Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

www.extendedunlimited.org on windows start up


  • This topic is locked This topic is locked
6 replies to this topic

#1 pai_mei

pai_mei

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 20 August 2014 - 11:56 AM

Nothing that i tried worked so far, and this forum seens to be the only place that can actually solve the problem, so please help me.

Here is the log from the FRST scan.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by USUARIO (administrator) on USUARIO-PC on 20-08-2014 13:45:29
Running from C:\Users\USUARIO\Documents
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Português (Brasil)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-08-19] (AVAST Software)
HKU\S-1-5-21-2107296046-2523685757-1094972002-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4AAF301C-AC09-4FFC-B324-E4333261175B}: [NameServer]200.204.0.10 200.204.0.138

FireFox:
========
FF ProfilePath: C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\663y1sfa.default-1408481247208
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF Extension: Magic Actions for YouTube™ - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\663y1sfa.default-1408481247208\Extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2014-08-19]
FF Extension: Adblock Plus - C:\Users\USUARIO\AppData\Roaming\Mozilla\Firefox\Profiles\663y1sfa.default-1408481247208\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-19]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-19] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-28] ()
R3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2013-06-18] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-19] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-19] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-08-15] ()
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-06-22] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-08-15] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-14] (Anchorfree Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 13:45 - 2014-08-20 13:45 - 00010602 _____ () C:\Users\USUARIO\Documents\FRST.txt
2014-08-20 11:13 - 2014-08-20 11:15 - 02101760 _____ (Farbar) C:\Users\USUARIO\Documents\FRST64.exe
2014-08-19 23:39 - 2014-08-19 23:39 - 00000222 _____ () C:\Users\USUARIO\Desktop\Crusader Kings II.url
2014-08-19 23:33 - 2014-08-19 23:33 - 00000222 _____ () C:\Users\USUARIO\Desktop\Deadlight.url
2014-08-19 23:31 - 2014-08-19 23:31 - 00000222 _____ () C:\Users\USUARIO\Desktop\The Incredible Adventures of Van Helsing.url
2014-08-19 23:27 - 2014-08-19 23:27 - 00000222 _____ () C:\Users\USUARIO\Desktop\Terraria.url
2014-08-19 23:26 - 2014-08-19 23:26 - 00000222 _____ () C:\Users\USUARIO\Desktop\THE KING OF FIGHTERS XIII STEAM EDITION.url
2014-08-19 19:49 - 2014-08-19 19:49 - 00000000 ____D () C:\Users\USUARIO\AppData\Roaming\AVAST Software
2014-08-19 19:48 - 2014-08-19 19:49 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-19 19:48 - 2014-08-19 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-19 19:47 - 2014-08-19 19:48 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-19 19:47 - 2014-08-19 19:47 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-19 19:47 - 2014-08-19 19:47 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1408488495071
2014-08-19 19:47 - 2014-08-19 19:47 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-19 19:47 - 2014-08-19 19:47 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-19 19:47 - 2014-08-19 19:47 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-19 19:47 - 2014-08-19 19:47 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-19 19:47 - 2014-08-19 19:47 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-19 19:47 - 2014-08-19 19:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-19 19:47 - 2014-08-19 19:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-19 19:47 - 2014-08-19 19:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-19 19:39 - 2014-08-19 19:39 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-19 19:37 - 2014-08-19 19:39 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software
2014-08-19 19:37 - 2014-08-19 19:39 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-19 19:36 - 2014-08-19 19:37 - 04862664 _____ (AVAST Software) C:\Users\USUARIO\Downloads\avast_free_antivirus_setup_online.exe
2014-08-19 19:14 - 2014-08-19 19:14 - 00000338 _____ () C:\Windows\PFRO.log
2014-08-19 18:48 - 2014-08-20 13:45 - 00000000 ____D () C:\FRST
2014-08-19 18:29 - 2014-08-19 19:15 - 00000504 _____ () C:\Windows\setupact.log
2014-08-19 18:29 - 2014-08-19 18:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-19 18:18 - 2014-08-19 18:18 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-08-19 18:18 - 2014-08-19 18:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 17:55 - 2014-08-19 18:08 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-19 17:55 - 2014-08-19 17:55 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-19 17:55 - 2014-08-19 17:55 - 00000000 _____ () C:\autoexec.bat
