Jump to content

shobit

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. this is my frst result Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-09-2016 Ran by shobit (administrator) on SHOBIT-PC (28-09-2016 17:59:32) Running from E:\Google Loaded Profiles: shobit (Available Profiles: shobit) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ExWzp Pvt Ltd.) C:\Program Files\WinZipper\winzipersvc.exe () C:\Program Files\Quvleazpeficetm\Fuevy.exe (Trend Corp.) C:\Users\shobit\AppData\Roaming\setup1\TSvr.exe (WFini LIMITED) C:\ProgramData\uwinpu\WFini.exe () C:\Program Files\WinSaber\WinSaber.exe () C:\Program Files\ms\launch.exe (Google Inc.) E:\Google\Chrome\Application\chrome.exe (Google Inc.) E:\Google\Chrome\Application\chrome.exe (Google Inc.) E:\Google\Chrome\Application\chrome.exe () C:\Windows\Temp\ist7FCA.tmp\tools\ffhh.exe (Tencent Inc.) C:\Windows\Temp\ist7FCA.tmp\tools\chhh.exe (Google Inc.) E:\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [win_en_77] => "C:\Program Files\win_en_77\win_en_77.exe" HKLM\...\Run: [sun21] => C:\Program Files\SunnyDay21\SunnyDay.exe [4250792 2016-08-30] () HKLM\...\Run: [WINCOM0R9] => "C:\Program Files\sunnyday\wincom_0R9.exe" HKLM\...\Run: [DiskPower] => C:\Program Files\DPower\DiskPower.exe [210432 2016-07-21] () HKLM\...\Run: [WINCOMDPG] => "C:\Program Files\sunnyday\wincom_DPG.exe" HKLM\...\Run: [app] => C:\Program Files\sbqh\uc.exe [294959 2016-09-18] ( ) HKLM\...\Run: [WINCOMPOU] => C:\Program Files\sunnyday\wincom_POU.exe [4683776 2016-09-18] () HKLM\...\Run: [WINCOMJYF] => C:\Program Files\sunnyday\wincom_JYF.exe [4683776 2016-09-18] () HKLM\...\Run: [WINCOMLPA] => C:\Program Files\sunnyday\wincom_LPA.exe [4683776 2016-09-18] () HKLM\...\Run: [WINCOM0VI] => C:\Program Files\sunnyday\wincom_0VI.exe [4308992 2016-09-22] () HKLM\...\Run: [comoBoss] => C:\Program Files\comoBoss\comowin.exe [4308992 2016-09-21] () HKLM\...\Run: [WINCOMPRJ] => C:\Program Files\sunnyday\wincom_PRJ.exe [4308992 2016-09-22] () HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [aa] => C:\Program Files\ms\launch.exe [370176 2016-05-11] () HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [DKFJ939833] => C:\Program Files\DPower\CODUNKXCO0.exe [369664 2016-09-18] () HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [950RB4PIAM] => C:\Program Files\DPower\BGFKQFYZFD.exe [369664 2016-09-18] () HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [WBLPXT7B0T] => C:\Program Files\DPower\9I7W8AJZWU.exe [369664 2016-09-18] () HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [svchost0] => C:\Program Files\sbqh\uc.exe [294959 2016-09-18] ( ) HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [C0UQAYWOAP] => C:\Program Files\DPower\MFEHONX35W.exe [369664 2016-09-18] () HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [Caster] => C:\Program Files\host\wizzcaster.exe [272896 2016-09-18] () HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [KZYUFN4MFR] => C:\Program Files\DPower\1EIWR7Y1QM.exe [369664 2016-09-18] () HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [ZQTHOCJOO9] => C:\Program Files\DPower\HMS2H532KQ.exe [369664 2016-09-18] () HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [XQY6I6SQ76] => C:\Program Files\DPower\T2GF48KZK1.exe [369664 2016-09-22] () HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [78BTI2DNQ6] => C:\Program Files\DPower\0V6PBICLWG.exe [369664 2016-09-22] () HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [4B51CZ6E4B] => C:\Program Files\DPower\81IOFKVSF9.exe [369664 2016-09-22] () HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [Installer] => C:\Users\shobit\AppData\Local\Temp\is-7BQSR.tmp\51493.exe /autorun <===== ATTENTION HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [uTorrent] => C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe [2139840 2016-09-17] (BitTorrent Inc.) HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [43984 2016-08-19] (Glarysoft Ltd) HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\MountPoints2: {89b58e7c-7b08-11e5-85de-eab4e7b8d168} - G:\AutoRun.exe AppInit_DLLs: C:\ProgramData\UltimateSecurityPackage\Freshjaytax.dll => C:\ProgramData\UltimateSecurityPackage\Freshjaytax.dll [248320 2016-08-08] () BootExecute: autocheck autochk * GroupPolicy: Restriction - Windows Degender <======= ATTENTION GroupPolicy: Restriction - Windows Degender <======= ATTENTION GroupPolicy: Restriction - Windows Degender <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{3A7BD294-A96E-44CE-AF3A-E77B2E514F3F}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{5AA82EA8-4C72-49EB-8951-C18F304AA834}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{A6BAF567-6650-44C1-B2C4-B2D8C22094E6}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{C46E5B37-A126-4A05-9E91-16A7175D29E0}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{F5A1F8A2-95AC-4F31-876E-5D0F2D9F2833}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.nuesearch.com/search/?type=ds&ts=1465913124&z=862ec281f2d85d91db4ee45g8z7qew6tag2c1g4o6c&from=wpm0614&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1465913124&z=862ec281f2d85d91db4ee45g8z7qew6tag2c1g4o6c&from=wpm0614&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms} HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms} HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1466509119&z=bd8a1fe4ebf2bdfef7fc7c7g4z7q4qcwde0tbgdgcb&from=wpm0616&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms} HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms} HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms} HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ9xZcKJV5VzbkPydMGWwJE5623DrLl4VWbjlp0ZL3GIzXbETxZ-L4tn-_bIoSYd9gk2RTTLAF7U09i6H3 SearchScopes: HKLM -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1465913124&z=862ec281f2d85d91db4ee45g8z7qew6tag2c1g4o6c&from=wpm0614&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms} SearchScopes: HKU\S-1-5-21-3516989641-3737852596-2602365042-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms} SearchScopes: HKU\S-1-5-21-3516989641-3737852596-2602365042-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.nuesearch.com/search/?type=ds&ts=1469605786&z=339025dd9c6703ff0ec7d16g5z4q4tfqeeawemebdw&from=ihpm0722&uid=TOSHIBAXMK3265GSX_51EWT7CITXX51EWT7CIT&q={searchTerms} SearchScopes: HKU\S-1-5-21-3516989641-3737852596-2602365042-1000 -> {FDC320A9-B4B2-491E-B140-815C11613CB6} URL = SearchScopes: HKU\S-1-5-21-3516989641-3737852596-2602365042-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYSttY34mamef947lyuWHlXdoVJWoFEHPi1oZZT--7uriuxDo8i2kIn1WyNP6K9yTJ1__P4hSzGCGIVH5rjDXKCiEZtY0TqZ--ubROLEwvO6DZGywbo0FCL5seeHvBt8lSbg_lJeeBsn2VGCgAm6QBWVbCkrxpmUvLMG-7NTiZ9HnLQZ&q={searchTerms} BHO: Quvleazpeficetm -> {22293B3F-1322-46C3-8447-A7219377B749} -> C:\Program Files\Quvleazpeficetm\Reipelh.dll [2016-09-18] () DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\shobit\AppData\Roaming\Mozilla\Firefox\Profiles\tb5nxrbs.default FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File] FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [No File] FF SearchPlugin: C:\Users\shobit\AppData\Roaming\Mozilla\Firefox\Profiles\tb5nxrbs.default\searchplugins\730g1mt9.xml [2016-09-17] FF SearchPlugin: C:\Users\shobit\AppData\Roaming\Mozilla\Firefox\Profiles\tb5nxrbs.default\searchplugins\findit.xml [2016-09-22] Chrome: ======= CHR HomePage: ChromeDefaultData -> hxxps://www.google.co.in/#gfe_rd=cr&gws_rd=ssl CHR StartupUrls: ChromeDefaultData -> "hxxps://www.google.co.in/#gfe_rd=cr&gws_rd=ssl" CHR Profile: C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-09-28] <==== ATTENTION CHR Extension: (Google Docs) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-25] CHR Extension: (Google Drive) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25] CHR Extension: (YouTube) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-25] CHR Extension: (Google Search) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-23] CHR Extension: (Sunset Waves) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\fjpbnaenimmeflahocbalmhkhkkiiigb [2016-05-16] CHR Extension: (Google Docs Offline) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-21] CHR Extension: (Gmail) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-25] CHR Extension: (Chrome Media Router) - C:\Users\shobit\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-26] Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-09-2016 Ran by shobit (26-09-2016 19:42:09) Running from E:\EA Sports Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2015-10-18 13:39:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3516989641-3737852596-2602365042-500 - Administrator - Disabled) Guest (S-1-5-21-3516989641-3737852596-2602365042-501 - Limited - Disabled) shobit (S-1-5-21-3516989641-3737852596-2602365042-1000 - Administrator - Enabled) => C:\Users\shobit ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\...\uTorrent) (Version: 3.4.8.42576 - BitTorrent Inc.) Absolute Uninstaller 5.3.1.21 (HKLM\...\Absolute Uninstaller) (Version: 5.3.1.21 - Glarysoft Ltd) Caster (HKLM\...\{d35e5e88-e5b8-447f-b6f4-66bc7aa638d1}) (Version: 1.0 - Caster) <==== ATTENTION comoBoss version 2.0 (HKLM\...\comoBoss_is1) (Version: 2.0 - aze) DPower version 1.0 (HKLM\...