Solved malware & eliminate help .....

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
a couple yrs ago i posted a problem in the "forums of a 'malware problem, and at the time i didn't have "360 ..... at the time i was given a "link to eliminate "all malware, and then i installed 360, but it is not addressing the problems i'm having now .... i'v done everything i know, but i still have troubles, not just the speed, but my "mouse is disappearing at times, and it takes approx 30 secs. for my face page to come up .... v9ideos at times will not play thru, or stumble quit often......page changes, and i didn't click. very slow on downloads
i have found "no" viruses
(dell) manf.. micomp
windows experience 4.4 rating
intel (R) pent (R) 340ghz 339 ghz
4.0 gb 64 bit
thanks for lookin..... steve
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,149
498
PCHF Bunker
pchelpforum.net
Welcome to PCHF rusobr2 :) A slow, sluggish computer with a mouse disappearing? That sounds like an infection to me. o_O I'm going to move your thread to the Malware Removal area so we can get you diagnosed and if infected, fixed up :) Please follow the below instruction to begin your malware removal treatment :)

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

Once downloaded right click the FRST desktop icon and select "Run as administrator" from the menu"



If you receive any security warnings, or the User Account Control warning opens at any time whilst using FRST you can safely allow FRST to proceed.
Frst will open with two dialogue boxes, accept the disclaimer.


  1. Accept the default whitelist options,
  2. If the additions.txt options box is not checked please select it.
  3. Then select "Scan"



Frst will take a few minutes to scan your computer, and when finished will produce two log files on your desktop, FRST.txt, and Addition.txt. They will display immediately on the desktop, but can be reopened later as a notepad file.



Please Copy and Paste the contents of these logs in your next post for review by our Security Team
 
  • Like
Reactions: Malnutrition

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by rusobr2 (administrator) on RUSOBR2-PC (06-09-2016 21:46:10)
Running from C:\Users\rusobr2\Downloads
Loaded Profiles: rusobr2 (Available Profiles: rusobr2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
() C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(© 2015 Microsoft Corporation) C:\Users\rusobr2\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1838504 2016-07-11] (QIHU 360 SOFTWARE CO. LIMITED)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-436883666-1139675966-1884149517-1000\...\Run: [BingSvc] => C:\Users\rusobr2\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-436883666-1139675966-1884149517-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-13]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2014-08-04]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe (D-Link Corp.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9
Tcpip\..\Interfaces\{F63853C9-4098-42F4-ADE8-406C47CCC51F}: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9

Internet Explorer:
==================
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-07-11] (Qihu 360 Software Co., Ltd.)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-07-11] (Qihu 360 Software Co., Ltd.)

