this is my frst result
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-09-2016
Ran by shobit (administrator) on SHOBIT-PC (28-09-2016 17:59:32)
Running from E:\Google
Loaded Profiles: shobit (Available Profiles: shobit)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ExWzp Pvt Ltd.) C:\Program Files\WinZipper\winzipersvc.exe
() C:\Program Files\Quvleazpeficetm\Fuevy.exe
(Trend Corp.) C:\Users\shobit\AppData\Roaming\setup1\TSvr.exe
(WFini LIMITED) C:\ProgramData\uwinpu\WFini.exe
() C:\Program Files\WinSaber\WinSaber.exe
() C:\Program Files\ms\launch.exe
(Google Inc.) E:\Google\Chrome\Application\chrome.exe
(Google Inc.) E:\Google\Chrome\Application\chrome.exe
(Google Inc.) E:\Google\Chrome\Application\chrome.exe
() C:\Windows\Temp\ist7FCA.tmp\tools\ffhh.exe
(Tencent Inc.) C:\Windows\Temp\ist7FCA.tmp\tools\chhh.exe
(Google Inc.) E:\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [win_en_77] => "C:\Program Files\win_en_77\win_en_77.exe"
HKLM\...\Run: [sun21] => C:\Program Files\SunnyDay21\SunnyDay.exe [4250792 2016-08-30] ()
HKLM\...\Run: [WINCOM0R9] => "C:\Program Files\sunnyday\wincom_0R9.exe"
HKLM\...\Run: [DiskPower] => C:\Program Files\DPower\DiskPower.exe [210432 2016-07-21] ()
HKLM\...\Run: [WINCOMDPG] => "C:\Program Files\sunnyday\wincom_DPG.exe"
HKLM\...\Run: [app] => C:\Program Files\sbqh\uc.exe [294959 2016-09-18] ( )
HKLM\...\Run: [WINCOMPOU] => C:\Program Files\sunnyday\wincom_POU.exe [4683776 2016-09-18] ()
HKLM\...\Run: [WINCOMJYF] => C:\Program Files\sunnyday\wincom_JYF.exe [4683776 2016-09-18] ()
HKLM\...\Run: [WINCOMLPA] => C:\Program Files\sunnyday\wincom_LPA.exe [4683776 2016-09-18] ()
HKLM\...\Run: [WINCOM0VI] => C:\Program Files\sunnyday\wincom_0VI.exe [4308992 2016-09-22] ()
HKLM\...\Run: [comoBoss] => C:\Program Files\comoBoss\comowin.exe [4308992 2016-09-21] ()
HKLM\...\Run: [WINCOMPRJ] => C:\Program Files\sunnyday\wincom_PRJ.exe [4308992 2016-09-22] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [aa] => C:\Program Files\ms\launch.exe [370176 2016-05-11] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [DKFJ939833] => C:\Program Files\DPower\CODUNKXCO0.exe [369664 2016-09-18] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [950RB4PIAM] => C:\Program Files\DPower\BGFKQFYZFD.exe [369664 2016-09-18] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [WBLPXT7B0T] => C:\Program Files\DPower\9I7W8AJZWU.exe [369664 2016-09-18] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [svchost0] => C:\Program Files\sbqh\uc.exe [294959 2016-09-18] ( )
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [C0UQAYWOAP] => C:\Program Files\DPower\MFEHONX35W.exe [369664 2016-09-18] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [Caster] => C:\Program Files\host\wizzcaster.exe [272896 2016-09-18] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [KZYUFN4MFR] => C:\Program Files\DPower\1EIWR7Y1QM.exe [369664 2016-09-18] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [ZQTHOCJOO9] => C:\Program Files\DPower\HMS2H532KQ.exe [369664 2016-09-18] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [XQY6I6SQ76] => C:\Program Files\DPower\T2GF48KZK1.exe [369664 2016-09-22] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [78BTI2DNQ6] => C:\Program Files\DPower\0V6PBICLWG.exe [369664 2016-09-22] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [4B51CZ6E4B] => C:\Program Files\DPower\81IOFKVSF9.exe [369664 2016-09-22] ()
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [Installer] => C:\Users\shobit\AppData\Local\Temp\is-7BQSR.tmp\51493.exe /autorun <===== ATTENTION
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [uTorrent] => C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe [2139840 2016-09-17] (BitTorrent Inc.)
