Solved malware & eliminate help .....

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up
Status
Not open for further replies.

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
ok...... i have "fixlog at desk top
and i have "fixlist at desktop
also the tool is at desktop

steve
 
  • Like
Reactions: jmarket

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
i think its all complete
steve
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-09-2016
Ran by rusobr2 (administrator) on RUSOBR2-PC (26-09-2016 17:54:36)
Running from C:\Users\rusobr2\Downloads
Loaded Profiles: rusobr2 (Available Profiles: rusobr2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
() C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(© 2015 Microsoft Corporation) C:\Users\rusobr2\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(D-Link Corp.) C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\rusobr2\Downloads\adwcleaner_6.020(1).exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1889192 2016-09-14] (QIHU 360 SOFTWARE CO. LIMITED)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-436883666-1139675966-1884149517-1000\...\Run: [BingSvc] => C:\Users\rusobr2\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2014-08-04]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe (D-Link Corp.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9
Tcpip\..\Interfaces\{F63853C9-4098-42F4-ADE8-406C47CCC51F}: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9

Internet Explorer:
==================
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-09-14] (Qihu 360 Software Co., Ltd.)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-07-11] (Qihu 360 Software Co., Ltd.)

FireFox:
========
FF ProfilePath: C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957
FF Homepage: msn.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Extension: (American English Spelling Checker) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\extensions\[email protected] [2016-08-26]
FF Extension: (360 Internet Protection) - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-07-30]
FF Extension: (Firefox Hotfix) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\[email protected] [2016-08-30]
FF Extension: (YouTube™ Flash-HTML5) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\[email protected] [2016-07-30]
FF Extension: (translator) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\[email protected] [2016-06-08]
FF Extension: (Video DownloadHelper) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-09-26]
FF Extension: (Adblock Plus) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [926632 2016-09-14] (QIHU 360 SOFTWARE CO. LIMITED)
S3 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-07-11] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2016-09-14] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2016-09-14] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-09-14] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-09-05] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [391392 2016-09-01] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [188864 2016-09-09] (360.cn)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation )
R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2016-09-22] (Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2016-09-22] (Zemana Ltd.)
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-26 17:48 - 2016-09-26 17:48 - 03861056 _____ C:\Users\rusobr2\Downloads\adwcleaner_6.020(2).exe
2016-09-26 17:47 - 2016-09-26 17:47 - 03861056 _____ C:\Users\rusobr2\Downloads\adwcleaner_6.020(1).exe
2016-09-26 17:24 - 2016-09-26 17:20 - 00002846 _____ C:\Users\rusobr2\Documents\How To Do A Frog Split _ Flexi Friday _ Piiink Gymnastics - Shortcut.lnk
2016-09-26 17:24 - 2016-09-26 17:20 - 00002411 _____ C:\Users\rusobr2\Documents\Splits warm up and my splits - Shortcut.lnk
2016-09-26 17:21 - 2016-09-26 17:20 - 00002786 _____ C:\Users\rusobr2\Documents\Gimnasia - Rápidamente y Fácilmente Divisiones ! _ HD - Shortcut.lnk
2016-09-26 17:21 - 2016-09-26 17:20 - 00002411 _____ C:\Users\rusobr2\Documents\Gymnastics Tutorial Vol 1(1) - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00003236 _____ C:\Users\rusobr2\Desktop\challenge in the pool with my brother dois.desafio na piscina com meu irmão dois(1) - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00003221 _____ C:\Users\rusobr2\Desktop\DESAFÍO ACEPTADO Yoga Desafio aceitado Yoga ВЫЗОВ ПРИНЯТ Йога - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00003191 _____ C:\Users\rusobr2\Desktop\challenge in the pool with my brother dois.desafio na piscina com meu irmão dois - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002936 _____ C:\Users\rusobr2\Desktop\MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002756 _____ C:\Users\rusobr2\Desktop\Doing gymnastics while doing daily tasks _EPIC FAIL - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002726 _____ C:\Users\rusobr2\Desktop\Desafio da piscina na yoga challenge at the beach - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002636 _____ C:\Users\rusobr2\Desktop\Best friend pool chllenge and funny moments - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002591 _____ C:\Users\rusobr2\Desktop\Fun Yoga Challenge - Desafio da yoga 149 - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002591 _____ C:\Users\rusobr2\Desktop\Fun Yoga Challenge - Desafio da yoga 145 - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002576 _____ C:\Users\rusobr2\Desktop\Best friend challenge w_ Abigail Troute - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002546 _____ C:\Users\rusobr2\Desktop\Bianca se descuida - FAZENDA DE VERÃO - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002541 _____ C:\Users\rusobr2\Desktop\Exercises for your splits - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002531 _____ C:\Users\rusobr2\Desktop\Cómo hacer tu propia habitación _ HD - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002473 _____ C:\Users\rusobr2\Desktop\BFF'S YOGA CHALLENGE ч.2 - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002441 _____ C:\Users\rusobr2\Desktop\COMO icebucket challenge! _ HD - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002426 _____ C:\Users\rusobr2\Desktop\BetaRiffs _ Day 4 _ SLEEPOVER - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002401 _____ C:\Users\rusobr2\Desktop\SFHelper-Web-Installer-b8f8b9d038-[308] - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002396 _____ C:\Users\rusobr2\Desktop\Desafio o que tem no meu pé - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002351 _____ C:\Users\rusobr2\Desktop\English Pediatric Female - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002321 _____ C:\Users\rusobr2\Desktop\Amy's gymnastic skills - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002291 _____ C:\Users\rusobr2\Desktop\Fun Yoga Challenge 8 - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002261 _____ C:\Users\rusobr2\Desktop\desafio da piscina - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002221 _____ C:\Users\rusobr2\Desktop\flashplayer22_jd_install(2) - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002221 _____ C:\Users\rusobr2\Desktop\flashplayer22_jd_install(1) - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002216 _____ C:\Users\rusobr2\Desktop\cup song update - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002216 _____ C:\Users\rusobr2\Desktop\Brigas de irmas - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002216 _____ C:\Users\rusobr2\Desktop\Bloopers lol xx - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002201 _____ C:\Users\rusobr2\Desktop\cooler Knaller - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002201 _____ C:\Users\rusobr2\Desktop\Bath challenge - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002161 _____ C:\Users\rusobr2\Desktop\Firefox Setup Stub 41.0 - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002146 _____ C:\Users\rusobr2\Desktop\readerdc_en_ha_install - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002146 _____ C:\Users\rusobr2\Desktop\GoogleEarthPluginSetup - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002146 _____ C:\Users\rusobr2\Desktop\ConvertHelperSetup-3.2 - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002081 _____ C:\Users\rusobr2\Desktop\arlena - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002066 _____ C:\Users\rusobr2\Desktop\my pictures - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002066 _____ C:\Users\rusobr2\Desktop\fixlist - Shortcut (2).lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002056 _____ C:\Users\rusobr2\Desktop\GoogleEarthSetup - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002055 _____ C:\Users\rusobr2\Desktop\Fixlog - Shortcut (2).lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002055 _____ C:\Users\rusobr2\Desktop\aswMBR - Shortcut (2).lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002021 _____ C:\Users\rusobr2\Desktop\FRST - Shortcut (2).lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00001981 _____ C:\Users\rusobr2\Desktop\MSNHomepage - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00001981 _____ C:\Users\rusobr2\Desktop\DefaultPack - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00001906 _____ C:\Users\rusobr2\Desktop\FRST64 - Shortcut (2).lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00001884 _____ C:\Users\rusobr2\Desktop\firefox-setup-win64bit.exe.0ham0ha - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00001483 _____ C:\Users\rusobr2\Desktop\MBR.dat - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002842 _____ C:\Users\rusobr2\Desktop\MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos_files - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002221 _____ C:\Users\rusobr2\Desktop\Zemana.AntiMalware.Setup(6) - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002221 _____ C:\Users\rusobr2\Desktop\Zemana.AntiMalware.Setup(5) - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002176 _____ C:\Users\rusobr2\Desktop\Zemana.AntiMalware.Setup - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002089 _____ C:\Users\rusobr2\Desktop\Warrant List - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002085 _____ C:\Users\rusobr2\Desktop\Addition - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002056 _____ C:\Users\rusobr2\Desktop\adwcleaner_6.020 - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002041 _____ C:\Users\rusobr2\Desktop\win7_64_1512754 - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00001981 _____ C:\Users\rusobr2\Desktop\360TS_Setup - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00001972 _____ C:\Users\rusobr2\Desktop\FRST-OlderVersion - Shortcut.lnk
