 2015-11-16 04:31 - 0005632 _____ () C:\Users\administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-07 02:46 - 2015-10-07 02:46 - 0000187 _____ () C:\Users\administrator\AppData\Local\Donelectronics.exe.config
2015-11-23 14:15 - 2015-12-04 12:15 - 0000700 ___SH () C:\Users\administrator\AppData\Local\systemFL7.dat
2015-10-07 08:35 - 2015-10-07 08:35 - 0000000 _____ () C:\ProgramData\inf.dat

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-25 08:59

==================== End of FRST.txt ============================