Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Regedit and Notepad Automatic closed after opened , PANIC!


  • This topic is locked This topic is locked
2 replies to this topic

#1 mdaffa4848

mdaffa4848

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:22 PM

Posted 16 October 2015 - 08:19 AM

Hello im new in this forum  :hello:  ,  and i have a problem with my pc , someone can help me?

 

the beginning , when im opened an unknowed executable file from my friend flashdisk it suddenly openned the permission for open regedit then i click yes and suddenly opened the warning and closed automatically and it occurs many time between 5-10 seconds , so i try to click no from the warning but i got wrong click , i clicked yes , and 2 sec after that my pc restarting suddenly ,then when my pc on i try to open the notepad it closed automatically then i try to open regedit and closed auto too so..... can someone help me im panic! i was very regret for opened that file

 

 

note: sorry for my english

 

 

update!

i remembered that flashdisk is infected virus and cleaned by antivirus calles "smadav' and i think that flashdisk is cleaned , but i wrong

 

and this log from FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-10-2015 01
Ran by user (administrator) on USER-PC (16-10-2015 19:48:07)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-UpdaterService.exe
() C:\Program Files\Smartfren Connex CE682 UI\HEject.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(BlueStack Systems, Inc.) C:\Program Files\BlueStacks\HD-Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
() C:\Program Files\Smartfren Connex CE682 UI\App.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(MPC-HC Team) C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe
(Code::Blocks Team) C:\Program Files\CodeBlocks\codeblocks.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-4026166272-1394576610-1265872796-1000\...\Run: [Windows Update Installer] => C:\Users\user\AppData\Roaming\WindowsUpdate\Updater.exe
HKU\S-1-5-21-4026166272-1394576610-1265872796-1000\...\MountPoints2: {13f0e51a-331b-11e5-876e-cecd99df441b} - L:\setup.exe
HKU\S-1-5-21-4026166272-1394576610-1265872796-1000\...\MountPoints2: {7c5aaa9b-32b8-11e5-acbf-d0a223abcc12} - "H:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-4026166272-1394576610-1265872796-1000\...\MountPoints2: {eb2a6ce6-3298-11e5-b810-b63f660342e1} - F:\Setup.exe
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\..\Interfaces\{4E38759D-F5EE-41E7-9203-FA556CACB167}: [NameServer] 10.17.118.187 10.17.118.251
Tcpip\..\Interfaces\{69C4E9D9-3B26-4F03-948C-FC5A43EF912A}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{7B42F93A-4CEB-46C2-9BC9-E2CD01878E19}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-4026166272-1394576610-1265872796-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iaeopydf.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-31] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1219159.dll [2015-06-26] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-05-20] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-05-20] (NVIDIA Corporation)
FF Plugin HKU\S-1-5-21-4026166272-1394576610-1265872796-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin HKU\S-1-5-21-4026166272-1394576610-1265872796-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Extension: Rikaichan Japanese-English Dictionary File - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iaeopydf.default\Extensions\rikaichan-jpen@polarcloud.com [2015-08-21]
FF Extension: Rikaichan - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\iaeopydf.default\Extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82} [2015-07-27]