FireFox:
========
FF ProfilePath: C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957
FF Homepage: msn.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-30] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Extension: (360 Internet Protection) - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-07-30]
FF Extension: (American English Spelling Checker) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\extensions\[email protected] [2016-08-26]
FF Extension: (Firefox Hotfix) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\[email protected] [2016-08-30]
FF Extension: (SaveFrom.net - helper) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\[email protected] [2016-08-22]
FF Extension: (YouTube™ Flash-HTML5) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\[email protected] [2016-07-30]
FF Extension: (translator) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\[email protected] [2016-06-08]
FF Extension: (Video DownloadHelper) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-03]
FF Extension: (Adblock Plus) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-18] (McAfee, Inc.)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [913832 2016-07-11] (QIHU 360 SOFTWARE CO. LIMITED)
S3 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
S2 424706e40d5a5f55369633986718ca4d; c:\program files\768045ce0ae8eb4426ad6062514a19b7\7bb70b6e96314a97879c4b2fe3c53913.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-07-11] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2016-07-11] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [77904 2016-07-11] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-07-11] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-09-05] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [370768 2016-04-24] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [182352 2016-05-18] (360.cn)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation )
R1 219c91ba2c1e0bc8a0cdb74f9227c597; system32\DRIVERS\219c91ba2c1e0bc8a0cdb74f9227c597.sys [X]
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-06 21:46 - 2016-09-06 21:47 - 00010191 _____ C:\Users\rusobr2\Downloads\FRST.txt
2016-09-06 21:46 - 2016-09-06 21:46 - 00000000 ____D C:\FRST
2016-09-06 21:45 - 2016-09-06 21:45 - 02397696 _____ (Farbar) C:\Users\rusobr2\Downloads\FRST64.exe
2016-09-06 21:37 - 2016-09-06 21:37 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-06 21:35 - 2016-09-06 21:37 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-06 21:35 - 2016-09-06 21:35 - 00001393 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-09-06 21:35 - 2016-09-06 21:35 - 00001381 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-09-06 21:35 - 2016-09-06 21:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-06 21:35 - 2016-09-06 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-09-06 21:35 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2016-09-06 21:33 - 2016-09-06 21:34 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\rusobr2\Downloads\spybot-2.4.exe
2016-09-06 21:08 - 2016-09-06 21:08 - 00064024 _____ C:\Users\rusobr2\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-03 09:07 - 2016-09-03 09:08 - 30461490 _____ C:\Users\rusobr2\Downloads\Guide to do some gymnastics.mp4
2016-09-02 07:09 - 2016-09-02 07:10 - 138450435 _____ C:\Users\rusobr2\Downloads\BFF'S YOGA CHALLENGE ч.2(1).mp4
2016-09-02 07:09 - 2016-09-02 07:09 - 138450435 _____ C:\Users\rusobr2\Downloads\BFF'S YOGA CHALLENGE ч.2.mp4
2016-09-02 06:41 - 2016-09-02 06:41 - 81445047 _____ C:\Users\rusobr2\Downloads\Йога челинж.mp4
2016-09-02 06:30 - 2016-09-02 06:31 - 192798156 _____ C:\Users\rusobr2\Downloads\THE YOGA CHALLENGE_Испытания для девчонок ч.1.mp4
2016-09-02 05:36 - 2016-09-02 05:37 - 317107316 _____ C:\Users\rusobr2\Downloads\BetaRiffs _ Day 4 _ SLEEPOVER.mp4
2016-09-02 04:26 - 2016-09-02 04:26 - 08923784 _____ C:\Users\rusobr2\Downloads\Gymnastics.mp4
2016-09-02 04:07 - 2016-09-02 04:07 - 44739103 _____ C:\Users\rusobr2\Downloads\Fun Yoga Challenge.mp4
2016-09-01 14:25 - 2016-09-01 14:25 - 35688452 _____ C:\Users\rusobr2\Downloads\NOT MY LEGS CHALLENGE WITH TRYNDA BLOOPERS(1).mp4
2016-09-01 14:20 - 2016-09-01 14:20 - 35688452 _____ C:\Users\rusobr2\Downloads\NOT MY LEGS CHALLENGE WITH TRYNDA BLOOPERS.mp4
2016-09-01 13:20 - 2016-09-01 13:20 - 25188114 _____ C:\Users\rusobr2\Downloads\How to do siple gymnastics.mp4
2016-09-01 12:50 - 2016-09-01 12:50 - 18890598 _____ C:\Users\rusobr2\Downloads\Twister challenge.mp4
2016-09-01 12:46 - 2016-09-01 12:46 - 103365220 _____ C:\Users\rusobr2\Downloads\2 girls yoga challenge(2).mp4
2016-09-01 12:44 - 2016-09-01 12:45 - 103365220 _____ C:\Users\rusobr2\Downloads\2 girls yoga challenge(1).mp4
2016-09-01 12:39 - 2016-09-01 12:40 - 103365220 _____ C:\Users\rusobr2\Downloads\2 girls yoga challenge.mp4
2016-09-01 12:38 - 2016-09-01 12:38 - 05783319 _____ C:\Users\rusobr2\Downloads\My gymnastics(1).mp4
2016-09-01 12:12 - 2016-09-01 12:12 - 09422493 _____ C:\Users\rusobr2\Downloads\How to do a handstand(2).mp4
2016-09-01 11:56 - 2016-09-01 11:56 - 139398536 _____ C:\Users\rusobr2\Downloads\How to do handstands. Work with me plz.mp4
2016-09-01 11:54 - 2016-09-01 11:54 - 36282488 _____ C:\Users\rusobr2\Downloads\how to do a handstand(1).mp4
2016-09-01 11:29 - 2016-09-01 11:29 - 53293425 _____ C:\Users\rusobr2\Downloads\My gymnastics.mp4
2016-09-01 11:27 - 2016-09-01 11:27 - 77406100 _____ C:\Users\rusobr2\Downloads\Gymnastics whith my sister.mp4
2016-09-01 11:08 - 2016-09-01 11:08 - 25833121 _____ C:\Users\rusobr2\Downloads\Back bend for 2 min.mp4
2016-09-01 11:03 - 2016-09-01 11:03 - 06683268 _____ C:\Users\rusobr2\Downloads\Как научиться делать переворот вперед.mp4
2016-09-01 10:59 - 2016-09-01 10:59 - 177258943 _____ C:\Users\rusobr2\Downloads\THE YOGA CHALLENGE_Испытания для девчонок ч.2.mp4
2016-09-01 10:44 - 2016-09-01 10:44 - 75395273 _____ C:\Users\rusobr2\Downloads\Doing gymnastics while doing daily tasks _EPIC FAIL.mp4
2016-09-01 10:39 - 2016-09-01 10:40 - 275679168 _____ C:\Users\rusobr2\Downloads\My first video - Gymnastics.mp4
2016-09-01 10:35 - 2016-09-01 10:35 - 116829000 _____ C:\Users\rusobr2\Downloads\my second video - Gymnastics Backbend.mp4
2016-09-01 10:20 - 2016-09-01 10:20 - 160563696 _____ C:\Users\rusobr2\Downloads\Gymnastics with my friends.mp4
2016-09-01 10:15 - 2016-09-01 10:15 - 15523013 _____ C:\Users\rusobr2\Downloads\My gymnastics and dance in a skirt.mp4
2016-09-01 09:59 - 2016-09-01 09:59 - 85640965 _____ C:\Users\rusobr2\Downloads\The Yoga Challenge ft ЮляЭлпис.mp4
2016-09-01 09:27 - 2016-09-01 09:27 - 38333639 _____ C:\Users\rusobr2\Downloads\Ice _ yoga challenge.mp4
2016-09-01 09:22 - 2016-09-01 09:23 - 75980070 _____ C:\Users\rusobr2\Downloads\Ice bath challenge.mp4
2016-09-01 09:05 - 2016-09-01 09:05 - 107725635 _____ C:\Users\rusobr2\Downloads\Растяжка на шпагат и мостик .(1 часть).mp4
2016-09-01 01:13 - 2016-09-01 08:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-31 12:34 - 2016-08-31 12:34 - 75407449 _____ C:\Users\rusobr2\Downloads\Cailin and Jenna's Yoga Challenge.mp4
2016-08-31 12:20 - 2016-08-31 12:20 - 11821617 _____ C:\Users\rusobr2\Downloads\New The Yoga Challenge! The Yoga Challenge girl 2016 386 YouTube.mp4
2016-08-31 12:12 - 2016-08-31 12:12 - 46864298 _____ C:\Users\rusobr2\Downloads\New The Yoga Challenge.mp4
2016-08-31 11:54 - 2016-08-31 11:54 - 10682703 _____ C:\Users\rusobr2\Downloads\Yoga Challenge Morning Routine.mp4
2016-08-31 11:09 - 2016-08-31 11:09 - 06859592 _____ C:\Users\rusobr2\Downloads\How to improve your splits! the yoga challenge girls teen desafio da piscina desafio da yoga!.mp4
2016-08-31 11:05 - 2016-08-31 11:05 - 22142829 _____ C:\Users\rusobr2\Downloads\New The Yoga Challenge! The Yoga Challenge girl 2016 314.mp4
2016-08-31 10:57 - 2016-08-31 10:57 - 79534852 _____ C:\Users\rusobr2\Downloads\Yoga Challenge pt1.mp4
2016-08-31 10:49 - 2016-08-31 10:49 - 81818813 _____ C:\Users\rusobr2\Downloads\Yoga Challenge pt2.mp4
2016-08-31 10:38 - 2016-08-31 10:38 - 49549248 _____ C:\Users\rusobr2\Downloads\El desafío del yoga.The Yoga Challenge.mp4
2016-08-31 10:36 - 2016-08-31 10:36 - 65209880 _____ C:\Users\rusobr2\Downloads\Fun Yoga Challenge - Desafio da yoga 149.mp4
2016-08-31 10:24 - 2016-08-31 10:25 - 76388680 _____ C:\Users\rusobr2\Downloads\Fun Yoga Challenge - Desafio da yoga 145.mp4
2016-08-31 10:19 - 2016-08-31 10:20 - 57424697 _____ C:\Users\rusobr2\Downloads\The Yoga Challenge ft Lurv4lyfe.mp4
2016-08-31 10:01 - 2016-08-31 10:02 - 139949912 _____ C:\Users\rusobr2\Downloads\Yoga Challenge Funny!.mp4
2016-08-31 09:18 - 2016-08-31 09:18 - 100493836 _____ C:\Users\rusobr2\Downloads\word desafios , Yoga Challenge chany.mp4
2016-08-31 09:06 - 2016-08-31 09:06 - 79297183 _____ C:\Users\rusobr2\Downloads\Yoga challenge .mp4
2016-08-31 08:50 - 2016-08-31 08:50 - 16898776 _____ C:\Users\rusobr2\Downloads\Gymnastics - Middle Split.mp4
2016-08-31 08:46 - 2016-08-31 08:46 - 26290750 _____ C:\Users\rusobr2\Downloads\Gymnastics - Splits at home!.mp4
2016-08-31 08:44 - 2016-08-31 08:44 - 07834294 _____ C:\Users\rusobr2\Downloads\Gymnastics - Splits Cute Baby Girl.mp4
2016-08-31 08:41 - 2016-08-31 08:41 - 18773871 _____ C:\Users\rusobr2\Downloads\Gymnastics - Splits.mp4
2016-08-31 08:39 - 2016-08-31 08:39 - 07341877 _____ C:\Users\rusobr2\Downloads\Gymnastics - How to do the Middle Splits for Kids.mp4
2016-08-31 08:35 - 2016-08-31 08:35 - 12684431 _____ C:\Users\rusobr2\Downloads\Gymnastics - Splits Warm Up !.mp4
2016-08-31 08:28 - 2016-08-31 08:28 - 138981413 _____ C:\Users\rusobr2\Downloads\Bath challenge.mp4
2016-08-28 12:05 - 2016-08-28 12:06 - 101468474 _____ C:\Users\rusobr2\Downloads\As meninas brincando kkkkk.mp4
2016-08-28 12:03 - 2016-08-28 12:04 - 120643585 _____ C:\Users\rusobr2\Downloads\Non so cosa fare.mp4
2016-08-28 12:02 - 2016-08-28 12:02 - 08486016 _____ C:\Users\rusobr2\Downloads\моё утро 2.mp4
2016-08-28 11:53 - 2016-08-28 11:53 - 129671651 _____ C:\Users\rusobr2\Downloads\Best friend pool chllenge and funny moments.mp4
2016-08-28 11:41 - 2016-08-28 11:41 - 42856901 _____ C:\Users\rusobr2\Downloads\DESAFÍO ACEPTADO Yoga Desafio aceitado Yoga ВЫЗОВ ПРИНЯТ Йога .mp4
2016-08-28 11:19 - 2016-08-28 11:19 - 12107039 _____ C:\Users\rusobr2\Downloads\How to do a handstand.mp4
2016-08-28 11:10 - 2016-08-28 11:10 - 13544437 _____ C:\Users\rusobr2\Downloads\How to do splits easy way.mp4
2016-08-28 10:59 - 2016-08-28 10:59 - 35264086 _____ C:\Users\rusobr2\Downloads\How to do the splits in 5 minutes!.mp4
2016-08-28 10:47 - 2016-08-28 10:47 - 20814969 _____ C:\Users\rusobr2\Downloads\How to do Splits - best way.mp4
2016-08-28 10:37 - 2016-08-28 10:37 - 111448144 _____ C:\Users\rusobr2\Downloads\Splits part 1.mp4
2016-08-28 10:33 - 2016-08-28 10:33 - 15828179 _____ C:\Users\rusobr2\Downloads\#YOGA #CHALLENGE #WITH #GIRLFRIEND - #POOL CHALLENGE #BEST #FRIENDS (501).mp4.mp4
2016-08-28 10:29 - 2016-08-28 10:29 - 167548596 _____ C:\Users\rusobr2\Downloads\Yoga Challenge 2 __ REBECCA HOFFMAN.mp4
2016-08-28 10:28 - 2016-08-28 10:28 - 18724991 _____ C:\Users\rusobr2\Downloads\Split skills.mp4
2016-08-27 11:33 - 2016-08-27 11:33 - 17713166 _____ C:\Users\rusobr2\Downloads\Как сесть на шпагат за 5 минут.mp4
2016-08-27 11:26 - 2016-08-27 11:26 - 01097477 _____ C:\Users\rusobr2\Downloads\Моя гимнастика #3.mp4
2016-08-27 10:12 - 2016-08-27 10:12 - 40954820 _____ C:\Users\rusobr2\Downloads\Как научиться делать шпагат.mp4
2016-08-27 09:48 - 2016-08-27 09:48 - 31631713 _____ C:\Users\rusobr2\Downloads\Почувствовал слабинку.mp4
2016-08-27 09:38 - 2016-08-27 09:38 - 53330275 _____ C:\Users\rusobr2\Downloads\În pis.mp4
2016-08-27 08:50 - 2016-08-27 08:50 - 01652464 _____ C:\Users\rusobr2\Downloads\Моё утро _3.mp4
