malware & eliminate help .....

**jmarket** · 09-07-2016, 04:26 AM

Welcome to PCHF rusobr2 A slow, sluggish computer with a mouse disappearing? That sounds like an infection to me. o_O I’m going to move your thread to the Malware Removal area so we can get you diagnosed and if infected, fixed up Please follow the below instruction to begin your malware removal treatment

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select “Run as administrator” from the menu"

https://www.pchelpforum.net/attachments/icon2-jpg.112/

If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.

https://www.pchelpforum.net/attachme...aimer-jpg.113/
[ol]
[li]Accept the default whitelist options,[/li][li]If the additions.txt options box is not checked please select it. [/li]
[li]Then select “Scan”[/li][/ol]

https://www.pchelpforum.net/attachments/frst-jpg.114/

Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.

https://www.pchelpforum.net/attachme...52002-jpg.115/

Please Copy and Paste the contents of these logs in your next post for review by our Security Team

**rusobr2** · 09-07-2016, 04:51 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by rusobr2 (administrator) on RUSOBR2-PC (06-09-2016 21:46:10)
Running from C:\Users\rusobr2\Downloads
Loaded Profiles: rusobr2 (Available Profiles: rusobr2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
() C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(© 2015 Microsoft Corporation) C:\Users\rusobr2\AppData\Local\Microsoft\BingSvc\B ingSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlug in_22_0_0_209.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1838504 2016-07-11] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM-x32...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll
HKU\S-1-5-21-436883666-1139675966-1884149517-1000...\Run: [BingSvc] => C:\Users\rusobr2\AppData\Local\Microsoft\BingSvc\B ingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-436883666-1139675966-1884149517-1000...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-13]
ShortcutTarget: McAfee Security Scan Plus.lnk → C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2014-08-04]
ShortcutTarget: Wireless Connection Manager.lnk → C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe (D-Link Corp.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9
Tcpip..\Interfaces{F63853C9-4098-42F4-ADE8-406C47CCC51F}: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9
[HEADING=1]Internet Explorer:[/HEADING]
BHO: SafeMon Class → {B69F34DD-F0F9-42DC-9EDD-957187DA688D} → C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-07-11] (Qihu 360 Software Co., Ltd.)
BHO-x32: SafeMon Class → {B69F34DD-F0F9-42DC-9EDD-957187DA688D} → C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-07-11] (Qihu 360 Software Co., Ltd.)
[HEADING=1]FireFox:[/HEADING]
FF ProfilePath: C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\P rofiles\dyxfuajd.default-1444401129957
FF Homepage: msn.com
FF Plugin: @adobe.com/FlashPlayer → C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_ 209.dll [2016-07-30] ()
FF Plugin: @microsoft.com/GENUINE → disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer → C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_ 209.dll [2016-07-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin → C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE → disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Extension: (360 Internet Protection) - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-07-30]
FF Extension: (American English Spelling Checker) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\P rofiles\dyxfuajd.default-1444401129957\extensions\AmericanEnglishSpellingChecker@lipocodes.xpi [2016-08-26]
FF Extension: (Firefox Hotfix) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\P rofiles\dyxfuajd.default-1444401129957\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
FF Extension: (SaveFrom.net - helper) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\P rofiles\dyxfuajd.default-1444401129957\Extensions\helper-sig@savefrom.net.xpi [2016-08-22]
FF Extension: (YouTube™ Flash-HTML5) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\P rofiles\dyxfuajd.default-1444401129957\Extensions\jid1-o2qEVrZ4t5FJWu@jetpack.xpi [2016-07-30]
FF Extension: (translator) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\P rofiles\dyxfuajd.default-1444401129957\Extensions\translator@dontfollowme.net.xpi [2016-06-08]
FF Extension: (Video DownloadHelper) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\P rofiles\dyxfuajd.default-1444401129957\Extensions{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-03]
FF Extension: (Adblock Plus) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\P rofiles\dyxfuajd.default-1444401129957\Extensions{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-18] (McAfee, Inc.)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [913832 2016-07-11] (QIHU 360 SOFTWARE CO. LIMITED)
S3 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
S2 424706e40d5a5f55369633986718ca4d; c:\program files\768045ce0ae8eb4426ad6062514a19b7\7bb70b6e963 14a97879c4b2fe3c53913.exe

