Good morning. I am Tensa. Yesterday, I downloaded a hollywood movie. It was a zip file. I opened it. It asked for a password to play it. In another page it said you can get password from this link. I opened that link but, no password I got. May be it was a malware. From that moment on it is draining my internet bandwidth so badly. I scanned my pc with malware bytes anti malware nothing has changed. Please, help me to solve this problem. Here is log.
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2017/09/02 10:44:19 +0530</date>
<logfile>mbam-log-2017-09-02 (10-44-18).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.2.1.1043</version>
<malware-database>v2017.07.31.01</malware-database>
<rootkit-database>v2017.05.27.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<hostname>MADHAVA</hostname>
<ip>172.28.32.61</ip>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x86</arch>
<username>naresh</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>275816</objects>
<time>1072</time>
<processes>0</processes>
<modules>1</modules>
<keys>16</keys>
<values>2</values>
<datas>0</datas>
<folders>0</folders>
<files>3</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>enabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<module><path>C:\ProgramData\Microsoft\Performance\TheftProtection\TheftProtection.dll</path><vendor>Trojan.SathurBot</vendor><action>delete-on-reboot</action><hash>319c7fed9316ab8b59f7f9eb649da45c</hash></module>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>21ac4824beeb96a03507b68490703cc4</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d901e4ef5b45dd98162f835c23e16ea</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d901e4ef5b45dd98162f835c23e16ea</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d901e4ef5b45dd98162f835c23e16ea</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d901e4ef5b45dd98162f835c23e16ea</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d901e4ef5b45dd98162f835c23e16ea</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d901e4ef5b45dd98162f835c23e16ea</hash></key>
<key><path>HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d901e4ef5b45dd98162f835c23e16ea</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{3B5B973C-92A4-4855-9D3F-0F3D23332208}</path><vendor>Trojan.SathurBot</vendor><action>success</action><hash>319c7fed9316ab8b59f7f9eb649da45c</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>2aa3a5c7a405f442e3f8d4567d83f40c</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>15b83f2d7f2ab77f789b62c8d729d927</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>7756beaebeebaf87c9a5a398629e8a76</hash></key>
<key><path>HKLM\SOFTWARE\REIMAGE\Reimage Repair</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>5e6fc6a6d9d0fd39328bbe8307f9728e</hash></key>
<key><path>HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\Reimage</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>3d900e5e4564c07626e384d7f60a748c</hash></key>
<key><path>HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief.</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>814c3636a40573c3d77bc175c9378b75</hash></key>
<key><path>HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\REIMAGE\PC REPAIR</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>517c45270d9c48ee9dfa2c01946c9f61</hash></key>
<value><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}\1.0</path><valuename></valuename><vendor>PUP.Optional.Reimage</vendor><action>success</action><valuedata>REI_AxControl 1.0 Type Library</valuedata><hash>7756beaebeebaf87c9a5a398629e8a76</hash></value>
<value><path>HKU\S-1-5-21-2309560818-624024024-290004726-1000\SOFTWARE\REIMAGE\PC REPAIR</path><valuename>QuitMessage</valuename><vendor>PUP.Optional.Reimage</vendor><action>success</action><valuedata> </valuedata><hash>517c45270d9c48ee9dfa2c01946c9f61</hash></value>
<file><path>C:\ProgramData\Microsoft\Performance\TheftProtection\TheftProtection.dll</path><vendor>Trojan.SathurBot</vendor><action>delete-on-reboot</action><hash>319c7fed9316ab8b59f7f9eb649da45c</hash></file>
<file><path>C:\Users\naresh\AppData\Local\Temp\amipixel.cfg</path><vendor>PUP.Optional.Amonetize</vendor><action>success</action><hash>10bd6705c6e344f23dd4df0944be09f7</hash></file>
<file><path>C:\Windows\Reimage.ini</path><vendor>PUP.Optional.Reimage</vendor><action>success</action><hash>1faea4c86d3caf870f3d0576926f1be5</hash></file>
</items>
</mbam-log>
Edited by Al1000, 02 September 2017 - 04:25 AM.
moved from Web Browsing/Email and Other Internet Applications