Jump to content

I m suffering from bad image problem by malwarebytes can anyone help


shobit
 Share

Recommended Posts

this is my frst result

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-09-2016
Ran by shobit (administrator) on SHOBIT-PC (28-09-2016 17:59:32)
Running from E:\Google
Loaded Profiles: shobit (Available Profiles: shobit)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ExWzp Pvt Ltd.) C:\Program Files\WinZipper\winzipersvc.exe
() C:\Program Files\Quvleazpeficetm\Fuevy.exe
(Trend Corp.) C:\Users\shobit\AppData\Roaming\setup1\TSvr.exe
(WFini LIMITED) C:\ProgramData\uwinpu\WFini.exe
() C:\Program Files\WinSaber\WinSaber.exe
() C:\Program Files\ms\launch.exe
(Google Inc.) E:\Google\Chrome\Application\chrome.exe
(Google Inc.) E:\Google\Chrome\Application\chrome.exe
(Google Inc.) E:\Google\Chrome\Application\chrome.exe
() C:\Windows\Temp\ist7FCA.tmp\tools\ffhh.exe
(Tencent Inc.) C:\Windows\Temp\ist7FCA.tmp\tools\chhh.exe
(Google Inc.) E:\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [win_en_77] => "C:\Program Files\win_en_77\win_en_77.exe"
HKLM\...\Run: [sun21] => C:\Program Files\SunnyDay21\SunnyDay.exe [4250792 2016-08-30] ()
HKLM\...\Run: [WINCOM0R9] => "C:\Program Files\sunnyday\wincom_0R9.exe"
HKLM\...\Run: [DiskPower] => C:\Program Files\DPower\DiskPower.exe [210432 2016-07-21] ()
HKLM\...\Run: [WINCOMDPG] => "C:\Program Files\sunnyday\wincom_DPG.exe"
HKLM\...\Run: [app] => C:\Program Files\sbqh\uc.exe [294959 2016-09-18] ( )
HKLM\...\Run: [WINCOMPOU] => C:\Program Files\sunnyday\wincom_POU.exe [4683776 2016-09-18] ()
HKLM\...\Run: [WINCOMJYF] => C:\Program Files\sunnyday\wincom_JYF.exe [4683776 2016-09-18] ()
HKLM\...\Run: [WINCOMLPA] => C:\Program Files\sunnyday\wincom_LPA.exe [4683776 2016-09-18] ()
HKLM\...\Run: [WINCOM0VI] => C:\Program Files\sunnyday\wincom_0VI.exe [4308992 2016-09-22] ()
HKLM\...\Run: [comoBoss] => C:\Program Files\comoBoss\comowin.exe [4308992 2016-09-21] ()
HKLM\...\Run: [WINCOMPRJ] => C:\Program Files\sunnyday\wincom_PRJ.exe [4308992 2016-09-22] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [aa] => C:\Program Files\ms\launch.exe [370176 2016-05-11] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [DKFJ939833] => C:\Program Files\DPower\CODUNKXCO0.exe [369664 2016-09-18] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [950RB4PIAM] => C:\Program Files\DPower\BGFKQFYZFD.exe [369664 2016-09-18] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [WBLPXT7B0T] => C:\Program Files\DPower\9I7W8AJZWU.exe [369664 2016-09-18] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [svchost0] => C:\Program Files\sbqh\uc.exe [294959 2016-09-18] ( )
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [C0UQAYWOAP] => C:\Program Files\DPower\MFEHONX35W.exe [369664 2016-09-18] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [Caster] => C:\Program Files\host\wizzcaster.exe [272896 2016-09-18] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [KZYUFN4MFR] => C:\Program Files\DPower\1EIWR7Y1QM.exe [369664 2016-09-18] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [ZQTHOCJOO9] => C:\Program Files\DPower\HMS2H532KQ.exe [369664 2016-09-18] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [XQY6I6SQ76] => C:\Program Files\DPower\T2GF48KZK1.exe [369664 2016-09-22] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [78BTI2DNQ6] => C:\Program Files\DPower\0V6PBICLWG.exe [369664 2016-09-22] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [4B51CZ6E4B] => C:\Program Files\DPower\81IOFKVSF9.exe [369664 2016-09-22] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [Installer] => C:\Users\shobit\AppData\Local\Temp\is-7BQSR.tmp\51493.exe /autorun <===== ATTENTION