2016-08-24 20:35 - 2016-07-08 08:37 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-08-24 20:35 - 2016-07-08 08:37 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-08-24 20:35 - 2016-07-08 08:32 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00343552 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-08-24 20:35 - 2016-07-08 08:32 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-08-24 20:35 - 2016-07-08 08:17 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-08-24 20:35 - 2016-07-08 08:17 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-08-24 20:35 - 2016-07-08 08:16 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-08-24 20:35 - 2016-07-08 08:03 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-08-24 20:35 - 2016-07-08 07:57 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-08-24 20:35 - 2016-07-08 07:56 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-08-24 20:35 - 2016-07-08 07:56 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-08-24 20:35 - 2016-07-08 07:55 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-08-24 20:35 - 2016-07-08 07:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-08-24 20:35 - 2016-07-08 07:50 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-08-24 20:35 - 2016-06-25 17:27 - 00970240 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2016-08-24 20:35 - 2016-06-25 17:27 - 00756736 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2016-08-24 20:35 - 2016-06-25 17:27 - 00344576 _____ (Microsoft Corporation) C:\windows\system32\ntprint.dll
2016-08-24 20:35 - 2016-06-25 17:27 - 00166400 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2016-08-24 20:35 - 2016-06-25 17:27 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\inetppui.dll
2016-08-24 20:35 - 2016-06-25 12:54 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\win32spl.dll
2016-08-24 20:35 - 2016-06-25 12:53 - 00297472 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.dll
2016-08-24 20:35 - 2016-06-25 12:53 - 00061952 _____ (Microsoft Corporation) C:\windows\system32\ntprint.exe
2016-08-24 20:35 - 2016-06-25 12:53 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\wpnpinst.exe
2016-08-24 20:35 - 2016-06-25 12:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntprint.exe
2016-08-24 20:35 - 2016-05-18 09:10 - 00312832 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-08-24 20:35 - 2016-05-18 09:09 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-08-24 20:35 - 2016-05-13 15:15 - 00382184 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-08-24 20:35 - 2016-05-13 15:09 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-08-24 20:35 - 2016-05-13 15:09 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-08-24 20:35 - 2016-05-13 15:09 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-08-24 20:35 - 2016-05-13 15:09 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-08-24 20:35 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-08-24 20:35 - 2016-05-13 14:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-08-24 20:35 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-08-24 20:35 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-08-24 20:35 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-08-24 20:35 - 2016-05-12 10:15 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\winipsec.dll
2016-08-24 20:35 - 2016-05-12 10:14 - 00794624 _____ (Microsoft Corporation) C:\windows\system32\gpsvc.dll
2016-08-24 20:35 - 2016-05-12 10:14 - 00502272 _____ (Microsoft Corporation) C:\windows\system32\IPSECSVC.DLL
2016-08-24 20:35 - 2016-05-12 10:14 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\polstore.dll
2016-08-24 20:35 - 2016-05-12 10:14 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\gpapi.dll
2016-08-24 20:35 - 2016-05-12 10:14 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\FwRemoteSvr.dll
2016-08-24 20:35 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\polstore.dll
2016-08-24 20:35 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpapi.dll
2016-08-24 20:35 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\windows\SysWOW64\winipsec.dll
2016-08-24 20:35 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\FwRemoteSvr.dll
2016-08-24 20:35 - 2016-05-12 07:58 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-08-24 20:35 - 2016-05-12 07:58 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-08-24 20:35 - 2016-05-12 07:58 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-08-24 20:35 - 2016-05-12 06:05 - 00459640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-08-24 20:35 - 2016-05-12 06:05 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-08-24 20:35 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-08-24 20:35 - 2016-05-11 10:02 - 00483840 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2016-08-24 20:35 - 2016-05-11 10:02 - 00444928 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2016-08-24 20:35 - 2016-05-11 10:02 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2016-08-24 20:35 - 2016-05-11 10:02 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\ws2_32.dll
2016-08-24 20:35 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2016-08-24 20:35 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2016-08-24 20:35 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2016-08-24 20:35 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ws2_32.dll
2016-08-24 20:35 - 2016-05-11 08:11 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\netbtugc.exe
2016-08-24 20:35 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\windows\SysWOW64\netbtugc.exe
2016-08-24 20:35 - 2016-05-11 07:58 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netbt.sys
2016-08-24 20:35 - 2016-04-14 06:49 - 00603648 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10level9.dll
2016-08-24 20:35 - 2016-04-14 06:21 - 00647680 _____ (Microsoft Corporation) C:\windows\system32\d3d10level9.dll
2016-08-24 20:35 - 2016-04-09 00:02 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-08-24 20:35 - 2016-04-09 00:01 - 05546216 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-08-24 20:35 - 2016-04-09 00:01 - 00986344 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2016-08-24 20:35 - 2016-04-09 00:01 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-08-24 20:35 - 2016-04-09 00:01 - 00264936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2016-08-24 20:35 - 2016-04-08 23:59 - 03998952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-08-24 20:35 - 2016-04-08 23:59 - 03943144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-08-24 20:35 - 2016-04-08 23:59 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-08-24 20:35 - 2016-04-08 23:58 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-08-24 20:35 - 2016-04-08 23:58 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-08-24 20:35 - 2016-04-08 23:58 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-08-24 20:35 - 2016-04-08 23:58 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-08-24 20:35 - 2016-04-08 23:58 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-08-24 20:35 - 2016-04-08 23:58 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-08-24 20:35 - 2016-04-08 23:58 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:57 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 23:54 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 22:52 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-08-24 20:35 - 2016-04-08 22:52 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-08-24 20:35 - 2016-04-08 22:52 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-08-24 20:35 - 2016-04-08 22:48 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-08-24 20:35 - 2016-04-08 22:47 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-08-24 20:35 - 2016-04-08 22:43 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-08-24 20:35 - 2016-04-08 22:38 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-08-24 20:35 - 2016-04-08 22:38 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-08-24 20:35 - 2016-04-08 22:38 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-08-24 20:35 - 2016-04-08 22:38 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-08-24 20:35 - 2016-04-08 22:37 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 22:37 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 22:37 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 22:37 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-08-24 20:35 - 2016-04-08 21:20 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2016-08-24 20:35 - 2016-04-06 08:27 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-08-24 20:28 - 2016-07-08 08:01 - 03218944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-08-24 15:08 - 2016-08-24 15:08 - 04365182 _____ C:\Users\rusobr2\Downloads\How to do a back bend over.mp4
2016-08-23 13:13 - 2016-08-23 13:13 - 48627963 _____ C:\Users\rusobr2\Downloads\Desafio da piscina na yoga challenge at the beach.mp4
2016-08-23 00:48 - 2016-08-23 00:48 - 20983192 _____ C:\Users\rusobr2\Downloads\#YOGA #CHALLENGE #WITH #GIRLFRIEND - #POOL CHALLENGE #BEST #FRIENDS (201).mp4.mp4
2016-08-23 00:39 - 2016-08-23 00:40 - 130612113 _____ C:\Users\rusobr2\Downloads\Girls Having A Swim in The Lake.mp4
2016-08-23 00:34 - 2016-08-23 00:34 - 43724095 _____ C:\Users\rusobr2\Downloads\Girls Gymnastics Challenge in Small Pool.mp4
2016-08-22 23:52 - 2016-08-22 23:52 - 28694588 _____ C:\Users\rusobr2\Downloads\Oque eu levo para a piscina.mp4
2016-08-21 09:11 - 2016-08-21 09:11 - 33331954 _____ C:\Users\rusobr2\Downloads\My new gymnastics skills.mp4
2016-08-20 15:28 - 2016-08-20 15:28 - 42159687 _____ C:\Users\rusobr2\Downloads\Women's water polo FINA 2016 underwater highlights Pt1.mp4
2016-08-15 11:30 - 2016-08-15 11:30 - 20137015 _____ C:\Users\rusobr2\Downloads\How To Do The Splits Quickly!.mp4
2016-08-15 10:53 - 2016-08-15 10:53 - 42404459 _____ C:\Users\rusobr2\Downloads\Gymnastics challenge.mp4
2016-08-13 15:17 - 2016-08-13 15:18 - 98481160 _____ C:\Users\rusobr2\Downloads\7 июня 2016 г.mp4
2016-08-13 11:35 - 2016-08-13 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-08-13 09:56 - 2016-08-13 09:57 - 36870816 _____ C:\Users\rusobr2\Downloads\Не своими ногами_NOT MY LEGS CHALLENGE.mp4
2016-08-13 06:56 - 2016-08-13 06:57 - 30125516 _____ C:\Users\rusobr2\Downloads\Yoga Challenge.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-06 21:46 - 2015-09-27 10:57 - 00000000 ____D C:\Users\rusobr2\AppData\Roaming\vlc
2016-09-06 21:45 - 2015-09-15 15:17 - 00000000 ____D C:\Users\rusobr2\AppData\Roaming\360safe
2016-09-06 21:45 - 2015-09-15 15:16 - 00000000 ____D C:\Users\rusobr2\AppData\LocalLow\360WD
2016-09-06 21:16 - 2016-05-26 09:32 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-09-06 21:13 - 2009-07-13 21:45 - 00021888 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-06 21:13 - 2009-07-13 21:45 - 00021888 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-06 02:11 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2016-09-02 13:37 - 2015-12-02 02:43 - 00000000 ____D C:\Users\rusobr2\dwhelper
2016-09-01 08:59 - 2009-07-13 22:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-09-01 08:54 - 2015-11-19 09:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-01 08:54 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-25 01:19 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2016-08-24 20:49 - 2011-04-12 01:28 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-24 20:44 - 2014-07-31 14:32 - 00000000 ____D C:\windows\system32\MRT
2016-08-24 20:39 - 2014-07-31 14:32 - 147640136 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-08-22 11:35 - 2015-09-25 06:13 - 00000000 ____D C:\Users\rusobr2\Downloads\MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos_files
2016-08-20 08:17 - 2015-09-25 21:13 - 00004478 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2016-08-13 11:35 - 2016-03-05 12:34 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-13 11:35 - 2016-03-02 12:34 - 00001926 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-08-07 08:20 - 2015-09-28 10:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-07 08:20 - 2015-09-27 10:56 - 00001068 _____ C:\Users\Public\Desktop\VLC media player.lnk