\DPower_is1) (Version: 1.0 - WeMonetize) <==== ATTENTION EA Cricket 2007 1.00 (HKLM\...\EA Cricket 2007 1.00) (Version: 1.00 - EA Sports) Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden host version 1.1 (HKLM\...\host_is1) (Version: 1.1 - Wizzlabs) <==== ATTENTION Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Setup (HKLM\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION shopperz (HKLM\...\{AA15C07D-7E8E-4B1B-892B-0A7B6E13F57F}) (Version: 2.0.0.477 - shopperz) <==== ATTENTION SunnyDay (HKLM\...\SunnyDay21_is1) (Version: - SUNNYDAY) <==== ATTENTION sunnyday version 1.1 (HKLM\...\sunnyday_is1) (Version: 1.1 - sunnyday) <==== ATTENTION WIN (HKLM\...\win_en_77_is1) (Version: - ) <==== ATTENTION WinZip (HKLM\...\WinZip) (Version: 2.3.0 - Winzipper Pvt Ltd.) <==== ATTENTION ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1080BDA9-A36D-4584-A075-578806CD0866} - \psv_Zam-Ing -> No File <==== ATTENTION Task: {12B78C29-BB69-4150-AB8C-D4407F349F0C} - \psv_Konklux -> No File <==== ATTENTION Task: {183E34F2-5808-4C8E-8866-451BE1A538B4} - \psv_Singlefind -> No File <==== ATTENTION Task: {19FF9948-DBF7-4D00-82AA-E9E715EC0F47} - System32\Tasks\Microsoft\Windows\Multimedia\FreeVPN => C:\Users\shobit\AppData\Roaming\FreeVPN\FreeVPN.exe [2016-05-25] () <==== ATTENTION Task: {1F63C445-6057-4445-8EA0-C04B82B4322A} - \psv_Hotcom -> No File <==== ATTENTION Task: {255A6E78-54A6-4034-B09F-178F885DAC34} - \snp -> No File <==== ATTENTION Task: {27B45F99-4E28-4111-9906-12011B714D85} - \snf -> No File <==== ATTENTION Task: {3258E5EF-C305-4E9E-9B53-D8D4FD62751C} - System32\Tasks\psv_Transhold => /c regedit.exe /s "C:\ProgramData\AppgnielbuoD\Tres-Trax.reg" &amp; del "C:\ProgramData\AppgnielbuoD\Tres-Trax.reg" &amp; SCHTASKS /Delete /TN "psv_Transhold" /F <==== ATTENTION Task: {38D507F5-627D-407E-B037-0E9CB52E2A47} - \psv_Fincanair -> No File <==== ATTENTION Task: {39173B80-46F5-43D3-BF09-B7979D877BEC} - \psv_Stocktom -> No File <==== ATTENTION Task: {4974A28F-6756-4034-8B62-DF2803691EAE} - System32\Tasks\psv_Zamlux => /c regedit.exe /s "C:\ProgramData\AppgnielbuoD\Big-Phase.reg" &amp; del "C:\ProgramData\AppgnielbuoD\Big-Phase.reg" &amp; SCHTASKS /Delete /TN "psv_Zamlux" /F <==== ATTENTION Task: {54D21E2F-B829-4D52-B1F1-C3D050A9592B} - System32\Tasks\HipfatUpdateTaskMachineCore => C:\Program Files\Hipfat\Update\HipfatUpdate.exe <==== ATTENTION Task: {5C61C70B-9643-464B-8020-E851782CC6BC} - \psv_Mat-Kix -> No File <==== ATTENTION Task: {5FA1A351-FB38-415A-BEAA-2DEA0DE64728} - \psv_Zerdex -> No File <==== ATTENTION Task: {61A3B8A6-0EC5-4148-98AD-7DE4FDB7BDA0} - \psv_BetaEco -> No File <==== ATTENTION Task: {6250DEED-AD9D-4A98-8B29-7AA235BACCA0} - System32\Tasks\HipfatUpdateTaskMachineUA => C:\Program Files\Hipfat\Update\HipfatUpdate.exe <==== ATTENTION Task: {6279259B-C232-40C0-8FFB-E23E6E37BE69} - \psv_Sol-Dom -> No File <==== ATTENTION Task: {637073D3-DB7B-4764-B206-A08333E72E7E} - \psv_ZamLax -> No File <==== ATTENTION Task: {659A0833-038A-4C4F-8B72-3A22DA27D01B} - \psv_Lotcom -> No File <==== ATTENTION Task: {721BA96D-0BB4-473F-991D-7C766E8B521C} - \Coewother Reports -> No File <==== ATTENTION Task: {74489F6E-CEA6-4F4A-B286-F137DF21CF2A} - \psv_Tamhome -> No File <==== ATTENTION Task: {76A630FD-BF07-4153-8F8F-ED65121BC0A9} - \psv_SumRemtom -> No File <==== ATTENTION Task: {76DF03DC-E30D-458D-8779-2AF344BC9FC1} - System32\Tasks\svchost => C:\Users\shobit\AppData\Local\Temp\is-7BQSR.tmp\51493.exe <==== ATTENTION Task: {7BD83143-9D5C-4991-99E2-2B8DA372455A} - \psv_TouchSailhold -> No File <==== ATTENTION Task: {7D561630-D864-4EDF-9903-7DA4F2451F11} - System32\Tasks\KuaiZip_Update => X86\Update.exe <==== ATTENTION Task: {847AE558-161A-4D4E-9071-B5B80B4B00A8} - \psv_Ecocof -> No File <==== ATTENTION Task: {8569F424-C7D2-4A67-983C-DC850E94499D} - \psv_Ventoapkix -> No File <==== ATTENTION Task: {8591EA57-714A-4D55-A8B6-8B4AFFE1BEDA} - \psv_Topdax -> No File <==== ATTENTION Task: {8A9ED42B-B170-4F24-85BA-8C2CBB7749E6} - \psv_Caneco -> No File <==== ATTENTION Task: {92CEB115-EB49-462B-B54A-DA4FA1BB477F} - System32\Tasks\psv_Solotrax => /c regedit.exe /s "C:\ProgramData\UltimateSecurityPackage\Tipcom.reg" &amp; del "C:\ProgramData\UltimateSecurityPackage\Tipcom.reg" &amp; SCHTASKS /Delete /TN "psv_Solotrax" /F <==== ATTENTION Task: {9E995562-97C1-476D-AE91-5AC4584AEEC6} - \psv_Blueflex -> No File <==== ATTENTION Task: {A6F91299-DB9F-4580-A8A9-D18161615D0D} - \psv_Sonfresh -> No File <==== ATTENTION Task: {AAE79890-2334-4DD1-AB0D-5F9FB2D91A7C} - \psv_Biolight -> No File <==== ATTENTION Task: {B25A9C11-0299-481C-9138-5D49F011081F} - System32\Tasks\psv_Unabam => /c regedit.exe /s "C:\ProgramData\AppgnielbuoD\Softtech.reg" &amp; del "C:\ProgramData\AppgnielbuoD\Softtech.reg" &amp; SCHTASKS /Delete /TN "psv_Unabam" /F <==== ATTENTION Task: {B8AD5D4F-58B6-4436-89C3-7E8BC7AAEA26} - System32\Tasks\psv_StringTonlax => /c regedit.exe /s "C:\ProgramData\UltimateSecurityPackage\OzerSailex.reg" &amp; del "C:\ProgramData\UltimateSecurityPackage\OzerSailex.reg" &amp; SCHTASKS /Delete /TN "psv_StringTonlax" /F <==== ATTENTION Task: {CE882073-6BBB-4EB4-9EE4-50A671090E49} - \psv_Inchflex -> No File <==== ATTENTION Task: {E6518F1F-6E84-4D38-ACF8-24B4607801B4} - \psv_Fundondom -> No File <==== ATTENTION Task: {ED882490-B0ED-448F-8846-206200DD1791} - System32\Tasks\psv_UnoFix => /c regedit.exe /s "C:\ProgramData\UltimateSecurityPackage\Overlax.reg" &amp; del "C:\ProgramData\UltimateSecurityPackage\Overlax.reg" &amp; SCHTASKS /Delete /TN "psv_UnoFix" /F <==== ATTENTION (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\shobit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP% ShortcutWithArgument: C:\Users\shobit\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ac7fc5513507e599\Google Chrome.lnk -> E:\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData ==================== Loaded Modules (Whitelisted) ============== 2016-07-06 16:31 - 2015-12-30 11:04 - 00582144 _____ () C:\Program Files\WinZipper\curlpp.dll 2016-07-06 16:31 - 2016-01-26 13:57 - 00066560 _____ () C:\Program Files\WinZipper\zlib1.dll 2016-08-11 18:22 - 2016-09-18 21:13 - 00271360 _____ () C:\Program Files\Quvleazpeficetm\Fuevy.exe 2016-09-17 19:53 - 2016-09-17 19:53 - 00303616 _____ () c:\program files\hajidom\werlolycommunity.dll 2016-05-15 16:38 - 2016-05-11 16:32 - 00370176 _____ () C:\Program Files\ms\launch.exe 2016-07-07 18:53 - 2016-07-08 11:39 - 00518360 _____ () C:\Program Files\WinSaber\WinSaber.exe 2015-10-26 16:49 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\shobit\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2015-10-26 16:49 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\shobit\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\bsdp32.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bsdp32.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 07:34 - 2016-06-26 13:24 - 00001188 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3516989641-3737852596-2602365042-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\shobit\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{AF3C64CB-CD01-4278-9ADC-9C5E3E0DC294}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{07110D44-AF95-4AA4-82B2-185E25FC55B1}] => (Allow) c:\users\shobit\appdata\roaming\download\MiniThunderPlatform.exe FirewallRules: [{5D944890-25B4-4048-8D2A-CF2223503716}] => (Allow) c:\users\shobit\appdata\roaming\download\MiniThunderPlatform.exe FirewallRules: [{9152D175-F39F-45E1-AC28-3E858E41DD6D}] => (Allow) C:\program files\common files\tencent\qqdownload\130\bugreport_xf.exe FirewallRules: [{1968D783-7050-4991-B38A-59C6BF22162E}] => (Allow) C:\program files\common files\tencent\qqdownload\130\tencentdl.exe FirewallRules: [{C369BCA8-FFAD-41FF-8CB9-BE11E612886B}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4F1F556E-8174-47A5-B439-33B26B10994E}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{B82B1357-F188-4BFF-8790-B30E914554FC}] => (Allow) C:\Program Files\Guntony\Guntony\bin\Guntony_server.exe FirewallRules: [TCP Query User{95CB1566-DAFB-4A89-A03F-CD176B2E5BCD}E:\czero.exe] => (Block) E:\czero.exe FirewallRules: [UDP Query User{8D705859-B062-4A57-85B8-BEA4B9CFAF4C}E:\czero.exe] => (Block) E:\czero.exe FirewallRules: [TCP Query User{AD55E173-AE7B-429F-BE6A-01AF990E2665}E:\czero.exe] => (Allow) E:\czero.exe FirewallRules: [UDP Query User{F89CAEFC-EDF3-4B33-9A3C-33813342ADA6}E:\czero.exe] => (Allow) E:\czero.exe FirewallRules: [TCP Query User{4C7F011D-E7BC-48F7-B8CC-DE2D4A935A87}C:\valve\condition zero\czero.exe] => (Block) C:\valve\condition zero\czero.exe FirewallRules: [UDP Query User{F822D0C3-76A2-47BD-B5FE-EDAAD251FC29}C:\valve\condition zero\czero.exe] => (Block) C:\valve\condition zero\czero.exe FirewallRules: [{4BF9D9B3-816C-44CD-A56C-48DBB8DA6382}] => (Allow) C:\Program Files\Hipfat\Update\HipfatUpdate.exe FirewallRules: [{803254DE-88F2-4D25-B425-59145AE03A9A}] => (Allow) C:\Program Files\Hipfat\Application\chrome.exe FirewallRules: [{F6FF2735-78FE-437B-84FA-367D79694A4F}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{BFE6CADB-3526-429D-A304-84201A3BEDD5}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{6A1EACF6-5878-4C5A-B020-6749DEF9CBFF}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{5E35B050-EEBB-4983-B205-30230BA431B1}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{B65777C7-850B-4C98-8FD9-F2A6C985C069}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{E911AD58-1038-4821-9C8B-344B3E2DD0EF}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{8777F2F6-6870-4C39-BDE3-8ADA5C5FDDCC}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{2989F06A-B7CD-4235-8272-3DAAE1296B51}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{8CE72295-47BF-4A34-8FF2-BE460B204282}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{BEA3765D-D896-4EC7-946F-65B8D261B747}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{F7F6D138-8AD3-4D0B-ADF9-E53486B3CD36}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{4A1E7496-E87D-4914-8D23-78B391A8352D}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{F5F4AB07-B625-4870-8220-B42639D3915F}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{7DF5B6DA-0AE2-41AE-B052-1CDDD8A3E4FF}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{04A4B932-23B5-4D3B-BF7B-E4EAE1C9DFCF}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{FEB9C204-4D0C-4D88-982E-896AE73ACD3A}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{3E8FDD60-950A-4BE9-ADF6-B1AB9688FE2E}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{DE4C23C1-9428-4870-AB54-C7F62736D004}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{21C8CF12-47D1-4466-9503-941E2356E64C}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{619A8207-62DF-4754-B6AE-7DC662692E50}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{4BE75078-7907-450C-A902-260864B0C312}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{E6656592-AD2E-4982-85C3-AAC926583F16}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{C89AACD0-DE8E-4CDD-A8C2-9C844494A6F1}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{2EC2C4A6-3693-492B-9349-AA91AA31CBC8}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{BF0E2F35-D586-4C18-80A7-2F574BB8E7D6}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{C28E13E2-89AE-40A0-A803-F9EB64A040D5}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{3B9E66AF-BB31-40F3-BC2C-1CEEFFA0530B}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{FDA6F0D4-BE12-400D-9646-30174FFAAB3B}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{881BAC37-905B-4E66-84DD-40F795214967}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{E76EF661-54BC-4CDF-A867-EC3E3768185F}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{6AE8C578-20AE-4EB2-8C32-511A6A733D38}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{FE2DF4D2-44B3-4876-AE67-702AC2B1F4B1}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{5698653D-0FFA-44ED-A644-8B55DD75AD1B}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{9DD9E569-56F8-43A1-9395-A59E76D529BF}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{455926A6-7B6F-4D0C-889E-F863BCBA7694}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{B8BF85F2-7AF6-4E7F-BE15-5565D8A9F2AF}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{8AFBF798-7027-4F12-B7A7-953F5A1B58D7}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{DA5C1C8C-97C3-4433-A5FA-07425A56139B}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{E8806B76-9FBF-459B-81C7-A9470C06919E}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{643A2C62-3496-483B-A598-E590BA0C7B50}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{9B8CCB5B-2F2B-4824-B346-41A1E3B2D95B}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{70879082-C879-4567-A3C6-834C740889B7}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{C5FD8921-6B10-49B2-8FC9-987F02906B10}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{AF16F726-EFA7-4E92-85FF-D90AD3F5F16F}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{B25B6460-993B-47C5-8A26-DE32A2CD3E68}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{DF562A31-05EC-4D59-95E2-8F57A48F0BA2}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{2050ED3C-70A1-489B-B271-0DEB851578BB}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{B9123815-6C59-424F-AA62-C7326F7A926A}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{492DD51B-7651-4610-8AAB-7542F9F26638}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{3510264C-4C9D-45AE-A3E0-2ECFFB1FA10B}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{27428FA9-C8C0-4F20-B486-2AED25207F15}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{D026CA13-242B-41B0-80B0-110AF7F0FA58}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{D7740737-5988-45F6-92DC-1E4DA6DEC5A7}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{C9CC0A74-05D4-412B-A0AB-75390529CBF7}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{77E7662C-7356-47D8-AB6E-FB7AB2834FE4}