2016-09-26 17:12 - 2016-09-26 17:43 - 00000000 ____D C:\AdwCleaner
2016-09-26 17:11 - 2016-09-26 17:12 - 03861056 _____ C:\Users\rusobr2\Downloads\adwcleaner_6.020.exe
2016-09-26 15:29 - 2016-09-26 15:29 - 00002055 _____ C:\Users\rusobr2\Desktop\Fixlog - Shortcut.lnk
2016-09-26 15:28 - 2016-09-26 15:28 - 00002066 _____ C:\Users\rusobr2\Desktop\fixlist - Shortcut.lnk
2016-09-26 15:09 - 2016-09-26 15:11 - 00006299 _____ C:\Users\rusobr2\Downloads\Fixlog.txt
2016-09-26 15:08 - 2016-09-26 15:08 - 00020734 _____ C:\Users\rusobr2\Downloads\Addition.txt
2016-09-26 15:05 - 2016-09-26 15:05 - 00000000 ____D C:\Users\rusobr2\Downloads\FRST-OlderVersion
2016-09-26 15:04 - 2016-09-26 15:04 - 00001906 _____ C:\Users\rusobr2\Desktop\FRST64 - Shortcut.lnk
2016-09-26 10:22 - 2016-09-26 10:22 - 06341128 _____ (SaveFrom.net ) C:\Users\rusobr2\Downloads\SFHelper-Setup(1).exe
2016-09-26 10:13 - 2016-09-26 10:13 - 00844760 _____ ( ) C:\Users\rusobr2\Downloads\SFHelper-Web-Installer-b8f8b9d038-[308].exe
2016-09-26 10:04 - 2016-09-26 10:04 - 45936050 _____ (DownloadHelper ) C:\Users\rusobr2\Downloads\ConvertHelperSetup-3.2.exe
2016-09-26 09:57 - 2016-09-26 09:58 - 00844760 _____ ( ) C:\Users\rusobr2\Downloads\SFHelper-Web-Installer-5ebe6f8827-[308].exe
2016-09-26 03:39 - 2016-09-26 03:40 - 00294496 _____ C:\windows\system32\FNTCACHE.DAT
2016-09-23 13:28 - 2016-09-26 03:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-23 12:13 - 2016-09-23 12:13 - 00002021 _____ C:\Users\rusobr2\Desktop\FRST - Shortcut.lnk
2016-09-23 11:54 - 2016-09-23 11:55 - 00002150 _____ C:\Users\rusobr2\Downloads\fixlist.txt
2016-09-22 21:37 - 2016-09-22 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-09-22 20:09 - 2016-08-05 08:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-09-22 20:09 - 2016-08-05 08:13 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-09-22 19:08 - 2016-09-22 19:08 - 05292304 _____ ( ) C:\Users\rusobr2\Downloads\Zemana.AntiMalware.Setup(6).exe
2016-09-22 19:08 - 2016-09-22 19:08 - 05292304 _____ ( ) C:\Users\rusobr2\Downloads\Zemana.AntiMalware.Setup(5).exe
2016-09-22 18:57 - 2016-09-26 17:53 - 00073797 _____ C:\windows\ZAM.krnl.trace
2016-09-22 18:57 - 2016-09-26 17:53 - 00012628 _____ C:\windows\ZAM_Guard.krnl.trace
2016-09-22 18:57 - 2016-09-22 21:37 - 00001150 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-09-22 18:57 - 2016-09-22 21:37 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-22 18:57 - 2016-09-22 18:57 - 00203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zamguard64.sys
2016-09-22 18:57 - 2016-09-22 18:57 - 00203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zam64.sys
2016-09-22 18:55 - 2016-09-22 18:55 - 00000000 ____D C:\Users\rusobr2\AppData\Local\Zemana
2016-09-22 18:54 - 2016-09-22 18:54 - 05292304 _____ ( ) C:\Users\rusobr2\Downloads\Zemana.AntiMalware.Setup.exe
2016-09-21 12:56 - 2016-09-21 12:56 - 00064024 _____ C:\Users\rusobr2\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-21 12:02 - 2016-09-21 12:02 - 12085005 _____ C:\Users\rusobr2\Downloads\Gymnastics Tutorial Vol 1(1).mp4
2016-09-21 12:01 - 2016-09-21 12:01 - 12085005 _____ C:\Users\rusobr2\Downloads\Gymnastics Tutorial Vol 1.mp4
2016-09-21 12:00 - 2016-09-21 12:00 - 13930961 _____ C:\Users\rusobr2\Downloads\Handstands and splits .mp4
2016-09-21 11:57 - 2016-09-21 11:57 - 10799682 _____ C:\Users\rusobr2\Downloads\The splits.mp4
2016-09-21 11:40 - 2016-09-21 11:40 - 04319634 _____ C:\Users\rusobr2\Downloads\How To Do A Frog Split _ Flexi Friday _ Piiink Gymnastics.mp4
2016-09-21 11:11 - 2016-09-21 11:11 - 26403878 _____ C:\Users\rusobr2\Downloads\Stretching and tumbling tutorial.mp4
2016-09-21 11:09 - 2016-09-21 11:10 - 13058083 _____ C:\Users\rusobr2\Downloads\My stretching routine.mp4
2016-09-21 10:22 - 2016-09-21 10:22 - 30402244 _____ C:\Users\rusobr2\Downloads\Splits warm up and my splits.mp4
2016-09-21 09:47 - 2016-09-21 09:47 - 04805041 _____ C:\Users\rusobr2\Downloads\20 сентября 2016 г.mp4
2016-09-21 07:05 - 2016-09-21 07:05 - 01955428 _____ C:\Users\rusobr2\Downloads\4 сентября 2016 г.mp4
2016-09-21 06:51 - 2016-09-21 06:51 - 06638321 _____ C:\Users\rusobr2\Downloads\7 сентября 2016 г(3).mp4
2016-09-21 06:47 - 2016-09-21 06:47 - 04482071 _____ C:\Users\rusobr2\Downloads\Даша грохнулась.mp4
2016-09-21 06:43 - 2016-09-21 06:43 - 05313504 _____ C:\Users\rusobr2\Downloads\7 сентября 2016 г.mp4
2016-09-21 00:18 - 2016-09-21 00:18 - 00001433 _____ C:\Users\rusobr2\Desktop\aswMBR - Shortcut.lnk
2016-09-20 23:36 - 2016-09-20 23:37 - 00000085 _____ C:\windows\wininit.ini
2016-09-20 23:36 - 2016-09-20 23:36 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2016-09-20 23:34 - 2016-09-20 23:39 - 00000000 ____D C:\Users\rusobr2\AppData\Roaming\Geek Uninstaller
2016-09-20 23:21 - 2016-09-20 23:21 - 00002174 _____ C:\Users\rusobr2\Downloads\aswMBR.txt
2016-09-20 23:21 - 2016-09-20 23:21 - 00000512 _____ C:\Users\rusobr2\Downloads\MBR.dat
2016-09-19 10:13 - 2016-09-19 10:13 - 09608270 _____ C:\Users\rusobr2\Downloads\Home gymnastic show_ backbends, splits, of course needle and turnover!.mp4
2016-09-19 09:53 - 2016-09-19 09:53 - 28420838 _____ C:\Users\rusobr2\Downloads\New Yoga_ Yoga challenge with girls friend = Desafio Yoga 117.mp4
2016-09-19 01:23 - 2016-09-19 01:23 - 46333830 _____ C:\Users\rusobr2\Downloads\Líná chodit do školy #1.mp4
2016-09-19 01:12 - 2016-09-19 01:12 - 27860219 _____ C:\Users\rusobr2\Downloads\Касмитечка.mp4
2016-09-19 01:04 - 2016-09-19 01:04 - 06170368 _____ C:\Users\rusobr2\Downloads\9 июля 2016 г.mp4
2016-09-19 00:55 - 2016-09-19 00:55 - 77232263 _____ C:\Users\rusobr2\Downloads\10 августа 2016 г.mp4
2016-09-19 00:52 - 2016-09-19 00:52 - 08383314 _____ C:\Users\rusobr2\Downloads\Растяжка на шпагат.mp4
2016-09-19 00:43 - 2016-09-19 00:43 - 36463389 _____ C:\Users\rusobr2\Downloads\МОЕ УТРО_MY MORNING.mp4
2016-09-19 00:33 - 2016-09-19 00:34 - 19430270 _____ C:\Users\rusobr2\Downloads\Схуднути.mp4
2016-09-19 00:32 - 2016-09-19 00:32 - 14602375 _____ C:\Users\rusobr2\Downloads\Гимнастика(3).mp4
2016-09-19 00:31 - 2016-09-19 00:31 - 20566473 _____ C:\Users\rusobr2\Downloads\Гимнастик.mp4
2016-09-19 00:29 - 2016-09-19 00:29 - 10237721 _____ C:\Users\rusobr2\Downloads\Гимнастика(2).mp4
2016-09-18 22:49 - 2016-09-18 22:49 - 15114228 _____ C:\Users\rusobr2\Downloads\Как сесть на шпагат Видео урок.mp4
2016-09-18 22:46 - 2016-09-18 22:46 - 34812812 _____ C:\Users\rusobr2\Downloads\Как я встаю на мостик и делаю бабочку.mp4
2016-09-18 22:44 - 2016-09-18 22:44 - 19250202 _____ C:\Users\rusobr2\Downloads\How to escape from the summer heat. gymnastics element. Как спастись от жары летом.mp4
2016-09-18 22:39 - 2016-09-18 22:39 - 44013441 _____ C:\Users\rusobr2\Downloads\challenge in the pool with my brother dois.desafio na piscina com meu irmão dois(1).mp4
2016-09-18 22:37 - 2016-09-18 22:37 - 44013441 _____ C:\Users\rusobr2\Downloads\challenge in the pool with my brother dois.desafio na piscina com meu irmão dois.mp4
2016-09-18 22:31 - 2016-09-18 22:31 - 38455354 _____ C:\Users\rusobr2\Downloads\Как вам видео(1).mp4
2016-09-18 22:23 - 2016-09-18 22:24 - 130289264 _____ C:\Users\rusobr2\Downloads\Yoga Challenge(5).mp4
2016-09-18 22:23 - 2016-09-18 22:23 - 82043109 _____ C:\Users\rusobr2\Downloads\My stretch_warm up routine.mp4
2016-09-18 13:58 - 2016-09-18 14:00 - 40991849 _____ C:\Users\rusobr2\Downloads\The sleepover Part 1.mp4
2016-09-14 11:05 - 2016-09-02 08:40 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-09-14 11:05 - 2016-09-02 08:35 - 05548264 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-09-14 11:05 - 2016-09-02 08:35 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-09-14 11:05 - 2016-09-02 08:35 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-09-14 11:05 - 2016-09-02 08:35 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-09-14 11:05 - 2016-09-02 08:34 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:21 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-09-14 11:05 - 2016-09-02 08:21 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-09-14 11:05 - 2016-09-02 08:18 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:02 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-09-14 11:05 - 2016-09-02 08:02 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-09-14 11:05 - 2016-09-02 08:02 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-09-14 11:05 - 2016-09-02 08:01 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-09-14 11:05 - 2016-09-02 07:58 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-09-14 11:05 - 2016-09-02 07:57 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-09-14 11:05 - 2016-09-02 07:55 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-09-14 11:05 - 2016-09-02 07:54 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-09-14 11:05 - 2016-09-02 07:54 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-09-14 11:05 - 2016-09-02 07:53 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-09-14 11:05 - 2016-09-02 07:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-09-14 11:05 - 2016-09-02 07:53 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-09-14 11:05 - 2016-09-02 07:49 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-09-14 11:05 - 2016-09-02 07:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-09-14 11:05 - 2016-09-02 07:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-09-14 11:05 - 2016-09-02 07:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-09-14 11:05 - 2016-09-02 07:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-09-14 11:05 - 2016-09-02 07:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 07:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 07:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 07:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-14 11:05 - 2016-08-16 10:36 - 01009152 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-09-14 11:05 - 2016-08-15 19:48 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-09-14 11:05 - 2016-08-15 19:35 - 03218432 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-09-14 11:05 - 2016-08-12 09:26 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-09-14 11:05 - 2016-08-12 09:26 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-09-14 11:05 - 2016-08-12 09:26 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-09-14 11:02 - 2016-08-06 08:31 - 00877056 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-09-14 11:02 - 2016-08-06 08:15 - 00581632 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-09-13 22:42 - 2016-09-13 22:42 - 111822069 _____ C:\Users\rusobr2\Downloads\Ломай меня полностью йога челлендж.mp4