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [uTorrent] => C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe [2139840 2016-09-17] (BitTorrent Inc.)
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [43984 2016-08-19] (Glarysoft Ltd)
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\MountPoints2: {89b58e7c-7b08-11e5-85de-eab4e7b8d168} - G:\AutoRun.exe
AppInit_DLLs: C:\ProgramData\UltimateSecurityPackage\Freshjaytax.dll => C:\ProgramData\UltimateSecurityPackage\Freshjaytax.dll [248320 2016-08-08] ()
BootExecute: autocheck autochk *  
GroupPolicy: Restriction - Windows Degender <======= ATTENTION
GroupPolicy: Restriction - Windows Degender <======= ATTENTION
GroupPolicy: Restriction - Windows Degender <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3A7BD294-A96E-44CE-AF3A-E77B2E514F3F}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{5AA82EA8-4C72-49EB-8951-C18F304AA834}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A6BAF567-6650-44C1-B2C4-B2D8C22094E6}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C46E5B37-A126-4A05-9E91-16A7175D29E0}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{F5A1F8A2-95AC-4F31-876E-5D0F2D9F2833}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1465913124&z=862ec281f2d85d91db4ee45g8z7qew6tag2c1g4o6c&from=wpm0614&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1465913124&z=862ec281f2d85d91db4ee45g8z7qew6tag2c1g4o6c&from=wpm0614&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms}
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms}
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1466509119&z=bd8a1fe4ebf2bdfef7fc7c7g4z7q4qcwde0tbgdgcb&from=wpm0616&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms}
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms}
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms}
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ9xZcKJV5VzbkPydMGWwJE5623DrLl4VWbjlp0ZL3GIzXbETxZ-L4tn-_bIoSYd9gk2RTTLAF7U09i6H3
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1465913124&z=862ec281f2d85d91db4ee45g8z7qew6tag2c1g4o6c&from=wpm0614&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3516989641-3737852596-2602365042-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3516989641-3737852596-2602365042-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1469605786&z=339025dd9c6703ff0ec7d16g5z4q4tfqeeawemebdw&from=ihpm0722&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3516989641-3737852596-2602365042-1000 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = 
SearchScopes: HKU\S-1-5-21-3516989641-3737852596-2602365042-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms}
BHO: Quvleazpeficetm -> {22293B3F-1322-46C3-8447-A7219377B749} -> C:\Program Files\Quvleazpeficetm\Reipelh.dll [2016-09-18] ()
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\shobit\AppData\Roaming\Mozilla\Firefox\Profiles\tb5nxrbs.default
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF SearchPlugin: C:\Users\shobit\AppData\Roaming\Mozilla\Firefox\Profiles\tb5nxrbs.default\searchplugins\730g1mt9.xml [2016-09-17]
FF SearchPlugin: C:\Users\shobit\AppData\Roaming\Mozilla\Firefox\Profiles\tb5nxrbs.default\searchplugins\findit.xml [2016-09-22]