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-07-11] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2016-07-11] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2016-07-11] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-07-11] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-09-05] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [370768 2016-04-24] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [182352 2016-05-18] (360.cn)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation )
R1 219c91ba2c1e0bc8a0cdb74f9227c597; system32\DRIVERS\219c91ba2c1e0bc8a0cdb74f9227c597. sys
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys
S3 NvStreamKms; ??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-06 21:46 - 2016-09-06 21:47 - 00010191 _____ C:\Users\rusobr2\Downloads\FRST.txt
2016-09-06 21:46 - 2016-09-06 21:46 - 00000000 ____D C:\FRST
2016-09-06 21:45 - 2016-09-06 21:45 - 02397696 _____ (Farbar) C:\Users\rusobr2\Downloads\FRST64.exe
2016-09-06 21:37 - 2016-09-06 21:37 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-06 21:35 - 2016-09-06 21:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-06 21:35 - 2016-09-06 21:35 - 00001393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-09-06 21:35 - 2016-09-06 21:35 - 00001381 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-09-06 21:35 - 2016-09-06 21:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-06 21:35 - 2016-09-06 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-09-06 21:35 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2016-09-06 21:33 - 2016-09-06 21:34 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\rusobr2\Downloads\spybot-2.4.exe
2016-09-06 21:08 - 2016-09-06 21:08 - 00064024 _____ C:\Users\rusobr2\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-03 09:07 - 2016-09-03 09:08 - 30461490 _____ C:\Users\rusobr2\Downloads\Guide to do some gymnastics.mp4
2016-09-02 07:09 - 2016-09-02 07:10 - 138450435 _____ C:\Users\rusobr2\Downloads\BFF’S YOGA CHALLENGE ч.2(1).mp4
2016-09-02 07:09 - 2016-09-02 07:09 - 138450435 _____ C:\Users\rusobr2\Downloads\BFF’S YOGA CHALLENGE ч.2.mp4
2016-09-02 06:41 - 2016-09-02 06:41 - 81445047 _____ C:\Users\rusobr2\Downloads\Йога челинж.mp4
2016-09-02 06:30 - 2016-09-02 06:31 - 192798156 _____ C:\Users\rusobr2\Downloads\THE YOGA CHALLENGE_Испытания для девчонок ч.1.mp4
2016-09-02 05:36 - 2016-09-02 05:37 - 317107316 _____ C:\Users\rusobr2\Downloads\BetaRiffs _ Day 4 _ SLEEPOVER.mp4
2016-09-02 04:26 - 2016-09-02 04:26 - 08923784 _____ C:\Users\rusobr2\Downloads\Gymnastics.mp4
2016-09-02 04:07 - 2016-09-02 04:07 - 44739103 _____ C:\Users\rusobr2\Downloads\Fun Yoga Challenge.mp4
2016-09-01 14:25 - 2016-09-01 14:25 - 35688452 _____ C:\Users\rusobr2\Downloads\NOT MY LEGS CHALLENGE WITH TRYNDA BLOOPERS(1).mp4
2016-09-01 14:20 - 2016-09-01 14:20 - 35688452 _____ C:\Users\rusobr2\Downloads\NOT MY LEGS CHALLENGE WITH TRYNDA BLOOPERS.mp4
2016-09-01 13:20 - 2016-09-01 13:20 - 25188114 _____ C:\Users\rusobr2\Downloads\How to do siple gymnastics.mp4
2016-09-01 12:50 - 2016-09-01 12:50 - 18890598 _____ C:\Users\rusobr2\Downloads\Twister challenge.mp4
2016-09-01 12:46 - 2016-09-01 12:46 - 103365220 _____ C:\Users\rusobr2\Downloads\2 girls yoga challenge(2).mp4
2016-09-01 12:44 - 2016-09-01 12:45 - 103365220 _____ C:\Users\rusobr2\Downloads\2 girls yoga challenge(1).mp4
2016-09-01 12:39 - 2016-09-01 12:40 - 103365220 _____ C:\Users\rusobr2\Downloads\2 girls yoga challenge.mp4
2016-09-01 12:38 - 2016-09-01 12:38 - 05783319 _____ C:\Users\rusobr2\Downloads\My gymnastics(1).mp4
2016-09-01 12:12 - 2016-09-01 12:12 - 09422493 _____ C:\Users\rusobr2\Downloads\How to do a handstand(2).mp4
2016-09-01 11:56 - 2016-09-01 11:56 - 139398536 _____ C:\Users\rusobr2\Downloads\How to do handstands. Work with me plz.mp4
2016-09-01 11:54 - 2016-09-01 11:54 - 36282488 _____ C:\Users\rusobr2\Downloads\how to do a handstand(1).mp4
2016-09-01 11:29 - 2016-09-01 11:29 - 53293425 _____ C:\Users\rusobr2\Downloads\My gymnastics.mp4
2016-09-01 11:27 - 2016-09-01 11:27 - 77406100 _____ C:\Users\rusobr2\Downloads\Gymnastics whith my sister.mp4
2016-09-01 11:08 - 2016-09-01 11:08 - 25833121 _____ C:\Users\rusobr2\Downloads\Back bend for 2 min.mp4
2016-09-01 11:03 - 2016-09-01 11:03 - 06683268 _____ C:\Users\rusobr2\Downloads\Как научиться делать переворот вперед.mp4
2016-09-01 10:59 - 2016-09-01 10:59 - 177258943 _____ C:\Users\rusobr2\Downloads\THE YOGA CHALLENGE_Испытания для девчонок ч.2.mp4
2016-09-01 10:44 - 2016-09-01 10:44 - 75395273 _____ C:\Users\rusobr2\Downloads\Doing gymnastics while doing daily tasks _EPIC FAIL.mp4
2016-09-01 10:39 - 2016-09-01 10:40 - 275679168 _____ C:\Users\rusobr2\Downloads\My first video - Gymnastics.mp4
2016-09-01 10:35 - 2016-09-01 10:35 - 116829000 _____ C:\Users\rusobr2\Downloads\my second video - Gymnastics Backbend.mp4
2016-09-01 10:20 - 2016-09-01 10:20 - 160563696 _____ C:\Users\rusobr2\Downloads\Gymnastics with my friends.mp4
2016-09-01 10:15 - 2016-09-01 10:15 - 15523013 _____ C:\Users\rusobr2\Downloads\My gymnastics and dance in a skirt.mp4
2016-09-01 09:59 - 2016-09-01 09:59 - 85640965 _____ C:\Users\rusobr2\Downloads\The Yoga Challenge ft ЮляЭлпис.mp4
2016-09-01 09:27 - 2016-09-01 09:27 - 38333639 _____ C:\Users\rusobr2\Downloads\Ice _ yoga challenge.mp4
2016-09-01 09:22 - 2016-09-01 09:23 - 75980070 _____ C:\Users\rusobr2\Downloads\Ice bath challenge.mp4
2016-09-01 09:05 - 2016-09-01 09:05 - 107725635 _____ C:\Users\rusobr2\Downloads\Растяжка на шпагат и мостик .(1 часть).mp4
2016-09-01 01:13 - 2016-09-01 08:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-31 12:34 - 2016-08-31 12:34 - 75407449 _____ C:\Users\rusobr2\Downloads\Cailin and Jenna’s Yoga Challenge.mp4
2016-08-31 12:20 - 2016-08-31 12:20 - 11821617 _____ C:\Users\rusobr2\Downloads\New The Yoga Challenge! The Yoga Challenge girl 2016 386 YouTube.mp4
2016-08-31 12:12 - 2016-08-31 12:12 - 46864298 _____ C:\Users\rusobr2\Downloads\New The Yoga Challenge.mp4
2016-08-31 11:54 - 2016-08-31 11:54 - 10682703 _____ C:\Users\rusobr2\Downloads\Yoga Challenge Morning Routine.mp4
2016-08-31 11:09 - 2016-08-31 11:09 - 06859592 _____ C:\Users\rusobr2\Downloads\How to improve your splits! the yoga challenge girls teen desafio da piscina desafio da yoga!.mp4
2016-08-31 11:05 - 2016-08-31 11:05 - 22142829 _____ C:\Users\rusobr2\Downloads\New The Yoga Challenge! The Yoga Challenge girl 2016 314.mp4
2016-08-31 10:57 - 2016-08-31 10:57 - 79534852 _____ C:\Users\rusobr2\Downloads\Yoga Challenge pt1.mp4
2016-08-31 10:49 - 2016-08-31 10:49 - 81818813 _____ C:\Users\rusobr2\Downloads\Yoga Challenge pt2.mp4
2016-08-31 10:38 - 2016-08-31 10:38 - 49549248 _____ C:\Users\rusobr2\Downloads\El desafío del yoga.The Yoga Challenge.mp4
2016-08-31 10:36 - 2016-08-31 10:36 - 65209880 _____ C:\Users\rusobr2\Downloads\Fun Yoga Challenge - Desafio da yoga 149.mp4
2016-08-31 10:24 - 2016-08-31 10:25 - 76388680 _____ C:\Users\rusobr2\Downloads\Fun Yoga Challenge - Desafio da yoga 145.mp4
2016-08-31 10:19 - 2016-08-31 10:20 - 57424697 _____ C:\Users\rusobr2\Downloads\The Yoga Challenge ft Lurv4lyfe.mp4
2016-08-31 10:01 - 2016-08-31 10:02 - 139949912 _____ C:\Users\rusobr2\Downloads\Yoga Challenge Funny!.mp4
