file format 8488 [Archive] - Safer-Networking Forums

iswandi

2016-11-27, 08:46

hi guy.. all my video format avi cannot be open anymore. All those video has been changed to format video 8488. How i can remove this malware from my PC. i have re-format my PC but my video still cannot be open and still in format 8488. Here i attach file picture. tq

here is the log your require.tq

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Ran by admin (administrator) on ADMIN-PC (27-11-2016 14:40:14)
Running from H:\driver
Loaded Profiles: admin (Available Profiles: admin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgfwsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
() C:\ProgramData\DatacardService\DCService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Solvusoft Corporation) C:\Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2862928 2012-07-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [CommonToolkitTray_Solvusoft] => C:\Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe [1686088 2015-09-24] (Solvusoft Corporation)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [218896 2016-09-13] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1642817827-2581930201-3280809290-1000\...\MountPoints2: {d433c95c-b3f2-11e6-9576-ee0fe25c2308} - F:\AutoRun.exe
HKU\S-1-5-21-1642817827-2581930201-3280809290-1000\...\MountPoints2: {d433c96c-b3f2-11e6-9576-ee0fe25c2308} - F:\AutoRun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{588152B2-A537-481D-9EDD-98B76CF5F16B}: [NameServer] 203.82.64.161 203.82.64.129

Internet Explorer:
==================
HKU\S-1-5-21-1642817827-2581930201-3280809290-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.my/
HKU\S-1-5-21-1642817827-2581930201-3280809290-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-my/?ocid=iehp
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-06-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-06-05] (NVIDIA Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [647864 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [2050040 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5332384 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1149712 2016-09-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [727512 2016-10-13] (AVG Technologies CZ, s.r.o.)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 athr; C:\Windows\System32\DRIVERS\athrx.sys [1594368 2010-03-02] (Atheros Communications, Inc.) [File not signed]
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [73480 2016-06-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [311552 2016-09-22] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272640 2016-07-27] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [265472 2016-09-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\admin\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\admin\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 14:40 - 2016-11-27 14:40 - 00000000 ____D C:\FRST
2016-11-27 14:35 - 2016-11-27 14:35 - 00001948 _____ C:\Users\admin\Documents\aswMBR.txt
2016-11-27 14:35 - 2016-11-27 14:35 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-11-27 14:35 - 2016-11-27 14:35 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-11-27 14:35 - 2016-11-27 14:35 - 00000512 _____ C:\Users\admin\Documents\MBR.dat
2016-11-27 14:34 - 2016-11-27 14:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-11-27 14:31 - 2016-11-26 22:40 - 00000000 ____D C:\Windows\Panther
2016-11-27 14:25 - 2016-11-26 22:45 - 00000000 ____D C:\Windows.old.000
2016-11-27 14:06 - 2010-03-02 16:45 - 01594368 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2016-11-27 12:27 - 2016-11-27 12:27 - 684680303 _____ C:\Windows\MEMORY.DMP
2016-11-27 12:27 - 2016-11-27 12:27 - 00293864 _____ C:\Windows\Minidump\112716-50934-01.dmp
2016-11-27 12:27 - 2016-11-27 12:27 - 00000000 ____D C:\Windows\Minidump
2016-11-27 12:24 - 2016-11-27 12:24 - 00000000 ____D C:\Program Files\DIFX
2016-11-27 11:57 - 2016-11-27 11:57 - 00001224 _____ C:\Users\admin\Documents\virus.csv
2016-11-27 11:41 - 2016-11-27 11:41 - 00000000 ____D C:\Users\admin\AppData\Roaming\AVG