Chrome: 
=======
CHR HomePage: ChromeDefaultData -> hxxps://www.google.co.in/#gfe_rd=cr&gws_rd=ssl
CHR StartupUrls: ChromeDefaultData -> "hxxps://www.google.co.in/#gfe_rd=cr&gws_rd=ssl"
CHR Profile: C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-09-28] <==== ATTENTION
CHR Extension: (Google Docs) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-25]
CHR Extension: (Google Drive) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-25]
CHR Extension: (Google Search) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23]
CHR Extension: (Sunset Waves) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fjpbnaenimmeflahocbalmhkhkkiiigb [2016-05-16]
CHR Extension: (Google Docs Offline) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]
CHR Extension: (Gmail) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-26]

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-09-2016
Ran by shobit (26-09-2016 19:42:09)
Running from E:\EA Sports
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2015-10-18 13:39:47)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3516989641-3737852596-2602365042-500 - Administrator - Disabled)
Guest (S-1-5-21-3516989641-3737852596-2602365042-501 - Limited - Disabled)
shobit (S-1-5-21-3516989641-3737852596-2602365042-1000 - Administrator - Enabled) => C:\Users\shobit

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
Absolute Uninstaller 5.3.1.21 (HKLM\...\Absolute Uninstaller) (Version: 5.3.1.21 - Glarysoft Ltd)
Caster (HKLM\...\{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}) (Version: 1.0 - Caster) <==== ATTENTION
comoBoss version 2.0 (HKLM\...\comoBoss_is1) (Version: 2.0 - aze)
DPower version 1.0 (HKLM\...\DPower_is1) (Version: 1.0 - WeMonetize) <==== ATTENTION
EA Cricket 2007 1.00 (HKLM\...\EA Cricket 2007 1.00) (Version: 1.00 - EA Sports)
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
host version 1.1 (HKLM\...\host_is1) (Version: 1.1 - Wizzlabs) <==== ATTENTION
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Setup (HKLM\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version:  - ) <==== ATTENTION
shopperz (HKLM\...\{AA15C07D-7E8E-4B1B-892B-0A7B6E13F57F}) (Version: 2.0.0.477 - shopperz) <==== ATTENTION
SunnyDay (HKLM\...\SunnyDay21_is1) (Version:  - SUNNYDAY) <==== ATTENTION
sunnyday version 1.1 (HKLM\...\sunnyday_is1) (Version: 1.1 - sunnyday) <==== ATTENTION
WIN (HKLM\...\win_en_77_is1) (Version:  - ) <==== ATTENTION
WinZip (HKLM\...\WinZip) (Version: 2.3.0 - Winzipper Pvt Ltd.) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1080BDA9-A36D-4584-A075-578806CD0866} - \psv_Zam-Ing -> No File <==== ATTENTION
Task: {12B78C29-BB69-4150-AB8C-D4407F349F0C} - \psv_Konklux -> No File <==== ATTENTION
Task: {183E34F2-5808-4C8E-8866-451BE1A538B4} - \psv_Singlefind -> No File <==== ATTENTION
Task: {19FF9948-DBF7-4D00-82AA-E9E715EC0F47} - System32\Tasks\Microsoft\Windows\Multimedia\FreeVPN => C:\Users\shobit\AppData\Roaming\FreeVPN\FreeVPN.exe [2016-05-25] () <==== ATTENTION
Task: {1F63C445-6057-4445-8EA0-C04B82B4322A} - \psv_Hotcom -> No File <==== ATTENTION
Task: {255A6E78-54A6-4034-B09F-178F885DAC34} - \snp -> No File <==== ATTENTION
Task: {27B45F99-4E28-4111-9906-12011B714D85} - \snf -> No File <==== ATTENTION
Task: {3258E5EF-C305-4E9E-9B53-D8D4FD62751C} - System32\Tasks\psv_Transhold => /c regedit.exe /s "C:\ProgramData\AppgnielbuoD\Tres-Trax.reg" &amp; del "C:\ProgramData\AppgnielbuoD\Tres-Trax.reg" &amp; SCHTASKS /Delete /TN "psv_Transhold" /F <==== ATTENTION
Task: {38D507F5-627D-407E-B037-0E9CB52E2A47} - \psv_Fincanair -> No File <==== ATTENTION
Task: {39173B80-46F5-43D3-BF09-B7979D877BEC} - \psv_Stocktom -> No File <==== ATTENTION