2016-09-13 22:39 - 2016-09-13 22:39 - 45057002 _____ C:\Users\rusobr2\Downloads\Играим в хадилку.mp4
2016-09-13 22:30 - 2016-09-13 22:30 - 14174078 _____ C:\Users\rusobr2\Downloads\Учимся делать шпагат.mp4
2016-09-13 21:31 - 2016-09-13 21:31 - 38455354 _____ C:\Users\rusobr2\Downloads\Как вам видео.mp4
2016-09-11 01:12 - 2016-09-11 01:12 - 240842651 _____ C:\Users\rusobr2\Downloads\Я Гимнастка _ВанилькаЕП.mp4
2016-09-11 00:24 - 2016-09-11 00:24 - 52286436 _____ C:\Users\rusobr2\Downloads\Твистер.mp4
2016-09-10 23:59 - 2016-09-10 23:59 - 45254372 _____ C:\Users\rusobr2\Downloads\Твистер.mp4
2016-09-10 23:35 - 2016-09-10 23:35 - 40064630 _____ C:\Users\rusobr2\Downloads\Гимнастика(1).mp4
2016-09-10 23:33 - 2016-09-10 23:33 - 03526638 _____ C:\Users\rusobr2\Downloads\гимнастика мост.mp4
2016-09-10 23:08 - 2016-09-10 23:08 - 174767774 _____ C:\Users\rusobr2\Downloads\A type of yoga challenge.mp4
2016-09-10 23:00 - 2016-09-10 23:00 - 54406603 _____ C:\Users\rusobr2\Downloads\The Yoga Challenge - Yoga Challenge - Part 21.mp4
2016-09-10 22:49 - 2016-09-10 22:49 - 05025116 _____ C:\Users\rusobr2\Downloads\Gymnastics(2).mp4
2016-09-10 22:45 - 2016-09-10 22:45 - 50427499 _____ C:\Users\rusobr2\Downloads\Amy's gymnastic skills.mp4
2016-09-10 22:30 - 2016-09-10 22:31 - 89325604 _____ C:\Users\rusobr2\Downloads\SEMIOLOGIA PEDIATRICA 4 - A LOS SIETE AÑOS - 2056.mp4
2016-09-10 22:28 - 2016-09-10 22:28 - 19170597 _____ C:\Users\rusobr2\Downloads\Yoga challenge with Marina GYMNASTICS Desafio YOGA CHALLENGE (GMSC).mp4
2016-09-10 22:23 - 2016-09-10 22:23 - 136196269 _____ C:\Users\rusobr2\Downloads\Страшные явения.mp4
2016-09-10 22:13 - 2016-09-10 22:13 - 91748415 _____ C:\Users\rusobr2\Downloads\How to get your splits better and to the ground!.mp4
2016-09-10 11:33 - 2016-09-10 11:33 - 10682596 _____ C:\Users\rusobr2\Downloads\Gymnastics _ Backbend,easy tutorial.mp4
2016-09-10 11:14 - 2016-09-10 11:14 - 17128721 _____ C:\Users\rusobr2\Downloads\Gymnastics(1).mp4
2016-09-10 11:11 - 2016-09-10 11:11 - 202934887 _____ C:\Users\rusobr2\Downloads\Gymnastics fail.mp4
2016-09-10 10:57 - 2016-09-10 10:57 - 130289264 _____ C:\Users\rusobr2\Downloads\Yoga Challenge(1).mp4
2016-09-08 07:46 - 2016-09-08 07:48 - 531321141 _____ C:\Users\rusobr2\Downloads\stretching.mp4
2016-09-07 20:46 - 2016-09-07 20:46 - 35863061 _____ C:\Users\rusobr2\Downloads\Part 2 gymnastics.mp4
2016-09-07 12:13 - 2016-09-07 12:13 - 18587769 _____ C:\Users\rusobr2\Downloads\Splits stretching!.mp4
2016-09-07 11:31 - 2016-09-07 11:31 - 58095923 _____ C:\Users\rusobr2\Downloads\Разминка для ног.mp4
2016-09-07 09:43 - 2016-09-07 09:43 - 69716889 _____ C:\Users\rusobr2\Downloads\Yoga challenge girls kids #4.mp4
2016-09-07 09:37 - 2016-09-07 09:37 - 43101788 _____ C:\Users\rusobr2\Downloads\Yoga challenge word 2= Desafio Yoga word.mp4
2016-09-07 09:17 - 2016-09-07 09:17 - 18675477 _____ C:\Users\rusobr2\Downloads\Yoga Challenge Extra Wrestling!.mp4
2016-09-06 21:46 - 2016-09-26 17:54 - 00008175 _____ C:\Users\rusobr2\Downloads\FRST.txt
2016-09-06 21:46 - 2016-09-26 17:53 - 00000000 ____D C:\FRST
2016-09-06 21:45 - 2016-09-26 15:05 - 02403328 _____ (Farbar) C:\Users\rusobr2\Downloads\FRST64.exe
2016-09-06 21:37 - 2016-09-06 21:37 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-03 09:07 - 2016-09-03 09:08 - 30461490 _____ C:\Users\rusobr2\Downloads\Guide to do some gymnastics.mp4
2016-09-02 07:09 - 2016-09-02 07:09 - 138450435 _____ C:\Users\rusobr2\Downloads\BFF'S YOGA CHALLENGE ч.2.mp4
2016-09-02 06:41 - 2016-09-02 06:41 - 81445047 _____ C:\Users\rusobr2\Downloads\Йога челинж.mp4
2016-09-02 05:36 - 2016-09-02 05:37 - 317107316 _____ C:\Users\rusobr2\Downloads\BetaRiffs _ Day 4 _ SLEEPOVER.mp4
2016-09-01 14:20 - 2016-09-01 14:20 - 35688452 _____ C:\Users\rusobr2\Downloads\NOT MY LEGS CHALLENGE WITH TRYNDA BLOOPERS.mp4
2016-09-01 12:39 - 2016-09-01 12:40 - 103365220 _____ C:\Users\rusobr2\Downloads\2 girls yoga challenge.mp4
2016-09-01 11:03 - 2016-09-01 11:03 - 06683268 _____ C:\Users\rusobr2\Downloads\Как научиться делать переворот вперед.mp4
2016-09-01 10:44 - 2016-09-01 10:44 - 75395273 _____ C:\Users\rusobr2\Downloads\Doing gymnastics while doing daily tasks _EPIC FAIL.mp4
2016-09-01 09:27 - 2016-09-01 09:27 - 38333639 _____ C:\Users\rusobr2\Downloads\Ice _ yoga challenge.mp4
2016-09-01 09:22 - 2016-09-01 09:23 - 75980070 _____ C:\Users\rusobr2\Downloads\Ice bath challenge.mp4
2016-08-31 10:57 - 2016-08-31 10:57 - 79534852 _____ C:\Users\rusobr2\Downloads\Yoga Challenge pt1.mp4
2016-08-31 10:49 - 2016-08-31 10:49 - 81818813 _____ C:\Users\rusobr2\Downloads\Yoga Challenge pt2.mp4
2016-08-31 10:36 - 2016-08-31 10:36 - 65209880 _____ C:\Users\rusobr2\Downloads\Fun Yoga Challenge - Desafio da yoga 149.mp4
2016-08-31 10:24 - 2016-08-31 10:25 - 76388680 _____ C:\Users\rusobr2\Downloads\Fun Yoga Challenge - Desafio da yoga 145.mp4
2016-08-31 10:01 - 2016-08-31 10:02 - 139949912 _____ C:\Users\rusobr2\Downloads\Yoga Challenge Funny!.mp4
2016-08-31 09:06 - 2016-08-31 09:06 - 79297183 _____ C:\Users\rusobr2\Downloads\Yoga challenge .mp4
2016-08-31 08:50 - 2016-08-31 08:50 - 16898776 _____ C:\Users\rusobr2\Downloads\Gymnastics - Middle Split.mp4
2016-08-31 08:39 - 2016-08-31 08:39 - 07341877 _____ C:\Users\rusobr2\Downloads\Gymnastics - How to do the Middle Splits for Kids.mp4
2016-08-31 08:35 - 2016-08-31 08:35 - 12684431 _____ C:\Users\rusobr2\Downloads\Gymnastics - Splits Warm Up !.mp4
2016-08-31 08:28 - 2016-08-31 08:28 - 138981413 _____ C:\Users\rusobr2\Downloads\Bath challenge.mp4
2016-08-28 12:02 - 2016-08-28 12:02 - 08486016 _____ C:\Users\rusobr2\Downloads\моё утро 2.mp4
2016-08-28 11:53 - 2016-08-28 11:53 - 129671651 _____ C:\Users\rusobr2\Downloads\Best friend pool chllenge and funny moments.mp4
2016-08-28 11:41 - 2016-08-28 11:41 - 42856901 _____ C:\Users\rusobr2\Downloads\DESAFÍO ACEPTADO Yoga Desafio aceitado Yoga ВЫЗОВ ПРИНЯТ Йога .mp4
2016-08-28 10:37 - 2016-08-28 10:37 - 111448144 _____ C:\Users\rusobr2\Downloads\Splits part 1.mp4
2016-08-28 10:29 - 2016-08-28 10:29 - 167548596 _____ C:\Users\rusobr2\Downloads\Yoga Challenge 2 __ REBECCA HOFFMAN.mp4
2016-08-28 10:28 - 2016-08-28 10:28 - 18724991 _____ C:\Users\rusobr2\Downloads\Split skills.mp4
2016-08-27 11:33 - 2016-08-27 11:33 - 17713166 _____ C:\Users\rusobr2\Downloads\Как сесть на шпагат за 5 минут.mp4
2016-08-27 10:12 - 2016-08-27 10:12 - 40954820 _____ C:\Users\rusobr2\Downloads\Как научиться делать шпагат.mp4
2016-08-27 09:48 - 2016-08-27 09:48 - 31631713 _____ C:\Users\rusobr2\Downloads\Почувствовал слабинку.mp4
2016-08-27 09:38 - 2016-08-27 09:38 - 53330275 _____ C:\Users\rusobr2\Downloads\În pis.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-26 17:52 - 2015-09-27 10:57 - 00000000 ____D C:\Users\rusobr2\AppData\Roaming\vlc
2016-09-26 17:51 - 2015-09-15 15:16 - 00000000 ____D C:\Users\rusobr2\AppData\LocalLow\360WD
2016-09-26 17:51 - 2009-07-13 22:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-09-26 17:51 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2016-09-26 17:46 - 2015-09-15 14:37 - 00000000 ____D C:\Users\rusobr2
2016-09-26 17:45 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-09-26 17:16 - 2016-05-26 09:32 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-09-26 10:37 - 2009-07-13 21:45 - 00021888 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-26 10:37 - 2009-07-13 21:45 - 00021888 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-26 10:06 - 2016-03-25 12:14 - 00000000 ____D C:\Program Files\ConvertHelper3
2016-09-26 09:46 - 2015-12-02 02:43 - 00000000 ____D C:\Users\rusobr2\dwhelper
2016-09-26 03:39 - 2015-11-19 09:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-23 21:10 - 2015-09-27 10:37 - 00000000 __SHD C:\$360Section
2016-09-23 21:10 - 2015-09-15 15:18 - 00000000 ____D C:\ProgramData\360Quarant
2016-09-23 21:10 - 2015-09-15 15:17 - 00000000 ____D C:\Users\rusobr2\AppData\Roaming\360safe
2016-09-21 12:56 - 2015-09-15 15:16 - 00001151 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-09-21 12:56 - 2015-09-15 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-09-14 20:48 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2016-09-14 18:30 - 2015-12-14 23:06 - 00086248 _____ (360.cn) C:\windows\SysWOW64\Drivers\360AvFlt.sys
2016-09-14 18:30 - 2015-09-15 15:16 - 00330472 _____ (360.cn) C:\windows\system32\Drivers\360Box64.sys
2016-09-14 18:30 - 2015-09-15 15:16 - 00086248 _____ (360.cn) C:\windows\system32\Drivers\360AvFlt.sys
2016-09-14 11:11 - 2014-07-31 14:32 - 00000000 ____D C:\windows\system32\MRT
2016-09-14 11:06 - 2014-07-31 14:32 - 144199024 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-09-13 15:16 - 2016-05-26 09:32 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-09-13 15:16 - 2016-05-26 09:32 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-13 15:16 - 2016-05-26 09:32 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-09-13 15:16 - 2016-05-13 22:40 - 06502080 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2016-09-13 15:16 - 2014-08-04 09:59 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-09-13 15:16 - 2014-08-04 09:59 - 00000000 ____D C:\windows\system32\Macromed
2016-09-09 05:24 - 2015-09-15 15:16 - 00188864 _____ (360.cn) C:\windows\system32\Drivers\BAPIDRV64.SYS
2016-09-01 04:43 - 2015-09-15 15:16 - 00391392 _____ (360.cn) C:\windows\system32\Drivers\360fsflt.sys