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [43984 2016-08-19] (Glarysoft Ltd)
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\MountPoints2: {89b58e7c-7b08-11e5-85de-eab4e7b8d168} - G:\AutoRun.exe
AppInit_DLLs: C:\ProgramData\UltimateSecurityPackage\Freshjaytax.dll => C:\ProgramData\UltimateSecurityPackage\Freshjaytax.dll [248320 2016-08-08] ()
BootExecute: autocheck autochk *
GroupPolicy: Restriction - Windows Degender <======= ATTENTION
GroupPolicy: Restriction - Windows Degender <======= ATTENTION
GroupPolicy: Restriction - Windows Degender <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3A7BD294-A96E-44CE-AF3A-E77B2E514F3F}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{5AA82EA8-4C72-49EB-8951-C18F304AA834}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A6BAF567-6650-44C1-B2C4-B2D8C22094E6}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{C46E5B37-A126-4A05-9E91-16A7175D29E0}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{F5A1F8A2-95AC-4F31-876E-5D0F2D9F2833}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1465913124&z=862ec281f2d85d91db4ee45g8z7qew6tag2c1g4o6c&from=wpm0614&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1465913124&z=862ec281f2d85d91db4ee45g8z7qew6tag2c1g4o6c&from=wpm0614&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms}
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms}
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1466509119&z=bd8a1fe4ebf2bdfef7fc7c7g4z7q4qcwde0tbgdgcb&from=wpm0616&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms}
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms}
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms}
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ9xZcKJV5VzbkPydMGWwJE5623DrLl4VWbjlp0ZL3GIzXbETxZ-L4tn-_bIoSYd9gk2RTTLAF7U09i6H3
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1465913124&z=862ec281f2d85d91db4ee45g8z7qew6tag2c1g4o6c&from=wpm0614&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3516989641-3737852596-2602365042-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3516989641-3737852596-2602365042-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1469605786&z=339025dd9c6703ff0ec7d16g5z4q4tfqeeawemebdw&from=ihpm0722&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3516989641-3737852596-2602365042-1000 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL =
SearchScopes: HKU\S-1-5-21-3516989641-3737852596-2602365042-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms}
BHO: Quvleazpeficetm -> {22293B3F-1322-46C3-8447-A7219377B749} -> C:\Program Files\Quvleazpeficetm\Reipelh.dll [2016-09-18] ()
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
FireFox:
========
FF ProfilePath: C:\Users\shobit\AppData\Roaming\Mozilla\Firefox\Profiles\tb5nxrbs.default
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File]
FF SearchPlugin: C:\Users\shobit\AppData\Roaming\Mozilla\Firefox\Profiles\tb5nxrbs.default\searchplugins\730g1mt9.xml [2016-09-17]
FF SearchPlugin: C:\Users\shobit\AppData\Roaming\Mozilla\Firefox\Profiles\tb5nxrbs.default\searchplugins\findit.xml [2016-09-22]
Chrome:
=======
CHR HomePage: ChromeDefaultData -> hxxps://www.google.co.in/#gfe_rd=cr&gws_rd=ssl
CHR StartupUrls: ChromeDefaultData -> "hxxps://www.google.co.in/#gfe_rd=cr&gws_rd=ssl"
CHR Profile: C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-09-28] <==== ATTENTION
CHR Extension: (Google Docs) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-25]
CHR Extension: (Google Drive) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-25]
CHR Extension: (Google Search) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23]
CHR Extension: (Sunset Waves) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fjpbnaenimmeflahocbalmhkhkkiiigb [2016-05-16]
CHR Extension: (Google Docs Offline) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21]
CHR Extension: (Gmail) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-25]
CHR Extension: (Chrome Media Router) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-26]
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-09-2016
Ran by shobit (26-09-2016 19:42:09)
Running from E:\EA Sports
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2015-10-18 13:39:47)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3516989641-3737852596-2602365042-500 - Administrator - Disabled)
Guest (S-1-5-21-3516989641-3737852596-2602365042-501 - Limited - Disabled)
shobit (S-1-5-21-3516989641-3737852596-2602365042-1000 - Administrator - Enabled) => C:\Users\shobit
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.)