Task: {4974A28F-6756-4034-8B62-DF2803691EAE} - System32\Tasks\psv_Zamlux => /c regedit.exe /s "C:\ProgramData\AppgnielbuoD\Big-Phase.reg" &amp; del "C:\ProgramData\AppgnielbuoD\Big-Phase.reg" &amp; SCHTASKS /Delete /TN "psv_Zamlux" /F <==== ATTENTION
Task: {54D21E2F-B829-4D52-B1F1-C3D050A9592B} - System32\Tasks\HipfatUpdateTaskMachineCore => C:\Program Files\Hipfat\Update\HipfatUpdate.exe <==== ATTENTION
Task: {5C61C70B-9643-464B-8020-E851782CC6BC} - \psv_Mat-Kix -> No File <==== ATTENTION
Task: {5FA1A351-FB38-415A-BEAA-2DEA0DE64728} - \psv_Zerdex -> No File <==== ATTENTION
Task: {61A3B8A6-0EC5-4148-98AD-7DE4FDB7BDA0} - \psv_BetaEco -> No File <==== ATTENTION
Task: {6250DEED-AD9D-4A98-8B29-7AA235BACCA0} - System32\Tasks\HipfatUpdateTaskMachineUA => C:\Program Files\Hipfat\Update\HipfatUpdate.exe <==== ATTENTION
Task: {6279259B-C232-40C0-8FFB-E23E6E37BE69} - \psv_Sol-Dom -> No File <==== ATTENTION
Task: {637073D3-DB7B-4764-B206-A08333E72E7E} - \psv_ZamLax -> No File <==== ATTENTION
Task: {659A0833-038A-4C4F-8B72-3A22DA27D01B} - \psv_Lotcom -> No File <==== ATTENTION
Task: {721BA96D-0BB4-473F-991D-7C766E8B521C} - \Coewother Reports -> No File <==== ATTENTION
Task: {74489F6E-CEA6-4F4A-B286-F137DF21CF2A} - \psv_Tamhome -> No File <==== ATTENTION
Task: {76A630FD-BF07-4153-8F8F-ED65121BC0A9} - \psv_SumRemtom -> No File <==== ATTENTION
Task: {76DF03DC-E30D-458D-8779-2AF344BC9FC1} - System32\Tasks\svchost => C:\Users\shobit\AppData\Local\Temp\is-7BQSR.tmp\51493.exe <==== ATTENTION
Task: {7BD83143-9D5C-4991-99E2-2B8DA372455A} - \psv_TouchSailhold -> No File <==== ATTENTION
Task: {7D561630-D864-4EDF-9903-7DA4F2451F11} - System32\Tasks\KuaiZip_Update => X86\Update.exe <==== ATTENTION
Task: {847AE558-161A-4D4E-9071-B5B80B4B00A8} - \psv_Ecocof -> No File <==== ATTENTION
Task: {8569F424-C7D2-4A67-983C-DC850E94499D} - \psv_Ventoapkix -> No File <==== ATTENTION
Task: {8591EA57-714A-4D55-A8B6-8B4AFFE1BEDA} - \psv_Topdax -> No File <==== ATTENTION
Task: {8A9ED42B-B170-4F24-85BA-8C2CBB7749E6} - \psv_Caneco -> No File <==== ATTENTION
Task: {92CEB115-EB49-462B-B54A-DA4FA1BB477F} - System32\Tasks\psv_Solotrax => /c regedit.exe /s "C:\ProgramData\UltimateSecurityPackage\Tipcom.reg" &amp; del "C:\ProgramData\UltimateSecurityPackage\Tipcom.reg" &amp; SCHTASKS /Delete /TN "psv_Solotrax" /F <==== ATTENTION
Task: {9E995562-97C1-476D-AE91-5AC4584AEEC6} - \psv_Blueflex -> No File <==== ATTENTION
Task: {A6F91299-DB9F-4580-A8A9-D18161615D0D} - \psv_Sonfresh -> No File <==== ATTENTION
Task: {AAE79890-2334-4DD1-AB0D-5F9FB2D91A7C} - \psv_Biolight -> No File <==== ATTENTION
Task: {B25A9C11-0299-481C-9138-5D49F011081F} - System32\Tasks\psv_Unabam => /c regedit.exe /s "C:\ProgramData\AppgnielbuoD\Softtech.reg" &amp; del "C:\ProgramData\AppgnielbuoD\Softtech.reg" &amp; SCHTASKS /Delete /TN "psv_Unabam" /F <==== ATTENTION
Task: {B8AD5D4F-58B6-4436-89C3-7E8BC7AAEA26} - System32\Tasks\psv_StringTonlax => /c regedit.exe /s "C:\ProgramData\UltimateSecurityPackage\OzerSailex.reg" &amp; del "C:\ProgramData\UltimateSecurityPackage\OzerSailex.reg" &amp; SCHTASKS /Delete /TN "psv_StringTonlax" /F <==== ATTENTION
Task: {CE882073-6BBB-4EB4-9EE4-50A671090E49} - \psv_Inchflex -> No File <==== ATTENTION
Task: {E6518F1F-6E84-4D38-ACF8-24B4607801B4} - \psv_Fundondom -> No File <==== ATTENTION
Task: {ED882490-B0ED-448F-8846-206200DD1791} - System32\Tasks\psv_UnoFix => /c regedit.exe /s "C:\ProgramData\UltimateSecurityPackage\Overlax.reg" &amp; del "C:\ProgramData\UltimateSecurityPackage\Overlax.reg" &amp; SCHTASKS /Delete /TN "psv_UnoFix" /F <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\shobit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\shobit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ac7fc5513507e599\Google Chrome.lnk -> E:\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData

==================== Loaded Modules (Whitelisted) ==============

2016-07-06 16:31 - 2015-12-30 11:04 - 00582144 _____ () C:\Program Files\WinZipper\curlpp.dll
2016-07-06 16:31 - 2016-01-26 13:57 - 00066560 _____ () C:\Program Files\WinZipper\zlib1.dll
2016-08-11 18:22 - 2016-09-18 21:13 - 00271360 _____ () C:\Program Files\Quvleazpeficetm\Fuevy.exe
2016-09-17 19:53 - 2016-09-17 19:53 - 00303616 _____ () c:\program files\hajidom\werlolycommunity.dll
2016-05-15 16:38 - 2016-05-11 16:32 - 00370176 _____ () C:\Program Files\ms\launch.exe
2016-07-07 18:53 - 2016-07-08 11:39 - 00518360 _____ () C:\Program Files\WinSaber\WinSaber.exe
2015-10-26 16:49 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\shobit\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-10-26 16:49 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\shobit\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdp32.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdp32.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:34 - 2016-06-26 13:24 - 00001188 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\shobit\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{AF3C64CB-CD01-4278-9ADC-9C5E3E0DC294}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{07110D44-AF95-4AA4-82B2-185E25FC55B1}] => (Allow) c:\users\shobit\appdata\roaming\download\MiniThunderPlatform.exe
FirewallRules: [{5D944890-25B4-4048-8D2A-CF2223503716}] => (Allow) c:\users\shobit\appdata\roaming\download\MiniThunderPlatform.exe
FirewallRules: [{9152D175-F39F-45E1-AC28-3E858E41DD6D}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{1968D783-7050-4991-B38A-59C6BF22162E}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{C369BCA8-FFAD-41FF-8CB9-BE11E612886B}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F1F556E-8174-47A5-B439-33B26B10994E}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B82B1357-F188-4BFF-8790-B30E914554FC}] => (Allow) C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe
FirewallRules: [TCP Query User{95CB1566-DAFB-4A89-A03F-CD176B2E5BCD}E:\czero.exe] => (Block) E:\czero.exe
FirewallRules: [UDP Query User{8D705859-B062-4A57-85B8-BEA4B9CFAF4C}E:\czero.exe] => (Block) E:\czero.exe
FirewallRules: [TCP Query User{AD55E173-AE7B-429F-BE6A-01AF990E2665}E:\czero.exe] => (Allow) E:\czero.exe
FirewallRules: [UDP Query User{F89CAEFC-EDF3-4B33-9A3C-33813342ADA6}E:\czero.exe] => (Allow) E:\czero.exe
FirewallRules: [TCP Query User{4C7F011D-E7BC-48F7-B8CC-DE2D4A935A87}C:\valve\condition zero\czero.exe] => (Block) C:\valve\condition zero\czero.exe
FirewallRules: [UDP Query User{F822D0C3-76A2-47BD-B5FE-EDAAD251FC29}C:\valve\condition zero\czero.exe] => (Block) C:\valve\condition zero\czero.exe
FirewallRules: [{4BF9D9B3-816C-44CD-A56C-48DBB8DA6382}] => (Allow) C:\Program Files\Hipfat\Update\HipfatUpdate.exe
FirewallRules: [{803254DE-88F2-4D25-B425-59145AE03A9A}] => (Allow) C:\Program Files\Hipfat\Application\chrome.exe
FirewallRules: [{F6FF2735-78FE-437B-84FA-367D79694A4F}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{BFE6CADB-3526-429D-A304-84201A3BEDD5}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{6A1EACF6-5878-4C5A-B020-6749DEF9CBFF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{5E35B050-EEBB-4983-B205-30230BA431B1}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{B65777C7-850B-4C98-8FD9-F2A6C985C069}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E911AD58-1038-4821-9C8B-344B3E2DD0EF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{8777F2F6-6870-4C39-BDE3-8ADA5C5FDDCC}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{2989F06A-B7CD-4235-8272-3DAAE1296B51}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{8CE72295-47BF-4A34-8FF2-BE460B204282}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{BEA3765D-D896-4EC7-946F-65B8D261B747}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{F7F6D138-8AD3-4D0B-ADF9-E53486B3CD36}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{4A1E7496-E87D-4914-8D23-78B391A8352D}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{F5F4AB07-B625-4870-8220-B42639D3915F}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{7DF5B6DA-0AE2-41AE-B052-1CDDD8A3E4FF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{04A4B932-23B5-4D3B-BF7B-E4EAE1C9DFCF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{FEB9C204-4D0C-4D88-982E-896AE73ACD3A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{3E8FDD60-950A-4BE9-ADF6-B1AB9688FE2E}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{DE4C23C1-9428-4870-AB54-C7F62736D004}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{21C8CF12-47D1-4466-9503-941E2356E64C}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{619A8207-62DF-4754-B6AE-7DC662692E50}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{4BE75078-7907-450C-A902-260864B0C312}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E6656592-AD2E-4982-85C3-AAC926583F16}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{C89AACD0-DE8E-4CDD-A8C2-9C844494A6F1}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{2EC2C4A6-3693-492B-9349-AA91AA31CBC8}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{BF0E2F35-D586-4C18-80A7-2F574BB8E7D6}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{C28E13E2-89AE-40A0-A803-F9EB64A040D5}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{3B9E66AF-BB31-40F3-BC2C-1CEEFFA0530B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{FDA6F0D4-BE12-400D-9646-30174FFAAB3B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{881BAC37-905B-4E66-84DD-40F795214967}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E76EF661-54BC-4CDF-A867-EC3E3768185F}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{6AE8C578-20AE-4EB2-8C32-511A6A733D38}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{FE2DF4D2-44B3-4876-AE67-702AC2B1F4B1}