2014-08-19 16:57 - 2014-08-19 17:31 - 00000000 ____D () C:\Windows\system32\log
2014-08-18 23:21 - 2014-08-18 23:49 - 270243983 _____ () C:\Users\USUARIO\Downloads\The.Quest.2014.S01E01.HDTV.x264-CF.mp4
2014-08-18 23:20 - 2014-08-19 00:38 - 341963846 _____ () C:\Users\USUARIO\Downloads\the.quest.2014.s01e02.hdtv.x264-w4f.mp4
2014-08-18 12:18 - 2014-08-19 10:39 - 264292903 _____ () C:\Users\USUARIO\Downloads\Ray.Donovan.S02E06.HDTV.x264-ASAP.mp4
2014-08-17 15:11 - 2014-08-20 01:17 - 481841315 _____ () C:\Users\USUARIO\Downloads\Outlander.S01E02.HDTV.x264-ASAP.mp4
2014-08-17 12:55 - 2014-08-17 12:57 - 00000000 ____D () C:\Users\USUARIO\AppData\Roaming\Tropico 4
2014-08-16 23:07 - 2014-08-19 06:49 - 271367212 _____ () C:\Users\USUARIO\Downloads\The.Knick.S01E02.HDTV.x264-KILLERS.mp4
2014-08-16 22:14 - 2014-08-16 22:14 - 00000000 ____D () C:\Users\USUARIO\AppData\Roaming\Kalypso Media
2014-08-16 14:54 - 2014-08-16 14:54 - 00000221 _____ () C:\Users\USUARIO\Desktop\Tropico 4.url
2014-08-15 17:25 - 2014-08-20 01:19 - 555472927 _____ () C:\Users\USUARIO\Downloads\Project.Runway.S13E01.The.Judges.Decide.WEB-DL.x264-RKSTR.mp4
2014-08-15 15:59 - 2014-08-20 00:34 - 552321522 _____ () C:\Users\USUARIO\Downloads\Outlander.S01E01.HDTV.x264-2HD.mp4
2014-08-15 15:57 - 2014-08-17 18:01 - 344019168 _____ () C:\Users\USUARIO\Downloads\The.Knick.S01E01.HDTV.x264-KILLERS.mp4
2014-08-15 15:54 - 2014-08-19 14:38 - 307279064 _____ () C:\Users\USUARIO\Downloads\Manhattan.S01E03.HDTV.x264-LOL.mp4
2014-08-15 15:54 - 2014-08-17 17:01 - 337813471 _____ () C:\Users\USUARIO\Downloads\manhattan.s01e02.hdtv.x264-2hd.mp4
2014-08-15 15:54 - 2014-08-17 16:00 - 403863667 _____ () C:\Users\USUARIO\Downloads\Manhattan.S01E01.HDTV.x264-2HD.mp4
2014-08-15 15:47 - 2014-08-19 10:50 - 323413236 _____ () C:\Users\USUARIO\Downloads\The.Strain.S01E04.HDTV.x264-ASAP.mp4
2014-08-15 15:47 - 2014-08-19 10:04 - 299163586 _____ () C:\Users\USUARIO\Downloads\The.Strain.S01E05.PROPER.HDTV.x264-2HD.mp4
2014-08-15 15:46 - 2014-08-20 01:35 - 582793391 _____ () C:\Users\USUARIO\Downloads\The.Strain.S01E01.HDTV.x264-2HD.mp4
2014-08-15 15:46 - 2014-08-19 13:17 - 301114199 _____ () C:\Users\USUARIO\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp4
2014-08-15 15:46 - 2014-08-17 12:44 - 300013285 _____ () C:\Users\USUARIO\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp4
2014-08-15 15:45 - 2014-08-20 00:11 - 355133701 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E08.HDTV.x264-KILLERS.mp4
2014-08-15 15:45 - 2014-08-19 14:34 - 365290041 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E06.HDTV.x264-ASAP.mp4
2014-08-15 15:44 - 2014-08-20 01:57 - 344964889 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E05.HDTV.x264-ASAP.mp4
2014-08-15 15:44 - 2014-08-19 13:24 - 389185684 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E04.HDTV.x264-KILLERS.mp4
2014-08-15 15:44 - 2014-08-19 13:09 - 318133174 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E07.HDTV.x264-KILLERS.mp4
2014-08-15 15:43 - 2014-08-19 20:44 - 250634859 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E03.HDTV.x264-LOL.mp4
2014-08-15 15:42 - 2014-08-19 13:23 - 299313067 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E02.HDTV.x264-LOL.mp4
2014-08-15 15:41 - 2014-08-19 14:37 - 381446079 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E01.HDTV.x264-LOL.mp4
2014-08-15 15:39 - 2014-08-19 13:09 - 697334401 _____ () C:\Users\USUARIO\Downloads\Project.Runway.S13E04.A.Suitable.Twist.WEB-DL.x264-RKSTR.mp4
2014-08-15 15:39 - 2014-08-19 10:45 - 658312759 _____ () C:\Users\USUARIO\Downloads\Project.Runway.S13E03.Welcome.To.The.Future.WEB-DL.x264-RKSTR.mp4
2014-08-15 15:38 - 2014-08-20 00:13 - 454619204 _____ () C:\Users\USUARIO\Downloads\Project.Runway.S13E02.Movie.Night.HDTV.x264-DaViEW.mp4
2014-08-15 15:37 - 2014-08-17 16:21 - 425648922 _____ () C:\Users\USUARIO\Downloads\Project.Runway.S13E01.Road.To.The.Runway.WEB-DL.x264-RKSTR.mp4
2014-08-15 15:36 - 2014-08-17 16:11 - 280788292 _____ () C:\Users\USUARIO\Downloads\Project.Runway.S13.Designer.Home.Tours.WEB-DL.x264-RKSTR.mp4
2014-08-15 15:35 - 2014-08-20 00:16 - 316443751 _____ () C:\Users\USUARIO\Downloads\Face.Off.S07E03.HDTV.x264-CRiMSON.mp4
2014-08-15 15:34 - 2014-08-19 11:15 - 337979157 _____ () C:\Users\USUARIO\Downloads\Face.Off.S07E04.HDTV.x264-CRiMSON.mp4
2014-08-15 15:33 - 2014-08-20 01:58 - 318119209 _____ () C:\Users\USUARIO\Downloads\Face.Off.S07E02.HDTV.x264-CRiMSON.mp4
2014-08-15 15:33 - 2014-08-17 19:51 - 309403767 _____ () C:\Users\USUARIO\Downloads\Face.Off.S07E01.HDTV.x264-CRiMSON.mp4
2014-08-15 15:27 - 2014-08-18 14:00 - 482063080 _____ () C:\Users\USUARIO\Downloads\The.Amazing.Race.Australia.S03E02.WS.PDTV.XviD-SH4RK.avi