Absolute Uninstaller 5.3.1.21 (HKLM\...\Absolute Uninstaller) (Version: 5.3.1.21 - Glarysoft Ltd)
Caster (HKLM\...\{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}) (Version: 1.0 - Caster) <==== ATTENTION
comoBoss version 2.0 (HKLM\...\comoBoss_is1) (Version: 2.0 - aze)
DPower version 1.0 (HKLM\...\DPower_is1) (Version: 1.0 - WeMonetize) <==== ATTENTION
EA Cricket 2007 1.00 (HKLM\...\EA Cricket 2007 1.00) (Version: 1.00 - EA Sports)
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
host version 1.1 (HKLM\...\host_is1) (Version: 1.1 - Wizzlabs) <==== ATTENTION
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Setup (HKLM\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
shopperz (HKLM\...\{AA15C07D-7E8E-4B1B-892B-0A7B6E13F57F}) (Version: 2.0.0.477 - shopperz) <==== ATTENTION
SunnyDay (HKLM\...\SunnyDay21_is1) (Version: - SUNNYDAY) <==== ATTENTION
sunnyday version 1.1 (HKLM\...\sunnyday_is1) (Version: 1.1 - sunnyday) <==== ATTENTION
WIN (HKLM\...\win_en_77_is1) (Version: - ) <==== ATTENTION
WinZip (HKLM\...\WinZip) (Version: 2.3.0 - Winzipper Pvt Ltd.) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1080BDA9-A36D-4584-A075-578806CD0866} - \psv_Zam-Ing -> No File <==== ATTENTION
Task: {12B78C29-BB69-4150-AB8C-D4407F349F0C} - \psv_Konklux -> No File <==== ATTENTION
Task: {183E34F2-5808-4C8E-8866-451BE1A538B4} - \psv_Singlefind -> No File <==== ATTENTION
Task: {19FF9948-DBF7-4D00-82AA-E9E715EC0F47} - System32\Tasks\Microsoft\Windows\Multimedia\FreeVPN => C:\Users\shobit\AppData\Roaming\FreeVPN\FreeVPN.exe [2016-05-25] () <==== ATTENTION
Task: {1F63C445-6057-4445-8EA0-C04B82B4322A} - \psv_Hotcom -> No File <==== ATTENTION
Task: {255A6E78-54A6-4034-B09F-178F885DAC34} - \snp -> No File <==== ATTENTION
Task: {27B45F99-4E28-4111-9906-12011B714D85} - \snf -> No File <==== ATTENTION
Task: {3258E5EF-C305-4E9E-9B53-D8D4FD62751C} - System32\Tasks\psv_Transhold => /c regedit.exe /s "C:\ProgramData\AppgnielbuoD\Tres-Trax.reg" & del "C:\ProgramData\AppgnielbuoD\Tres-Trax.reg" & SCHTASKS /Delete /TN "psv_Transhold" /F <==== ATTENTION
Task: {38D507F5-627D-407E-B037-0E9CB52E2A47} - \psv_Fincanair -> No File <==== ATTENTION
Task: {39173B80-46F5-43D3-BF09-B7979D877BEC} - \psv_Stocktom -> No File <==== ATTENTION
Task: {4974A28F-6756-4034-8B62-DF2803691EAE} - System32\Tasks\psv_Zamlux => /c regedit.exe /s "C:\ProgramData\AppgnielbuoD\Big-Phase.reg" & del "C:\ProgramData\AppgnielbuoD\Big-Phase.reg" & SCHTASKS /Delete /TN "psv_Zamlux" /F <==== ATTENTION
Task: {54D21E2F-B829-4D52-B1F1-C3D050A9592B} - System32\Tasks\HipfatUpdateTaskMachineCore => C:\Program Files\Hipfat\Update\HipfatUpdate.exe <==== ATTENTION
Task: {5C61C70B-9643-464B-8020-E851782CC6BC} - \psv_Mat-Kix -> No File <==== ATTENTION
Task: {5FA1A351-FB38-415A-BEAA-2DEA0DE64728} - \psv_Zerdex -> No File <==== ATTENTION
Task: {61A3B8A6-0EC5-4148-98AD-7DE4FDB7BDA0} - \psv_BetaEco -> No File <==== ATTENTION
Task: {6250DEED-AD9D-4A98-8B29-7AA235BACCA0} - System32\Tasks\HipfatUpdateTaskMachineUA => C:\Program Files\Hipfat\Update\HipfatUpdate.exe <==== ATTENTION
Task: {6279259B-C232-40C0-8FFB-E23E6E37BE69} - \psv_Sol-Dom -> No File <==== ATTENTION
Task: {637073D3-DB7B-4764-B206-A08333E72E7E} - \psv_ZamLax -> No File <==== ATTENTION
Task: {659A0833-038A-4C4F-8B72-3A22DA27D01B} - \psv_Lotcom -> No File <==== ATTENTION
Task: {721BA96D-0BB4-473F-991D-7C766E8B521C} - \Coewother Reports -> No File <==== ATTENTION
Task: {74489F6E-CEA6-4F4A-B286-F137DF21CF2A} - \psv_Tamhome -> No File <==== ATTENTION
Task: {76A630FD-BF07-4153-8F8F-ED65121BC0A9} - \psv_SumRemtom -> No File <==== ATTENTION
Task: {76DF03DC-E30D-458D-8779-2AF344BC9FC1} - System32\Tasks\svchost => C:\Users\shobit\AppData\Local\Temp\is-7BQSR.tmp\51493.exe <==== ATTENTION
Task: {7BD83143-9D5C-4991-99E2-2B8DA372455A} - \psv_TouchSailhold -> No File <==== ATTENTION
Task: {7D561630-D864-4EDF-9903-7DA4F2451F11} - System32\Tasks\KuaiZip_Update => X86\Update.exe <==== ATTENTION
Task: {847AE558-161A-4D4E-9071-B5B80B4B00A8} - \psv_Ecocof -> No File <==== ATTENTION
Task: {8569F424-C7D2-4A67-983C-DC850E94499D} - \psv_Ventoapkix -> No File <==== ATTENTION
Task: {8591EA57-714A-4D55-A8B6-8B4AFFE1BEDA} - \psv_Topdax -> No File <==== ATTENTION
Task: {8A9ED42B-B170-4F24-85BA-8C2CBB7749E6} - \psv_Caneco -> No File <==== ATTENTION
Task: {92CEB115-EB49-462B-B54A-DA4FA1BB477F} - System32\Tasks\psv_Solotrax => /c regedit.exe /s "C:\ProgramData\UltimateSecurityPackage\Tipcom.reg" & del "C:\ProgramData\UltimateSecurityPackage\Tipcom.reg" & SCHTASKS /Delete /TN "psv_Solotrax" /F <==== ATTENTION
Task: {9E995562-97C1-476D-AE91-5AC4584AEEC6} - \psv_Blueflex -> No File <==== ATTENTION
Task: {A6F91299-DB9F-4580-A8A9-D18161615D0D} - \psv_Sonfresh -> No File <==== ATTENTION