Some files in TEMP:
====================
C:\Users\rusobr2\AppData\Local\Temp\libeay32.dll
C:\Users\rusobr2\AppData\Local\Temp\msvcr120.dll
C:\Users\rusobr2\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-25 08:36

==================== End of FRST.txt ============================
i ran the tool, then ran "fix .......and also ran the adware tool and "fix
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt, and Addition.txt.
Please Copy & Paste them into your next reply
 
  • Like
Reactions: rusobr2

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
odd that nothing has changed..... but here' the list if this is rite .... talk about frustrating
thanks..steve
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-09-2016
Ran by rusobr2 (26-09-2016 17:58:10) Run:3
Running from C:\Users\rusobr2\Downloads
Loaded Profiles: rusobr2 (Available Profiles: rusobr2)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Hosts:
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9
Tcpip\..\Interfaces\{F63853C9-4098-42F4-ADE8-406C47CCC51F}: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-27] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-18] (McAfee, Inc.)
S2 424706e40d5a5f55369633986718ca4d; c:\program files\768045ce0ae8eb4426ad6062514a19b7\7bb70b6e96314a97879c4b2fe3c53913.exe [X]
c:\program files\768045ce0ae8eb4426ad6062514a19b7\7bb70b6e96314a97879c4b2fe3c53913.exe
c:\program files\768045ce0ae8eb4426ad6062514a19b7
R1 219c91ba2c1e0bc8a0cdb74f9227c597; system32\DRIVERS\219c91ba2c1e0bc8a0cdb74f9227c597.sys [X]
C:\Windows\System32\drivers\219c91ba2c1e0bc8a0cdb74f9227c597.sys
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
Task: {695CC8BF-7C35-4760-B577-C7930E2F8504} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-436883666-1139675966-1884149517-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E79D24D9-EF3C-4FAB-96D2-1E132CFCF8E4} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
Task: {F772966F-99C1-4160-BADC-979584135DBE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-436883666-1139675966-1884149517-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
RemoveProxy:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value could not remove.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F63853C9-4098-42F4-ADE8-406C47CCC51F}\\DhcpNameServer => value removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key not found.
C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key not found.
C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll => not found.
McComponentHostService => service not found.
424706e40d5a5f55369633986718ca4d => service not found.
"c:\program files\768045ce0ae8eb4426ad6062514a19b7\7bb70b6e96314a97879c4b2fe3c53913.exe" => not found.
"c:\program files\768045ce0ae8eb4426ad6062514a19b7" => not found.
219c91ba2c1e0bc8a0cdb74f9227c597 => service not found.
"C:\Windows\System32\drivers\219c91ba2c1e0bc8a0cdb74f9227c597.sys" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{695CC8BF-7C35-4760-B577-C7930E2F8504} => key not found.
C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-436883666-1139675966-1884149517-1000 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeLogonTaskS-1-5-21-436883666-1139675966-1884149517-1000 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E79D24D9-EF3C-4FAB-96D2-1E132CFCF8E4} => key not found.
C:\windows\System32\Tasks\RealDownloader Update Check => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloader Update Check => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F772966F-99C1-4160-BADC-979584135DBE} => key not found.
C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-436883666-1139675966-1884149517-1000 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealPlayerRealUpgradeScheduledTaskS-1-5-21-436883666-1139675966-1884149517-1000 => key not found.

========= RemoveProxy: =========

HKU\S-1-5-21-436883666-1139675966-1884149517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value could not remove.
HKU\S-1-5-21-436883666-1139675966-1884149517-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========



========= End of Reg: =========


========= bitsadmin /reset /allusers =========


========= End of CMD: =========


========= ipconfig /flushdns =========


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
 

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
Ok ... i re-run, and here is the first, and i'll retrieve the "addition
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-09-2016
Ran by rusobr2 (administrator) on RUSOBR2-PC (28-09-2016 17:09:12)
Running from C:\Users\rusobr2\Downloads
Loaded Profiles: rusobr2 (Available Profiles: rusobr2)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_162.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1889192 2016-09-27] (QIHU 360 SOFTWARE CO. LIMITED)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-436883666-1139675966-1884149517-1000\...\Run: [BingSvc] => C:\Users\rusobr2\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk [2014-08-04]
ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\D-Link\DWA-131\wirelesscm.exe (D-Link Corp.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9
Tcpip\..\Interfaces\{F63853C9-4098-42F4-ADE8-406C47CCC51F}: [DhcpNameServer] 8.8.8.8 8.8.4.4 72.14.112.9

Internet Explorer:
==================
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2016-09-27] (Qihu 360 Software Co., Ltd.)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2016-07-11] (Qihu 360 Software Co., Ltd.)