2016-08-31 09:18 - 2016-08-31 09:18 - 100493836 _____ C:\Users\rusobr2\Downloads\word desafios , Yoga Challenge chany.mp4
2016-08-31 09:06 - 2016-08-31 09:06 - 79297183 _____ C:\Users\rusobr2\Downloads\Yoga challenge .mp4
2016-08-31 08:50 - 2016-08-31 08:50 - 16898776 _____ C:\Users\rusobr2\Downloads\Gymnastics - Middle Split.mp4
2016-08-31 08:46 - 2016-08-31 08:46 - 26290750 _____ C:\Users\rusobr2\Downloads\Gymnastics - Splits at home!.mp4
2016-08-31 08:44 - 2016-08-31 08:44 - 07834294 _____ C:\Users\rusobr2\Downloads\Gymnastics - Splits Cute Baby Girl.mp4
2016-08-31 08:41 - 2016-08-31 08:41 - 18773871 _____ C:\Users\rusobr2\Downloads\Gymnastics - Splits.mp4
2016-08-31 08:39 - 2016-08-31 08:39 - 07341877 _____ C:\Users\rusobr2\Downloads\Gymnastics - How to do the Middle Splits for Kids.mp4
2016-08-31 08:35 - 2016-08-31 08:35 - 12684431 _____ C:\Users\rusobr2\Downloads\Gymnastics - Splits Warm Up !.mp4
2016-08-31 08:28 - 2016-08-31 08:28 - 138981413 _____ C:\Users\rusobr2\Downloads\Bath challenge.mp4
2016-08-28 12:05 - 2016-08-28 12:06 - 101468474 _____ C:\Users\rusobr2\Downloads\As meninas brincando kkkkk.mp4
2016-08-28 12:03 - 2016-08-28 12:04 - 120643585 _____ C:\Users\rusobr2\Downloads\Non so cosa fare.mp4
2016-08-28 12:02 - 2016-08-28 12:02 - 08486016 _____ C:\Users\rusobr2\Downloads\моё утро 2.mp4
2016-08-28 11:53 - 2016-08-28 11:53 - 129671651 _____ C:\Users\rusobr2\Downloads\Best friend pool chllenge and funny moments.mp4
2016-08-28 11:41 - 2016-08-28 11:41 - 42856901 _____ C:\Users\rusobr2\Downloads\DESAFÍO ACEPTADO Yoga Desafio aceitado Yoga ВЫЗОВ ПРИНЯТ Йога .mp4
2016-08-28 11:19 - 2016-08-28 11:19 - 12107039 _____ C:\Users\rusobr2\Downloads\How to do a handstand.mp4
2016-08-28 11:10 - 2016-08-28 11:10 - 13544437 _____ C:\Users\rusobr2\Downloads\How to do splits easy way.mp4
2016-08-28 10:59 - 2016-08-28 10:59 - 35264086 _____ C:\Users\rusobr2\Downloads\How to do the splits in 5 minutes!.mp4
2016-08-28 10:47 - 2016-08-28 10:47 - 20814969 _____ C:\Users\rusobr2\Downloads\How to do Splits - best way.mp4
2016-08-28 10:37 - 2016-08-28 10:37 - 111448144 _____ C:\Users\rusobr2\Downloads\Splits part 1.mp4
2016-08-28 10:33 - 2016-08-28 10:33 - 15828179 _____ C:\Users\rusobr2\Downloads#YOGA #CHALLENGE #WITH #GIRLFRIEND - #POOL CHALLENGE #BEST #FRIENDS (501).mp4.mp4
2016-08-28 10:29 - 2016-08-28 10:29 - 167548596 _____ C:\Users\rusobr2\Downloads\Yoga Challenge 2 __ REBECCA HOFFMAN.mp4
2016-08-28 10:28 - 2016-08-28 10:28 - 18724991 _____ C:\Users\rusobr2\Downloads\Split skills.mp4
2016-08-27 11:33 - 2016-08-27 11:33 - 17713166 _____ C:\Users\rusobr2\Downloads\Как сесть на шпагат за 5 минут.mp4
2016-08-27 11:26 - 2016-08-27 11:26 - 01097477 _____ C:\Users\rusobr2\Downloads\Моя гимнастика #3.mp4
2016-08-27 10:12 - 2016-08-27 10:12 - 40954820 _____ C:\Users\rusobr2\Downloads\Как научиться делать шпагат.mp4
2016-08-27 09:48 - 2016-08-27 09:48 - 31631713 _____ C:\Users\rusobr2\Downloads\Почувствовал слабинку.mp4
2016-08-27 09:38 - 2016-08-27 09:38 - 53330275 _____ C:\Users\rusobr2\Downloads\În pis.mp4
2016-08-27 08:50 - 2016-08-27 08:50 - 01652464 _____ C:\Users\rusobr2\Downloads\Моё утро _3.mp4
2016-08-24 20:35 - 2016-07-08 08:37 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-08-24 20:35 - 2016-07-08 08:37 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-08-24 20:35 - 2016-07-08 08:32 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00343552 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-08-24 20:35 - 2016-07-08 08:17 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-08-24 20:35 - 2016-07-08 08:17 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-08-24 20:35 - 2016-07-08 08:03 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-08-24 20:35 - 2016-07-08 07:57 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-08-24 20:35 - 2016-07-08 07:56 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-08-24 20:35 - 2016-07-08 07:56 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-08-24 20:35 - 2016-07-08 07:55 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-08-24 20:35 - 2016-07-08 07:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-08-24 20:35 - 2016-07-08 07:50 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-08-24 20:35 - 2016-06-25 17:27 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-08-24 20:35 - 2016-06-25 17:27 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-08-24 20:35 - 2016-06-25 17:27 - 00344576 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-08-24 20:35 - 2016-06-25 17:27 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-08-24 20:35 - 2016-06-25 17:27 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
2016-08-24 20:35 - 2016-06-25 12:54 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2016-08-24 20:35 - 2016-06-25 12:53 - 00297472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2016-08-24 20:35 - 2016-06-25 12:53 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
2016-08-24 20:35 - 2016-06-25 12:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
2016-08-24 20:35 - 2016-06-25 12:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.exe
2016-08-24 20:35 - 2016-05-18 09:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-08-24 20:35 - 2016-05-18 09:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-08-24 20:35 - 2016-05-13 15:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-08-24 20:35 - 2016-05-13 15:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-08-24 20:35 - 2016-05-13 15:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-08-24 20:35 - 2016-05-13 15:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-08-24 20:35 - 2016-05-13 15:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-08-24 20:35 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-08-24 20:35 - 2016-05-13 14:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-08-24 20:35 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-08-24 20:35 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-08-24 20:35 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-08-24 20:35 - 2016-05-12 10:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-08-24 20:35 - 2016-05-12 10:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-08-24 20:35 - 2016-05-12 10:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-08-24 20:35 - 2016-05-12 10:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-08-24 20:35 - 2016-05-12 10:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-08-24 20:35 - 2016-05-12 10:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-08-24 20:35 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-08-24 20:35 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-08-24 20:35 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-08-24 20:35 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-08-24 20:35 - 2016-05-12 07:58 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-08-24 20:35 - 2016-05-12 07:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-08-24 20:35 - 2016-05-12 07:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-08-24 20:35 - 2016-05-12 06:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-08-24 20:35 - 2016-05-12 06:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-08-24 