2014-08-15 15:27 - 2014-08-17 16:52 - 665380958 _____ () C:\Users\USUARIO\Downloads\The.Amazing.Race.Australia.S03E01.WS.PDTV.XviD-SH4RK.avi
2014-08-15 15:26 - 2014-08-19 13:23 - 301388780 _____ () C:\Users\USUARIO\Downloads\Ray.Donovan.S02E02.HDTV.x264-ASAP.mp4
2014-08-15 15:26 - 2014-08-19 12:17 - 333588805 _____ () C:\Users\USUARIO\Downloads\Ray.Donovan.S02E05.HDTV.x264-2HD.mp4
2014-08-15 15:26 - 2014-08-19 10:47 - 324170772 _____ () C:\Users\USUARIO\Downloads\Ray.Donovan.S02E04.HDTV.x264-ASAP.mp4
2014-08-15 15:26 - 2014-08-17 10:51 - 321325135 _____ () C:\Users\USUARIO\Downloads\Ray.Donovan.S02E03.HDTV.x264-ASAP.mp4
2014-08-15 15:25 - 2014-08-17 19:46 - 415434928 _____ () C:\Users\USUARIO\Downloads\Ray.Donovan.S02E01.HDTV.x264-ASAP.mp4
2014-08-14 19:26 - 2014-08-14 19:26 - 00000000 ____D () C:\Users\USUARIO\AppData\Local\Risen3
2014-08-06 18:06 - 2014-08-06 18:06 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-08-06 18:06 - 2014-07-02 14:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-08-06 18:04 - 2014-07-02 17:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-08-06 18:04 - 2014-07-02 17:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-08-06 18:04 - 2014-07-02 17:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-08-06 11:21 - 2014-08-06 11:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 11:21 - 2014-08-06 11:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 11:21 - 2014-08-06 11:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 11:21 - 2014-08-06 11:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 11:21 - 2014-08-06 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 11:21 - 2014-08-06 11:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-02 18:56 - 2014-08-02 19:01 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-08-02 18:56 - 2014-08-02 18:56 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-08-02 18:56 - 2014-08-02 18:56 - 00000000 ____D () C:\Program Files\Realtek
2014-08-02 18:56 - 2014-08-02 18:56 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-08-02 18:56 - 2014-05-14 18:37 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-08-02 18:56 - 2014-05-14 16:00 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-08-02 18:56 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-08-02 18:56 - 2014-04-30 11:34 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-08-02 18:56 - 2014-04-28 15:48 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-08-02 18:56 - 2014-04-25 13:51 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-08-02 18:56 - 2014-04-25 13:23 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-08-02 18:56 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2014-08-02 18:56 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2014-08-02 18:56 - 2014-04-10 12:19 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2014-08-02 18:56 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-08-02 18:56 - 2014-02-26 15:16 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-08-02 18:56 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-08-02 18:56 - 2014-01-28 11:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-08-02 18:56 - 2014-01-08 15:25 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2014-08-02 18:56 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-08-02 18:56 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-08-02 18:56 - 2012-06-08 16:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2014-08-02 18:56 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2014-08-02 18:56 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-08-02 18:56 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-08-02 18:56 - 2011-12-16 14:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2014-08-02 18:56 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2014-08-02 18:56 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2014-08-02 18:56 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-08-02 18:56 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-08-02 18:56 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2014-08-02 18:56 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2014-08-02 18:56 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2014-08-02 18:56 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-08-02 18:56 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-08-02 18:56 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-08-02 18:56 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-08-02 18:56 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-08-02 18:56 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-08-02 18:56 - 2009-11-18 07:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2014-07-30 12:14 - 2014-08-19 18:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-24 17:04 - 2014-07-25 10:47 - 00000000 ____D () C:\Users\USUARIO\AppData\Local\FindingTeddy