FireFox:
========
FF ProfilePath: C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957
FF Homepage: msn.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-07-28] (Adobe Systems Inc.)
FF Extension: (American English Spelling Checker) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\extensions\[email protected] [2016-08-26]
FF Extension: (360 Internet Protection) - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2016-07-30]
FF Extension: (Firefox Hotfix) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\[email protected] [2016-08-30]
FF Extension: (YouTube™ Flash-HTML5) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\[email protected] [2016-07-30]
FF Extension: (translator) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\[email protected] [2016-06-08]
FF Extension: (Video DownloadHelper) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-09-26]
FF Extension: (Adblock Plus) - C:\Users\rusobr2\AppData\Roaming\Mozilla\Firefox\Profiles\dyxfuajd.default-1444401129957\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [926632 2016-09-27] (QIHU 360 SOFTWARE CO. LIMITED)
S3 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-131\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]
S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13624048 2016-09-02] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [151784 2016-07-11] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [86248 2016-09-27] (360.cn)
R3 360AvFlt; C:\Windows\SysWOW64\DRIVERS\360AvFlt.sys [86248 2016-09-27] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [330472 2016-09-27] (360.cn)
S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-09-05] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [391392 2016-09-01] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [188864 2016-09-09] (360.cn)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation )
R1 ZAM; C:\windows\System32\drivers\zam64.sys [203680 2016-09-22] (Zemana Ltd.)
R1 ZAM_Guard; C:\windows\System32\drivers\zamguard64.sys [203680 2016-09-22] (Zemana Ltd.)
S3 ADIHdAudAddService; system32\drivers\ADIHdAud.sys [X]
S3 NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-26 17:48 - 2016-09-26 17:48 - 03861056 _____ C:\Users\rusobr2\Downloads\adwcleaner_6.020(2).exe
2016-09-26 17:47 - 2016-09-26 17:47 - 03861056 _____ C:\Users\rusobr2\Downloads\adwcleaner_6.020(1).exe
2016-09-26 17:24 - 2016-09-26 17:20 - 00002846 _____ C:\Users\rusobr2\Documents\How To Do A Frog Split _ Flexi Friday _ Piiink Gymnastics - Shortcut.lnk
2016-09-26 17:24 - 2016-09-26 17:20 - 00002411 _____ C:\Users\rusobr2\Documents\Splits warm up and my splits - Shortcut.lnk
2016-09-26 17:21 - 2016-09-26 17:20 - 00002786 _____ C:\Users\rusobr2\Documents\Gimnasia - Rápidamente y Fácilmente Divisiones ! _ HD - Shortcut.lnk
2016-09-26 17:21 - 2016-09-26 17:20 - 00002411 _____ C:\Users\rusobr2\Documents\Gymnastics Tutorial Vol 1(1) - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00003236 _____ C:\Users\rusobr2\Desktop\challenge in the pool with my brother dois.desafio na piscina com meu irmão dois(1) - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00003221 _____ C:\Users\rusobr2\Desktop\DESAFÍO ACEPTADO Yoga Desafio aceitado Yoga ВЫЗОВ ПРИНЯТ Йога - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00003191 _____ C:\Users\rusobr2\Desktop\challenge in the pool with my brother dois.desafio na piscina com meu irmão dois - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002936 _____ C:\Users\rusobr2\Desktop\MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002756 _____ C:\Users\rusobr2\Desktop\Doing gymnastics while doing daily tasks _EPIC FAIL - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002726 _____ C:\Users\rusobr2\Desktop\Desafio da piscina na yoga challenge at the beach - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002636 _____ C:\Users\rusobr2\Desktop\Best friend pool chllenge and funny moments - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002591 _____ C:\Users\rusobr2\Desktop\Fun Yoga Challenge - Desafio da yoga 149 - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002591 _____ C:\Users\rusobr2\Desktop\Fun Yoga Challenge - Desafio da yoga 145 - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002576 _____ C:\Users\rusobr2\Desktop\Best friend challenge w_ Abigail Troute - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002546 _____ C:\Users\rusobr2\Desktop\Bianca se descuida - FAZENDA DE VERÃO - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002541 _____ C:\Users\rusobr2\Desktop\Exercises for your splits - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002531 _____ C:\Users\rusobr2\Desktop\Cómo hacer tu propia habitación _ HD - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002473 _____ C:\Users\rusobr2\Desktop\BFF'S YOGA CHALLENGE ч.2 - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002441 _____ C:\Users\rusobr2\Desktop\COMO icebucket challenge! _ HD - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002426 _____ C:\Users\rusobr2\Desktop\BetaRiffs _ Day 4 _ SLEEPOVER - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002401 _____ C:\Users\rusobr2\Desktop\SFHelper-Web-Installer-b8f8b9d038-[308] - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002396 _____ C:\Users\rusobr2\Desktop\Desafio o que tem no meu pé - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002351 _____ C:\Users\rusobr2\Desktop\English Pediatric Female - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002321 _____ C:\Users\rusobr2\Desktop\Amy's gymnastic skills - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002291 _____ C:\Users\rusobr2\Desktop\Fun Yoga Challenge 8 - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002261 _____ C:\Users\rusobr2\Desktop\desafio da piscina - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002221 _____ C:\Users\rusobr2\Desktop\flashplayer22_jd_install(2) - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002221 _____ C:\Users\rusobr2\Desktop\flashplayer22_jd_install(1) - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002216 _____ C:\Users\rusobr2\Desktop\cup song update - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002216 _____ C:\Users\rusobr2\Desktop\Brigas de irmas - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002216 _____ C:\Users\rusobr2\Desktop\Bloopers lol xx - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002201 _____ C:\Users\rusobr2\Desktop\cooler Knaller - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002201 _____ C:\Users\rusobr2\Desktop\Bath challenge - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002161 _____ C:\Users\rusobr2\Desktop\Firefox Setup Stub 41.0 - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002146 _____ C:\Users\rusobr2\Desktop\readerdc_en_ha_install - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002146 _____ C:\Users\rusobr2\Desktop\GoogleEarthPluginSetup - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002146 _____ C:\Users\rusobr2\Desktop\ConvertHelperSetup-3.2 - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002081 _____ C:\Users\rusobr2\Desktop\arlena - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002066 _____ C:\Users\rusobr2\Desktop\my pictures - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002066 _____ C:\Users\rusobr2\Desktop\fixlist - Shortcut (2).lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002056 _____ C:\Users\rusobr2\Desktop\GoogleEarthSetup - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002055 _____ C:\Users\rusobr2\Desktop\Fixlog - Shortcut (2).lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002055 _____ C:\Users\rusobr2\Desktop\aswMBR - Shortcut (2).lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00002021 _____ C:\Users\rusobr2\Desktop\FRST - Shortcut (2).lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00001981 _____ C:\Users\rusobr2\Desktop\MSNHomepage - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00001981 _____ C:\Users\rusobr2\Desktop\DefaultPack - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00001906 _____ C:\Users\rusobr2\Desktop\FRST64 - Shortcut (2).lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00001884 _____ C:\Users\rusobr2\Desktop\firefox-setup-win64bit.exe.0ham0ha - Shortcut.lnk
2016-09-26 17:20 - 2016-09-26 17:20 - 00001483 _____ C:\Users\rusobr2\Desktop\MBR.dat - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002842 _____ C:\Users\rusobr2\Desktop\MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos_files - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002221 _____ C:\Users\rusobr2\Desktop\Zemana.AntiMalware.Setup(6) - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002221 _____ C:\Users\rusobr2\Desktop\Zemana.AntiMalware.Setup(5) - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002176 _____ C:\Users\rusobr2\Desktop\Zemana.AntiMalware.Setup - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002089 _____ C:\Users\rusobr2\Desktop\Warrant List - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002085 _____ C:\Users\rusobr2\Desktop\Addition - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002056 _____ C:\Users\rusobr2\Desktop\adwcleaner_6.020 - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00002041 _____ C:\Users\rusobr2\Desktop\win7_64_1512754 - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00001981 _____ C:\Users\rusobr2\Desktop\360TS_Setup - Shortcut.lnk
2016-09-26 17:19 - 2016-09-26 17:19 - 00001972 _____ C:\Users\rusobr2\Desktop\FRST-OlderVersion - Shortcut.lnk
2016-09-26 17:12 - 2016-09-26 17:43 - 00000000 ____D C:\AdwCleaner
2016-09-26 17:11 - 2016-09-26 17:12 - 03861056 _____ C:\Users\rusobr2\Downloads\adwcleaner_6.020.exe
2016-09-26 15:29 - 2016-09-26 15:29 - 00002055 _____ C:\Users\rusobr2\Desktop\Fixlog - Shortcut.lnk
2016-09-26 15:28 - 2016-09-26 15:28 - 00002066 _____ C:\Users\rusobr2\Desktop\fixlist - Shortcut.lnk
2016-09-26 15:09 - 2016-09-26 17:59 - 00006166 _____ C:\Users\rusobr2\Downloads\Fixlog.txt
2016-09-26 15:08 - 2016-09-26 15:08 - 00020734 _____ C:\Users\rusobr2\Downloads\Addition.txt
2016-09-26 15:05 - 2016-09-28 17:08 - 00000000 ____D C:\Users\rusobr2\Downloads\FRST-OlderVersion
2016-09-26 15:04 - 2016-09-26 15:04 - 00001906 _____ C:\Users\rusobr2\Desktop\FRST64 - Shortcut.lnk
2016-09-26 10:22 - 2016-09-26 10:22 - 06341128 _____ (SaveFrom.net ) C:\Users\rusobr2\Downloads\SFHelper-Setup(1).exe
2016-09-26 10:13 - 2016-09-26 10:13 - 00844760 _____ ( ) C:\Users\rusobr2\Downloads\SFHelper-Web-Installer-b8f8b9d038-[308].exe
2016-09-26 10:04 - 2016-09-26 10:04 - 45936050 _____ (DownloadHelper ) C:\Users\rusobr2\Downloads\ConvertHelperSetup-3.2.exe
2016-09-26 09:57 - 2016-09-26 09:58 - 00844760 _____ ( ) C:\Users\rusobr2\Downloads\SFHelper-Web-Installer-5ebe6f8827-[308].exe
2016-09-26 03:39 - 2016-09-26 03:40 - 00294496 _____ C:\windows\system32\FNTCACHE.DAT
2016-09-23 13:28 - 2016-09-26 03:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-23 12:13 - 2016-09-23 12:13 - 00002021 _____ C:\Users\rusobr2\Desktop\FRST - Shortcut.lnk
2016-09-23 11:54 - 2016-09-23 11:55 - 00002150 _____ C:\Users\rusobr2\Downloads\fixlist.txt
2016-09-22 21:37 - 2016-09-22 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-09-22 20:09 - 2016-08-05 08:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-09-22 20:09 - 2016-08-05 08:13 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-09-22 19:08 - 2016-09-22 19:08 - 05292304 _____ ( ) C:\Users\rusobr2\Downloads\Zemana.AntiMalware.Setup(6).exe
2016-09-22 19:08 - 2016-09-22 19:08 - 05292304 _____ ( ) C:\Users\rusobr2\Downloads\Zemana.AntiMalware.Setup(5).exe
2016-09-22 18:57 - 2016-09-28 17:09 - 01006046 _____ C:\windows\ZAM.krnl.trace
2016-09-22 18:57 - 2016-09-28 17:08 - 00120076 _____ C:\windows\ZAM_Guard.krnl.trace
2016-09-22 18:57 - 2016-09-22 21:37 - 00001150 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-09-22 18:57 - 2016-09-22 21:37 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-09-22 18:57 - 2016-09-22 18:57 - 00203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zamguard64.sys
2016-09-22 18:57 - 2016-09-22 18:57 - 00203680 _____ (Zemana Ltd.) C:\windows\system32\Drivers\zam64.sys
2016-09-22 18:55 - 2016-09-22 18:55 - 00000000 ____D C:\Users\rusobr2\AppData\Local\Zemana
2016-09-22 18:54 - 2016-09-22 18:54 - 05292304 _____ ( ) C:\Users\rusobr2\Downloads\Zemana.AntiMalware.Setup.exe
2016-09-21 12:56 - 2016-09-21 12:56 - 00064024 _____ C:\Users\rusobr2\AppData\Local\GDIPFONTCACHEV1.DAT
2016-09-21 12:02 - 2016-09-21 12:02 - 12085005 _____ C:\Users\rusobr2\Downloads\Gymnastics Tutorial Vol 1(1).mp4
2016-09-21 12:01 - 2016-09-21 12:01 - 12085005 _____ C:\Users\rusobr2\Downloads\Gymnastics Tutorial Vol 1.mp4
2016-09-21 12:00 - 2016-09-21 12:00 - 13930961 _____ C:\Users\rusobr2\Downloads\Handstands and splits .mp4
2016-09-21 11:57 - 2016-09-21 11:57 - 10799682 _____ C:\Users\rusobr2\Downloads\The splits.mp4
2016-09-21 11:40 - 2016-09-21 11:40 - 04319634 _____ C:\Users\rusobr2\Downloads\How To Do A Frog Split _ Flexi Friday _ Piiink Gymnastics.mp4
2016-09-21 11:11 - 2016-09-21 11:11 - 26403878 _____ C:\Users\rusobr2\Downloads\Stretching and tumbling tutorial.mp4
2016-09-21 11:09 - 2016-09-21 11:10 - 13058083 _____ C:\Users\rusobr2\Downloads\My stretching routine.mp4
2016-09-21 10:22 - 2016-09-21 10:22 - 30402244 _____ C:\Users\rusobr2\Downloads\Splits warm up and my splits.mp4
2016-09-21 09:47 - 2016-09-21 09:47 - 04805041 _____ C:\Users\rusobr2\Downloads\20 сентября 2016 г.mp4
2016-09-21 07:05 - 2016-09-21 07:05 - 01955428 _____ C:\Users\rusobr2\Downloads\4 сентября 2016 г.mp4
2016-09-21 06:51 - 2016-09-21 06:51 - 06638321 _____ C:\Users\rusobr2\Downloads\7 сентября 2016 г(3).mp4
2016-09-21 06:47 - 2016-09-21 06:47 - 04482071 _____ C:\Users\rusobr2\Downloads\Даша грохнулась.mp4
2016-09-21 06:43 - 2016-09-21 06:43 - 05313504 _____ C:\Users\rusobr2\Downloads\7 сентября 2016 г.mp4
2016-09-21 00:18 - 2016-09-21 00:18 - 00001433 _____ C:\Users\rusobr2\Desktop\aswMBR - Shortcut.lnk
2016-09-20 23:36 - 2016-09-20 23:37 - 00000085 _____ C:\windows\wininit.ini
2016-09-20 23:36 - 2016-09-20 23:36 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2016-09-20 23:34 - 2016-09-20 23:39 - 00000000 ____D C:\Users\rusobr2\AppData\Roaming\Geek Uninstaller
2016-09-20 23:21 - 2016-09-20 23:21 - 00002174 _____ C:\Users\rusobr2\Downloads\aswMBR.txt
2016-09-20 23:21 - 2016-09-20 23:21 - 00000512 _____ C:\Users\rusobr2\Downloads\MBR.dat