2016-11-27 11:40 - 2016-11-27 11:40 - 00000948 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-11-27 11:40 - 2016-11-27 11:40 - 00000000 ____D C:\Users\admin\AppData\Roaming\TuneUp Software
2016-11-27 11:40 - 2016-11-27 11:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-11-27 11:40 - 2016-11-27 11:40 - 00000000 ____D C:\Program Files\Common Files\AV
2016-11-27 11:39 - 2016-11-27 14:36 - 00000000 ____D C:\ProgramData\MFAData
2016-11-27 11:39 - 2016-11-27 11:39 - 00000000 ___HD C:\$AVG
2016-11-27 11:39 - 2016-11-27 11:39 - 00000000 ____D C:\Users\admin\AppData\Local\MFAData
2016-11-27 11:38 - 2016-11-27 11:41 - 00000000 ____D C:\Users\admin\AppData\Local\Avg
2016-11-27 11:38 - 2016-11-27 11:39 - 00000000 ____D C:\Users\admin\AppData\Local\AvgSetupLog
2016-11-27 11:38 - 2016-11-27 11:39 - 00000000 ____D C:\ProgramData\Avg
2016-11-27 11:38 - 2016-11-27 11:39 - 00000000 ____D C:\Program Files (x86)\AVG
2016-11-27 11:38 - 2016-11-27 11:38 - 00003600 _____ C:\Windows\System32\Tasks\AVG EUpdate Task
2016-11-27 10:03 - 2016-11-27 14:36 - 00000368 _____ C:\Windows\Tasks\WinThruster64-admin-Startup.job
2016-11-27 10:03 - 2016-11-27 14:33 - 00000376 _____ C:\Windows\Tasks\WinThruster64-admin-Notification.job
2016-11-27 10:03 - 2016-11-27 10:03 - 00003440 _____ C:\Windows\System32\Tasks\WinThruster64-admin-Notification
2016-11-27 10:03 - 2016-11-27 10:03 - 00002748 _____ C:\Windows\System32\Tasks\WinThruster64-admin-Startup
2016-11-27 10:03 - 2016-11-27 10:03 - 00000000 ____D C:\Users\admin\AppData\Roaming\Solvusoft
2016-11-27 10:02 - 2016-11-27 10:02 - 00002061 _____ C:\Users\Public\Desktop\WinThruster.lnk
2016-11-27 10:02 - 2016-11-27 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Solvusoft
2016-11-27 10:02 - 2016-11-27 10:02 - 00000000 ____D C:\Program Files\Solvusoft
2016-11-27 10:02 - 2016-11-27 10:02 - 00000000 ____D C:\Program Files (x86)\Solvusoft
2016-11-27 10:00 - 2016-11-27 10:02 - 00000000 ___HD C:\ProgramData\{B96EB44A-7860-4F13-BC9A-0A73CA5F11C2}
2016-11-27 10:00 - 2016-11-27 10:02 - 00000000 ____D C:\ProgramData\Solvusoft
2016-11-27 10:00 - 2016-11-27 10:00 - 08932000 _____ (Solvusoft Corporation ) C:\Users\admin\Downloads\Setup_WinThruster_2016.exe
2016-11-27 10:00 - 2016-11-27 10:00 - 00000000 ____D C:\Users\admin\AppData\Local\IIIQF
2016-11-27 09:49 - 2016-11-27 09:49 - 00000000 ____D C:\Users\admin\AppData\Roaming\Intel
2016-11-27 09:49 - 2016-11-27 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2016-11-27 09:49 - 2016-11-27 09:49 - 00000000 ____D C:\ProgramData\Intel
2016-11-27 09:49 - 2016-11-27 09:49 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-11-27 09:49 - 2016-11-27 09:49 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-11-27 09:22 - 2016-11-27 09:22 - 00002039 _____ C:\Users\admin\Desktop\QQPlayer.lnk
2016-11-27 09:22 - 2016-11-27 09:22 - 00000030 _____ C:\Windows\QQPlayer.INI
2016-11-27 09:22 - 2016-11-27 09:22 - 00000000 ____D C:\Users\admin\AppData\Roaming\Tencent
2016-11-27 09:22 - 2016-11-27 09:22 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tencent
2016-11-27 09:22 - 2016-11-27 09:22 - 00000000 ____D C:\Program Files (x86)\Tencent
2016-11-27 09:18 - 2016-11-27 09:18 - 00000000 ____D C:\Users\admin\Desktop\V1.1.0.0157_Win7_64
2016-11-27 09:14 - 2016-11-27 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-27 09:11 - 2016-11-27 14:33 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-27 09:11 - 2016-11-27 09:11 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-27 09:10 - 2016-11-27 09:11 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-27 09:10 - 2016-11-27 09:10 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-27 09:10 - 2011-06-05 07:22 - 20465256 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 18580072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 15051368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 13076328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-11-27 09:10 - 2011-06-05 07:22 - 13011560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 12842600 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 10061416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 08106088 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 06597736 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 06029928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 04936808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 03182184 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 02954856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 02871400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 02579560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 02207336 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 01970280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 01626728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6420141.