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{5E1D6FB5-A59C-4CB5-BEDA-6F0872F980D4}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{3FC0006D-2981-49B9-A0D4-562CBB686AB3}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{33B353CE-43AB-4BAE-83BC-ACEB08BA3EFF}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{3E33FCA5-43E4-4CDC-87BF-FA627F8BEC53}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{2E7C661E-0273-454B-AD32-C16405DB174A}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{84E90CC7-3EF3-489E-8DA3-1EDFA519C839}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{2B844DE7-4362-473B-9920-841B09C91896}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{65BFF7DE-3C71-44F8-8FF7-9D5CC3020248}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{50425F60-2C44-4A0E-86D7-29733F613810}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{91A0E065-69D4-46BB-B0F0-663933B727BF}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{C2CACBF6-D921-4FB5-9978-A1E8857D57BC}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{812270A0-A366-4BB5-BAF8-10E5B6B8558F}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{500639CF-03E8-4FEC-A7CF-6F32BB0DFA63}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{870A9553-0E10-48B8-85A4-E3916DD5549F}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{2817315F-AC3F-4012-9F87-75DFA90342DC}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{8E2945F8-55B8-4ECB-B31D-B70F3A220FF7}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{BD308E4B-517E-41E2-87FF-CC1FA545A89D}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{A256D8D5-CFDB-48D1-84BF-C21DBB3CE433}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{A5AC897B-E77B-4E5B-8096-F19EEFFFB544}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{167CF03A-F5BA-4DEC-A743-F80501928840}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{AC7DD56D-7D97-4062-97CA-D7F98E9503BB}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{3EA8AEE0-EB57-4996-8490-5EC0CA0A0977}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{F2EF3E9F-96D0-46E1-A962-1CFC7A0AAB3B}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{38A47DF1-79A5-4EEB-AD84-0EBB25EF352C}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{1EC14937-7721-4367-8D94-A44C4973C647}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{E42EB412-679D-4341-A879-AC0A6E4DF12D}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{19109843-FD70-4CCD-8476-F973EFFC1FAD}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{172C5FAE-88C7-450E-9600-78FB4145C08A}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{D9E453B3-CB3A-4FFB-BCE0-318C2AE341D4}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{568F0D65-E17D-4D85-A586-DD64EFB7DD86}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{1C5AFF73-7D1E-45DB-AEBD-DCDE74C678BB}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{88492918-D2FB-46BF-9594-59E78424B4FB}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{65B849EF-12CF-436B-A108-FDB87369F013}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{AA48F07F-62E5-4B41-8A27-43C24BA4E27E}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{FEBD50C3-CD4C-4C77-B85E-4ABEA4C100C0}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{6B133DE1-0561-4D86-AF08-551C34C68951}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{1CA65E7B-306C-4865-86F8-5E017CB5F221}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{DD7B49E0-820D-4FAD-ABEF-44B6BD16716D}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{701DDBAD-3564-429E-992D-5038E9856B1F}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{85DA0F3E-91AF-4F38-9806-FD2BB2F9AE13}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{4085F151-CC80-4E94-BB43-5FEF1A004B94}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{79016196-7402-47E0-AD1B-04886123ED51}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{F15D7BA5-3850-449A-AD96-250384DE47CC}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{6178FD90-C2EA-4D81-8C80-08BDB9D555F0}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{1559D1C2-6204-4371-A3AC-CBE934B1DBAD}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{6DA0AB0B-01A5-49EE-B5E5-AD5CABAAA09A}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{AF6A8BA6-4027-4EAE-8484-D27BA8EBFA17}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{936547A3-B2B4-4FA0-A985-A45A568CB3B2}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{10C6BC72-2F17-4072-B0D5-316C6950AD70}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{4F5057EC-ECD4-4C5E-B5A1-C37EF3EB562A}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{D45B6E3D-E673-41D4-A4A0-8B59F9E2DF90}