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by rusobr2 (06-09-2016 21:47:57)
Running from C:\Users\rusobr2\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-09-15 21:37:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-436883666-1139675966-1884149517-500 - Administrator - Disabled)
Guest (S-1-5-21-436883666-1139675966-1884149517-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-436883666-1139675966-1884149517-1002 - Limited - Enabled)
rusobr2 (S-1-5-21-436883666-1139675966-1884149517-1000 - Administrator - Enabled) => C:\Users\rusobr2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.6.0.1158 - 360 Security Center)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
D-Link DWA-131 Wireless N Nano USB Adapter (HKLM-x32\...\{98B82958-1DCA-4504-BE88-C91F1C7A7225}) (Version: 1 - D-Link)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.12.29.0 - File.org)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {112EB998-21AB-451B-84E6-16B7E490B7D8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-30] (Adobe Systems Incorporated)
Task: {17F5B756-88DC-4AF9-B7DF-CE86CB01E698} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-27] (Google Inc.)
Task: {695CC8BF-7C35-4760-B577-C7930E2F8504} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-436883666-1139675966-1884149517-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8EF0AFD9-13F3-4129-A4D3-6A35AA6C13FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-27] (Google Inc.)
Task: {E79D24D9-EF3C-4FAB-96D2-1E132CFCF8E4} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Task: {EB701FFA-2793-4687-91C5-B5E75F882E3D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {F772966F-99C1-4160-BADC-979584135DBE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-436883666-1139675966-1884149517-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)
 