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-20 13:45 - 2014-08-20 13:45 - 00010602 _____ () C:\Users\USUARIO\Documents\FRST.txt
2014-08-20 13:45 - 2014-08-19 18:48 - 00000000 ____D () C:\FRST
2014-08-20 13:38 - 2014-06-03 18:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-20 13:33 - 2014-01-12 21:58 - 00000902 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 13:17 - 2009-07-14 01:45 - 00016832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-20 13:17 - 2009-07-14 01:45 - 00016832 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-20 11:15 - 2014-08-20 11:13 - 02101760 _____ (Farbar) C:\Users\USUARIO\Documents\FRST64.exe
2014-08-20 10:33 - 2014-01-11 18:36 - 00000000 ____D () C:\Users\USUARIO\AppData\Roaming\uTorrent
2014-08-20 01:58 - 2014-08-15 15:33 - 318119209 _____ () C:\Users\USUARIO\Downloads\Face.Off.S07E02.HDTV.x264-CRiMSON.mp4
2014-08-20 01:57 - 2014-08-15 15:44 - 344964889 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E05.HDTV.x264-ASAP.mp4
2014-08-20 01:35 - 2014-08-15 15:46 - 582793391 _____ () C:\Users\USUARIO\Downloads\The.Strain.S01E01.HDTV.x264-2HD.mp4
2014-08-20 01:19 - 2014-08-15 17:25 - 555472927 _____ () C:\Users\USUARIO\Downloads\Project.Runway.S13E01.The.Judges.Decide.WEB-DL.x264-RKSTR.mp4
2014-08-20 01:17 - 2014-08-17 15:11 - 481841315 _____ () C:\Users\USUARIO\Downloads\Outlander.S01E02.HDTV.x264-ASAP.mp4
2014-08-20 00:34 - 2014-08-15 15:59 - 552321522 _____ () C:\Users\USUARIO\Downloads\Outlander.S01E01.HDTV.x264-2HD.mp4
2014-08-20 00:16 - 2014-08-15 15:35 - 316443751 _____ () C:\Users\USUARIO\Downloads\Face.Off.S07E03.HDTV.x264-CRiMSON.mp4
2014-08-20 00:13 - 2014-08-15 15:38 - 454619204 _____ () C:\Users\USUARIO\Downloads\Project.Runway.S13E02.Movie.Night.HDTV.x264-DaViEW.mp4
2014-08-20 00:11 - 2014-08-15 15:45 - 355133701 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E08.HDTV.x264-KILLERS.mp4
2014-08-19 23:39 - 2014-08-19 23:39 - 00000222 _____ () C:\Users\USUARIO\Desktop\Crusader Kings II.url
2014-08-19 23:33 - 2014-08-19 23:33 - 00000222 _____ () C:\Users\USUARIO\Desktop\Deadlight.url
2014-08-19 23:31 - 2014-08-19 23:31 - 00000222 _____ () C:\Users\USUARIO\Desktop\The Incredible Adventures of Van Helsing.url
2014-08-19 23:27 - 2014-08-19 23:27 - 00000222 _____ () C:\Users\USUARIO\Desktop\Terraria.url
2014-08-19 23:26 - 2014-08-19 23:26 - 00000222 _____ () C:\Users\USUARIO\Desktop\THE KING OF FIGHTERS XIII STEAM EDITION.url
2014-08-19 20:44 - 2014-08-15 15:43 - 250634859 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E03.HDTV.x264-LOL.mp4
2014-08-19 19:49 - 2014-08-19 19:49 - 00000000 ____D () C:\Users\USUARIO\AppData\Roaming\AVAST Software
2014-08-19 19:49 - 2014-08-19 19:48 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-19 19:48 - 2014-08-19 19:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-19 19:48 - 2014-08-19 19:47 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-19 19:47 - 2014-08-19 19:47 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-19 19:47 - 2014-08-19 19:47 - 00426848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1408488495071