20:35 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-08-24 20:35 - 2016-05-11 10:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-08-24 20:35 - 2016-05-11 10:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-08-24 20:35 - 2016-05-11 10:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-08-24 20:35 - 2016-05-11 10:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-08-24 20:35 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-08-24 20:35 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-08-24 20:35 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-08-24 20:35 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-08-24 20:35 - 2016-05-11 08:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-08-24 20:35 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-08-24 20:35 - 2016-05-11 07:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-08-24 20:35 - 2016-04-14 06:49 - 00603648 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2016-08-24 20:35 - 2016-04-14 06:21 - 00647680 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-08-24 20:35 - 2016-04-09 00:02 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-08-24 20:35 - 2016-04-09 00:01 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-08-24 20:35 - 2016-04-09 00:01 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-08-24 20:35 - 2016-04-09 00:01 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-08-24 20:35 - 2016-04-09 00:01 - 00264936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2016-08-24 20:35 - 2016-04-08 23:59 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-08-24 20:35 - 2016-04-08 23:59 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-08-24 20:35 - 2016-04-08 23:59 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-08-24 20:35 - 2016-04-08 23:58 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-08-24 20:35 - 2016-04-08 23:58 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-08-24 20:35 - 2016-04-08 23:58 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-08-24 20:35 - 2016-04-08 23:58 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-08-24 20:35 - 2016-04-08 23:58 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-08-24 20:35 - 2016-04-08 23:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-08-24 20:35 - 2016-04-08 23:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 22:52 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-08-24 20:35 - 2016-04-08 22:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-08-24 20:35 - 2016-04-08 22:52 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-08-24 20:35 - 2016-04-08 22:48 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-08-24 20:35 - 2016-04-08 22:47 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-08-24 20:35 - 2016-04-08 22:43 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-08-24 20:35 - 2016-04-08 22:38 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-08-24 20:35 - 2016-04-08 22:38 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-08-24 20:35 - 2016-04-08 22:38 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-08-24 20:35 - 2016-04-08 22:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-08-24 20:35 - 2016-04-08 22:37 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 22:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 22:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 22:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 21:20 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2016-08-24 20:35 - 2016-04-06 08:27 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-08-24 20:28 - 2016-07-08 08:01 - 03218944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-08-24 15:08 - 2016-08-24 15:08 - 04365182 _____ C:\Users\rusobr2\Downloads\How to do a back bend over.mp4
2016-08-23 13:13 - 2016-08-23 13:13 - 48627963 _____ C:\Users\rusobr2\Downloads\Desafio da piscina na yoga challenge at the beach.mp4
2016-08-23 00:48 - 2016-08-23 00:48 - 20983192 _____ C:\Users\rusobr2\Downloads#YOGA #CHALLENGE #WITH #GIRLFRIEND - #POOL CHALLENGE #BEST #FRIENDS (201).mp4.mp4
2016-08-23 00:39 - 2016-08-23 00:40 - 130612113 _____ C:\Users\rusobr2\Downloads\Girls Having A Swim in The Lake.mp4
2016-08-23 00:34 - 2016-08-23 00:34 - 43724095 _____ C:\Users\rusobr2\Downloads\Girls Gymnastics Challenge in Small Pool.mp4
2016-08-22 23:52 - 2016-08-22 23:52 - 28694588 _____ C:\Users\rusobr2\Downloads\Oque eu levo para a piscina.mp4
2016-08-21 09:11 - 2016-08-21 09:11 - 33331954 _____ C:\Users\rusobr2\Downloads\My new gymnastics skills.mp4
2016-08-20 15:28 - 2016-08-20 15:28 - 42159687 _____ C:\Users\rusobr2\Downloads\Women’s water polo FINA 2016 underwater highlights Pt1.mp4
2016-08-15 11:30 - 2016-08-15 11:30 - 20137015 _____ C:\Users\rusobr2\Downloads\How To Do The Splits Quickly!.mp4
2016-08-15 10:53 - 2016-08-15 10:53 - 42404459 _____ C:\Users\rusobr2\Downloads\Gymnastics challenge.mp4
2016-08-13 15:17 - 2016-08-13 15:18 - 98481160 _____ C:\Users\rusobr2\Downloads\7 июня 2016 г.mp4
2016-08-13 11:35 - 2016-08-13 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-08-13 09:56 - 2016-08-13 09:57 - 36870816 _____ C:\Users\rusobr2\Downloads\Не своими ногами_NOT MY LEGS CHALLENGE.mp4
2016-08-13 06:56 - 2016-08-13 06:57 - 30125516 _____ C:\Users\rusobr2\Downloads\Yoga Challenge.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-06 21:46 - 2015-09-27 10:57 - 00000000 ____D C:\Users\rusobr2\AppData\Roaming\vlc
2016-09-06 21:45 - 2015-09-15 15:17 - 00000000 ____D C:\Users\rusobr2\AppData\Roaming\360safe
2016-09-06 21:45 - 2015-09-15 15:16 - 00000000 ____D C:\Users\rusobr2\AppData\LocalLow\360WD
2016-09-06 21:16 - 2016-05-26 09:32 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-09-06 21:13 - 2009-07-13 21:45 - 00021888 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-06 21:13 - 2009-07-13 21:45 - 00021888 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-06 02:11 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2016-09-02 13:37 - 2015-12-02 02:43 - 00000000 ____D C:\Users\rusobr2\dwhelper
2016-09-01 08:59 - 2009-07-13 22:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-09-01 08:54 - 2015-11-19 09:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-01 08:54 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-25 01:19 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2016-08-24 20:49 - 2011-04-12 01:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-24 20:44 - 2014-07-31 14:32 - 00000000 ____D C:\windows\system32\MRT
2016-08-24 20:39 - 2014-07-31 14:32 - 147640136 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-08-22 11:35 - 2015-09-25 06:13 - 00000000 ____D C:\Users\rusobr2\Downloads\MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos_files
2016-08-20 08:17 - 2015-09-25 21:13 - 00004478 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-08-13 11:35 - 2016-03-05 12:34 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-13 11:35 - 2016-03-02 12:34 - 00001926 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-08-07 08:20 - 2015-09-28 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-07 08:20 - 2015-09-27 10:56 - 00001068 _____ C:\Users\Public\Desktop\VLC media player.lnk