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-24]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-09-07]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-24]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
R2 CDROM_Eject_H; C:\Program Files\Smartfren Connex CE682 UI\HEject.exe [267776 2012-03-09] () [File not signed]
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2568120 2012-07-19] (WIBU-SYSTEMS AG)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1034584 2015-06-18] (Disc Soft Ltd)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-10-04] (Macrovision Europe Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1617696 2014-05-01] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19702048 2014-05-01] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2015-09-27] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [132216 2015-08-19] (BlueStack Systems)
R3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [16384 2013-09-13] (Cypress Semiconductor, Inc.)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [25016 2015-07-25] (Disc Soft Ltd)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2009-02-10] (EZB Systems, Inc.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [17240 2014-05-01] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [17920 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [76288 2014-01-12] (Nuvoton Technology Corp.)
R3 UsbModemDriver; C:\Windows\System32\DRIVERS\USB_MODEM_H.sys [21504 2011-04-04] ()
R3 USB_BusEnum_H; C:\Windows\System32\DRIVERS\USB_BusEnum_H.sys [38400 2009-11-05] ()
R3 USB_ETS_H; C:\Windows\System32\DRIVERS\USB_ETS_H.sys [16128 2008-05-28] (Via Telecom, Inc.)
R3 USB_WinMux_H; C:\Windows\System32\DRIVERS\USB_WinMux_H.sys [30080 2009-10-27] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-16 19:48 - 2015-10-16 19:48 - 00010970 _____ C:\Users\user\Desktop\FRST.txt
2015-10-16 19:47 - 2015-10-16 19:48 - 00000000 ____D C:\FRST
2015-10-16 19:46 - 2015-10-16 19:47 - 01700352 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2015-10-16 19:35 - 2015-10-16 19:35 - 00000596 __RSH C:\Users\user\ntuser.pol
2015-10-16 19:16 - 2015-10-16 19:16 - 00000000 ____H C:\ProgramData\cm-lock
2015-10-16 19:14 - 2015-10-16 19:14 - 00004248 ____H C:\Users\user\AppData\Local\tevgbkarjvaciikneozqbwfvmeqvxddfizjul.raq
2015-10-16 19:12 - 2015-10-16 19:12 - 00000280 ____H C:\Users\user\AppData\Local\ssyyiglryztkfuldjiiooywbho.jav
2015-10-16 19:10 - 2015-10-16 19:16 - 00000000 ____D C:\Users\user\AppData\Roaming\WindowsUpdate
2015-10-16 19:10 - 2015-10-16 19:16 - 00000000 ____D C:\Users\user\AppData\Roaming\Update
2015-10-16 19:10 - 2015-10-16 10:47 - 00397824 _____ (PGWARE LLC ) C:\Users\user\AppData\Roaming\c731200
2015-10-14 20:03 - 2015-10-14 20:03 - 00000000 ____D C:\Users\user\AppData\Roaming\stetic
2015-10-14 20:03 - 2015-10-14 20:03 - 00000000 ____D C:\Users\user\AppData\Roaming\MonoDevelop-Unity-4.0
2015-10-14 20:02 - 2015-10-14 20:03 - 00000000 ____D C:\Users\user\AppData\Local\MonoDevelop-Unity-4.0
2015-10-14 20:00 - 2015-10-14 20:09 - 00000000 ____D C:\Users\user\Documents\nyoba
2015-10-14 11:41 - 2015-10-14 12:01 - 41165513 _____ C:\Users\user\Downloads\_Animaling.us__Consenting_Adultery_01.mp4
2015-10-14 11:41 - 2015-10-14 11:55 - 35390307 _____ C:\Users\user\Downloads\AnimeCave-_Rinkan_Gakuen.mp4
2015-10-14 11:26 - 2015-10-16 19:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-10-14 11:06 - 2015-10-14 11:34 - 44901932 _____ C:\Users\user\Downloads\[AhbunRetryEncoded]Square Sisters 01.mp4
2015-10-12 18:57 - 2015-10-12 18:58 - 00000000 ____D C:\tmp
2015-10-08 04:42 - 2015-10-08 04:44 - 38196598 _____ C:\Users\user\Downloads\Keksen_03_HR2_Animagz.mp4
2015-10-08 04:40 - 2015-10-08 04:41 - 37732191 _____ C:\Users\user\Downloads\Keksen_02_HR2_Animagz.mp4
2015-10-08 04:36 - 2015-10-08 04:39 - 38114552 _____ C:\Users\user\Downloads\Keksen_01_HR2_Animagz.mp4
2015-10-07 05:08 - 2015-10-07 05:10 - 128278990 _____ C:\Users\user\Downloads\main.39662.com.cmge.gplay.rod.obb
2015-10-05 15:20 - 2015-10-05 15:20 - 00000000 ____D C:\Users\user\AppData\Local\Bluestacks
2015-10-05 15:20 - 2015-10-05 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-10-05 15:20 - 2015-10-05 15:20 - 00000000 ____D C:\ProgramData\BlueStacks
2015-10-05 15:20 - 2015-10-05 15:20 - 00000000 ____D C:\Program Files\BlueStacks
2015-10-05 15:17 - 2015-10-05 15:19 - 14634624 _____ (BlueStack Systems Inc.) C:\Users\user\Downloads\ThinInstaller_native.exe