2014-08-19 19:47 - 2014-08-19 19:47 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-19 19:47 - 2014-08-19 19:47 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-19 19:47 - 2014-08-19 19:47 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-19 19:47 - 2014-08-19 19:47 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-19 19:47 - 2014-08-19 19:47 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-19 19:47 - 2014-08-19 19:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-19 19:47 - 2014-08-19 19:47 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-19 19:47 - 2014-08-19 19:47 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-19 19:39 - 2014-08-19 19:39 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-19 19:39 - 2014-08-19 19:37 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software
2014-08-19 19:39 - 2014-08-19 19:37 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-19 19:37 - 2014-08-19 19:36 - 04862664 _____ (AVAST Software) C:\Users\USUARIO\Downloads\avast_free_antivirus_setup_online.exe
2014-08-19 19:17 - 2013-06-18 17:41 - 01708117 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 19:15 - 2014-08-19 18:29 - 00000504 _____ () C:\Windows\setupact.log
2014-08-19 19:15 - 2013-06-19 08:05 - 00000000 ____D () C:\Users\Todos os Usuários\NVIDIA
2014-08-19 19:15 - 2013-06-19 08:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-19 19:15 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 19:14 - 2014-08-19 19:14 - 00000338 _____ () C:\Windows\PFRO.log
2014-08-19 19:13 - 2013-06-19 19:52 - 00000000 ____D () C:\Users\Todos os Usuários\Package Cache
2014-08-19 19:13 - 2013-06-19 19:52 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-19 18:29 - 2014-08-19 18:29 - 00000000 _____ () C:\Windows\setuperr.log
2014-08-19 18:18 - 2014-08-19 18:18 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes
2014-08-19 18:18 - 2014-08-19 18:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-19 18:16 - 2014-07-30 12:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-19 18:13 - 2014-01-11 18:36 - 00000000 ____D () C:\Program Files (x86)\uTorrent
2014-08-19 18:13 - 2013-06-22 14:10 - 00000000 ____D () C:\Users\USUARIO\AppData\Roaming\DAEMON Tools Lite
2014-08-19 18:08 - 2014-08-19 17:55 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-08-19 17:55 - 2014-08-19 17:55 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-19 17:55 - 2014-08-19 17:55 - 00000000 _____ () C:\autoexec.bat
2014-08-19 17:31 - 2014-08-19 16:57 - 00000000 ____D () C:\Windows\system32\log
2014-08-19 17:11 - 2009-07-14 02:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-19 14:38 - 2014-08-15 15:54 - 307279064 _____ () C:\Users\USUARIO\Downloads\Manhattan.S01E03.HDTV.x264-LOL.mp4
2014-08-19 14:37 - 2014-08-15 15:41 - 381446079 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E01.HDTV.x264-LOL.mp4
2014-08-19 14:34 - 2014-08-15 15:45 - 365290041 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E06.HDTV.x264-ASAP.mp4
2014-08-19 13:24 - 2014-08-15 15:44 - 389185684 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E04.HDTV.x264-KILLERS.mp4
2014-08-19 13:23 - 2014-08-15 15:42 - 299313067 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E02.HDTV.x264-LOL.mp4