jmarket

PCHF's Almighty Ruler
PCHF Owner
Support Team
Security Team
Jan 10, 2015
2,149
498
PCHF Bunker
pchelpforum.net
Part 1 of the Prework is done. Part 2 is below :) Please follow and post the logs in your next post. This will establish a baseline of your system so we can get you underway :)
Please download aswMBR from here
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below (Note that it may seem like the scan is frozen or stuck at times. It is not stuck. Please let it finish)



Note: Do not take action against any **Rootkit** entries until we have reviewed the log. Often there are false positives.
  • Once the scan finishes click Save log to save the log to your Desktop.


  • Copy and paste the contents of aswMBR.txt in your post for review by our Security Team.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
The Addition.txt log is incomplete, please post the missing piece. Also, I would like you to go ahead and remove Spybot from your machine with an effective removal tool
Geek Uninstaller


Please also remove this program, as it is useless.

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)

Now, after you run the Aswmbr tool, I would like you to run these three tools for me.



Zoek Scan


Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;


Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.



Zemana Scan


Run a full scan with Zemana AntiMalware!
Install and select deep scan.


Remove any infections found.
Then click on the icon in the pic below.

Double click on the scan log, copy and paste here in your reply
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-09-20 23:04:07
-----------------------------
23:04:07.209 OS Version: Windows x64 6.1.7601 Service Pack 1
23:04:07.209 Number of processors: 2 586 0x605
23:04:07.210 ComputerName: RUSOBR2-PC UserName: rusobr2
23:04:09.423 Initialize success
23:04:09.674 VM: initialized successfully
23:04:09.676 VM: Intel CPU virtualization not supported
23:06:13.956 AVAST engine defs: 16091202
23:08:15.003 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:08:15.007 Disk 0 Vendor: WDC_WD2500AAKX-753CA1 17.01H17 Size: 238475MB BusType: 3
23:08:15.138 Disk 0 MBR read successfully
23:08:15.143 Disk 0 MBR scan
23:08:15.173 Disk 0 unknown MBR code
23:08:15.450 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 500 MB offset 2048
23:08:15.455 Disk 0 default boot code
23:08:15.491 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 9000 MB offset 1026048
23:08:15.507 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 228971 MB offset 19458048
23:08:15.552 Disk 0 scanning C:\windows\system32\drivers
23:08:23.838 Service scanning
23:08:43.175 Modules scanning
23:08:43.189 Disk 0 trace - called modules:
23:08:43.211 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
23:08:43.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800428e060]
23:08:43.224 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800401c680]
23:08:44.043 AVAST engine scan C:\windows
23:08:45.351 AVAST engine scan C:\windows\system32
23:11:26.553 AVAST engine scan C:\windows\system32\drivers
23:11:37.210 AVAST engine scan C:\Users\rusobr2
23:15:34.450 AVAST engine scan C:\ProgramData
23:15:48.080 Disk 0 statistics 3152873/0/0 @ 5.19 MB/s
23:15:48.090 Scan finished successfully
23:21:29.452 Disk 0 MBR has been saved successfully to "C:\Users\rusobr2\Downloads\MBR.dat"
23:21:29.458 The log file has been saved successfully to "C:\Users\rusobr2\Downloads\aswMBR.txt"
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by rusobr2 (06-09-2016 21:47:57)
Running from C:\Users\rusobr2\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-09-15 21:37:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-436883666-1139675966-1884149517-500 - Administrator - Disabled)
Guest (S-1-5-21-436883666-1139675966-1884149517-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-436883666-1139675966-1884149517-1002 - Limited - Enabled)
rusobr2 (S-1-5-21-436883666-1139675966-1884149517-1000 - Administrator - Enabled) => C:\Users\rusobr2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.6.0.1158 - 360 Security Center)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
D-Link DWA-131 Wireless N Nano USB Adapter (HKLM-x32\...\{98B82958-1DCA-4504-BE88-C91F1C7A7225}) (Version: 1 - D-Link)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.12.29.0 - File.org)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

sorry for delay, tuff accident, ok now, but i really have no idea if this is right or wrong ..... i clicked a few times, and lost docs., but this is what i came up with

thanks ... steve
 
  • Like
Reactions: jmarket

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
------------------------------
Scan Result : Completed
Scan Date : 2016/9/22
Operating System : Windows 7 64-bit
Processor : 2X Intel(R) Pentium(R) D CPU 3.40GHz
BIOS Mode : Legacy
CUID : 127565FC74F02AF89C0150
Scan Type : Smart Scan
Duration : 5m 16s
Scanned Objects : 26243
Detected Objects : 2
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

SaveFrom.net - helper
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\dyxfuajd.default-1444401129957\extensions\[email protected]
MD5 : A04FA8F59C63FE724F6600F34C8CE0DC
Publisher : -
Size : 609026
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - SaveFrom.net - helper
File - %appdata%\mozilla\firefox\profiles\dyxfuajd.default-1444401129957\extensions\[email protected]

FreemakeVideoDownloaderSetup.exe
Status : Scanned
Object : %userprofile%\downloads\freemakevideodownloadersetup.exe
MD5 : ED1120AEE584500E24088A2A0D12E854
Publisher : Ellora Assets Corporation
Size : 1345112
Version : 3.8.0.9
Detection : Adware:Win32/OpenCandy
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\downloads\freemakevideodownloadersetup.exe


Cleaning Result
-------------------------------------------------------
Cleaned : 2
Reported as safe : 0
Failed : 0
 
  • Like
Reactions: jmarket

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
not sure if "zoek" worked at all..... it appeared to download, but "no" action . or i'm looking at the wrong thing ......
sorry, but a little out of my "comfort zone" here
heres another scan report from Zemana, and there's another one i posted (some where)
i did remove 'spybot' & 'mc afee'