2015-10-05 15:15 - 2015-10-05 15:16 - 01819944 _____ C:\Users\user\Downloads\Andy_Android_Emulator_v45_40.exe
2015-10-04 20:29 - 2015-10-06 19:17 - 00000000 ____D C:\Users\user\AppData\LocalLow\Adobe
2015-10-04 20:18 - 2015-10-04 20:18 - 00000000 ____D C:\ProgramData\Corel
2015-10-04 20:18 - 2015-10-04 20:18 - 00000000 ____D C:\Program Files\Common Files\Protexis
2015-10-04 20:18 - 2015-10-04 20:18 - 00000000 ____D C:\Program Files\Common Files\Corel
2015-10-04 20:17 - 2015-10-04 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6
2015-10-04 20:17 - 2015-10-04 20:17 - 00000000 ____D C:\Users\Public\Documents\Corel
2015-10-04 20:17 - 2015-10-04 20:17 - 00000000 ____D C:\Program Files\Corel
2015-10-04 20:11 - 2015-10-04 20:11 - 00000000 ____D C:\Users\user\Documents\My Palettes
2015-10-04 19:58 - 2015-10-04 20:11 - 00000000 ____D C:\Users\user\AppData\Roaming\Corel
2015-10-04 19:58 - 2015-10-04 20:11 - 00000000 ____D C:\ProgramData\Protexis
2015-10-04 19:57 - 2015-10-04 20:11 - 00000000 ____D C:\Users\user\Documents\Corel
2015-10-04 19:57 - 2015-10-04 19:57 - 00000000 ____D C:\Users\user\Documents\Visual Studio 2008
2015-10-04 19:56 - 2015-10-04 19:56 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2015-10-04 19:56 - 2015-10-04 19:56 - 00000000 ____D C:\Program Files\Microsoft SDKs
2015-10-04 19:56 - 2015-10-04 19:56 - 00000000 ____D C:\Program Files\gs
2015-10-04 19:51 - 2015-10-04 20:19 - 00000000 ____D C:\ProgramData\CorelDRAW Graphics Suite X6
2015-10-04 19:27 - 2015-10-04 19:27 - 00000000 ____D C:\Users\user\Documents\Adobe
2015-10-04 19:21 - 2015-10-04 19:21 - 00000000 ____D C:\ProgramData\FLEXnet
2015-10-04 19:14 - 2015-10-04 19:14 - 00000000 ____D C:\Program Files\Common Files\Control Panels
2015-10-04 19:10 - 2015-10-04 19:10 - 00000000 ____D C:\Program Files\QuickTime
2015-10-04 19:10 - 2007-02-20 16:04 - 02463976 _____ C:\Windows\system32\NPSWF32.dll
2015-10-04 19:10 - 2007-02-20 16:04 - 00190696 _____ (Adobe Systems, Inc.) C:\Windows\system32\NPSWF32_FlashUtil.exe
2015-10-04 19:07 - 2015-10-04 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS3
2015-10-04 19:07 - 2015-10-04 19:07 - 00000000 ____D C:\Program Files\Bonjour
2015-10-04 19:06 - 2015-10-04 19:06 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2015-10-04 05:55 - 2015-10-04 07:13 - 34961560 _____ C:\Users\user\Crlt_10_HR2_ANIMAGZ_.mp4.part
2015-10-03 16:09 - 2015-10-14 19:28 - 00000000 ___RD C:\Users\user\Desktop\acak2
2015-10-03 16:09 - 2015-10-12 19:14 - 00000000 ___RD C:\Users\user\Desktop\Software
2015-10-02 05:30 - 2015-10-02 05:49 - 43478351 _____ C:\Users\user\Downloads\Ovr_05_HR2_AnimaGZ_.mp4
2015-10-02 05:06 - 2015-10-02 05:28 - 43434551 _____ C:\Users\user\Downloads\Crlt_09_HR2_ANIMAGZ_.mp4
2015-10-02 04:18 - 2015-10-02 04:53 - 43459164 _____ C:\Users\user\Downloads\Crlt_08_HR2_ANIMAGZ_.mp4
2015-10-01 20:01 - 2015-10-04 19:28 - 00000000 ____D C:\ProgramData\Adobe
2015-10-01 20:01 - 2015-10-04 19:15 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-10-01 20:01 - 2015-10-04 19:14 - 00000000 ____D C:\Program Files\Adobe
2015-10-01 20:01 - 2015-10-01 20:01 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2015-10-01 04:46 - 2015-10-01 05:31 - 38265077 _____ C:\Users\user\Downloads\SnS_03_HR2_Animagz.mp4
2015-10-01 04:24 - 2015-10-01 04:45 - 43446542 _____ C:\Users\user\Downloads\Crlt_07_HR2_animAGZ_.mp4
2015-09-30 16:38 - 2015-09-30 16:38 - 10084352 _____ C:\Users\user\Documents\dada.iso
2015-09-30 16:28 - 2015-09-30 16:28 - 00000000 __RSH C:\MSDOS.SYS
2015-09-30 16:28 - 2015-09-30 16:28 - 00000000 __RSH C:\IO.SYS
2015-09-30 16:28 - 2015-09-30 16:28 - 00000000 ____D C:\Program Files\Helicon
2015-09-30 16:28 - 1998-02-06 22:37 - 00299520 _____ (InstallShield Corporation, Inc.) C:\Windows\uninst.exe
2015-09-30 16:28 - 1997-07-19 16:55 - 01347344 _____ (Microsoft Corporation) C:\Windows\system32\MSVBVM50.DLL
2015-09-27 15:06 - 2015-09-27 15:06 - 00000000 ____D C:\Users\user\Documents\BNE
2015-09-27 15:05 - 2015-09-27 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One Piece Pirate Warriors 3
2015-09-27 15:00 - 2015-09-27 15:05 - 00000000 ____D C:\Program Files\One Piece Pirate Warriors 3
2015-09-27 12:32 - 2015-09-27 12:32 - 00000000 ____D C:\Users\user\AppData\Local\My Games
2015-09-27 12:32 - 2015-09-27 12:32 - 00000000 ____D C:\ProgramData\Steam
2015-09-27 12:29 - 2015-09-27 12:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Catalyst
2015-09-27 12:20 - 2015-09-27 12:20 - 00000000 ____D C:\Users\user\Documents\My Games