Task: {AAE79890-2334-4DD1-AB0D-5F9FB2D91A7C} - \psv_Biolight -> No File <==== ATTENTION
Task: {B25A9C11-0299-481C-9138-5D49F011081F} - System32\Tasks\psv_Unabam => /c regedit.exe /s "C:\ProgramData\AppgnielbuoD\Softtech.reg" & del "C:\ProgramData\AppgnielbuoD\Softtech.reg" & SCHTASKS /Delete /TN "psv_Unabam" /F <==== ATTENTION
Task: {B8AD5D4F-58B6-4436-89C3-7E8BC7AAEA26} - System32\Tasks\psv_StringTonlax => /c regedit.exe /s "C:\ProgramData\UltimateSecurityPackage\OzerSailex.reg" & del "C:\ProgramData\UltimateSecurityPackage\OzerSailex.reg" & SCHTASKS /Delete /TN "psv_StringTonlax" /F <==== ATTENTION
Task: {CE882073-6BBB-4EB4-9EE4-50A671090E49} - \psv_Inchflex -> No File <==== ATTENTION
Task: {E6518F1F-6E84-4D38-ACF8-24B4607801B4} - \psv_Fundondom -> No File <==== ATTENTION
Task: {ED882490-B0ED-448F-8846-206200DD1791} - System32\Tasks\psv_UnoFix => /c regedit.exe /s "C:\ProgramData\UltimateSecurityPackage\Overlax.reg" & del "C:\ProgramData\UltimateSecurityPackage\Overlax.reg" & SCHTASKS /Delete /TN "psv_UnoFix" /F <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\shobit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\shobit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ac7fc5513507e599\Google Chrome.lnk -> E:\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
==================== Loaded Modules (Whitelisted) ==============
2016-07-06 16:31 - 2015-12-30 11:04 - 00582144 _____ () C:\Program Files\WinZipper\curlpp.dll
2016-07-06 16:31 - 2016-01-26 13:57 - 00066560 _____ () C:\Program Files\WinZipper\zlib1.dll
2016-08-11 18:22 - 2016-09-18 21:13 - 00271360 _____ () C:\Program Files\Quvleazpeficetm\Fuevy.exe
2016-09-17 19:53 - 2016-09-17 19:53 - 00303616 _____ () c:\program files\hajidom\werlolycommunity.dll
2016-05-15 16:38 - 2016-05-11 16:32 - 00370176 _____ () C:\Program Files\ms\launch.exe
2016-07-07 18:53 - 2016-07-08 11:39 - 00518360 _____ () C:\Program Files\WinSaber\WinSaber.exe
2015-10-26 16:49 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\shobit\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-10-26 16:49 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\shobit\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdp32.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdp32.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 07:34 - 2016-06-26 13:24 - 00001188 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\shobit\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{AF3C64CB-CD01-4278-9ADC-9C5E3E0DC294}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{07110D44-AF95-4AA4-82B2-185E25FC55B1}] => (Allow) c:\users\shobit\appdata\roaming\download\MiniThunderPlatform.exe
FirewallRules: [{5D944890-25B4-4048-8D2A-CF2223503716}] => (Allow) c:\users\shobit\appdata\roaming\download\MiniThunderPlatform.exe
FirewallRules: [{9152D175-F39F-45E1-AC28-3E858E41DD6D}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{1968D783-7050-4991-B38A-59C6BF22162E}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{C369BCA8-FFAD-41FF-8CB9-BE11E612886B}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F1F556E-8174-47A5-B439-33B26B10994E}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B82B1357-F188-4BFF-8790-B30E914554FC}] => (Allow) C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe
FirewallRules: [TCP Query User{95CB1566-DAFB-4A89-A03F-CD176B2E5BCD}E:\czero.exe] => (Block) E:\czero.exe
FirewallRules: [UDP Query User{8D705859-B062-4A57-85B8-BEA4B9CFAF4C}E:\czero.exe] => (Block) E:\czero.exe
FirewallRules: [TCP Query User{AD55E173-AE7B-429F-BE6A-01AF990E2665}E:\czero.exe] => (Allow) E:\czero.exe
FirewallRules: [UDP Query User{F89CAEFC-EDF3-4B33-9A3C-33813342ADA6}E:\czero.exe] => (Allow) E:\czero.exe
FirewallRules: [TCP Query User{4C7F011D-E7BC-48F7-B8CC-DE2D4A935A87}C:\valve\condition zero\czero.exe] => (Block) C:\valve\condition zero\czero.exe
FirewallRules: [UDP Query User{F822D0C3-76A2-47BD-B5FE-EDAAD251FC29}C:\valve\condition zero\czero.exe] => (Block) C:\valve\condition zero\czero.exe
FirewallRules: [{4BF9D9B3-816C-44CD-A56C-48DBB8DA6382}] => (Allow) C:\Program Files\Hipfat\Update\HipfatUpdate.exe
FirewallRules: [{803254DE-88F2-4D25-B425-59145AE03A9A}] => (Allow) C:\Program Files\Hipfat\Application\chrome.exe