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{5698653D-0FFA-44ED-A644-8B55DD75AD1B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{9DD9E569-56F8-43A1-9395-A59E76D529BF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{455926A6-7B6F-4D0C-889E-F863BCBA7694}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{B8BF85F2-7AF6-4E7F-BE15-5565D8A9F2AF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{8AFBF798-7027-4F12-B7A7-953F5A1B58D7}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{DA5C1C8C-97C3-4433-A5FA-07425A56139B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E8806B76-9FBF-459B-81C7-A9470C06919E}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{643A2C62-3496-483B-A598-E590BA0C7B50}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{9B8CCB5B-2F2B-4824-B346-41A1E3B2D95B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{70879082-C879-4567-A3C6-834C740889B7}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{C5FD8921-6B10-49B2-8FC9-987F02906B10}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{AF16F726-EFA7-4E92-85FF-D90AD3F5F16F}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{B25B6460-993B-47C5-8A26-DE32A2CD3E68}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{DF562A31-05EC-4D59-95E2-8F57A48F0BA2}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{2050ED3C-70A1-489B-B271-0DEB851578BB}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{B9123815-6C59-424F-AA62-C7326F7A926A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{492DD51B-7651-4610-8AAB-7542F9F26638}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{3510264C-4C9D-45AE-A3E0-2ECFFB1FA10B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{27428FA9-C8C0-4F20-B486-2AED25207F15}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{D026CA13-242B-41B0-80B0-110AF7F0FA58}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{D7740737-5988-45F6-92DC-1E4DA6DEC5A7}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{C9CC0A74-05D4-412B-A0AB-75390529CBF7}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{77E7662C-7356-47D8-AB6E-FB7AB2834FE4}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{5E1D6FB5-A59C-4CB5-BEDA-6F0872F980D4}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{3FC0006D-2981-49B9-A0D4-562CBB686AB3}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{33B353CE-43AB-4BAE-83BC-ACEB08BA3EFF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{3E33FCA5-43E4-4CDC-87BF-FA627F8BEC53}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{2E7C661E-0273-454B-AD32-C16405DB174A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{84E90CC7-3EF3-489E-8DA3-1EDFA519C839}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{2B844DE7-4362-473B-9920-841B09C91896}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{65BFF7DE-3C71-44F8-8FF7-9D5CC3020248}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{50425F60-2C44-4A0E-86D7-29733F613810}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{91A0E065-69D4-46BB-B0F0-663933B727BF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{C2CACBF6-D921-4FB5-9978-A1E8857D57BC}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{812270A0-A366-4BB5-BAF8-10E5B6B8558F}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{500639CF-03E8-4FEC-A7CF-6F32BB0DFA63}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{870A9553-0E10-48B8-85A4-E3916DD5549F}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{2817315F-AC3F-4012-9F87-75DFA90342DC}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{8E2945F8-55B8-4ECB-B31D-B70F3A220FF7}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{BD308E4B-517E-41E2-87FF-CC1FA545A89D}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{A256D8D5-CFDB-48D1-84BF-C21DBB3CE433}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{A5AC897B-E77B-4E5B-8096-F19EEFFFB544}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{167CF03A-F5BA-4DEC-A743-F80501928840}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{AC7DD56D-7D97-4062-97CA-D7F98E9503BB}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{3EA8AEE0-EB57-4996-8490-5EC0CA0A0977}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{F2EF3E9F-96D0-46E1-A962-1CFC7A0AAB3B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{38A47DF1-79A5-4EEB-AD84-0EBB25EF352C}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{1EC14937-7721-4367-8D94-A44C4973C647}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E42EB412-679D-4341-A879-AC0A6E4DF12D}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{19109843-FD70-4CCD-8476-F973EFFC1FAD}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{172C5FAE-88C7-450E-9600-78FB4145C08A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{D9E453B3-CB3A-4FFB-BCE0-318C2AE341D4}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{568F0D65-E17D-4D85-A586-DD64EFB7DD86}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{1C5AFF73-7D1E-45DB-AEBD-DCDE74C678BB}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{88492918-D2FB-46BF-9594-59E78424B4FB}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{65B849EF-12CF-436B-A108-FDB87369F013}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{AA48F07F-62E5-4B41-8A27-43C24BA4E27E}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{FEBD50C3-CD4C-4C77-B85E-4ABEA4C100C0}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{6B133DE1-0561-4D86-AF08-551C34C68951}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{1CA65E7B-306C-4865-86F8-5E017CB5F221}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{DD7B49E0-820D-4FAD-ABEF-44B6BD16716D}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{701DDBAD-3564-429E-992D-5038E9856B1F}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{85DA0F3E-91AF-4F38-9806-FD2BB2F9AE13}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{4085F151-CC80-4E94-BB43-5FEF1A004B94}