2015-09-27 12:20 - 2015-09-27 12:20 - 00000000 ____D C:\Program Files\R.G. Catalyst
2015-09-27 11:46 - 2015-09-27 11:46 - 00000000 ____D C:\ProgramData\Ubisoft
2015-09-27 11:44 - 2015-09-27 11:44 - 00189248 _____ C:\Windows\system32\PnkBstrB.exe
2015-09-27 11:44 - 2015-09-27 11:44 - 00075136 _____ C:\Windows\system32\PnkBstrA.exe
2015-09-27 11:44 - 2015-09-27 11:44 - 00000000 ____D C:\Users\user\AppData\Roaming\PunkBuster
2015-09-27 11:30 - 2015-09-27 11:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-27 11:30 - 2015-09-27 11:30 - 00000000 ____D C:\Program Files\Ubisoft
2015-09-26 05:33 - 2015-09-26 05:33 - 00000000 ____D C:\Users\user\.thumbnails
2015-09-26 05:18 - 2015-10-16 19:28 - 00000000 ____D C:\Users\user\Documents\s
2015-09-26 04:58 - 2015-09-26 04:58 - 00000002 _____ C:\Users\user\Documents\.Untitled1.c
2015-09-26 04:56 - 2015-10-16 19:28 - 00000000 ____D C:\Users\user\AppData\Roaming\CodeBlocks
2015-09-26 04:56 - 2015-09-26 04:56 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2015-09-26 04:56 - 2015-09-26 04:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
2015-09-26 04:56 - 2015-09-26 04:56 - 00000000 ____D C:\Program Files\CodeBlocks
2015-09-26 03:34 - 2015-09-26 03:35 - 00000000 ____D C:\Users\user\AppData\Roaming\Notepad++
2015-09-26 03:33 - 2015-09-26 03:34 - 00000000 ____D C:\Program Files\Notepad++
2015-09-24 16:22 - 2015-09-24 16:37 - 00000000 ____D C:\Users\user\Documents\Avid
2015-09-19 18:37 - 2015-09-19 18:45 - 00000000 ____D C:\Users\user\Documents\Train
2015-09-19 18:37 - 2015-09-19 18:37 - 00000000 ____D C:\Users\user\AppData\LocalLow\Unity
2015-09-19 18:32 - 2015-09-19 18:37 - 00000000 ____D C:\Users\user\AppData\Roaming\Unity
2015-09-19 18:32 - 2015-09-19 18:32 - 00001956 _____ C:\Users\user\Downloads\Unity_v5.x.ulf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-16 19:48 - 2015-09-07 03:03 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4026166272-1394576610-1265872796-1000UA.job
2015-10-16 19:25 - 2010-11-21 04:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-16 19:23 - 2015-07-24 00:55 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-10-16 19:23 - 2015-07-24 00:51 - 00545016 _____ C:\Windows\WindowsUpdate.log
2015-10-16 19:16 - 2015-07-24 01:19 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-16 19:16 - 2009-07-14 11:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-16 19:16 - 2009-07-14 11:39 - 00064494 _____ C:\Windows\setupact.log
2015-10-14 20:00 - 2015-09-04 19:29 - 00000000 ____D C:\ProgramData\Unity
2015-10-14 01:55 - 2015-09-07 03:03 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4026166272-1394576610-1265872796-1000Core.job
2015-10-10 11:16 - 2015-08-30 23:13 - 00000000 ____D C:\Users\user\Documents\My Cheat Tables
2015-10-08 05:37 - 2010-11-21 04:48 - 00068458 _____ C:\Windows\PFRO.log
2015-10-05 15:38 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-10-05 15:28 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-10-05 15:20 - 2009-07-14 09:37 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-05 15:04 - 2009-07-14 09:37 - 00000000 ____D C:\Windows\system32\NDF
2015-10-04 20:40 - 2009-07-14 11:33 - 01969992 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-04 20:34 - 2015-07-31 05:29 - 00000000 ____D C:\Users\user\AppData\Roaming\Adobe
2015-10-04 20:34 - 2015-07-26 15:19 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
2015-10-04 20:19 - 2015-07-24 01:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-04 20:11 - 2015-07-24 01:51 - 00202760 _____ C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-04 19:56 - 2009-07-14 09:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-09-29 17:26 - 2015-07-26 00:02 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2015-09-27 11:42 - 2009-07-14 11:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-09-27 11:37 - 2015-07-26 23:48 - 00206615 _____ C:\Users\user\Downloads\27.htm
2015-09-26 03:46 - 2015-07-25 17:26 - 00000000 ____D C:\Users\user\AppData\Roaming\DMCache
2015-09-26 03:33 - 2015-08-29 22:41 - 00000000 ____D C:\Program Files\SimCity
2015-09-24 16:37 - 2015-08-22 20:40 - 00000000 ____D C:\Users\user\temp
2015-09-24 16:14 - 2015-08-22 21:05 - 00005120 _____ C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-24 16:10 - 2015-08-22 20:15 - 00000605 _____ C:\Users\user\AppData\Roaming\USER-PC.MTBF.txt
2015-09-24 16:10 - 2015-08-22 20:15 - 00000000 ____D C:\Users\user\AppData\Local\Avid
2015-09-24 16:10 - 2015-08-22 20:03 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI

==================== Files in the root of some directories =======

2015-10-16 19:10 - 2015-10-16 10:47 - 0397824 _____ (PGWARE LLC                                                  ) C:\Users\user\AppData\Roaming\c731200
2015-08-22 20:15 - 2015-09-24 16:10 - 0000605 _____ () C:\Users\user\AppData\Roaming\USER-PC.MTBF.txt
2015-08-22 21:05 - 2015-09-24 16:14 - 0005120 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-16 19:12 - 2015-10-16 19:12 - 0000280 ____H () C:\Users\user\AppData\Local\ssyyiglryztkfuldjiiooywbho.jav
2015-10-16 19:14 - 2015-10-16 19:14 - 0004248 ____H () C:\Users\user\AppData\Local\tevgbkarjvaciikneozqbwfvmeqvxddfizjul.raq
2015-10-16 19:16 - 2015-10-16 19:16 - 0000000 ____H () C:\ProgramData\cm-lock
2015-08-22 21:13 - 2015-08-22 21:30 - 0000506 _____ () C:\ProgramData\__FileUploader.log

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\NVI2_29.DLL
C:\Users\user\AppData\Local\Temp\WTXIUtXuMfMfzPcdZdVm.DLL


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-11 12:35

==================== End of FRST.txt ============================


Edited by mdaffa4848, 16 October 2015 - 08:38 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,527 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:22 AM

Posted 19 October 2015 - 08:36 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-4026166272-1394576610-1265872796-1000\...\Run: [Windows Update Installer] => C:\Users\user\AppData\Roaming\WindowsUpdate\Updater.exe
GroupPolicyScripts: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\user\AppData\Local\Temp\NVI2_29.DLL
C:\Users\user\AppData\Local\Temp\WTXIUtXuMfMfzPcdZdVm.DLL
C:\Users\user\AppData\Roaming\WindowsUpdate

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download and Run FlashDisinfector

You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

How is the computer running now?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,527 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:22 AM

Posted 24 October 2015 - 08:52 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users