2016-09-19 10:13 - 2016-09-19 10:13 - 09608270 _____ C:\Users\rusobr2\Downloads\Home gymnastic show_ backbends, splits, of course needle and turnover!.mp4
2016-09-19 09:53 - 2016-09-19 09:53 - 28420838 _____ C:\Users\rusobr2\Downloads\New Yoga_ Yoga challenge with girls friend = Desafio Yoga 117.mp4
2016-09-19 01:23 - 2016-09-19 01:23 - 46333830 _____ C:\Users\rusobr2\Downloads\Líná chodit do školy #1.mp4
2016-09-19 01:12 - 2016-09-19 01:12 - 27860219 _____ C:\Users\rusobr2\Downloads\Касмитечка.mp4
2016-09-19 01:04 - 2016-09-19 01:04 - 06170368 _____ C:\Users\rusobr2\Downloads\9 июля 2016 г.mp4
2016-09-19 00:55 - 2016-09-19 00:55 - 77232263 _____ C:\Users\rusobr2\Downloads\10 августа 2016 г.mp4
2016-09-19 00:52 - 2016-09-19 00:52 - 08383314 _____ C:\Users\rusobr2\Downloads\Растяжка на шпагат.mp4
2016-09-19 00:43 - 2016-09-19 00:43 - 36463389 _____ C:\Users\rusobr2\Downloads\МОЕ УТРО_MY MORNING.mp4
2016-09-19 00:33 - 2016-09-19 00:34 - 19430270 _____ C:\Users\rusobr2\Downloads\Схуднути.mp4
2016-09-19 00:32 - 2016-09-19 00:32 - 14602375 _____ C:\Users\rusobr2\Downloads\Гимнастика(3).mp4
2016-09-19 00:31 - 2016-09-19 00:31 - 20566473 _____ C:\Users\rusobr2\Downloads\Гимнастик.mp4
2016-09-19 00:29 - 2016-09-19 00:29 - 10237721 _____ C:\Users\rusobr2\Downloads\Гимнастика(2).mp4
2016-09-18 22:49 - 2016-09-18 22:49 - 15114228 _____ C:\Users\rusobr2\Downloads\Как сесть на шпагат Видео урок.mp4
2016-09-18 22:46 - 2016-09-18 22:46 - 34812812 _____ C:\Users\rusobr2\Downloads\Как я встаю на мостик и делаю бабочку.mp4
2016-09-18 22:44 - 2016-09-18 22:44 - 19250202 _____ C:\Users\rusobr2\Downloads\How to escape from the summer heat. gymnastics element. Как спастись от жары летом.mp4
2016-09-18 22:39 - 2016-09-18 22:39 - 44013441 _____ C:\Users\rusobr2\Downloads\challenge in the pool with my brother dois.desafio na piscina com meu irmão dois(1).mp4
2016-09-18 22:37 - 2016-09-18 22:37 - 44013441 _____ C:\Users\rusobr2\Downloads\challenge in the pool with my brother dois.desafio na piscina com meu irmão dois.mp4
2016-09-18 22:31 - 2016-09-18 22:31 - 38455354 _____ C:\Users\rusobr2\Downloads\Как вам видео(1).mp4
2016-09-18 22:23 - 2016-09-18 22:24 - 130289264 _____ C:\Users\rusobr2\Downloads\Yoga Challenge(5).mp4
2016-09-18 22:23 - 2016-09-18 22:23 - 82043109 _____ C:\Users\rusobr2\Downloads\My stretch_warm up routine.mp4
2016-09-18 13:58 - 2016-09-18 14:00 - 40991849 _____ C:\Users\rusobr2\Downloads\The sleepover Part 1.mp4
2016-09-14 11:05 - 2016-09-02 08:40 - 00631176 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-09-14 11:05 - 2016-09-02 08:35 - 05548264 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-09-14 11:05 - 2016-09-02 08:35 - 00706280 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-09-14 11:05 - 2016-09-02 08:35 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-09-14 11:05 - 2016-09-02 08:35 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-09-14 11:05 - 2016-09-02 08:34 - 01732864 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-09-14 11:05 - 2016-09-02 08:31 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00880640 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00059904 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:30 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:21 - 04000488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-09-14 11:05 - 2016-09-02 08:21 - 03944680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-09-14 11:05 - 2016-09-02 08:18 - 01314112 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00644096 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:16 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 08:02 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-09-14 11:05 - 2016-09-02 08:02 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-09-14 11:05 - 2016-09-02 08:02 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-09-14 11:05 - 2016-09-02 08:01 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-09-14 11:05 - 2016-09-02 07:58 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-09-14 11:05 - 2016-09-02 07:57 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-09-14 11:05 - 2016-09-02 07:55 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-09-14 11:05 - 2016-09-02 07:54 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-09-14 11:05 - 2016-09-02 07:54 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-09-14 11:05 - 2016-09-02 07:53 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-09-14 11:05 - 2016-09-02 07:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-09-14 11:05 - 2016-09-02 07:53 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-09-14 11:05 - 2016-09-02 07:49 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-09-14 11:05 - 2016-09-02 07:49 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-09-14 11:05 - 2016-09-02 07:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-09-14 11:05 - 2016-09-02 07:49 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-09-14 11:05 - 2016-09-02 07:49 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-09-14 11:05 - 2016-09-02 07:48 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 07:48 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 07:48 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 11:05 - 2016-09-02 07:48 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-14 11:05 - 2016-08-16 10:36 - 01009152 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-09-14 11:05 - 2016-08-15 19:48 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-09-14 11:05 - 2016-08-15 19:35 - 03218432 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-09-14 11:05 - 2016-08-12 09:26 - 00464896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv.sys
2016-09-14 11:05 - 2016-08-12 09:26 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2016-09-14 11:05 - 2016-08-12 09:26 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2016-09-14 11:02 - 2016-08-06 08:31 - 00877056 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-09-14 11:02 - 2016-08-06 08:15 - 00581632 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-09-13 22:42 - 2016-09-13 22:42 - 111822069 _____ C:\Users\rusobr2\Downloads\Ломай меня полностью йога челлендж.mp4
2016-09-13 22:39 - 2016-09-13 22:39 - 45057002 _____ C:\Users\rusobr2\Downloads\Играим в хадилку.mp4
2016-09-13 22:30 - 2016-09-13 22:30 - 14174078 _____ C:\Users\rusobr2\Downloads\Учимся делать шпагат.mp4
2016-09-13 21:31 - 2016-09-13 21:31 - 38455354 _____ C:\Users\rusobr2\Downloads\Как вам видео.mp4
2016-09-11 01:12 - 2016-09-11 01:12 - 240842651 _____ C:\Users\rusobr2\Downloads\Я Гимнастка _ВанилькаЕП.mp4
2016-09-11 00:24 - 2016-09-11 00:24 - 52286436 _____ C:\Users\rusobr2\Downloads\Твистер.mp4
2016-09-10 23:59 - 2016-09-10 23:59 - 45254372 _____ C:\Users\rusobr2\Downloads\Твистер.mp4
2016-09-10 23:35 - 2016-09-10 23:35 - 40064630 _____ C:\Users\rusobr2\Downloads\Гимнастика(1).mp4
2016-09-10 23:33 - 2016-09-10 23:33 - 03526638 _____ C:\Users\rusobr2\Downloads\гимнастика мост.mp4
2016-09-10 23:08 - 2016-09-10 23:08 - 174767774 _____ C:\Users\rusobr2\Downloads\A type of yoga challenge.mp4
2016-09-10 23:00 - 2016-09-10 23:00 - 54406603 _____ C:\Users\rusobr2\Downloads\The Yoga Challenge - Yoga Challenge - Part 21.mp4
2016-09-10 22:49 - 2016-09-10 22:49 - 05025116 _____ C:\Users\rusobr2\Downloads\Gymnastics(2).mp4
2016-09-10 22:45 - 2016-09-10 22:45 - 50427499 _____ C:\Users\rusobr2\Downloads\Amy's gymnastic skills.mp4
2016-09-10 22:30 - 2016-09-10 22:31 - 89325604 _____ C:\Users\rusobr2\Downloads\SEMIOLOGIA PEDIATRICA 4 - A LOS SIETE AÑOS - 2056.mp4
2016-09-10 22:28 - 2016-09-10 22:28 - 19170597 _____ C:\Users\rusobr2\Downloads\Yoga challenge with Marina GYMNASTICS Desafio YOGA CHALLENGE (GMSC).mp4
2016-09-10 22:23 - 2016-09-10 22:23 - 136196269 _____ C:\Users\rusobr2\Downloads\Страшные явения.mp4
2016-09-10 22:13 - 2016-09-10 22:13 - 91748415 _____ C:\Users\rusobr2\Downloads\How to get your splits better and to the ground!.mp4
2016-09-10 11:33 - 2016-09-10 11:33 - 10682596 _____ C:\Users\rusobr2\Downloads\Gymnastics _ Backbend,easy tutorial.mp4
2016-09-10 11:14 - 2016-09-10 11:14 - 17128721 _____ C:\Users\rusobr2\Downloads\Gymnastics(1).mp4
2016-09-10 11:11 - 2016-09-10 11:11 - 202934887 _____ C:\Users\rusobr2\Downloads\Gymnastics fail.mp4
2016-09-10 10:57 - 2016-09-10 10:57 - 130289264 _____ C:\Users\rusobr2\Downloads\Yoga Challenge(1).mp4
2016-09-08 07:46 - 2016-09-08 07:48 - 531321141 _____ C:\Users\rusobr2\Downloads\stretching.mp4
2016-09-07 20:46 - 2016-09-07 20:46 - 35863061 _____ C:\Users\rusobr2\Downloads\Part 2 gymnastics.mp4
2016-09-07 12:13 - 2016-09-07 12:13 - 18587769 _____ C:\Users\rusobr2\Downloads\Splits stretching!.mp4
2016-09-07 11:31 - 2016-09-07 11:31 - 58095923 _____ C:\Users\rusobr2\Downloads\Разминка для ног.mp4
2016-09-07 09:43 - 2016-09-07 09:43 - 69716889 _____ C:\Users\rusobr2\Downloads\Yoga challenge girls kids #4.mp4
2016-09-07 09:37 - 2016-09-07 09:37 - 43101788 _____ C:\Users\rusobr2\Downloads\Yoga challenge word 2= Desafio Yoga word.mp4
2016-09-07 09:17 - 2016-09-07 09:17 - 18675477 _____ C:\Users\rusobr2\Downloads\Yoga Challenge Extra Wrestling!.mp4
2016-09-06 21:46 - 2016-09-28 17:09 - 00007931 _____ C:\Users\rusobr2\Downloads\FRST.txt
2016-09-06 21:46 - 2016-09-28 17:09 - 00000000 ____D C:\FRST
2016-09-06 21:45 - 2016-09-28 17:08 - 02404352 _____ (Farbar) C:\Users\rusobr2\Downloads\FRST64.exe
2016-09-06 21:37 - 2016-09-06 21:37 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-03 09:07 - 2016-09-03 09:08 - 30461490 _____ C:\Users\rusobr2\Downloads\Guide to do some gymnastics.mp4
2016-09-02 07:09 - 2016-09-02 07:09 - 138450435 _____ C:\Users\rusobr2\Downloads\BFF'S YOGA CHALLENGE ч.2.mp4
2016-09-02 06:41 - 2016-09-02 06:41 - 81445047 _____ C:\Users\rusobr2\Downloads\Йога челинж.mp4
2016-09-02 05:36 - 2016-09-02 05:37 - 317107316 _____ C:\Users\rusobr2\Downloads\BetaRiffs _ Day 4 _ SLEEPOVER.mp4
2016-09-01 14:20 - 2016-09-01 14:20 - 35688452 _____ C:\Users\rusobr2\Downloads\NOT MY LEGS CHALLENGE WITH TRYNDA BLOOPERS.mp4
2016-09-01 12:39 - 2016-09-01 12:40 - 103365220 _____ C:\Users\rusobr2\Downloads\2 girls yoga challenge.mp4
2016-09-01 11:03 - 2016-09-01 11:03 - 06683268 _____ C:\Users\rusobr2\Downloads\Как научиться делать переворот вперед.mp4
2016-09-01 10:44 - 2016-09-01 10:44 - 75395273 _____ C:\Users\rusobr2\Downloads\Doing gymnastics while doing daily tasks _EPIC FAIL.mp4
2016-09-01 09:27 - 2016-09-01 09:27 - 38333639 _____ C:\Users\rusobr2\Downloads\Ice _ yoga challenge.mp4
2016-09-01 09:22 - 2016-09-01 09:23 - 75980070 _____ C:\Users\rusobr2\Downloads\Ice bath challenge.mp4
2016-08-31 10:57 - 2016-08-31 10:57 - 79534852 _____ C:\Users\rusobr2\Downloads\Yoga Challenge pt1.mp4
2016-08-31 10:49 - 2016-08-31 10:49 - 81818813 _____ C:\Users\rusobr2\Downloads\Yoga Challenge pt2.mp4
2016-08-31 10:36 - 2016-08-31 10:36 - 65209880 _____ C:\Users\rusobr2\Downloads\Fun Yoga Challenge - Desafio da yoga 149.mp4
2016-08-31 10:24 - 2016-08-31 10:25 - 76388680 _____ C:\Users\rusobr2\Downloads\Fun Yoga Challenge - Desafio da yoga 145.mp4
2016-08-31 10:01 - 2016-08-31 10:02 - 139949912 _____ C:\Users\rusobr2\Downloads\Yoga Challenge Funny!.mp4
2016-08-31 09:06 - 2016-08-31 09:06 - 79297183 _____ C:\Users\rusobr2\Downloads\Yoga challenge .mp4
2016-08-31 08:50 - 2016-08-31 08:50 - 16898776 _____ C:\Users\rusobr2\Downloads\Gymnastics - Middle Split.mp4
2016-08-31 08:39 - 2016-08-31 08:39 - 07341877 _____ C:\Users\rusobr2\Downloads\Gymnastics - How to do the Middle Splits for Kids.mp4
2016-08-31 08:35 - 2016-08-31 08:35 - 12684431 _____ C:\Users\rusobr2\Downloads\Gymnastics - Splits Warm Up !.mp4
2016-08-31 08:28 - 2016-08-31 08:28 - 138981413 _____ C:\Users\rusobr2\Downloads\Bath challenge.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-28 16:58 - 2015-09-15 15:16 - 00000000 ____D C:\Users\rusobr2\AppData\LocalLow\360WD
2016-09-28 16:16 - 2016-05-26 09:32 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-09-28 13:21 - 2009-07-13 21:45 - 00021888 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-28 13:21 - 2009-07-13 21:45 - 00021888 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-28 07:46 - 2015-09-15 15:16 - 00001151 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2016-09-28 07:46 - 2015-09-15 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2016-09-28 02:15 - 2015-12-02 02:43 - 00000000 ____D C:\Users\rusobr2\dwhelper
2016-09-28 00:38 - 2015-09-27 10:57 - 00000000 ____D C:\Users\rusobr2\AppData\Roaming\vlc
2016-09-27 23:52 - 2015-12-14 23:06 - 00086248 _____ (360.cn) C:\windows\SysWOW64\Drivers\360AvFlt.sys
2016-09-27 23:52 - 2015-09-15 15:16 - 00330472 _____ (360.cn) C:\windows\system32\Drivers\360Box64.sys
2016-09-27 23:52 - 2015-09-15 15:16 - 00086248 _____ (360.cn) C:\windows\system32\Drivers\360AvFlt.sys
2016-09-26 18:53 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2016-09-26 17:51 - 2009-07-13 22:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-09-26 17:51 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2016-09-26 17:46 - 2015-09-15 14:37 - 00000000 ____D C:\Users\rusobr2
2016-09-26 17:45 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-09-26 10:06 - 2016-03-25 12:14 - 00000000 ____D C:\Program Files\ConvertHelper3
2016-09-26 03:39 - 2015-11-19 09:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-23 21:10 - 2015-09-27 10:37 - 00000000 __SHD C:\$360Section
2016-09-23 21:10 - 2015-09-15 15:18 - 00000000 ____D C:\ProgramData\360Quarant
2016-09-23 21:10 - 2015-09-15 15:17 - 00000000 ____D C:\Users\rusobr2\AppData\Roaming\360safe
2016-09-14 11:11 - 2014-07-31 14:32 - 00000000 ____D C:\windows\system32\MRT
2016-09-14 11:06 - 2014-07-31 14:32 - 144199024 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-09-13 15:16 - 2016-05-26 09:32 - 00796352 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-09-13 15:16 - 2016-05-26 09:32 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-13 15:16 - 2016-05-26 09:32 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-09-13 15:16 - 2016-05-13 22:40 - 06502080 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2016-09-13 15:16 - 2014-08-04 09:59 - 00000000 ____D C:\windows\SysWOW64\Macromed
2016-09-13 15:16 - 2014-08-04 09:59 - 00000000 ____D C:\windows\system32\Macromed
2016-09-09 05:24 - 2015-09-15 15:16 - 00188864 _____ (360.cn) C:\windows\system32\Drivers\BAPIDRV64.SYS
2016-09-01 04:43 - 2015-09-15 15:16 - 00391392 _____ (360.cn) C:\windows\system32\Drivers\360fsflt.sys