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
[HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by rusobr2 (06-09-2016 21:47:57)
Running from C:\Users\rusobr2\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-09-15 21:37:06)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-436883666-1139675966-1884149517-500 - Administrator - Disabled)
Guest (S-1-5-21-436883666-1139675966-1884149517-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-436883666-1139675966-1884149517-1002 - Limited - Enabled)
rusobr2 (S-1-5-21-436883666-1139675966-1884149517-1000 - Administrator - Enabled) => C:\Users\rusobr2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32...\360TotalSecurity) (Version: 8.6.0.1158 - 360 Security Center)
Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
D-Link DWA-131 Wireless N Nano USB Adapter (HKLM-x32...{98B82958-1DCA-4504-BE88-C91F1C7A7225}) (Version: 1 - D-Link)
Google Earth (HKLM-x32...{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
McAfee Security Scan Plus (HKLM...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32...{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
Spybot - Search & Destroy (HKLM-x32...{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Unknown File Handler (HKLM-x32...\UFH_is1) (Version: 2015.12.29.0 - File.org)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {112EB998-21AB-451B-84E6-16B7E490B7D8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2016-07-30] (Adobe Systems Incorporated)
Task: {17F5B756-88DC-4AF9-B7DF-CE86CB01E698} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-27] (Google Inc.)
Task: {695CC8BF-7C35-4760-B577-C7930E2F8504} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-436883666-1139675966-1884149517-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8EF0AFD9-13F3-4129-A4D3-6A35AA6C13FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-27] (Google Inc.)
Task: {E79D24D9-EF3C-4FAB-96D2-1E132CFCF8E4} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Task: {EB701FFA-2793-4687-91C5-B5E75F882E3D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {F772966F-99C1-4160-BADC-979584135DBE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-436883666-1139675966-1884149517-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