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/9/22
Operating System : Windows 7 64-bit
Processor : 2X Intel(R) Pentium(R) D CPU 3.40GHz
BIOS Mode : Legacy
CUID : 127565FC74F02AF89C0150
Scan Type : Smart Scan
Duration : 5m 16s
Scanned Objects : 26243
Detected Objects : 2
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

SaveFrom.net - helper
Status : Scanned
Object : %appdata%\mozilla\firefox\profiles\dyxfuajd.default-1444401129957\extensions\[email protected]
MD5 : A04FA8F59C63FE724F6600F34C8CE0DC
Publisher : -
Size : 609026
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - SaveFrom.net - helper
File - %appdata%\mozilla\firefox\profiles\dyxfuajd.default-1444401129957\extensions\[email protected]

FreemakeVideoDownloaderSetup.exe
Status : Scanned
Object : %userprofile%\downloads\freemakevideodownloadersetup.exe
MD5 : ED1120AEE584500E24088A2A0D12E854
Publisher : Ellora Assets Corporation
Size : 1345112
Version : 3.8.0.9
Detection : Adware:Win32/OpenCandy
Cleaning Action : Quarantine
Related Objects :
File - %userprofile%\downloads\freemakevideodownloadersetup.exe


Cleaning Result
-------------------------------------------------------
Cleaned : 2
Reported as safe : 0
Failed : 0
 
Last edited:

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-09-20 23:04:07
-----------------------------
23:04:07.209 OS Version: Windows x64 6.1.7601 Service Pack 1
23:04:07.209 Number of processors: 2 586 0x605
23:04:07.210 ComputerName: RUSOBR2-PC UserName: rusobr2
23:04:09.423 Initialize success
23:04:09.674 VM: initialized successfully
23:04:09.676 VM: Intel CPU virtualization not supported
23:06:13.956 AVAST engine defs: 16091202
23:08:15.003 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:08:15.007 Disk 0 Vendor: WDC_WD2500AAKX-753CA1 17.01H17 Size: 238475MB BusType: 3
23:08:15.138 Disk 0 MBR read successfully
23:08:15.143 Disk 0 MBR scan
23:08:15.173 Disk 0 unknown MBR code
23:08:15.450 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 500 MB offset 2048
23:08:15.455 Disk 0 default boot code
23:08:15.491 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 9000 MB offset 1026048
23:08:15.507 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 228971 MB offset 19458048
23:08:15.552 Disk 0 scanning C:\windows\system32\drivers
23:08:23.838 Service scanning
23:08:43.175 Modules scanning
23:08:43.189 Disk 0 trace - called modules:
23:08:43.211 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
23:08:43.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800428e060]
23:08:43.224 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800401c680]
23:08:44.043 AVAST engine scan C:\windows
23:08:45.351 AVAST engine scan C:\windows\system32
23:11:26.553 AVAST engine scan C:\windows\system32\drivers
23:11:37.210 AVAST engine scan C:\Users\rusobr2
23:15:34.450 AVAST engine scan C:\ProgramData
23:15:48.080 Disk 0 statistics 3152873/0/0 @ 5.19 MB/s
23:15:48.090 Scan finished successfully
23:21:29.452 Disk 0 MBR has been saved successfully to "C:\Users\rusobr2\Downloads\MBR.dat"
23:21:29.458 The log file has been saved successfully to "C:\Users\rusobr2\Downloads\aswMBR.txt"

The Addition.txt log is incomplete, please post the missing piece. Also, I would like you to go ahead and remove Spybot from your machine with an effective removal tool
Geek Uninstaller

Please also remove this program, as it is useless.

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)

Now, after you run the Aswmbr tool, I would like you to run these three tools for me.



Zoek Scan


Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
autoclean;


Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.



Zemana Scan


Run a full scan with Zemana AntiMalware!
Install and select deep scan.


Remove any infections found.
Then click on the icon in the pic below.

Double click on the scan log, copy and paste here in your reply
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Click Here to Download Fixlist.txt
 

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
this is the only fix list text there seems to be
aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-09-20 23:04:07
-----------------------------
23:04:07.209 OS Version: Windows x64 6.1.7601 Service Pack 1
23:04:07.209 Number of processors: 2 586 0x605
23:04:07.210 ComputerName: RUSOBR2-PC UserName: rusobr2
23:04:09.423 Initialize success
23:04:09.674 VM: initialized successfully
23:04:09.676 VM: Intel CPU virtualization not supported
23:06:13.956 AVAST engine defs: 16091202
23:08:15.003 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:08:15.007 Disk 0 Vendor: WDC_WD2500AAKX-753CA1 17.01H17 Size: 238475MB BusType: 3
23:08:15.138 Disk 0 MBR read successfully
23:08:15.143 Disk 0 MBR scan
23:08:15.173 Disk 0 unknown MBR code
23:08:15.450 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 500 MB offset 2048
23:08:15.455 Disk 0 default boot code
23:08:15.491 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 9000 MB offset 1026048
23:08:15.507 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 228971 MB offset 19458048
23:08:15.552 Disk 0 scanning C:\windows\system32\drivers
23:08:23.838 Service scanning
23:08:43.175 Modules scanning
23:08:43.189 Disk 0 trace - called modules:
23:08:43.211 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
23:08:43.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800428e060]
23:08:43.224 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800401c680]
23:08:44.043 AVAST engine scan C:\windows
23:08:45.351 AVAST engine scan C:\windows\system32
23:11:26.553 AVAST engine scan C:\windows\system32\drivers
23:11:37.210 AVAST engine scan C:\Users\rusobr2
23:15:34.450 AVAST engine scan C:\ProgramData
23:15:48.080 Disk 0 statistics 3152873/0/0 @ 5.19 MB/s
23:15:48.090 Scan finished successfully
23:21:29.452 Disk 0 MBR has been saved successfully to "C:\Users\rusobr2\Downloads\MBR.dat"
23:21:29.458 The log file has been saved successfully to "C:\Users\rusobr2\Downloads\aswMBR.txt"
start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Hosts:
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9
Tcpip\..\Interfaces\{F63853C9-4098-42F4-ADE8-406C47CCC51F}: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-27] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-18] (McAfee, Inc.)
S2 424706e40d5a5f55369633986718ca4d; c:\program files\768045ce0ae8eb4426ad6062514a19b7\7bb70b6e96314a97879c4b2fe3c53913.exe [X]
c:\program files\768045ce0ae8eb4426ad6062514a19b7\7bb70b6e96314a97879c4b2fe3c53913.exe
c:\program files\768045ce0ae8eb4426ad6062514a19b7
R1 219c91ba2c1e0bc8a0cdb74f9227c597; system32\DRIVERS\219c91ba2c1e0bc8a0cdb74f9227c597.sys [X]
C:\Windows\System32\drivers\219c91ba2c1e0bc8a0cdb74f9227c597.sys
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
Task: {695CC8BF-7C35-4760-B577-C7930E2F8504} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-436883666-1139675966-1884149517-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E79D24D9-EF3C-4FAB-96D2-1E132CFCF8E4} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Task: {F772966F-99C1-4160-BADC-979584135DBE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-436883666-1139675966-1884149517-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
RemoveProxy:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
Yes, you need to save the fixlist to your desktop along with the FRST tool. Then right click FRST run as administrator, then click on the fix button.
 
  • Like
Reactions: jmarket

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
You are currently running FRST from your downloads folder.

Running from C:\Users\rusobr2\Downloads

Open downloads folder by hitting the start button, then type downloads. Click on the folder, then drag and drop the fixlist.txt and FRST onto your desktop. Then run the fix.
 
  • Like
Reactions: jmarket

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
it is running the "farbar scan then went to fix" but upper window says "not responding ... also the "360 came up with trojens and all .....
 

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
for some reason i can't get the file to desk top, and it is "read @ "notebook, but the "tool is on desk top which i ran, but it came up as "not responding
steve
Yes, you need to save the fixlist to your desktop along with the FRST tool. Then right click FRST run as administrator, then click on the fix button.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2016
Ran by rusobr2 (administrator) on RUSOBR2-PC (26-09-2016 15:07:17)
Running from C:\Users\rusobr2\Downloads
Loaded Profiles: rusobr2 (Available Profiles: rusobr2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
() C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(© 2015 Microsoft Corporation) C:\Users\rusobr2\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1889192 2016-09-14] (QIHU 360 SOFTWARE CO. LIMITED)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-436883666-1139675966-1884149517-1000\...\Run: [BingSvc] => C:\Users\rusobr2\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2014-08-04]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe (D-Link Corp.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9
Tcpip\..\Interfaces\{F63853C9-4098-42F4-ADE8-406C47CCC51F}: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9

Internet Explorer:
==================
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-09-14] (Qihu 360 Software Co., Ltd.)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-07-11] (Qihu 360 Software Co., Ltd.)