FirewallRules: [{F6FF2735-78FE-437B-84FA-367D79694A4F}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{BFE6CADB-3526-429D-A304-84201A3BEDD5}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{6A1EACF6-5878-4C5A-B020-6749DEF9CBFF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{5E35B050-EEBB-4983-B205-30230BA431B1}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{B65777C7-850B-4C98-8FD9-F2A6C985C069}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E911AD58-1038-4821-9C8B-344B3E2DD0EF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{8777F2F6-6870-4C39-BDE3-8ADA5C5FDDCC}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{2989F06A-B7CD-4235-8272-3DAAE1296B51}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{8CE72295-47BF-4A34-8FF2-BE460B204282}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{BEA3765D-D896-4EC7-946F-65B8D261B747}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{F7F6D138-8AD3-4D0B-ADF9-E53486B3CD36}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{4A1E7496-E87D-4914-8D23-78B391A8352D}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{F5F4AB07-B625-4870-8220-B42639D3915F}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{7DF5B6DA-0AE2-41AE-B052-1CDDD8A3E4FF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{04A4B932-23B5-4D3B-BF7B-E4EAE1C9DFCF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{FEB9C204-4D0C-4D88-982E-896AE73ACD3A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{3E8FDD60-950A-4BE9-ADF6-B1AB9688FE2E}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{DE4C23C1-9428-4870-AB54-C7F62736D004}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{21C8CF12-47D1-4466-9503-941E2356E64C}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{619A8207-62DF-4754-B6AE-7DC662692E50}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{4BE75078-7907-450C-A902-260864B0C312}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E6656592-AD2E-4982-85C3-AAC926583F16}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{C89AACD0-DE8E-4CDD-A8C2-9C844494A6F1}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{2EC2C4A6-3693-492B-9349-AA91AA31CBC8}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{BF0E2F35-D586-4C18-80A7-2F574BB8E7D6}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{C28E13E2-89AE-40A0-A803-F9EB64A040D5}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{3B9E66AF-BB31-40F3-BC2C-1CEEFFA0530B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{FDA6F0D4-BE12-400D-9646-30174FFAAB3B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{881BAC37-905B-4E66-84DD-40F795214967}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E76EF661-54BC-4CDF-A867-EC3E3768185F}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{6AE8C578-20AE-4EB2-8C32-511A6A733D38}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{FE2DF4D2-44B3-4876-AE67-702AC2B1F4B1}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{5698653D-0FFA-44ED-A644-8B55DD75AD1B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{9DD9E569-56F8-43A1-9395-A59E76D529BF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{455926A6-7B6F-4D0C-889E-F863BCBA7694}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{B8BF85F2-7AF6-4E7F-BE15-5565D8A9F2AF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{8AFBF798-7027-4F12-B7A7-953F5A1B58D7}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{DA5C1C8C-97C3-4433-A5FA-07425A56139B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E8806B76-9FBF-459B-81C7-A9470C06919E}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{643A2C62-3496-483B-A598-E590BA0C7B50}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{9B8CCB5B-2F2B-4824-B346-41A1E3B2D95B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{70879082-C879-4567-A3C6-834C740889B7}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{C5FD8921-6B10-49B2-8FC9-987F02906B10}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{AF16F726-EFA7-4E92-85FF-D90AD3F5F16F}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{B25B6460-993B-47C5-8A26-DE32A2CD3E68}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{DF562A31-05EC-4D59-95E2-8F57A48F0BA2}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{2050ED3C-70A1-489B-B271-0DEB851578BB}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{B9123815-6C59-424F-AA62-C7326F7A926A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{492DD51B-7651-4610-8AAB-7542F9F26638}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{3510264C-4C9D-45AE-A3E0-2ECFFB1FA10B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{27428FA9-C8C0-4F20-B486-2AED25207F15}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{D026CA13-242B-41B0-80B0-110AF7F0FA58}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{D7740737-5988-45F6-92DC-1E4DA6DEC5A7}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{C9CC0A74-05D4-412B-A0AB-75390529CBF7}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{77E7662C-7356-47D8-AB6E-FB7AB2834FE4}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{5E1D6FB5-A59C-4CB5-BEDA-6F0872F980D4}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{3FC0006D-2981-49B9-A0D4-562CBB686AB3}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{33B353CE-43AB-4BAE-83BC-ACEB08BA3EFF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{3E33FCA5-43E4-4CDC-87BF-FA627F8BEC53}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{2E7C661E-0273-454B-AD32-C16405DB174A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{84E90CC7-3EF3-489E-8DA3-1EDFA519C839}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{2B844DE7-4362-473B-9920-841B09C91896}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{65BFF7DE-3C71-44F8-8FF7-9D5CC3020248}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{50425F60-2C44-4A0E-86D7-29733F613810}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{91A0E065-69D4-46BB-B0F0-663933B727BF}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{C2CACBF6-D921-4FB5-9978-A1E8857D57BC}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{812270A0-A366-4BB5-BAF8-10E5B6B8558F}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{500639CF-03E8-4FEC-A7CF-6F32BB0DFA63}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{870A9553-0E10-48B8-85A4-E3916DD5549F}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{2817315F-AC3F-4012-9F87-75DFA90342DC}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{8E2945F8-55B8-4ECB-B31D-B70F3A220FF7}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{BD308E4B-517E-41E2-87FF-CC1FA545A89D}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{A256D8D5-CFDB-48D1-84BF-C21DBB3CE433}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{A5AC897B-E77B-4E5B-8096-F19EEFFFB544}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{167CF03A-F5BA-4DEC-A743-F80501928840}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{AC7DD56D-7D97-4062-97CA-D7F98E9503BB}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{3EA8AEE0-EB57-4996-8490-5EC0CA0A0977}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{F2EF3E9F-96D0-46E1-A962-1CFC7A0AAB3B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{38A47DF1-79A5-4EEB-AD84-0EBB25EF352C}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{1EC14937-7721-4367-8D94-A44C4973C647}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E42EB412-679D-4341-A879-AC0A6E4DF12D}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{19109843-FD70-4CCD-8476-F973EFFC1FAD}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{172C5FAE-88C7-450E-9600-78FB4145C08A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{D9E453B3-CB3A-4FFB-BCE0-318C2AE341D4}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{568F0D65-E17D-4D85-A586-DD64EFB7DD86}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{1C5AFF73-7D1E-45DB-AEBD-DCDE74C678BB}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{88492918-D2FB-46BF-9594-59E78424B4FB}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{65B849EF-12CF-436B-A108-FDB87369F013}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{AA48F07F-62E5-4B41-8A27-43C24BA4E27E}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{FEBD50C3-CD4C-4C77-B85E-4ABEA4C100C0}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{6B133DE1-0561-4D86-AF08-551C34C68951}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{1CA65E7B-306C-4865-86F8-5E017CB5F221}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{DD7B49E0-820D-4FAD-ABEF-44B6BD16716D}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{701DDBAD-3564-429E-992D-5038E9856B1F}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{85DA0F3E-91AF-4F38-9806-FD2BB2F9AE13}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{4085F151-CC80-4E94-BB43-5FEF1A004B94}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{79016196-7402-47E0-AD1B-04886123ED51}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{F15D7BA5-3850-449A-AD96-250384DE47CC}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{6178FD90-C2EA-4D81-8C80-08BDB9D555F0}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{1559D1C2-6204-4371-A3AC-CBE934B1DBAD}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{6DA0AB0B-01A5-49EE-B5E5-AD5CABAAA09A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{AF6A8BA6-4027-4EAE-8484-D27BA8EBFA17}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{936547A3-B2B4-4FA0-A985-A45A568CB3B2}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{10C6BC72-2F17-4072-B0D5-316C6950AD70}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{4F5057EC-ECD4-4C5E-B5A1-C37EF3EB562A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{D45B6E3D-E673-41D4-A4A0-8B59F9E2DF90}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{CC430D72-5840-4922-982B-7D985809417C}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{410B9C51-F057-4282-91A9-6005D9323914}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E2D332F