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 01394280 _____ (NVIDIA Corporation) C:\Windows\system32\nvgenco642061.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 00067176 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 00057960 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-11-27 09:10 - 2011-06-05 07:22 - 00011240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvBridge.kmd
2016-11-27 09:10 - 2011-06-05 07:22 - 00007621 _____ C:\Windows\system32\nvinfo.pb
2016-11-27 09:10 - 2011-05-10 02:41 - 01426536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco642040.dll
2016-11-27 09:10 - 2011-05-10 02:41 - 00174184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-11-27 09:10 - 2011-05-10 02:41 - 00029288 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-11-27 09:08 - 2016-11-27 09:08 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
2016-11-27 09:04 - 2016-11-27 09:04 - 00000000 ____D C:\Program Files\Elantech
2016-11-27 09:04 - 2012-07-29 21:12 - 00309584 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\Drivers\ETD.sys
2016-11-27 09:00 - 2010-09-22 01:59 - 00056344 _____ (Intel Corporation) C:\Windows\system32\Drivers\HECIx64.sys
2016-11-27 08:59 - 2011-01-13 19:58 - 00413800 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2016-11-27 08:59 - 2011-01-13 19:58 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2016-11-27 08:59 - 2011-01-13 19:58 - 00074272 _____ C:\Windows\system32\RtNicProp64.dll
2016-11-27 08:56 - 2016-11-27 08:56 - 00000000 ____D C:\Program Files (x86)\Intel
2016-11-27 08:56 - 2016-11-27 08:56 - 00000000 ____D C:\Intel
2016-11-27 08:56 - 2010-10-04 13:02 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2016-11-27 08:54 - 2016-11-27 08:54 - 00000000 ____D C:\Windows\SysWOW64\sda
2016-11-27 08:54 - 2011-03-15 18:09 - 09888360 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUVStoricon.dll
2016-11-27 08:54 - 2011-03-15 18:09 - 00311400 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\rtsuvstor.sys
2016-11-27 08:54 - 2010-11-11 14:14 - 00017512 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\diskperf64.sys
2016-11-27 08:52 - 2016-11-27 09:49 - 00000000 ____D C:\Program Files\Intel
2016-11-27 08:52 - 2016-11-27 08:52 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_AMPPAL_01009.Wdf
2016-11-27 08:49 - 2016-11-27 08:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-11-27 08:49 - 2016-11-27 08:59 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-11-27 08:49 - 2016-11-27 08:49 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-11-27 08:49 - 2016-11-27 08:49 - 00000000 ____D C:\Users\admin\AppData\Local\Downloaded Installations
2016-11-27 08:49 - 2016-11-27 08:49 - 00000000 ____D C:\ProgramData\SonicFocus
2016-11-27 08:49 - 2016-11-27 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virage Logic, Corp
2016-11-27 08:49 - 2016-11-27 08:49 - 00000000 ____D C:\Program Files\Realtek
2016-11-27 08:49 - 2016-11-27 08:49 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-11-27 08:49 - 2011-08-16 18:46 - 03056360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-11-27 08:49 - 2011-08-16 16:57 - 01501696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2016-11-27 08:49 - 2011-08-16 14:43 - 03200104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2016-11-27 08:49 - 2011-08-16 14:43 - 02518120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-11-27 08:49 - 2011-08-15 16:47 - 00093800 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2016-11-27 08:49 - 2011-07-29 14:46 - 01827944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-11-27 08:49 - 2011-07-28 00:55 - 02604376 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2016-11-27 