FireFox:
========
FF ProfilePath: C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957
FF Homepage: msn.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Extension: (American English Spelling Checker) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\extensions\[email protected] [2016-08-26]
FF Extension: (360 Internet Protection) - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-07-30]
FF Extension: (Firefox Hotfix) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\[email protected] [2016-08-30]
FF Extension: (YouTube™ Flash-HTML5) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\[email protected] [2016-07-30]
FF Extension: (translator) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\[email protected] [2016-06-08]
FF Extension: (Video DownloadHelper) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-09-26]
FF Extension: (Adblock Plus) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [926632 2016-09-14] (QIHU 360 SOFTWARE CO. LIMITED)
S3 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
S2 424706e40d5a5f55369633986718ca4d; c:\program files\768045ce0ae8eb4426ad6062514a19b7\7bb70b6e96314a97879c4b2fe3c53913.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-07-11] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2016-09-14] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2016-09-14] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-09-14] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-09-05] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [391392 2016-09-01] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [188864 2016-09-09] (360.cn)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation )
R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2016-09-22] (Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2016-09-22] (Zemana Ltd.)
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-26 15:05 - 2016-09-26 15:05 - 00000000 ____D C:\Users\rusobr2\Downloads\FRST-OlderVersion
2016-09-26 15:04 - 2016-09-26 15:04 - 00001906 _____ C:\Users\rusobr2\Desktop\FRST64 - Shortcut.lnk
2016-09-26 10:22 - 2016-09-26 10:22 - 06341128 _____ (SaveFrom.net ) C:\Users\rusobr2\Downloads\SFHelper-Setup(1).exe
2016-09-26 10:13 - 2016-09-26 10:13 - 00844760 _____ ( ) C:\Users\rusobr2\Downloads\SFHelper-Web-Installer-b8f8b9d038-[308].exe
2016-09-26 10:04 - 2016-09-26 10:04 - 45936050 _____ (DownloadHelper ) C:\Users\rusobr2\Downloads\ConvertHelperSetup-3.2.exe
2016-09-26 09:57 - 2016-09-26 09:58 - 00844760 _____ ( ) C:\Users\rusobr2\Downloads\SFHelper-Web-Installer-5ebe6f8827-[308].exe
2016-09-26 03:39 - 2016-09-26 03:40 - 00294496 _____ C:\windows\system32\FNTCACHE.DAT
2016-09-23 13:28 - 2016-09-26 03:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-23 12:13 - 2016-09-23 12:13 - 00002021 _____ C:\Users\rusobr2\Desktop\FRST - Shortcut.lnk
2016-09-23 11:54 - 2016-09-23 11:55 - 00002150 _____ C:\Users\rusobr2\Downloads\fixlist.txt
2016-09-22 21:37 - 2016-09-22 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-09-22 20:09 - 2016-08-05 08:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-09-22 20:09 - 2016-08-05 08:13 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-09-22 19:08 - 2016-09-22 19:08 - 05292304 _____ ( ) C:\Users\rusobr2\Downloads\Zemana.AntiMalware.Setup(6).exe
2016-09-22 19:08 - 2016-09-22 19:08 - 05292304 _____ ( ) C:\Users\rusobr2\Downloads\Zemana.AntiMalware.Setup(5).exe
2016-09-22 18:57 - 2016-09-26 15:06 - 00168971 _____ C:\windows\ZAM.krnl.trace
2016-09-22 18:57 - 2016-09-26 15:05 - 00022897 _____ C:\windows\ZAM_Guard.krnl.trace
2016-09-22 18:57 - 2016-09-22 21:37 - 00001150 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-09-22 18:57 - 2016-09-22 21:37 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-22 18:57 - 2016-09-22 18:57 - 00203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zamguard64.sys
2016-09-22 18:57 - 2016-09-22 18:57 - 00203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zam64.sys
2016-09-22 18:55 - 2016-09-22 18:55 - 00000000 ____D C:\Users\rusobr2\AppData\Local\Zemana
2016-09-22 18:54 - 2016-09-22 18:54 - 05292304 _____ ( ) C:\Users\rusobr2\Downloads\Zemana.AntiMalware.Setup.exe
2016-09-21 12:56 - 2016-09-21 12:56 - 00064024 _____ C:\Users\rusobr2\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-21 12:02 - 2016-09-21 12:02 - 12085005 _____ C:\Users\rusobr2\Downloads\Gymnastics Tutorial Vol 1(1).mp4
2016-09-21 12:01 - 2016-09-21 12:01 - 12085005 _____ C:\Users\rusobr2\Downloads\Gymnastics Tutorial Vol 1.mp4
2016-09-21 12:00 - 2016-09-21 12:00 - 13930961 _____ C:\Users\rusobr2\Downloads\Handstands and splits .mp4
2016-09-21 11:57 - 2016-09-21 11:57 - 10799682 _____ C:\Users\rusobr2\Downloads\The splits.mp4
2016-09-21 11:40 - 2016-09-21 11:40 - 04319634 _____ C:\Users\rusobr2\Downloads\How To Do A Frog Split _ Flexi Friday _ Piiink Gymnastics.mp4
2016-09-21 11:11 - 2016-09-21 11:11 - 26403878 _____ C:\Users\rusobr2\Downloads\Stretching and tumbling tutorial.mp4
2016-09-21 11:09 - 2016-09-21 11:10 - 13058083 _____ C:\Users\rusobr2\Downloads\My stretching routine.mp4
2016-09-21 10:22 - 2016-09-21 10:22 - 30402244 _____ C:\Users\rusobr2\Downloads\Splits warm up and my splits.mp4
2016-09-21 09:47 - 2016-09-21 09:47 - 04805041 _____ C:\Users\rusobr2\Downloads\20 сентября 2016 г.mp4
2016-09-21 07:05 - 2016-09-21 07:05 - 01955428 _____ C:\Users\rusobr2\Downloads\4 сентября 2016 г.mp4
2016-09-21 06:51 - 2016-09-21 06:51 - 06638321 _____ C:\Users\rusobr2\Downloads\7 сентября 2016 г(3).mp4
2016-09-21 06:47 - 2016-09-21 06:47 - 04482071 _____ C:\Users\rusobr2\Downloads\Даша грохнулась.mp4
2016-09-21 06:43 - 2016-09-21 06:43 - 05313504 _____ C:\Users\rusobr2\Downloads\7 сентября 2016 г.mp4
2016-09-21 00:18 - 2016-09-21 00:18 - 00001433 _____ C:\Users\rusobr2\Desktop\aswMBR - Shortcut.lnk
2016-09-20 23:36 - 2016-09-20 23:37 - 00000085 _____ C:\windows\wininit.ini
2016-09-20 23:36 - 2016-09-20 23:36 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2016-09-20 23:34 - 2016-09-20 23:39 - 00000000 ____D C:\Users\rusobr2\AppData\Roaming\Geek Uninstaller
2016-09-20 23:21 - 2016-09-20 23:21 - 00002174 _____ C:\Users\rusobr2\Downloads\aswMBR.txt
2016-09-20 23:21 - 2016-09-20 23:21 - 00000512 _____ C:\Users\rusobr2\Downloads\MBR.dat
2016-09-19 10:13 - 2016-09-19 10:13 - 09608270 _____ C:\Users\rusobr2\Downloads\Home gymnastic show_ backbends, splits, of course needle and turnover!.mp4
2016-09-19 09:53 - 2016-09-19 09:53 - 28420838 _____ C:\Users\rusobr2\Downloads\New Yoga_ Yoga challenge with girls friend = Desafio Yoga 117.mp4
2016-09-19 01:23 - 2016-09-19 01:23 - 46333830 _____ C:\Users\rusobr2\Downloads\Líná chodit do školy #1.mp4
2016-09-19 01:12 - 2016-09-19 01:12 - 27860219 _____ C:\Users\rusobr2\Downloads\Касмитечка.mp4
2016-09-19 01:04 - 2016-09-19 01:04 - 06170368 _____ C:\Users\rusobr2\Downloads\9 июля 2016 г.mp4
2016-09-19 00:55 - 2016-09-19 00:55 - 77232263 _____ C:\Users\rusobr2\Downloads\10 августа 2016 г.mp4
2016-09-19 00:52 - 2016-09-19 00:52 - 08383314 _____ C:\Users\rusobr2\Downloads\Растяжка на шпагат.mp4
2016-09-19 00:43 - 2016-09-19 00:43 - 36463389 _____ C:\Users\rusobr2\Downloads\МОЕ УТРО_MY MORNING.mp4
2016-09-19 00:33 - 2016-09-19 00:34 - 19430270 _____ C:\Users\rusobr2\Downloads\Схуднути.mp4
2016-09-19 00:32 - 2016-09-19 00:32 - 14602375 _____ C:\Users\rusobr2\Downloads\Гимнастика(3).mp4
2016-09-19 00:31 - 2016-09-19 00:31 - 20566473 _____ C:\Users\rusobr2\Downloads\Гимнастик.mp4
2016-09-19 00:29 - 2016-09-19 00:29 - 10237721 _____ C:\Users\rusobr2\Downloads\Гимнастика(2).mp4
2016-09-18 22:49 - 2016-09-18 22:49 - 15114228 _____ C:\Users\rusobr2\Downloads\Как сесть на шпагат Видео урок.mp4
2016-09-18 22:46 - 2016-09-18 22:46 - 34812812 _____ C:\Users\rusobr2\Downloads\Как я встаю на мостик и делаю бабочку.mp4
2016-09-18 22:44 - 2016-09-18 22:44 - 19250202 _____ C:\Users\rusobr2\Downloads\How to escape from the summer heat. gymnastics element. Как спастись от жары летом.mp4
2016-09-18 22:39 - 2016-09-18 22:39 - 44013441 _____ C:\Users\rusobr2\Downloads\challenge in the pool with my brother dois.desafio na piscina com meu irmão dois(1).mp4
2016-09-18 22:37 - 2016-09-18 22:37 - 44013441 _____ C:\Users\rusobr2\Downloads\challenge in the pool with my brother dois.desafio na piscina com meu irmão dois.mp4
2016-09-18 22:31 - 2016-09-18 22:31 - 38455354 _____ C:\Users\rusobr2\Downloads\Как вам видео(1).mp4
2016-09-18 22:23 - 2016-09-18 22:24 - 130289264 _____ C:\Users\rusobr2\Downloads\Yoga Challenge(5).mp4
2016-09-18 22:23 - 2016-09-18 22:23 - 82043109 _____ C:\Users\rusobr2\Downloads\My stretch_warm up routine.mp4
2016-09-18 13:58 - 2016-09-18 14:00 - 40991849 _____ C:\Users\rusobr2\Downloads\The sleepover Part 1.mp4
2016-09-14 11:05 - 2016-09-02 08:40 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-09-14 11:05 - 2016-09-02 08:35 - 05548264 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-09-14 11:05 - 2016-09-02 08:35 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-09-14 11:05 - 2016-09-02 08:35 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-09-14 11:05 - 2016-09-02 08:35 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-09-14 11:05 - 2016-09-02 08:34 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:21 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-09-14 11:05 - 2016-09-02 08:21 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-09-14 11:05 - 2016-09-02 08:18 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:02 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-09-14 11:05 - 2016-09-02 08:02 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-09-14 11:05 - 2016-09-02 08:02 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-09-14 11:05 - 2016-09-02 08:01 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-09-14 11:05 - 2016-09-02 07:58 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-09-14 11:05 - 2016-09-02 07:57 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-09-14 11:05 - 2016-09-02 07:55 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-09-14 11:05 - 2016-09-02 07:54 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-09-14 11:05 - 2016-09-02 07:54 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-09-14 11:05 - 2016-09-02 07:53 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-09-14 11:05 - 2016-09-02 07:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-09-14 11:05 - 2016-09-02 07:53 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-09-14 11:05 - 2016-09-02 07:49 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-09-14 11:05 - 2016-09-02 07:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-09-14 11:05 - 2016-09-02 07:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-09-14 11:05 - 2016-09-02 07:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-09-14 11:05 - 2016-09-02 07:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-09-14 11:05 - 2016-09-02 07:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 07:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 07:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 07:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-14 11:05 - 2016-08-16 10:36 - 01009152 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-09-14 11:05 - 2016-08-15 19:48 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-09-14 11:05 - 2016-08-15 19:35 - 03218432 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-09-14 11:05 - 2016-08-12 09:26 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-09-14 11:05 - 2016-08-12 09:26 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-09-14 11:05 - 2016-08-12 09:26 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-09-14 11:02 - 2016-08-06 08:31 - 00877056 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-09-14 11:02 - 2016-08-06 08:15 - 00581632 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-09-13 22:42 - 2016-09-13 22:42 - 111822069 _____ C:\Users\rusobr2\Downloads\Ломай меня полностью йога челлендж.mp4