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{CC430D72-5840-4922-982B-7D985809417C}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{410B9C51-F057-4282-91A9-6005D9323914}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{E2D332F4-D89C-4C42-8E6A-2267352A6CF8}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{B3D6CCF2-732E-4A86-AABA-3B1D1495F50E}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{411D222A-28D9-45C8-8E48-91667E76FE03}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{B0FA7CE6-E3E3-4636-827E-1374EA53EBC3}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{7693665F-D4F3-47AA-A1C4-152A57167B85}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{3F88DC1F-E451-4973-91A6-868FFB9A16A5}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{CAA61CC0-4BB5-4549-BFAF-1706775AE5AA}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{6BCBDF49-03C6-4412-AC1B-2C1A84CD1A44}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{C87B6DD0-5C05-452E-B520-B02240D4689E}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{0F7BFD69-2E67-4880-A605-EFB3B3CA7406}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{A5E44059-A98F-4B3F-8C96-EB1692A255C5}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{6B7A3145-92E4-436A-9C84-4984A38B5CF2}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{58C96ACE-AF30-45E7-989E-2EE2E4AFF3C5}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{A97D0CC9-DC45-4A65-B77A-A8DC32C7826A}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{135E5625-21F4-4A9A-8702-824296D7B25A}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{F09954DE-D0FC-4619-AE10-7F7F2F209034}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{06F58E91-3594-4AFC-A48C-5493161EF53A}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{600E4952-44ED-457E-877E-76F94D24BE12}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{E50C9859-DA66-4946-8F3E-AF79D6EC0ECC}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{50888DFA-E021-4D21-8B9B-94013AC7D6D4}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{D2D4BC28-378B-4B22-863D-7E3CAD7C4D9B}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{376449CF-E961-46D0-82BD-BFBAD16E31DB}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{EBABB3EE-63A1-48F8-AAB2-B07678C9935D}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{9FEA3BB5-D4CE-46ED-8F07-3C4C04E0E982}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{52F4EE25-83E6-46CB-81E7-3748B880EE4E}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{FE0C280E-4BD1-47D7-828E-E31A43C052BE}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{1D6DCA41-4C9A-437B-9A9A-A642D3E631DC}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{F61171A1-0BE6-4383-AF32-A7DB079E0EB8}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{A77156A0-3B2C-4147-9688-F799AC711E58}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{900C85C7-A25E-4A4A-A42A-0BCA8C7CABBC}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{8F3E83F2-3031-42AE-B078-DEADC711267D}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{E23F7093-DEA4-45D5-AC24-EB77AFC71395}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{FD231EEB-651F-44CB-A52C-A81FF7F56843}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{FCDECADA-1CD7-4F8F-B1DC-596302449BB4}] => (Allow) C:\Program Files\wejs\jsinjector.exe FirewallRules: [{01F21B66-8175-4148-A653-A41D61FB6DC0}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{79725B3D-FB13-4E34-8988-468C8E517C9C}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{376BD483-007B-4487-83E5-095CD4181804}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{9A022A35-0FCE-4BE1-89B9-5300E1563145}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{0845B9E1-C32B-4591-B3DE-B752D9DEF0F0}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{DD3BF964-B54B-44A8-888A-947B86EEC449}] => (Allow) C:\Users\shobit\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{4F0EC76B-E6D3-40BB-8B8F-19FE8895A921}] => (Allow) C:\Users\shobit\AppData\Local\Temp\is-7BQSR.tmp\download\MiniThunderPlatform.exe FirewallRules: [{2C2E0B33-7839-42CA-AF4E-DD6BBEED0F05}] => (Allow) C:\ProgramData\Guntony\protect\protect.exe ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: TsNetHlp.sys Description: TsNetHlp.sys Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: tsnethlp Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: softaal Description: softaal Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: softaal Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: SRepairDrv Description: SRepairDrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: SRepairDrv Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: tencent QMUdisk Description: tencent QMUdisk Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: QMUdisk Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (09/26/2016 07:36:30 PM) (Source: ESENT) (EventID: 413) (User: ) Description: Windows (6348) Windows: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -529. Error: (09/26/2016 07:36:30 PM) (Source: ESENT) (EventID: 429) (User: ) Description: Windows (6348) Windows: The database engine log disk is full. Deleting logfiles to recover disk space may make your database unstartable if the database file(s) are not in a Clean Shutdown state. Numbered logfiles may be moved, but not deleted, if and only if the database file(s) are in a Clean Shutdown state. Do not move C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log. Error: (09/26/2016 07:36:30 PM) (Source: ESENT) (EventID: 428) (User: ) Description: Windows (6348) Windows: The database engine is rejecting update operations due to low free disk space on the log disk. Error: (09/26/2016 07:36:20 PM) (Source: ESENT) (EventID: 413) (User: ) Description: Windows (4944) Windows: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -529. Error: (09/26/2016 07:36:20 PM) (Source: ESENT) (EventID: 429) (User: ) Description: Windows (4944) Windows: The database engine log disk is full. Deleting logfiles to recover disk space may make your database unstartable if the database file(s) are not in a Clean Shutdown state. Numbered logfiles may be moved, but not deleted, if and only if the database file(s) are in a Clean Shutdown state. Do not move C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log. Error: (09/26/2016 07:36:20 PM) (Source: ESENT) (EventID: 428) (User: ) Description: Windows (4944) Windows: The database engine is rejecting update operations due to low free disk space on the log disk. Error: (09/26/2016 07:26:35 PM) (Source: ESENT) (EventID: 428) (User: ) Description: Windows (3764) Windows: The database engine is rejecting update operations due to low free disk space on the log disk. Error: (09/26/2016 07:26:31 PM) (Source: ESENT) (EventID: 428) (User: ) Description: Windows (5664) Windows: The database engine is rejecting update operations due to low free disk space on the log disk. Error: (09/26/2016 07:26:12 PM) (Source: ESENT) (EventID: 482) (User: ) Description: Windows (5068) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log" at offset 0 (0x0000000000000000) for 1048576 (0x00100000) bytes failed after 0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup. Error: (09/26/2016 07:25:48 PM) (Source: ESENT) (EventID: 482) (User: ) Description: Windows (4196) Windows: An attempt to write to the file "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb" at offset 1507328 (0x0000000000170000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup. System errors: ============= Error: (09/26/2016 07:40:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 107 time(s). Error: (09/26/2016 07:40:28 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-2147218037. Error: (09/26/2016 07:40:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 106 time(s). Error: (09/26/2016 07:40:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-2147218037. Error: (09/26/2016 07:40:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 105 time(s). Error: (09/26/2016 07:40:26 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-2147218037. Error: (09/26/2016 07:40:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 104 time(s). Error: (09/26/2016 07:40:24 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-2147218037. Error: (09/26/2016 07:40:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 103 time(s). Error: (09/26/2016 07:40:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The Windows Search service terminated with service-specific error %%-2147218037. CodeIntegrity: =================================== Date: 2016-06-26 13:47:35.583 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard32.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz Percentage of memory in use: 47% Total physical RAM: 2936.93 MB Available physical RAM: 1534.78 MB Total Virtual: 5872.17 MB Available Virtual: 4575.32 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:14.9 GB) (Free:0 GB) NTFS Drive d: () (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS Drive e: (eMachines) (Fixed) (Total:282.99 GB) (Free:171.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7D5EAD65) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=100 MB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=283 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.