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{79016196-7402-47E0-AD1B-04886123ED51}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{F15D7BA5-3850-449A-AD96-250384DE47CC}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{6178FD90-C2EA-4D81-8C80-08BDB9D555F0}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{1559D1C2-6204-4371-A3AC-CBE934B1DBAD}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{6DA0AB0B-01A5-49EE-B5E5-AD5CABAAA09A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{AF6A8BA6-4027-4EAE-8484-D27BA8EBFA17}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{936547A3-B2B4-4FA0-A985-A45A568CB3B2}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{10C6BC72-2F17-4072-B0D5-316C6950AD70}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{4F5057EC-ECD4-4C5E-B5A1-C37EF3EB562A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{D45B6E3D-E673-41D4-A4A0-8B59F9E2DF90}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{CC430D72-5840-4922-982B-7D985809417C}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{410B9C51-F057-4282-91A9-6005D9323914}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E2D332F4-D89C-4C42-8E6A-2267352A6CF8}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{B3D6CCF2-732E-4A86-AABA-3B1D1495F50E}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{411D222A-28D9-45C8-8E48-91667E76FE03}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{B0FA7CE6-E3E3-4636-827E-1374EA53EBC3}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{7693665F-D4F3-47AA-A1C4-152A57167B85}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{3F88DC1F-E451-4973-91A6-868FFB9A16A5}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{CAA61CC0-4BB5-4549-BFAF-1706775AE5AA}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{6BCBDF49-03C6-4412-AC1B-2C1A84CD1A44}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{C87B6DD0-5C05-452E-B520-B02240D4689E}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{0F7BFD69-2E67-4880-A605-EFB3B3CA7406}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{A5E44059-A98F-4B3F-8C96-EB1692A255C5}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{6B7A3145-92E4-436A-9C84-4984A38B5CF2}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{58C96ACE-AF30-45E7-989E-2EE2E4AFF3C5}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{A97D0CC9-DC45-4A65-B77A-A8DC32C7826A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{135E5625-21F4-4A9A-8702-824296D7B25A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{F09954DE-D0FC-4619-AE10-7F7F2F209034}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{06F58E91-3594-4AFC-A48C-5493161EF53A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{600E4952-44ED-457E-877E-76F94D24BE12}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E50C9859-DA66-4946-8F3E-AF79D6EC0ECC}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{50888DFA-E021-4D21-8B9B-94013AC7D6D4}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{D2D4BC28-378B-4B22-863D-7E3CAD7C4D9B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{376449CF-E961-46D0-82BD-BFBAD16E31DB}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{EBABB3EE-63A1-48F8-AAB2-B07678C9935D}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{9FEA3BB5-D4CE-46ED-8F07-3C4C04E0E982}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{52F4EE25-83E6-46CB-81E7-3748B880EE4E}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{FE0C280E-4BD1-47D7-828E-E31A43C052BE}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{1D6DCA41-4C9A-437B-9A9A-A642D3E631DC}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{F61171A1-0BE6-4383-AF32-A7DB079E0EB8}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{A77156A0-3B2C-4147-9688-F799AC711E58}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{900C85C7-A25E-4A4A-A42A-0BCA8C7CABBC}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{8F3E83F2-3031-42AE-B078-DEADC711267D}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E23F7093-DEA4-45D5-AC24-EB77AFC71395}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{FD231EEB-651F-44CB-A52C-A81FF7F56843}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{FCDECADA-1CD7-4F8F-B1DC-596302449BB4}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{01F21B66-8175-4148-A653-A41D61FB6DC0}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{79725B3D-FB13-4E34-8988-468C8E517C9C}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{376BD483-007B-4487-83E5-095CD4181804}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9A022A35-0FCE-4BE1-89B9-5300E1563145}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0845B9E1-C32B-4591-B3DE-B752D9DEF0F0}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DD3BF964-B54B-44A8-888A-947B86EEC449}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F0EC76B-E6D3-40BB-8B8F-19FE8895A921}] => (Allow) C:\Users\shobit\AppData\Local\Temp\is-7BQSR.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{2C2E0B33-7839-42CA-AF4E-DD6BBEED0F05}] => (Allow) C:\ProgramData\Guntony\protect\protect.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: TsNetHlp.sys
Description: TsNetHlp.sys
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: tsnethlp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: softaal
Description: softaal
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: softaal
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SRepairDrv
Description: SRepairDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: SRepairDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: tencent QMUdisk
Description: tencent QMUdisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: QMUdisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/26/2016 07:36:30 PM) (Source: ESENT) (EventID: 413) (User: )
Description: Windows (6348) Windows: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -529.