4-D89C-4C42-8E6A-2267352A6CF8}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{B3D6CCF2-732E-4A86-AABA-3B1D1495F50E}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{411D222A-28D9-45C8-8E48-91667E76FE03}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{B0FA7CE6-E3E3-4636-827E-1374EA53EBC3}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{7693665F-D4F3-47AA-A1C4-152A57167B85}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{3F88DC1F-E451-4973-91A6-868FFB9A16A5}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{CAA61CC0-4BB5-4549-BFAF-1706775AE5AA}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{6BCBDF49-03C6-4412-AC1B-2C1A84CD1A44}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{C87B6DD0-5C05-452E-B520-B02240D4689E}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{0F7BFD69-2E67-4880-A605-EFB3B3CA7406}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{A5E44059-A98F-4B3F-8C96-EB1692A255C5}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{6B7A3145-92E4-436A-9C84-4984A38B5CF2}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{58C96ACE-AF30-45E7-989E-2EE2E4AFF3C5}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{A97D0CC9-DC45-4A65-B77A-A8DC32C7826A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{135E5625-21F4-4A9A-8702-824296D7B25A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{F09954DE-D0FC-4619-AE10-7F7F2F209034}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{06F58E91-3594-4AFC-A48C-5493161EF53A}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{600E4952-44ED-457E-877E-76F94D24BE12}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E50C9859-DA66-4946-8F3E-AF79D6EC0ECC}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{50888DFA-E021-4D21-8B9B-94013AC7D6D4}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{D2D4BC28-378B-4B22-863D-7E3CAD7C4D9B}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{376449CF-E961-46D0-82BD-BFBAD16E31DB}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{EBABB3EE-63A1-48F8-AAB2-B07678C9935D}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{9FEA3BB5-D4CE-46ED-8F07-3C4C04E0E982}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{52F4EE25-83E6-46CB-81E7-3748B880EE4E}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{FE0C280E-4BD1-47D7-828E-E31A43C052BE}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{1D6DCA41-4C9A-437B-9A9A-A642D3E631DC}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{F61171A1-0BE6-4383-AF32-A7DB079E0EB8}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{A77156A0-3B2C-4147-9688-F799AC711E58}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{900C85C7-A25E-4A4A-A42A-0BCA8C7CABBC}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{8F3E83F2-3031-42AE-B078-DEADC711267D}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{E23F7093-DEA4-45D5-AC24-EB77AFC71395}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{FD231EEB-651F-44CB-A52C-A81FF7F56843}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{FCDECADA-1CD7-4F8F-B1DC-596302449BB4}] => (Allow) C:\Program Files\wejs\jsinjector.exe
FirewallRules: [{01F21B66-8175-4148-A653-A41D61FB6DC0}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{79725B3D-FB13-4E34-8988-468C8E517C9C}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{376BD483-007B-4487-83E5-095CD4181804}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9A022A35-0FCE-4BE1-89B9-5300E1563145}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0845B9E1-C32B-4591-B3DE-B752D9DEF0F0}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DD3BF964-B54B-44A8-888A-947B86EEC449}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4F0EC76B-E6D3-40BB-8B8F-19FE8895A921}] => (Allow) C:\Users\shobit\AppData\Local\Temp\is-7BQSR.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{2C2E0B33-7839-42CA-AF4E-DD6BBEED0F05}] => (Allow) C:\ProgramData\Guntony\protect\protect.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: TsNetHlp.sys
Description: TsNetHlp.sys
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tsnethlp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: softaal
Description: softaal
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: softaal
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: SRepairDrv
Description: SRepairDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SRepairDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: tencent QMUdisk
Description: tencent QMUdisk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: QMUdisk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/26/2016 07:36:30 PM) (Source: ESENT) (EventID: 413) (User: )
Description: Windows (6348) Windows: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -529.