Some files in TEMP:
====================
C:\Users\rusobr2\AppData\Local\Temp\libeay32.dll
C:\Users\rusobr2\AppData\Local\Temp\msvcr120.dll
C:\Users\rusobr2\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-25 08:36

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2016
Ran by rusobr2 (28-09-2016 17:10:08)
Running from C:\Users\rusobr2\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-09-15 21:37:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-436883666-1139675966-1884149517-500 - Administrator - Disabled)
Guest (S-1-5-21-436883666-1139675966-1884149517-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-436883666-1139675966-1884149517-1002 - Limited - Enabled)
rusobr2 (S-1-5-21-436883666-1139675966-1884149517-1000 - Administrator - Enabled) => C:\Users\rusobr2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: 360 Total Security (Enabled - Up to date) {0371CA44-3F80-A1D3-BECE-910620B58D50}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: 360 Total Security (Enabled - Up to date) {B8102BA0-19BA-AE5D-847E-AA745B32C7ED}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 8.8.0.1080 - 360 Security Center)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
D-Link DWA-131 Wireless N Nano USB Adapter (HKLM-x32\...\{98B82958-1DCA-4504-BE88-C91F1C7A7225}) (Version: 1 - D-Link)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
Unknown File Handler (HKLM-x32\...\UFH_is1) (Version: 2015.12.29.0 - File.org)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.30.75 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {112EB998-21AB-451B-84E6-16B7E490B7D8} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
Task: {17F5B756-88DC-4AF9-B7DF-CE86CB01E698} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-27] (Google Inc.)
Task: {8EF0AFD9-13F3-4129-A4D3-6A35AA6C13FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-27] (Google Inc.)
Task: {EB701FFA-2793-4687-91C5-B5E75F882E3D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\rusobr2\Desktop\DESAFÍO ACEPTADO Yoga Desafio aceitado Yoga ВЫЗОВ ПРИНЯТ Йога - Shortcut.lnk -> C:\Users\rusobr2\Downloads\DESAFÍO ACEPTADO Yoga Desafio aceitado Yoga ВЫЗОВ ПРИНЯТ Йога .mp4 ()