2014-08-19 13:23 - 2014-08-15 15:26 - 301388780 _____ () C:\Users\USUARIO\Downloads\Ray.Donovan.S02E02.HDTV.x264-ASAP.mp4
2014-08-19 13:17 - 2014-08-15 15:46 - 301114199 _____ () C:\Users\USUARIO\Downloads\The.Strain.S01E03.HDTV.x264-KILLERS.mp4
2014-08-19 13:09 - 2014-08-15 15:44 - 318133174 _____ () C:\Users\USUARIO\Downloads\Tyrant.S01E07.HDTV.x264-KILLERS.mp4
2014-08-19 13:09 - 2014-08-15 15:39 - 697334401 _____ () C:\Users\USUARIO\Downloads\Project.Runway.S13E04.A.Suitable.Twist.WEB-DL.x264-RKSTR.mp4
2014-08-19 12:17 - 2014-08-15 15:26 - 333588805 _____ () C:\Users\USUARIO\Downloads\Ray.Donovan.S02E05.HDTV.x264-2HD.mp4
2014-08-19 11:15 - 2014-08-15 15:34 - 337979157 _____ () C:\Users\USUARIO\Downloads\Face.Off.S07E04.HDTV.x264-CRiMSON.mp4
2014-08-19 10:50 - 2014-08-15 15:47 - 323413236 _____ () C:\Users\USUARIO\Downloads\The.Strain.S01E04.HDTV.x264-ASAP.mp4
2014-08-19 10:47 - 2014-08-15 15:26 - 324170772 _____ () C:\Users\USUARIO\Downloads\Ray.Donovan.S02E04.HDTV.x264-ASAP.mp4
2014-08-19 10:45 - 2014-08-15 15:39 - 658312759 _____ () C:\Users\USUARIO\Downloads\Project.Runway.S13E03.Welcome.To.The.Future.WEB-DL.x264-RKSTR.mp4
2014-08-19 10:39 - 2014-08-18 12:18 - 264292903 _____ () C:\Users\USUARIO\Downloads\Ray.Donovan.S02E06.HDTV.x264-ASAP.mp4
2014-08-19 10:04 - 2014-08-15 15:47 - 299163586 _____ () C:\Users\USUARIO\Downloads\The.Strain.S01E05.PROPER.HDTV.x264-2HD.mp4
2014-08-19 06:49 - 2014-08-16 23:07 - 271367212 _____ () C:\Users\USUARIO\Downloads\The.Knick.S01E02.HDTV.x264-KILLERS.mp4
2014-08-19 00:38 - 2014-08-18 23:20 - 341963846 _____ () C:\Users\USUARIO\Downloads\the.quest.2014.s01e02.hdtv.x264-w4f.mp4
2014-08-18 23:49 - 2014-08-18 23:21 - 270243983 _____ () C:\Users\USUARIO\Downloads\The.Quest.2014.S01E01.HDTV.x264-CF.mp4
2014-08-18 14:00 - 2014-08-15 15:27 - 482063080 _____ () C:\Users\USUARIO\Downloads\The.Amazing.Race.Australia.S03E02.WS.PDTV.XviD-SH4RK.avi
2014-08-17 19:51 - 2014-08-15 15:33 - 309403767 _____ () C:\Users\USUARIO\Downloads\Face.Off.S07E01.HDTV.x264-CRiMSON.mp4
2014-08-17 19:46 - 2014-08-15 15:25 - 415434928 _____ () C:\Users\USUARIO\Downloads\Ray.Donovan.S02E01.HDTV.x264-ASAP.mp4
2014-08-17 18:01 - 2014-08-15 15:57 - 344019168 _____ () C:\Users\USUARIO\Downloads\The.Knick.S01E01.HDTV.x264-KILLERS.mp4
2014-08-17 17:01 - 2014-08-15 15:54 - 337813471 _____ () C:\Users\USUARIO\Downloads\manhattan.s01e02.hdtv.x264-2hd.mp4
2014-08-17 16:52 - 2014-08-15 15:27 - 665380958 _____ () C:\Users\USUARIO\Downloads\The.Amazing.Race.Australia.S03E01.WS.PDTV.XviD-SH4RK.avi
2014-08-17 16:21 - 2014-08-15 15:37 - 425648922 _____ () C:\Users\USUARIO\Downloads\Project.Runway.S13E01.Road.To.The.Runway.WEB-DL.x264-RKSTR.mp4
2014-08-17 16:11 - 2014-08-15 15:36 - 280788292 _____ () C:\Users\USUARIO\Downloads\Project.Runway.S13.Designer.Home.Tours.WEB-DL.x264-RKSTR.mp4
2014-08-17 16:00 - 2014-08-15 15:54 - 403863667 _____ () C:\Users\USUARIO\Downloads\Manhattan.S01E01.HDTV.x264-2HD.mp4
2014-08-17 12:57 - 2014-08-17 12:55 - 00000000 ____D () C:\Users\USUARIO\AppData\Roaming\Tropico 4
2014-08-17 12:44 - 2014-08-15 15:46 - 300013285 _____ () C:\Users\USUARIO\Downloads\The.Strain.S01E02.HDTV.x264-KILLERS.mp4