**jmarket** · 09-07-2016, 04:54 AM

Part 1 of the Prework is done. Part 2 is below Please follow and post the logs in your next post. This will establish a baseline of your system so we can get you underway
Please download aswMBR from here
[ul]
[li]Save aswMBR.exe to your Desktop[/li][li]Double click aswMBR.exe to run it[/li][li]Click the Scan button to start the scan as illustrated below (Note that it may seem like the scan is frozen or stuck at times. It is not stuck. Please let it finish)[/li][/ul]

https://s3-eu-west-1.amazonaws.com/pchf/images/mbrscan1.png

Note: Do not take action against any Rootkit entries until we have reviewed the log. Often there are false positives.
[ul]
[li]Once the scan finishes click Save log to save the log to your Desktop.[/li][/ul]

https://s3-eu-west-1.amazonaws.com/pchf/images/mbrscan2.png

[ul]
[li]Copy and paste the contents of aswMBR.txt in your post for review by our Security Team.[/li][/ul]

**Malnutrition** · 09-07-2016, 05:04 AM

The Addition.txt log is incomplete, please post the missing piece. Also, I would like you to go ahead and remove Spybot from your machine with an effective removal tool
Geek Uninstaller

Please also remove this program, as it is useless.

McAfee Security Scan Plus (HKLM...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)

Now, after you run the Aswmbr tool, I would like you to run these three tools for me.

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

Zemana Scan

Run a full scan with Zemana AntiMalware!
Install and select deep scan.

[MEDIA=imgur]jdmyscF[/MEDIA]
Remove any infections found.
Then click on the icon in the pic below.
[MEDIA=imgur]DOLGyto[/MEDIA]
Double click on the scan log, copy and paste here in your reply

**Malnutrition** · 09-07-2016, 05:36 AM

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

**Malnutrition** · 09-12-2016, 11:37 PM

Hello, please update the thread.

**rusobr2** · 09-21-2016, 07:28 AM

[HEADING=1]aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-09-20 23:04:07[/HEADING]
[HEADING=1]23:04:07.209 OS Version: Windows x64 6.1.7601 Service Pack 1
23:04:07.209 Number of processors: 2 586 0x605
23:04:07.210 ComputerName: RUSOBR2-PC UserName: rusobr2
23:04:09.423 Initialize success
23:04:09.674 VM: initialized successfully
23:04:09.676 VM: Intel CPU virtualization not supported
23:06:13.956 AVAST engine defs: 16091202
23:08:15.003 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
23:08:15.007 Disk 0 Vendor: WDC_WD2500AAKX-753CA1 17.01H17 Size: 238475MB BusType: 3
23:08:15.138 Disk 0 MBR read successfully
23:08:15.143 Disk 0 MBR scan
23:08:15.173 Disk 0 unknown MBR code
23:08:15.450 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 500 MB offset 2048
23:08:15.455 Disk 0 default boot code
23:08:15.491 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 9000 MB offset 1026048
23:08:15.507 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 228971 MB offset 19458048
23:08:15.552 Disk 0 scanning C:\windows\system32\drivers
23:08:23.838 Service scanning
23:08:43.175 Modules scanning
23:08:43.189 Disk 0 trace - called modules:
23:08:43.211 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
23:08:43.218 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa800428e060]
23:08:43.224 3 CLASSPNP.SYS[fffff8800100143f] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800401c680]
23:08:44.043 AVAST engine scan C:\windows
23:08:45.351 AVAST engine scan C:\windows\system32
23:11:26.553 AVAST engine scan C:\windows\system32\drivers
23:11:37.210 AVAST engine scan C:\Users\rusobr2
23:15:34.450 AVAST engine scan C:\ProgramData
23:15:48.080 Disk 0 statistics 3152873/0/0 @ 5.19 MB/s
23:15:48.090 Scan finished successfully
23:21:29.452 Disk 0 MBR has been saved successfully to “C:\Users\rusobr2\Downloads\MBR.dat”
23:21:29.458 The log file has been saved successfully to “C:\Users\rusobr2\Downloads\aswMBR.txt”
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by rusobr2 (06-09-2016 21:47:57)
Running from C:\Users\rusobr2\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-09-15 21:37:06)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