Error: (09/26/2016 07:36:30 PM) (Source: ESENT) (EventID: 429) (User: )
Description: Windows (6348) Windows: The database engine log disk is full. Deleting logfiles to recover disk space may make your database unstartable if the database file(s) are not in a Clean Shutdown state. Numbered logfiles may be moved, but not deleted, if and only if the database file(s) are in a Clean Shutdown state. Do not move C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error: (09/26/2016 07:36:30 PM) (Source: ESENT) (EventID: 428) (User: )
Description: Windows (6348) Windows: The database engine is rejecting update operations due to low free disk space on the log disk.

Error: (09/26/2016 07:36:20 PM) (Source: ESENT) (EventID: 413) (User: )
Description: Windows (4944) Windows: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -529.

Error: (09/26/2016 07:36:20 PM) (Source: ESENT) (EventID: 429) (User: )
Description: Windows (4944) Windows: The database engine log disk is full. Deleting logfiles to recover disk space may make your database unstartable if the database file(s) are not in a Clean Shutdown state. Numbered logfiles may be moved, but not deleted, if and only if the database file(s) are in a Clean Shutdown state. Do not move C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.

Error: (09/26/2016 07:36:20 PM) (Source: ESENT) (EventID: 428) (User: )
Description: Windows (4944) Windows: The database engine is rejecting update operations due to low free disk space on the log disk.

Error: (09/26/2016 07:26:35 PM) (Source: ESENT) (EventID: 428) (User: )
Description: Windows (3764) Windows: The database engine is rejecting update operations due to low free disk space on the log disk.

Error: (09/26/2016 07:26:31 PM) (Source: ESENT) (EventID: 428) (User: )
Description: Windows (5664) Windows: The database engine is rejecting update operations due to low free disk space on the log disk.

Error: (09/26/2016 07:26:12 PM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows (5068) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log" at offset 0 (0x0000000000000000) for 1048576 (0x00100000) bytes failed after 0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.

Error: (09/26/2016 07:25:48 PM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows (4196) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb" at offset 1507328 (0x0000000000170000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.


System errors:
=============
Error: (09/26/2016 07:40:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 107 time(s).

Error: (09/26/2016 07:40:28 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218037.

Error: (09/26/2016 07:40:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 106 time(s).

Error: (09/26/2016 07:40:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218037.

Error: (09/26/2016 07:40:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 105 time(s).

Error: (09/26/2016 07:40:26 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218037.

Error: (09/26/2016 07:40:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 104 time(s).

Error: (09/26/2016 07:40:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218037.

Error: (09/26/2016 07:40:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 103 time(s).

Error: (09/26/2016 07:40:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218037.


CodeIntegrity:
===================================
  Date: 2016-06-26 13:47:35.583
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard32.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 47%
Total physical RAM: 2936.93 MB
Available physical RAM: 1534.78 MB
Total Virtual: 5872.17 MB
Available Virtual: 4575.32 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:14.9 GB) (Free:0 GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive e: (eMachines) (Fixed) (Total:282.99 GB) (Free:171.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7D5EAD65)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Link to post
Share on other sites

Hello shobit and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Your system is awash with malware/infection, lets see how we progress:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the Scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs, also tell me if there are any remaining issues or concerns....

Thank you,

Kevin...

 

Fixlist.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.