2014-08-17 10:51 - 2014-08-15 15:26 - 321325135 _____ () C:\Users\USUARIO\Downloads\Ray.Donovan.S02E03.HDTV.x264-ASAP.mp4
2014-08-16 22:14 - 2014-08-16 22:14 - 00000000 ____D () C:\Users\USUARIO\AppData\Roaming\Kalypso Media
2014-08-16 14:54 - 2014-08-16 14:54 - 00000221 _____ () C:\Users\USUARIO\Desktop\Tropico 4.url
2014-08-14 19:26 - 2014-08-14 19:26 - 00000000 ____D () C:\Users\USUARIO\AppData\Local\Risen3
2014-08-14 10:26 - 2014-01-12 21:58 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-14 10:26 - 2014-01-12 21:58 - 00003840 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-14 10:26 - 2013-06-19 22:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-06 18:06 - 2014-08-06 18:06 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-08-06 18:06 - 2013-11-08 09:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-08-06 18:06 - 2013-06-19 08:04 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-08-06 18:05 - 2013-06-19 08:04 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-08-06 17:19 - 2014-01-19 16:40 - 00000000 ____D () C:\Users\USUARIO\AppData\Local\NVIDIA Corporation
2014-08-06 11:21 - 2014-08-06 11:21 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 11:21 - 2014-08-06 11:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 11:21 - 2014-08-06 11:21 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 11:21 - 2014-08-06 11:21 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 11:21 - 2014-08-06 11:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-06 11:21 - 2014-08-06 11:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-06 11:21 - 2014-01-21 09:04 - 00000000 ____D () C:\Users\Todos os Usuários\Oracle
2014-08-06 11:21 - 2014-01-21 09:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-02 19:01 - 2014-08-02 18:56 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-08-02 18:59 - 2014-01-11 19:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-02 18:56 - 2014-08-02 18:56 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-08-02 18:56 - 2014-08-02 18:56 - 00000000 ____D () C:\Program Files\Realtek
2014-08-02 18:56 - 2014-08-02 18:56 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-08-02 18:56 - 2013-07-02 21:04 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-29 17:18 - 2013-06-19 19:45 - 00000000 ____D () C:\Users\USUARIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-25 10:50 - 2014-06-04 10:50 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-07-25 10:50 - 2014-06-04 10:50 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-25 10:50 - 2013-11-08 09:17 - 01283136 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-07-25 10:50 - 2013-11-08 09:17 - 01126480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-07-25 10:47 - 2014-07-24 17:04 - 00000000 ____D () C:\Users\USUARIO\AppData\Local\FindingTeddy
2014-07-23 15:34 - 2011-04-12 10:40 - 00706524 _____ () C:\Windows\system32\prfh0416.dat
2014-07-23 15:34 - 2011-04-12 10:40 - 00147250 _____ () C:\Windows\system32\prfc0416.dat
2014-07-23 15:34 - 2009-07-14 02:13 - 01637068 _____ () C:\Windows\system32\PerfStringBackup.INI