08:49 - 2011-07-28 00:55 - 02132824 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2016-11-27 08:49 - 2011-07-22 19:35 - 01247848 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-11-27 08:49 - 2011-06-30 16:14 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-11-27 08:49 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-11-27 08:49 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-11-27 08:49 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-11-27 08:49 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-11-27 08:49 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-11-27 08:49 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-11-27 08:49 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-11-27 08:49 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-11-27 08:49 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-11-27 08:49 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-11-27 08:49 - 2011-05-05 15:24 - 02085440 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2016-11-27 08:49 - 2011-05-05 14:15 - 00220512 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2016-11-27 08:49 - 2011-05-05 14:14 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2016-11-27 08:49 - 2011-05-05 14:14 - 00078176 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2016-11-27 08:49 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2016-11-27 08:49 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2016-11-27 08:49 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2016-11-27 08:49 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2016-11-27 08:49 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2016-11-27 08:49 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2016-11-27 08:49 - 2010-11-03 18:31 - 00332392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-11-27 08:49 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-11-27 08:49 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2016-11-27 08:49 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2016-11-27 08:49 - 2010-07-22 16:37 - 00200800 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2016-11-27 08:49 - 2010-07-11 21:28 - 00180048 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFProc64.dll
2016-11-27 08:49 - 2010-07-11 21:28 - 00086352 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFComm64.dll
2016-11-27 08:49 - 2010-07-11 21:28 - 00083792 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFSAPO64.dll
2016-11-27 08:49 - 2010-07-11 21:28 - 00082768 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFHAPO64.dll
2016-11-27 08:49 - 2010-07-11 21:28 - 00082768 _____ (Sonic Focus, Inc.) C:\Windows\system32\SFDAPO64.dll
2016-11-27 08:49 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2016-11-27 08:49 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2016-11-27 08:49 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2016-11-27 08:49 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2016-11-27 08:49 - 2009-11-17 18:12 - 00108960 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2016-11-27 08:48 - 2016-11-27 08:49 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-11-27 08:48 - 2011-07-11 14:17 - 01698408 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2016-11-27 08:44 - 2016-11-27 08:44 - 00000000 ____D C:\Users\admin\AppData\Roaming\WinRAR
2016-11-27 08:44 - 2016-11-27 08:44 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-27 08:44 - 2016-11-27 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-27 08:44 - 2016-11-27 08:44 - 00000000 ____D C:\Program Files\WinRAR
2016-11-27 08:43 - 2016-11-27 08:43 - 00000000 ____D C:\Users\admin\Documents\winrar
2016-11-27 08:38 - 2016-11-27 08:38 - 00000000 ____D C:\Windows.old
2016-11-27 07:59 - 2016-11-27 14:31 - 00008192 __RSH C:\BOOTSECT.BAK
2016-11-27 07:59 - 2010-11-21 11:23 - 00383786 __RSH C:\bootmgr
2016-11-27 02:40 - 2016-11-27 02:40 - 00000000 ____D C:\Users\admin\AppData\Roaming\Curiolab
2016-11-27 01:24 - 2016-11-27 09:17 - 00000000 ____D C:\Program Files (x86)\Exterminate It!
2016-11-27 01:24 - 2016-11-27 01:24 - 15637544 _____ (CURIOLAB S.M.B.A.) C:\Users\admin\Downloads\ExterminateItSetup.exe