Error: (09/26/2016 07:36:30 PM) (Source: ESENT) (EventID: 429) (User: )
Description: Windows (6348) Windows: The database engine log disk is full. Deleting logfiles to recover disk space may make your database unstartable if the database file(s) are not in a Clean Shutdown state. Numbered logfiles may be moved, but not deleted, if and only if the database file(s) are in a Clean Shutdown state. Do not move C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Error: (09/26/2016 07:36:30 PM) (Source: ESENT) (EventID: 428) (User: )
Description: Windows (6348) Windows: The database engine is rejecting update operations due to low free disk space on the log disk.
Error: (09/26/2016 07:36:20 PM) (Source: ESENT) (EventID: 413) (User: )
Description: Windows (4944) Windows: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -529.
Error: (09/26/2016 07:36:20 PM) (Source: ESENT) (EventID: 429) (User: )
Description: Windows (4944) Windows: The database engine log disk is full. Deleting logfiles to recover disk space may make your database unstartable if the database file(s) are not in a Clean Shutdown state. Numbered logfiles may be moved, but not deleted, if and only if the database file(s) are in a Clean Shutdown state. Do not move C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log.
Error: (09/26/2016 07:36:20 PM) (Source: ESENT) (EventID: 428) (User: )
Description: Windows (4944) Windows: The database engine is rejecting update operations due to low free disk space on the log disk.
Error: (09/26/2016 07:26:35 PM) (Source: ESENT) (EventID: 428) (User: )
Description: Windows (3764) Windows: The database engine is rejecting update operations due to low free disk space on the log disk.
Error: (09/26/2016 07:26:31 PM) (Source: ESENT) (EventID: 428) (User: )
Description: Windows (5664) Windows: The database engine is rejecting update operations due to low free disk space on the log disk.
Error: (09/26/2016 07:26:12 PM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows (5068) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log" at offset 0 (0x0000000000000000) for 1048576 (0x00100000) bytes failed after 0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.
Error: (09/26/2016 07:25:48 PM) (Source: ESENT) (EventID: 482) (User: )
Description: Windows (4196) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb" at offset 1507328 (0x0000000000170000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.
System errors:
=============
Error: (09/26/2016 07:40:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 107 time(s).
Error: (09/26/2016 07:40:28 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218037.
Error: (09/26/2016 07:40:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 106 time(s).
Error: (09/26/2016 07:40:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218037.
Error: (09/26/2016 07:40:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 105 time(s).
Error: (09/26/2016 07:40:26 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218037.
Error: (09/26/2016 07:40:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 104 time(s).
Error: (09/26/2016 07:40:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218037.
Error: (09/26/2016 07:40:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 103 time(s).
Error: (09/26/2016 07:40:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-2147218037.
CodeIntegrity:
===================================
Date: 2016-06-26 13:47:35.583
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard32.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 47%
Total physical RAM: 2936.93 MB
Available physical RAM: 1534.78 MB
Total Virtual: 5872.17 MB
Available Virtual: 4575.32 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:14.9 GB) (Free:0 GB) NTFS
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive e: (eMachines) (Fixed) (Total:282.99 GB) (Free:171.5 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7D5EAD65)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=283 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================