Some content of TEMP:
====================
C:\Users\USUARIO\AppData\Local\Temp\avgnt.exe
C:\Users\USUARIO\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 05:11

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 PM

Posted 20 August 2014 - 02:57 PM

Hi there,

is the problem gone after the following fix?


Please download this attached Attached File  fixlist.txt   148bytes   17 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button and allow the reboot.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 pai_mei

pai_mei
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 20 August 2014 - 03:20 PM

Thank you for the response and the fix, the problem is gone now.

Here is the fixlog:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2014 01
Ran by USUARIO at 2014-08-20 17:11:47 Run:3
Running from C:\Users\USUARIO\Documents
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2107296046-2523685757-1094972002-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
Reboot:
*****************

HKU\S-1-5-21-2107296046-2523685757-1094972002-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.


The system needed a reboot.

==== End of Fixlog ====



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 PM

Posted 20 August 2014 - 03:22 PM

Great! Let's do a check up if anything else shows up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#5 pai_mei

pai_mei
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 20 August 2014 - 05:25 PM

The scan came up clean, thank you again for all the help.

The log:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=70c4570d6443cc4aa586503d6984d10a
# engine=19754
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-20 10:02:08
# local_time=2014-08-20 07:02:08 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 0 3852413 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 105038517 160119178 0 0
# scanned=205704
# found=0
# cleaned=0
# scan_time=4194
 



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 PM

Posted 21 August 2014 - 05:04 AM

Great. That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 PM

Posted 03 September 2014 - 06:03 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users