2016-11-27 01:24 - 2016-11-27 01:24 - 00001107 _____ C:\Users\Public\Desktop\Exterminate It!.lnk
2016-11-27 01:24 - 2016-11-27 01:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
2016-11-27 00:13 - 2016-11-27 00:12 - 00002362 _____ C:\Users\admin\Downloads\index2.swf
2016-11-27 00:12 - 2016-11-27 09:17 - 00059584 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-27 00:12 - 2016-11-27 00:12 - 00001247 _____ C:\Users\Public\Desktop\Celcom Broadband Manager.lnk
2016-11-27 00:12 - 2016-11-27 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celcom Broadband Manager
2016-11-27 00:11 - 2016-11-27 00:12 - 00000000 ____D C:\ProgramData\DatacardService
2016-11-27 00:11 - 2016-11-27 00:12 - 00000000 ____D C:\Program Files (x86)\Celcom Broadband Manager
2016-11-27 00:11 - 2016-11-27 00:11 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ew_jubusenum_01009.Wdf
2016-11-27 00:11 - 2010-09-03 17:36 - 00196608 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2016-11-27 00:11 - 2010-09-03 17:35 - 00030208 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2016-11-27 00:11 - 2010-08-31 18:09 - 00256000 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2016-11-27 00:11 - 2010-08-24 22:53 - 00091648 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2016-11-27 00:11 - 2010-08-07 17:49 - 00121600 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2016-11-27 00:11 - 2010-07-27 15:26 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2016-11-27 00:11 - 2010-07-27 15:26 - 00054784 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2016-11-27 00:11 - 2010-07-27 09:52 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2016-11-27 00:11 - 2010-05-10 14:22 - 00999936 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2016-11-27 00:11 - 2010-05-04 16:50 - 00022528 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2016-11-27 00:11 - 2010-03-20 12:06 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2016-11-27 00:11 - 2010-01-18 18:48 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2016-11-27 00:11 - 2009-07-14 14:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2016-11-27 00:11 - 2009-07-14 14:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01009.dll
2016-11-26 23:47 - 2016-11-27 00:50 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-26 23:47 - 2016-11-26 23:47 - 00001134 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-26 23:47 - 2016-11-26 23:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-26 23:47 - 2014-12-19 10:47 - 30560957 _____ (Tencent ) C:\Users\admin\Documents\QQPlayer_Setup_English.exe
2016-11-26 23:46 - 2016-11-26 23:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-26 23:46 - 2016-11-26 23:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-26 23:46 - 2016-11-24 21:42 - 22851472 _____ (Malwarebytes ) C:\Users\admin\Documents\mbam-setup-2.2.1.1043.exe
2016-11-26 23:46 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-26 23:46 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-26 23:46 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-26 22:43 - 2016-11-18 01:22 - 46830224 _____ C:\Users\admin\Documents\Firefox Setup 50.0.exe
2016-11-26 22:43 - 2016-10-18 22:38 - 268254784 _____ (AVG Technologies CZ, s.r.o.) C:\Users\admin\Documents\AVG_Antivirus_Free_x64_693.exe
2016-11-26 22:41 - 2016-11-27 09:23 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore
2016-11-26 22:41 - 2016-11-26 22:41 - 00001467 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-26 22:41 - 2016-11-26 22:41 - 00001427 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-11-26 22:40 - 2016-11-27 09:49 - 00000000 ____D C:\Users\admin
2016-11-26 22:40 - 2016-11-26 22:40 - 00000020 ___SH C:\Users\admin\ntuser.ini
2016-11-26 22:40 - 2016-11-26 22:40 - 00000000 _SHDL C:\Users\admin\My Documents
2016-11-26 22:40 - 2016-11-26 22:40 - 00000000 _SHDL C:\Users\admin\Documents\My Videos
2016-11-26 22:40 - 2016-11-26 22:40 - 00000000 _SHDL C:\Users\admin\Documents\My Pictures
2016-11-26 22:40 - 2016-11-26 22:40 - 00000000 _SHDL C:\Users\admin\Documents\My Music
2016-11-26 22:40 - 2010-11-21 15:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\Media Center Programs
2016-11-26 16:24 - 2016-11-26 16:24 - 00171136 __RSH C:\w7ldr