Administrator (S-1-5-21-436883666-1139675966-1884149517-500 - Administrator - Disabled)
Guest (S-1-5-21-436883666-1139675966-1884149517-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-436883666-1139675966-1884149517-1002 - Limited - Enabled)
rusobr2 (S-1-5-21-436883666-1139675966-1884149517-1000 - Administrator - Enabled) => C:\Users\rusobr2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32...\360TotalSecurity) (Version: 8.6.0.1158 - 360 Security Center)
Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
D-Link DWA-131 Wireless N Nano USB Adapter (HKLM-x32...{98B82958-1DCA-4504-BE88-C91F1C7A7225}) (Version: 1 - D-Link)
Google Earth (HKLM-x32...{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
McAfee Security Scan Plus (HKLM...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32...{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
Spybot - Search & Destroy (HKLM-x32...{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Unknown File Handler (HKLM-x32...\UFH_is1) (Version: 2015.12.29.0 - File.org)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

sorry for delay, tuff accident, ok now, but i really have no idea if this is right or wrong … i clicked a few times, and lost docs., but this is what i came up with

thanks … steve

**Malnutrition** · 09-21-2016, 07:05 PM

Please see post number 6.

**rusobr2** · 09-23-2016, 02:37 AM

Scan Result : Completed
Scan Date : 2016/9/22
Operating System : Windows 7 64-bit
Processor : 2X Intel(R) Pentium(R) D CPU 3.40GHz
BIOS Mode : Legacy
CUID : 127565FC74F02AF89C0150
Scan Type : Smart Scan
Duration : 5m 16s
Scanned Objects : 26243
Detected Objects : 2
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
SaveFrom.net - helper
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\dyxfuajd.defaul t-1444401129957\extensions\helper-sig@savefrom.net.xpi
MD5 : A04FA8F59C63FE724F6600F34C8CE0DC
Publisher : -
Size : 609026
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - SaveFrom.net - helper
File - %appdata%\mozilla\firefox\profiles\dyxfuajd.defaul t-1444401129957\extensions\helper-sig@savefrom.net.xpi

FreemakeVideoDownloaderSetup.exe
Status : Scanned
Object : %userprofile%\downloads\freemakevideodownloaderset up.exe
MD5 : ED1120AEE584500E24088A2A0D12E854
Publisher : Ellora Assets Corporation
Size : 1345112
Version : 3.8.0.9
Detection : Adware:Win32/OpenCandy
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\downloads\freemakevideodownloaderset up.exe
[HEADING=1]Cleaning Result[/HEADING]
Cleaned : 2
Reported as safe : 0
Failed : 0

**rusobr2** · 09-23-2016, 02:50 AM

not sure if “zoek” worked at all… it appeared to download, but “no” action . or i’m looking at the wrong thing …
sorry, but a little out of my “comfort zone” here
heres another scan report from Zemana, and there’s another one i posted (some where)
i did remove ‘spybot’ & ‘mc afee’

Scan Result : Completed
Scan Date : 2016/9/22
Operating System : Windows 7 64-bit
Processor : 2X Intel(R) Pentium(R) D CPU 3.40GHz
BIOS Mode : Legacy
CUID : 127565FC74F02AF89C0150
Scan Type : Smart Scan
Duration : 5m 16s
Scanned Objects : 26243
Detected Objects : 2
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
[HEADING=1]Detected Objects[/HEADING]
SaveFrom.net - helper
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\dyxfuajd.defaul t-1444401129957\extensions\helper-sig@savefrom.net.xpi
MD5 : A04FA8F59C63FE724F6600F34C8CE0DC
Publisher : -
Size : 609026
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - SaveFrom.net - helper
File - %appdata%\mozilla\firefox\profiles\dyxfuajd.defaul t-1444401129957\extensions\helper-sig@savefrom.net.xpi

FreemakeVideoDownloaderSetup.exe
Status : Scanned
Object : %userprofile%\downloads\freemakevideodownloaderset up.exe
MD5 : ED1120AEE584500E24088A2A0D12E854
Publisher : Ellora Assets Corporation
Size : 1345112
Version : 3.8.0.9
Detection : Adware:Win32/OpenCandy
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\downloads\freemakevideodownloaderset up.exe
[HEADING=1]Cleaning Result[/HEADING]
Cleaned : 2
Reported as safe : 0
Failed : 0

**jmarket** · 09-23-2016, 02:59 AM

We’re here to help We’re here to make sure it’s painless and as easy as possible

Were you able to run the fix posted by Mal?