==================== Loaded Modules (Whitelisted) ==============

2015-09-15 15:16 - 2016-09-27 23:52 - 00782248 _____ () C:\Program Files (x86)\360\Total Security\MenuEx64.dll
2016-09-22 18:57 - 2016-09-22 18:57 - 00123760 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2015-09-15 15:16 - 2016-09-27 23:52 - 00099240 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2015-09-15 15:16 - 2016-09-27 23:52 - 00584616 _____ () C:\Program Files (x86)\360\Total Security\safemon\wdui2.dll
2016-09-13 15:16 - 2016-09-13 15:16 - 19588800 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2016-09-20 23:38 - 00000834 ____A C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-436883666-1139675966-1884149517-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\rusobr2\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{CB5892D1-D134-49A4-B4D4-249AED3D11DC}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{BF7A5042-B431-44EC-910A-29CF8CE7CF87}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{225AF79B-8EFD-4F2C-A426-8AF611BFE0E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{75B2F34C-F4E2-4AFD-A855-2AD733017867}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A69BD9DA-B464-4A30-89EB-6C5017DDE021}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{774225EE-E7C7-4510-8DF7-F32B011FA366}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{95AB12F7-9EEB-48FA-AEB6-43ECC0CE3157}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{F56F610F-5356-4E19-AE05-E8F76ECBE804}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{5F4ECB8C-06FC-47C9-9F4D-35C2C0084B9B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{910B2F64-A9CA-4865-9D70-92F98AD498B1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD8A9C81-9E66-42D1-BDAA-F6294FD29F53}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4F0663CE-6234-489D-84C7-B3BCDE1AE40B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5F62046F-82EC-46A2-9C40-FE0697D67E46}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\InstantSetup.exe
FirewallRules: [{8118F12A-1A44-4F3A-8656-9F67B3648D86}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\InstantSetup.exe
FirewallRules: [{DE79D5C2-2D29-48B2-8DB3-DCEAFF73F582}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{57A75971-0B04-49ED-A045-8F1900DC14EE}] => (Allow) C:\Program Files (x86)\360\Total Security\softmgr\360InstantSetup.exe
FirewallRules: [{6706059A-FCBE-4EC3-9E01-2545ABACDF19}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{7A809890-BFF0-4B8D-914B-B24AA8B1736D}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

==================== Restore Points =========================

18-09-2016 07:23:06 Windows Update
22-09-2016 20:09:15 Windows Update
26-09-2016 15:09:17 Restore Point Created by FRST
26-09-2016 17:56:11 Restore Point Created by FRST
26-09-2016 17:58:11 Restore Point Created by FRST
27-09-2016 03:09:03 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/28/2016 11:38:47 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (09/27/2016 04:59:59 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (09/27/2016 01:02:27 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (09/26/2016 08:20:33 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (09/26/2016 05:56:10 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {f45878bd-75e2-4a32-af0b-a2e2439fc793}

Error: (09/26/2016 05:47:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/26/2016 03:33:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 25.9.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e78

Start Time: 01d218421f151db1

Termination Time: 4

Application Path: C:\Users\rusobr2\Downloads\FRST64.exe

Report Id: 390c9e1d-8439-11e6-821e-001aa0aaf328

Error: (09/26/2016 03:09:17 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {b1d06e53-8a00-4fab-9c82-3228dc1cecc4}

Error: (09/26/2016 10:29:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/26/2016 10:21:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 49.0.1.6109, time stamp: 0x57e44563
Faulting module name: mozglue.dll, version: 49.0.1.6109, time stamp: 0x57e43eea
Exception code: 0x80000003
Fault offset: 0x0000e846
Faulting process id: 0xf74
Faulting application start time: 0x01d21818d616c26d
Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
Report Id: aeafa18d-840d-11e6-b5c2-001aa0aaf328


System errors:
=============
Error: (09/28/2016 07:46:11 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The 360 Total Security service terminated unexpectedly. It has done this 1 time(s).

Error: (09/27/2016 12:22:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (09/26/2016 05:58:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/26/2016 05:58:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/26/2016 05:58:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/26/2016 05:56:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (09/26/2016 05:56:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/26/2016 05:56:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/26/2016 05:56:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).

Error: (09/26/2016 05:56:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WlanWpsSvc service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2016-03-23 22:04:30.267
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-23 22:04:30.111
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-13 23:17:22.280
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ADIHdAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-13 23:17:22.202
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ADIHdAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-13 23:10:19.282
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ADIHdAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-12-13 23:10:19.188
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ADIHdAud.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) D CPU 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 4029.61 MB
Available physical RAM: 2628.25 MB
Total Virtual: 8057.41 MB
Available Virtual: 5985.29 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:223.61 GB) (Free:153.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 07063C21)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8.8 GB) - (Type=27)
Partition 3: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
i'v not had much chance to work with PC, as grand-daughters have been all over it ......
i ran the Farbar, then clicked on fix', and all read-outs have been posted, all seamed to be OK, but haven't had time to use..... i'll be back on here in a couple hrs

thanks, steve
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
Everything Appears To Be Fine Here, lets make one last scan to check for outdated Software.




Security Check Scan.

  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
 
  • Like
Reactions: rusobr2

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
well, it comes up as "error" for security check, and after several approaches, i come up with no results
now it comes up "error in execution" "security check exe" / auto delscript" the network name cannot be found.
** well, after running around for a few, i come up with a "log"

security check"
SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 29.09.2016 14:25:57
Path starting: C:\Users\rusobr2\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: rusobr2
VersionXML: 3.39is-26.09.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 15.09.2015 21:37:06
LicenseStatus: Windows(R) 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [223.6 Gb] Used: [70.3 Gb] Free: [153.3 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 10.0.9200.17609 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Notify before download
Date install updates: 2016-09-23 03:10:14
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
360 Total Security (enabled)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (enabled and up to date)
360 Total Security (enabled)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
360 Total Security v.8.8.0.1080
-------------------------- [ SecurityUtilities ] --------------------------
Zemana AntiMalware v.2.30.75
--------------------------- [ OtherUtilities ] ----------------------------
VLC media player v.2.2.4
OpenOffice 4.1.0 v.4.10.9764 Warning! Download Update
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 23 NPAPI v.23.0.0.162
Adobe Acrobat Reader DC v.15.017.20053
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 49.0.1 (x86 en-US) v.49.0.1
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Mozilla Firefox\firefox.exe v.49.0.1.6109
------------------ [ AntivirusFirewallProcessServices ] -------------------
Windows Defender (WinDefend) - The service is running
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
360 Total Security (QHActiveDefense) - The service is running
C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe v.8.8.0.1008
C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe v.8.2.0.1000
C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe v.8.8.0.1012
----------------------------- [ End of Log ] ------------------------------
 
Last edited:

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,389
551
No big deal, that program will not run on some computers. Your logs are clean, update all your programs with Patch My PC....


Glad to have helped!! Please tell a friend ...... or two about us.




suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.




Also, keep your browsing private with these tools:



Self Destructing Cookies.
Self Destructing Cookies Chrome.






Some items to keep you safe on the internet.



VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck
To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.







Now Lets Clean up the tools we used and remove old restore points.







Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:


Remove disinfection tools
Create registry backup
Purge System Restore




Now click on "Run" button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
 
  • Like
Reactions: rusobr2

rusobr2

PCHF Member
PCHF Member
Sep 7, 2016
19
6
70
hey Mal.... thanks for "all" your help ..... i will be updating some things, and once again go thru your last post to check things over

thanks.... steve
and yep...... i'll pass it on ......
 
Status
Not open for further replies.