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-27 14:40 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache
2016-11-27 14:37 - 2009-07-14 13:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-27 14:37 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf
2016-11-27 14:35 - 2009-07-14 13:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-11-27 14:35 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-11-27 14:33 - 2010-11-21 15:16 - 00000000 ____D C:\Windows\CSC
2016-11-27 14:32 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-27 14:31 - 2009-07-14 13:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-11-27 14:12 - 2009-07-14 12:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-27 14:12 - 2009-07-14 12:45 - 00016640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-27 09:11 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\Help
2016-11-27 09:06 - 2009-07-14 12:45 - 00279552 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-27 00:12 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\ModemLogs

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-27 01:43

==================== End of FRST.txt ============================

Juliet

2016-11-28, 19:21

Hi

I don't know if I can fix this, I see errors related to different things then from what you report.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The below items need to be removed/uninstalled from your computer. They are adware/malware packed

WinThruster (HKLM-x32\...\WinThruster) (Version: 1.16.8 - Solvusoft Corporation) <==== ATTENTION
WinThruster (Version: 1.16.8 - Solvusoft Corporation) Hidden <==== ATTENTION
WinThruster_2016
registry repair software

~~~~~~~~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

~~

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~
please post
AdwCleaner[C1].txt
JRT.txt

iswandi

2016-12-01, 10:23

Hi bro.. Here is the result.. Please advice

# AdwCleaner v6.030 - Logfile created 01/12/2016 at 16:16:28
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-12-01.1 [Server]
# Operating System : Windows 7 Ultimate (X64)
# Username : USER - USER-PC
# Running from : C:\Users\USER\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

[#] Folder deleted on reboot: C:\ProgramData\Thunder Network
[#] Folder deleted on reboot: C:\ProgramData\thunder network
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Thunder Network
[#] Folder deleted on reboot: C:\ProgramData\Application Data\thunder network

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-1053248485-957906623-3906508135-1000\Software\Ask.com.tmp
[#] Key deleted on reboot: HKCU\Software\Ask.com.tmp
[#] Key deleted on reboot: [x64] HKCU\Software\Ask.com.tmp
[-] Data restored: HKU\S-1-5-21-1053248485-957906623-3906508135-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Value deleted: HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1694 Bytes] - [01/12/2016 16:16:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [2047 Bytes] - [01/12/2016 16:10:14]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1840 Bytes] ##########

iswandi

2016-12-01, 11:29

Hi ..guy please advice

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Ultimate x64
Ran by USER (Administrator) on Thu 12/01/2016 at 17:13:59.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 26

Successfully deleted: C:\ProgramData\thunder network (Folder)
Successfully deleted: C:\Users\Public\thunder network (Folder)
Successfully deleted: C:\Users\USER\AppData\Roaming\dg (Folder)
Successfully deleted: C:\Windows\system32\drivers\dgsafe.sys (File)
Successfully deleted: C:\Windows\SysWOW64\drivers\dgsafe.sys (File)
Successfully deleted: C:\Program Files (x86)\mydrivers (Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AC8FC9W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OM3U2H2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\965KM5N4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NH93E5P5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\prefetch\APNSTUB.EXE-A2814457.pf (File)
Successfully deleted: C:\Windows\prefetch\DRIVERGENIUS.EXE-11E51084.pf (File)
Successfully deleted: C:\Windows\prefetch\DRIVERUPDATE.EXE-B13B4484.pf (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1AC8FC9W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3OM3U2H2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\965KM5N4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NH93E5P5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\SysWOW64\dg597 (Folder)

Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\dgpnpsev (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/01/2016 at 17:16:13.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet

2016-12-01, 12:23

Let's update Malwarebytes Anti-Malware

Open Malwarebytes Anti-Malware
On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.

~~

Please download Emsisoft Emergency Kit (http://dl.emsisoft.com/EmsisoftEmergencyKit.exe) and save it to your desktop.
Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop.

Leave all settings as they are and click the Extract button at the bottom.
A folder named EEK will be created in the root of the drive (usually c:\).

After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates.
Please click Yes so that it downloads the latest database updates.
When the update process is complete, a new button will appear in the lower-left corner that says Back. Click on this button to return to the Overview screen.
Click on Scan to be taken to the scan options.
If you are asked if you want the scanner to scan for Potentially Unwanted Programs, then click Yes.
Click on the Malware Scan button to start the scan.
When the scan is completed click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
Please save the log in Notepad on your desktop, and copy it to your next reply.
When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

iswandi

2016-12-02, 03:45

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/2/2016
Scan Time: 9:01 AM
Logfile: Malware results.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.12.02.01
Rootkit Database: v2016.11.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: USER

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 266078
Time Elapsed: 6 min, 21 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

iswandi

2016-12-02, 03:46

Emsisoft Emergency Kit - Version 12.0
Last update: 12/2/2016 9:34:37 AM
User account: USER-PC\USER
Computer name: USER-PC
OS version: Windows 7x64

Scan settings:

Scan type: Quick Scan
Objects: Rootkits, Memory, Traces

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 12/2/2016 9:37:40 AM
C:\Users\USER\AppData\Local\Temp\APN-Stub detected: Application.Win32.WebToolbar (A) []

Scanned 61791
Found 1

Scan end: 12/2/2016 9:37:49 AM
Scan time: 0:00:09

C:\Users\USER\AppData\Local\Temp\APN-Stub Application.Win32.WebToolbar (A)

Deleted 1

Juliet

2016-12-02, 13:05

Hows the computer now?

iswandi

2016-12-03, 12:15

The problem still exists. I have movie, file and picture which are cannot play using any media and also picture file which cannot be view. All the file become file type 8488. Before this the file format of my movie file is AVI but after that it become file type 8488 which i suspect it cause by malware. Please advice my how i can restore back of my movie and file to originally format which . Here i attach the sample for your analyse.

Juliet

2016-12-03, 15:36

Exterminate It! <== needs to be uninstalled
http://www.isthisfilesafe.com/sha1/1A2BE3053B940337D371E5FBC0E1A12641B54C01_details.aspx

QQ??3.7 (HKU\S-1-5-21-1642817827-2581930201-3280809290-1000\...\QQPlayer) (Version: 3.7 - ????(??)????)
was the above installed lately and you think it may have caused the extensions to change?