2016-09-13 22:39 - 2016-09-13 22:39 - 45057002 _____ C:\Users\rusobr2\Downloads\Играим в хадилку.mp4
2016-09-13 22:30 - 2016-09-13 22:30 - 14174078 _____ C:\Users\rusobr2\Downloads\Учимся делать шпагат.mp4
2016-09-13 21:31 - 2016-09-13 21:31 - 38455354 _____ C:\Users\rusobr2\Downloads\Как вам видео.mp4
2016-09-11 01:12 - 2016-09-11 01:12 - 240842651 _____ C:\Users\rusobr2\Downloads\Я Гимнастка _ВанилькаЕП.mp4
2016-09-11 00:24 - 2016-09-11 00:24 - 52286436 _____ C:\Users\rusobr2\Downloads\Твистер.mp4
2016-09-10 23:59 - 2016-09-10 23:59 - 45254372 _____ C:\Users\rusobr2\Downloads\Твистер.mp4
2016-09-10 23:35 - 2016-09-10 23:35 - 40064630 _____ C:\Users\rusobr2\Downloads\Гимнастика(1).mp4
2016-09-10 23:33 - 2016-09-10 23:33 - 03526638 _____ C:\Users\rusobr2\Downloads\гимнастика мост.mp4
2016-09-10 23:08 - 2016-09-10 23:08 - 174767774 _____ C:\Users\rusobr2\Downloads\A type of yoga challenge.mp4
2016-09-10 23:00 - 2016-09-10 23:00 - 54406603 _____ C:\Users\rusobr2\Downloads\The Yoga Challenge - Yoga Challenge - Part 21.mp4
2016-09-10 22:49 - 2016-09-10 22:49 - 05025116 _____ C:\Users\rusobr2\Downloads\Gymnastics(2).mp4
2016-09-10 22:45 - 2016-09-10 22:45 - 50427499 _____ C:\Users\rusobr2\Downloads\Amy's gymnastic skills.mp4
2016-09-10 22:30 - 2016-09-10 22:31 - 89325604 _____ C:\Users\rusobr2\Downloads\SEMIOLOGIA PEDIATRICA 4 - A LOS SIETE AÑOS - 2056.mp4
2016-09-10 22:28 - 2016-09-10 22:28 - 19170597 _____ C:\Users\rusobr2\Downloads\Yoga challenge with Marina GYMNASTICS Desafio YOGA CHALLENGE (GMSC).mp4
2016-09-10 22:23 - 2016-09-10 22:23 - 136196269 _____ C:\Users\rusobr2\Downloads\Страшные явения.mp4
2016-09-10 22:13 - 2016-09-10 22:13 - 91748415 _____ C:\Users\rusobr2\Downloads\How to get your splits better and to the ground!.mp4
2016-09-10 11:33 - 2016-09-10 11:33 - 10682596 _____ C:\Users\rusobr2\Downloads\Gymnastics _ Backbend,easy tutorial.mp4
2016-09-10 11:14 - 2016-09-10 11:14 - 17128721 _____ C:\Users\rusobr2\Downloads\Gymnastics(1).mp4
2016-09-10 11:11 - 2016-09-10 11:11 - 202934887 _____ C:\Users\rusobr2\Downloads\Gymnastics fail.mp4
2016-09-10 10:57 - 2016-09-10 10:57 - 130289264 _____ C:\Users\rusobr2\Downloads\Yoga Challenge(1).mp4
2016-09-08 07:46 - 2016-09-08 07:48 - 531321141 _____ C:\Users\rusobr2\Downloads\stretching.mp4
2016-09-07 20:46 - 2016-09-07 20:46 - 35863061 _____ C:\Users\rusobr2\Downloads\Part 2 gymnastics.mp4
2016-09-07 12:13 - 2016-09-07 12:13 - 18587769 _____ C:\Users\rusobr2\Downloads\Splits stretching!.mp4
2016-09-07 11:31 - 2016-09-07 11:31 - 58095923 _____ C:\Users\rusobr2\Downloads\Разминка для ног.mp4
2016-09-07 09:43 - 2016-09-07 09:43 - 69716889 _____ C:\Users\rusobr2\Downloads\Yoga challenge girls kids #4.mp4
2016-09-07 09:37 - 2016-09-07 09:37 - 43101788 _____ C:\Users\rusobr2\Downloads\Yoga challenge word 2= Desafio Yoga word.mp4
2016-09-07 09:17 - 2016-09-07 09:17 - 18675477 _____ C:\Users\rusobr2\Downloads\Yoga Challenge Extra Wrestling!.mp4
2016-09-06 21:46 - 2016-09-26 15:07 - 00008675 _____ C:\Users\rusobr2\Downloads\FRST.txt
2016-09-06 21:46 - 2016-09-26 15:05 - 00000000 ____D C:\FRST
2016-09-06 21:45 - 2016-09-26 15:05 - 02403328 _____ (Farbar) C:\Users\rusobr2\Downloads\FRST64.exe
2016-09-06 21:37 - 2016-09-06 21:37 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-03 09:07 - 2016-09-03 09:08 - 30461490 _____ C:\Users\rusobr2\Downloads\Guide to do some gymnastics.mp4
2016-09-02 07:09 - 2016-09-02 07:09 - 138450435 _____ C:\Users\rusobr2\Downloads\BFF'S YOGA CHALLENGE ч.2.mp4
2016-09-02 06:41 - 2016-09-02 06:41 - 81445047 _____ C:\Users\rusobr2\Downloads\Йога челинж.mp4
2016-09-02 05:36 - 2016-09-02 05:37 - 317107316 _____ C:\Users\rusobr2\Downloads\BetaRiffs _ Day 4 _ SLEEPOVER.mp4
2016-09-01 14:20 - 2016-09-01 14:20 - 35688452 _____ C:\Users\rusobr2\Downloads\NOT MY LEGS CHALLENGE WITH TRYNDA BLOOPERS.mp4
2016-09-01 12:39 - 2016-09-01 12:40 - 103365220 _____ C:\Users\rusobr2\Downloads\2 girls yoga challenge.mp4
2016-09-01 11:03 - 2016-09-01 11:03 - 06683268 _____ C:\Users\rusobr2\Downloads\Как научиться делать переворот вперед.mp4
2016-09-01 10:44 - 2016-09-01 10:44 - 75395273 _____ C:\Users\rusobr2\Downloads\Doing gymnastics while doing daily tasks _EPIC FAIL.mp4
2016-09-01 09:27 - 2016-09-01 09:27 - 38333639 _____ C:\Users\rusobr2\Downloads\Ice _ yoga challenge.mp4
2016-09-01 09:22 - 2016-09-01 09:23 - 75980070 _____ C:\Users\rusobr2\Downloads\Ice bath challenge.mp4
2016-08-31 10:57 - 2016-08-31 10:57 - 79534852 _____ C:\Users\rusobr2\Downloads\Yoga Challenge pt1.mp4
2016-08-31 10:49 - 2016-08-31 10:49 - 81818813 _____ C:\Users\rusobr2\Downloads\Yoga Challenge pt2.mp4
2016-08-31 10:36 - 2016-08-31 10:36 - 65209880 _____ C:\Users\rusobr2\Downloads\Fun Yoga Challenge - Desafio da yoga 149.mp4
2016-08-31 10:24 - 2016-08-31 10:25 - 76388680 _____ C:\Users\rusobr2\Downloads\Fun Yoga Challenge - Desafio da yoga 145.mp4
2016-08-31 10:01 - 2016-08-31 10:02 - 139949912 _____ C:\Users\rusobr2\Downloads\Yoga Challenge Funny!.mp4
2016-08-31 09:06 - 2016-08-31 09:06 - 79297183 _____ C:\Users\rusobr2\Downloads\Yoga challenge .mp4
2016-08-31 08:50 - 2016-08-31 08:50 - 16898776 _____ C:\Users\rusobr2\Downloads\Gymnastics - Middle Split.mp4
2016-08-31 08:39 - 2016-08-31 08:39 - 07341877 _____ C:\Users\rusobr2\Downloads\Gymnastics - How to do the Middle Splits for Kids.mp4
2016-08-31 08:35 - 2016-08-31 08:35 - 12684431 _____ C:\Users\rusobr2\Downloads\Gymnastics - Splits Warm Up !.mp4
2016-08-31 08:28 - 2016-08-31 08:28 - 138981413 _____ C:\Users\rusobr2\Downloads\Bath challenge.mp4
2016-08-28 12:02 - 2016-08-28 12:02 - 08486016 _____ C:\Users\rusobr2\Downloads\моё утро 2.mp4
2016-08-28 11:53 - 2016-08-28 11:53 - 129671651 _____ C:\Users\rusobr2\Downloads\Best friend pool chllenge and funny moments.mp4
2016-08-28 11:41 - 2016-08-28 11:41 - 42856901 _____ C:\Users\rusobr2\Downloads\DESAFÍO ACEPTADO Yoga Desafio aceitado Yoga ВЫЗОВ ПРИНЯТ Йога .mp4
2016-08-28 10:37 - 2016-08-28 10:37 - 111448144 _____ C:\Users\rusobr2\Downloads\Splits part 1.mp4
2016-08-28 10:29 - 2016-08-28 10:29 - 167548596 _____ C:\Users\rusobr2\Downloads\Yoga Challenge 2 __ REBECCA HOFFMAN.mp4
2016-08-28 10:28 - 2016-08-28 10:28 - 18724991 _____ C:\Users\rusobr2\Downloads\Split skills.mp4
2016-08-27 11:33 - 2016-08-27 11:33 - 17713166 _____ C:\Users\rusobr2\Downloads\Как сесть на шпагат за 5 минут.mp4
2016-08-27 10:12 - 2016-08-27 10:12 - 40954820 _____ C:\Users\rusobr2\Downloads\Как научиться делать шпагат.mp4
2016-08-27 09:48 - 2016-08-27 09:48 - 31631713 _____ C:\Users\rusobr2\Downloads\Почувствовал слабинку.mp4
2016-08-27 09:38 - 2016-08-27 09:38 - 53330275 _____ C:\Users\rusobr2\Downloads\În pis.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-26 14:31 - 2015-09-15 15:16 - 00000000 ____D C:\Users\rusobr2\AppData\LocalLow\360WD
2016-09-26 14:16 - 2016-05-26 09:32 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-09-26 12:45 - 2015-09-27 10:57 - 00000000 ____D C:\Users\rusobr2\AppData\Roaming\vlc
2016-09-26 10:37 - 2009-07-13 21:45 - 00021888 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-26 10:37 - 2009-07-13 21:45 - 00021888 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-26 10:33 - 2009-07-13 22:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-09-26 10:33 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2016-09-26 10:29 - 2015-09-15 14:37 - 00000000 ____D C:\Users\rusobr2
2016-09-26 10:27 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-09-26 10:06 - 2016-03-25 12:14 - 00000000 ____D C:\Program Files\ConvertHelper3
2016-09-26 09:46 - 2015-12-02 02:43 - 00000000 ____D C:\Users\rusobr2\dwhelper
2016-09-26 03:39 - 2015-11-19 09:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-23 21:10 - 2015-09-27 10:37 - 00000000 __SHD C:\$360Section
2016-09-23 21:10 - 2015-09-15 15:18 - 00000000 ____D C:\ProgramData\360Quarant
2016-09-23 21:10 - 2015-09-15 15:17 - 00000000 ____D C:\Users\rusobr2\AppData\Roaming\360safe
2016-09-21 12:56 - 2015-09-15 15:16 - 00001151 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-09-21 12:56 - 2015-09-15 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-09-14 20:48 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2016-09-14 18:30 - 2015-12-14 23:06 - 00086248 _____ (360.cn) C:\windows\SysWOW64\Drivers\360AvFlt.sys
2016-09-14 18:30 - 2015-09-15 15:16 - 00330472 _____ (360.cn) C:\windows\system32\Drivers\360Box64.sys
2016-09-14 18:30 - 2015-09-15 15:16 - 00086248 _____ (360.cn) C:\windows\system32\Drivers\360AvFlt.sys
2016-09-14 11:11 - 2014-07-31 14:32 - 00000000 ____D C:\windows\system32\MRT
2016-09-14 11:06 - 2014-07-31 14:32 - 144199024 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-09-13 15:16 - 2016-05-26 09:32 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-09-13 15:16 - 2016-05-26 09:32 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-13 15:16 - 2016-05-26 09:32 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-09-13 15:16 - 2016-05-13 22:40 - 06502080 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2016-09-13 15:16 - 2014-08-04 09:59 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-09-13 15:16 - 2014-08-04 09:59 - 00000000 ____D C:\windows\system32\Macromed
2016-09-09 05:24 - 2015-09-15 15:16 - 00188864 _____ (360.cn) C:\windows\system32\Drivers\BAPIDRV64.SYS
2016-09-01 04:43 - 2015-09-15 15:16 - 00391392 _____ (360.cn) C:\windows\system32\Drivers\360fsflt.sys

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-25 08:36

==================== End of FRST.txt ============================
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
Lets get a look with another set of tools, we will try the FRST fix again later..... :)

Adware Cleaner Scan.



Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.



  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.
Adware Removal Tool Scan.



Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.









Hit Ok.







Hit next make sure to leave all items checked, for removal.









The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, thenOK again to finish up. Post log generated by tool.



ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.






2. Once you have started the program, you will need to click the scanner button.



The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.



At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.
 
Status
Not open for further replies.