**rusobr2** · 09-23-2016, 05:20 AM

[HEADING=1]aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-09-20 23:04:07[/HEADING]
23:04:07.209 OS Version: Windows x64 6.1.7601 Service Pack 1
23:04:07.209 Number of processors: 2 586 0x605
23:04:07.210 ComputerName: RUSOBR2-PC UserName: rusobr2
23:04:09.423 Initialize success
23:04:09.674 VM: initialized successfully
23:04:09.676 VM: Intel CPU virtualization not supported
23:06:13.956 AVAST engine defs: 16091202
23:08:15.003 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
23:08:15.007 Disk 0 Vendor: WDC_WD2500AAKX-753CA1 17.01H17 Size: 238475MB BusType: 3
23:08:15.138 Disk 0 MBR read successfully
23:08:15.143 Disk 0 MBR scan
23:08:15.173 Disk 0 unknown MBR code
23:08:15.450 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 500 MB offset 2048
23:08:15.455 Disk 0 default boot code
23:08:15.491 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 9000 MB offset 1026048
23:08:15.507 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 228971 MB offset 19458048
23:08:15.552 Disk 0 scanning C:\windows\system32\drivers
23:08:23.838 Service scanning
23:08:43.175 Modules scanning
23:08:43.189 Disk 0 trace - called modules:
23:08:43.211 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
23:08:43.218 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa800428e060]
23:08:43.224 3 CLASSPNP.SYS[fffff8800100143f] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800401c680]
23:08:44.043 AVAST engine scan C:\windows
23:08:45.351 AVAST engine scan C:\windows\system32
23:11:26.553 AVAST engine scan C:\windows\system32\drivers
23:11:37.210 AVAST engine scan C:\Users\rusobr2
23:15:34.450 AVAST engine scan C:\ProgramData
23:15:48.080 Disk 0 statistics 3152873/0/0 @ 5.19 MB/s
23:15:48.090 Scan finished successfully
23:21:29.452 Disk 0 MBR has been saved successfully to “C:\Users\rusobr2\Downloads\MBR.dat”
23:21:29.458 The log file has been saved successfully to “C:\Users\rusobr2\Downloads\aswMBR.txt”

Originally posted by Malnutrition

The Addition.txt log is incomplete, please post the missing piece. Also, I would like you to go ahead and remove Spybot from your machine with an effective removal tool
Geek Uninstaller

Please also remove this program, as it is useless.

McAfee Security Scan Plus (HKLM...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)

Now, after you run the Aswmbr tool, I would like you to run these three tools for me.

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

Zemana Scan

Run a full scan with Zemana AntiMalware!
Install and select deep scan.

[MEDIA=imgur]jdmyscF[/MEDIA]
Remove any infections found.
Then click on the icon in the pic below.
[MEDIA=imgur]DOLGyto[/MEDIA]
Double click on the scan log, copy and paste here in your reply

**Malnutrition** · 09-26-2016, 03:40 PM

Originally posted by Malnutrition

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Click Here to Download Fixlist.txt

**rusobr2** · 09-26-2016, 09:52 PM

this is the only fix list text there seems to be

Originally posted by rusobr2

[HEADING=1]aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-09-20 23:04:07[/HEADING]
23:04:07.209 OS Version: Windows x64 6.1.7601 Service Pack 1
23:04:07.209 Number of processors: 2 586 0x605
23:04:07.210 ComputerName: RUSOBR2-PC UserName: rusobr2
23:04:09.423 Initialize success
23:04:09.674 VM: initialized successfully
23:04:09.676 VM: Intel CPU virtualization not supported
23:06:13.956 AVAST engine defs: 16091202
23:08:15.003 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
23:08:15.007 Disk 0 Vendor: WDC_WD2500AAKX-753CA1 17.01H17 Size: 238475MB BusType: 3
23:08:15.138 Disk 0 MBR read successfully
23:08:15.143 Disk 0 MBR scan
23:08:15.173 Disk 0 unknown MBR code
23:08:15.450 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 500 MB offset 2048
23:08:15.455 Disk 0 default boot code
23:08:15.491 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 9000 MB offset 1026048
23:08:15.507 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 228971 MB offset 19458048
23:08:15.552 Disk 0 scanning C:\windows\system32\drivers
23:08:23.838 Service scanning
23:08:43.175 Modules scanning
23:08:43.189 Disk 0 trace - called modules:
23:08:43.211 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
23:08:43.218 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa800428e060]
23:08:43.224 3 CLASSPNP.SYS[fffff8800100143f] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800401c680]
23:08:44.043 AVAST engine scan C:\windows
23:08:45.351 AVAST engine scan C:\windows\system32
23:11:26.553 AVAST engine scan C:\windows\system32\drivers
23:11:37.210 AVAST engine scan C:\Users\rusobr2
23:15:34.450 AVAST engine scan C:\ProgramData
23:15:48.080 Disk 0 statistics 3152873/0/0 @ 5.19 MB/s
23:15:48.090 Scan finished successfully
23:21:29.452 Disk 0 MBR has been saved successfully to “C:\Users\rusobr2\Downloads\MBR.dat”
23:21:29.458 The log file has been saved successfully to “C:\Users\rusobr2\Downloads\aswMBR.txt”

start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll
Hosts:
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9
Tcpip..\Interfaces{F63853C9-4098-42F4-ADE8-406C47CCC51F}: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9
FF Plugin: @microsoft.com/GENUINE → disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE → disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-27] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-18] (McAfee, Inc.)
S2 424706e40d5a5f55369633986718ca4d; c:\program files\768045ce0ae8eb4426ad6062514a19b7\7bb70b6e963 14a97879c4b2fe3c53913.exe
c:\program files\768045ce0ae8eb4426ad6062514a19b7\7bb70b6e963 14a97879c4b2fe3c53913.exe
c:\program files\768045ce0ae8eb4426ad6062514a19b7
R1 219c91ba2c1e0bc8a0cdb74f9227c597; system32\DRIVERS\219c91ba2c1e0bc8a0cdb74f9227c597. sys
C:\Windows\System32\drivers\219c91ba2c1e0bc8a0cdb7 4f9227c597.sys
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
Task: {695CC8BF-7C35-4760-B577-C7930E2F8504} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-436883666-1139675966-1884149517-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E79D24D9-EF3C-4FAB-96D2-1E132CFCF8E4} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Task: {F772966F-99C1-4160-BADC-979584135DBE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-436883666-1139675966-1884149517-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
RemoveProxy:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end

malware & eliminate help .....

malware & eliminate help .....

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment