KNCTR invade my computer

gib65 · Jan 5, 2016

Hello,

I recent incurred a very nasty virus called KNCTR and I need help removing it.

I've been through this process before and I typically go through the following steps:

1) Run rkill

2) Run MalwareBytes

3) Run Herd Protect

4) Run AdwCleaner

5) Run SuperAntiSpyware

I always make sure I'm running the most up-to-date versions of these.

This time around, however, things aren't working quite so smoothly.

First of all, rkill doesn't seem to be able to stop the virus from running. I try to run it as soon as possible after my machine boots up, but the malware still gets through.

Second, one of the things the malware does is it brings up an interface that hogs the whole monitor so that even if I am running any of the above anti-malware, I can't get to it. I can't move the walware interface, I can't close it, I can't kill it through task manager (task manager ends up behind it like everything else I try to run). The only way around it is to hook up another monitor and try to get the programs I want to run (like the anti-malware above) on the second monitor.

Third, another way around all this is to run my computer in safe mode with networking. This seems to prevent any malware from running and I can get MalwareBytes to do a full scan successfully, but then when it comes Herd Protect, it doesn't seem to be able to run due to problems connecting to the internet (yes, even with networking enabled).

So I ran MalwareBytes in safe mode, got it to remove all the threats it found, rebooted in normal mode, ran Herd Protect on my second monitor (in the midst of all the malware running), got it to remove a bunch of malware, then rebooted my machine.

The problem is still there though.

Can anyone help me fix this problem? Thanks very much.

johnb35 · Jan 5, 2016

What OS are you running? Have went into the programs list to see if its listed and uninstall it? Please run the following programs and post the logs.

1.

Please download Junkware Removal Tool to your desktop.

•Shutdown your antivirus to avoid any conflicts.
•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Post the contents of JRT.txt in your next message.

2.

Download OTL to your Desktop

•Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
•Click on Minimal Output at the top
•Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
◦When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Just post the OTL.txt file in your reply.

gib65 · Jan 6, 2016

Thanks for the reply,

I seems like it was a false alarm. The KNCTR application seems to be the ONLY thing left behind, and that was easily removed by going into programs and uninstalling it. Other than that MBAM and Herd Protect seemed to do a pretty good job.

But I ran JRT and OTL anyway just for good measure. Here are their logs:

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by Gibran (Administrator) on 2016-01-05 at 16:42:48.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 6

Successfully deleted: C:\ProgramData\28341ff220e0446c9fff27c4493d622e (Folder)
Successfully deleted: C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage-journal (File)
Successfully deleted: C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_lyrics.wikia.com_0.localstorage (File)
Successfully deleted: C:\Users\Gibran\Appdata\LocalLow\company (Folder)
Successfully deleted: C:\Users\Gibran\Start Menu\Programs\help.lnk (Shortcut)
Successfully deleted: C:\Users\Gibran\Start Menu\Programs\uninstall.lnk (Shortcut)

Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5695DD71-80A0-4CE5-BD71-103555AD0874} (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016-01-05 at 16:46:07.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL:

OTL logfile created on: 2016-01-05 5:37:44 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\anti-virus
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.10586.0)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

7.92 Gb Total Physical Memory | 6.47 Gb Available Physical Memory | 81.68% Memory free
8.42 Gb Paging File | 7.05 Gb Available in Paging File | 83.76% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.54 Gb Total Space | 812.66 Gb Free Space | 88.86% Space Free | Partition Type: NTFS
Drive D: | 14.91 Gb Total Space | 3.95 Gb Free Space | 26.51% Space Free | Partition Type: FAT32

Computer Name: GIBRANSCOMPUTER | User Name: Gibran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - D:\anti-virus\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe ()
PRC - C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Acer Cloud Technology)
PRC - C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Intel Corporation)
PRC - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
PRC - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe ()
MOD - C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (UserManager) -- C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc) -- C:\Windows\SysNative\Unistore.dll (Microsoft Corporation)
SRV:64bit: - (XblAuthManager) -- C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)
SRV:64bit: - (SensorService) -- C:\Windows\SysNative\SensorService.dll (Microsoft Corporation)
SRV:64bit: - (icssvc) -- C:\Windows\SysNative\tetheringservice.dll (Microsoft Corporation)
SRV:64bit: - (tzautoupdate) -- C:\Windows\SysNative\tzautoupdate.dll (Microsoft Corporation)
SRV:64bit: - (XboxNetApiSvc) -- C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
SRV:64bit: - (MapsBroker) -- C:\Windows\SysNative\moshost.dll (Microsoft Corporation)
SRV:64bit: - (NetSetupSvc) -- C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (RetailDemo) -- C:\Windows\SysNative\RDXService.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (WalletService) -- C:\Windows\SysNative\WalletService.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (SensorDataService) -- C:\Windows\SysNative\SensorDataService.exe (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (DiagTrack) -- C:\Windows\SysNative\diagtrack.dll (Microsoft Corporation)
SRV:64bit: - (UserDataSvc) -- C:\Windows\SysNative\UserDataService.dll (Microsoft Corporation)
SRV:64bit: - (XblGameSave) -- C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
SRV:64bit: - (NgcSvc) -- C:\Windows\SysNative\ngcsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (tiledatamodelsvc) -- C:\Windows\SysNative\tileobjserver.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (NgcCtnrSvc) -- C:\Windows\SysNative\NgcCtnrSvc.dll (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc) -- C:\Windows\SysNative\PimIndexMaintenance.dll (Microsoft Corporation)
SRV:64bit: - (WpnService) -- C:\Windows\SysNative\wpnservice.dll (Microsoft Corporation)
SRV:64bit: - (DevQueryBroker) -- C:\Windows\SysNative\DevQueryBroker.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation)
SRV:64bit: - (LicenseManager) -- C:\Windows\SysNative\LicenseManagerSvc.dll (Microsoft Corporation)
SRV:64bit: - (StateRepository) -- C:\Windows\SysNative\Windows.StateRepository.dll (Microsoft Corporation)
SRV:64bit: - (embeddedmode) -- C:\Windows\SysNative\embeddedmodesvc.dll (Microsoft Corporation)
SRV:64bit: - (AJRouter) -- C:\Windows\SysNative\AJRouter.dll (Microsoft Corporation)
SRV:64bit: - (CoreMessagingRegistrar) -- C:\Windows\SysNative\CoreMessaging.dll (Microsoft Corporation)
SRV:64bit: - (CDPSvc) -- C:\Windows\SysNative\cdpsvc.dll (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (DoSvc) -- C:\Windows\SysNative\dosvc.dll (Microsoft Corporation)
SRV:64bit: - (UsoSvc) -- C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (ClipSVC) -- C:\Windows\SysNative\ClipSVC.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (diagnosticshub.standardcollector.service) -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc) -- C:\Windows\SysNative\APHostService.dll (Microsoft Corporation)
SRV:64bit: - (DsSvc) -- C:\Windows\SysNative\dssvc.dll (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_47b79) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_3d43c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_3a6ad) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_38115) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UserDataSvc_30fce) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_47b79) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_3d43c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_3a6ad) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_38115) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (UnistoreSvc_30fce) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_47b79) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_3d43c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_3a6ad) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_38115) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (PimIndexMaintenanceSvc_30fce) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_47b79) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_3d43c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_3a6ad) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_38115) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (OneSyncSvc_30fce) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_47b79) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_3d43c) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_3a6ad) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_38115) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (MessagingService_30fce) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (TieringEngineService) -- C:\Windows\SysNative\TieringEngineService.exe (Microsoft Corporation)
SRV:64bit: - (DcpSvc) -- C:\Windows\SysNative\dcpsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (EntAppSvc) -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (DmEnrollmentSvc) -- C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
SRV:64bit: - (dmwappushservice) -- C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation)
SRV:64bit: - (MessagingService) -- C:\Windows\SysNative\MessagingService.dll (Microsoft Corporation)
SRV:64bit: - (SmsRouter) -- C:\Windows\SysNative\SmsRouterSvc.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (PhoneSvc) -- C:\Windows\SysNative\PhoneService.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvmsession) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation)
SRV:64bit: - (igfxCUIService2.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation)
SRV:64bit: - (LMSvc) -- C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe (Acer Incorporate)
SRV:64bit: - (RMSvc) -- C:\Program Files\Acer\Acer Quick Access\RMSvc.exe (Acer Incorporate)
SRV:64bit: - (QASvc) -- C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporate)
SRV:64bit: - (VsEtwService120) -- C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated)
SRV:64bit: - (UEIPSvc) -- C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe (acer)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation)
SRV - (UnistoreSvc) -- C:\Windows\SysWOW64\Unistore.dll (Microsoft Corporation)
SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe (Acer Incorporated)
SRV - (StateRepository) -- C:\Windows\SysWOW64\Windows.StateRepository.dll (Microsoft Corporation)
SRV - (lfsvc) -- C:\Windows\SysWOW64\lfsvc.dll (Microsoft Corporation)
SRV - (CoreMessagingRegistrar) -- C:\Windows\SysWOW64\CoreMessaging.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (DmEnrollmentSvc) -- C:\Windows\SysWOW64\Windows.Internal.Management.dll (Microsoft Corporation)
SRV - (PrintNotify) -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (iBtSiva) -- C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe (Intel Corporation)
SRV - (GamesAppIntegrationService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (WildTangent)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (fussvc) -- C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe (Microsoft Corporation)
SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (OpenVPNAccessClient) -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (CapImg) -- C:\Windows\SysNative\drivers\capimg.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (ReFSv1) -- C:\WINDOWS\SysNative\drivers\refsv1.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRT) -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys (Microsoft Corporation)
DRV:64bit: - (storqosflt) -- C:\Windows\SysNative\drivers\storqosflt.sys (Microsoft Corporation)
DRV:64bit: - (UcmCx0101) -- C:\Windows\SysNative\drivers\UcmCx.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (IoQos) -- C:\Windows\SysNative\drivers\ioqos.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (MMCSS) -- C:\Windows\SysNative\drivers\mmcss.sys (Microsoft Corporation)
DRV:64bit: - (Ufx01000) -- C:\Windows\SysNative\drivers\ufx01000.sys (Microsoft Corporation)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (UrsCx01000) -- C:\Windows\SysNative\drivers\urscx01000.sys (Microsoft Corporation)
DRV:64bit: - (cnghwassist) -- C:\Windows\SysNative\drivers\cnghwassist.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (Wof) -- C:\WINDOWS\SysNative\drivers\wof.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (GpuEnergyDrv) -- C:\Windows\SysNative\drivers\gpuenergydrv.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (wdiwifi) -- C:\Windows\SysNative\drivers\WdiWiFi.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (Ucx01000) -- C:\Windows\SysNative\drivers\Ucx01000.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (FileCrypt) -- C:\Windows\SysNative\drivers\filecrypt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbflt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (UdeCx) -- C:\Windows\SysNative\drivers\Udecx.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (vhf) -- C:\Windows\SysNative\drivers\vhf.sys (Microsoft Corporation)
DRV:64bit: - (WindowsTrustedRTProxy) -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (UrsChipidea) -- C:\Windows\SysNative\drivers\urschipidea.sys (Microsoft Corporation)
DRV:64bit: - (UrsSynopsys) -- C:\Windows\SysNative\drivers\urssynopsys.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (mlx4_bus) -- C:\Windows\SysNative\drivers\mlx4_bus.sys (Mellanox)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (ibbus) -- C:\Windows\SysNative\drivers\ibbus.sys (Mellanox)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (ufxsynopsys) -- C:\Windows\SysNative\drivers\ufxsynopsys.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2i) -- C:\Windows\SysNative\drivers\lsi_sas2i.sys (LSI Corporation)
DRV:64bit: - (LSI_SAS3i) -- C:\Windows\SysNative\drivers\lsi_sas3i.sys (Avago Technologies)
DRV:64bit: - (UfxChipidea) -- C:\Windows\SysNative\drivers\UfxChipidea.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (ndfltr) -- C:\Windows\SysNative\drivers\ndfltr.sys (Mellanox)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (WinVerbs) -- C:\Windows\SysNative\drivers\winverbs.sys (Mellanox)
DRV:64bit: - (percsas3i) -- C:\Windows\SysNative\drivers\percsas3i.sys (Avago Technologies)
DRV:64bit: - (percsas2i) -- C:\Windows\SysNative\drivers\percsas2i.sys (LSI Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (UcmUcsi) -- C:\Windows\SysNative\drivers\UcmUcsi.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (storufs) -- C:\Windows\SysNative\drivers\storufs.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (WinMad) -- C:\Windows\SysNative\drivers\winmad.sys (Mellanox)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (QLogic Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (xboxgip) -- C:\Windows\SysNative\drivers\xboxgip.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (hidinterrupt) -- C:\Windows\SysNative\drivers\hidinterrupt.sys (Microsoft Corporation)
DRV:64bit: - (buttonconverter) -- C:\Windows\SysNative\drivers\buttonconverter.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (xinputhid) -- C:\Windows\SysNative\drivers\xinputhid.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (genericusbfn) -- C:\Windows\SysNative\drivers\genericusbfn.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (bcmfn) -- C:\Windows\SysNative\drivers\bcmfn.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNb64) -- C:\Windows\SysNative\drivers\Netwbw02.sys (Intel Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSS2i_I2C) -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys (Intel Corporation)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (iai2c) -- C:\Windows\SysNative\drivers\iai2c.sys (Intel(R) Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes)
DRV:64bit: - (rt640x64) -- C:\Windows\SysNative\drivers\rt640x64.sys (Realtek )
DRV:64bit: - (ibtusb) -- C:\Windows\SysNative\drivers\ibtusb.sys (Intel Corporation)
DRV:64bit: - (RTSPER) -- C:\Windows\SysNative\drivers\RtsPer.sys (Realsil Semiconductor Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (TotRec8) -- C:\Windows\SysNative\drivers\TotRec8.sys (High Criteria inc.)
DRV:64bit: - (SynRMIHID) -- C:\Windows\SysNative\drivers\SynRMIHID.sys (Synaptics Incorporated)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (LMDriver) -- C:\Windows\SysNative\drivers\LMDriver.sys (Acer Incorporated)
DRV:64bit: - (RadioShim) -- C:\Windows\SysNative\drivers\RadioShim.sys (Acer Incorporated)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (tapoas) -- C:\Windows\SysNative\drivers\tapoas.sys (The OpenVPN Project)
DRV - (CompositeBus) -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {5695DD71-80A0-4CE5-BD71-103555AD0874}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{5695DD71-80A0-4CE5-BD71-103555AD0874}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB
IE:64bit: - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = http://ca.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {5695DD71-80A0-4CE5-BD71-103555AD0874}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5695DD71-80A0-4CE5-BD71-103555AD0874}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ACJB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {EC178B55-0180-11E5-8265-F0761C7B7A61}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-09-11 19:07:35 | 000,000,000 | ---D | M]

[2015-05-10 12:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gibran\AppData\Roaming\mozilla\Extensions
[2015-05-10 12:09:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gibran\AppData\Roaming\mozilla\Extensions\net.openvpn.client

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.9.4_0\
CHR - Extension: No name found = C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\15.1.0.1_0\
CHR - Extension: No name found = C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\
CHR - Extension: No name found = C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl\2015.1216.418.1_0\
CHR - Extension: No name found = C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\
CHR - Extension: No name found = C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch\3.5_0\
CHR - Extension: No name found = C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2016-01-04 22:40:08 | 000,001,183 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 down.baidu2016.com
O1 - Hosts: 127.0.0.1 123.sogou.com
O1 - Hosts: 127.0.0.1 www.czzsyzgm.com
O1 - Hosts: 127.0.0.1 www.czzsyzxl.com
O1 - Hosts: 127.0.0.1 down.baidu2016.com
O1 - Hosts: 127.0.0.1 123.sogou.com
O1 - Hosts: 127.0.0.1 www.czzsyzgm.com
O1 - Hosts: 127.0.0.1 www.czzsyzxl.com
O2 - BHO: (Adobe Acrobat Create PDF Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [OneDrive] C:\Users\Gibran\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{f4cd5381-ca0c-45b3-9ee5-1e6bb5a7f2c3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2016-01-05 12:12:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2016-01-05 08:48:07 | 002,032,072 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Gibran\Desktop\rkill-1.com
[2016-01-04 22:50:16 | 000,000,000 | ---D | C] -- C:\Users\Gibran\Desktop\viruses
[2016-01-04 22:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pandaje Technical Services
[2016-01-04 22:45:09 | 000,000,000 | ---D | C] -- C:\uninst
[2016-01-04 22:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Support for Looksafe
[2016-01-04 22:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Program
[2015-12-19 09:26:42 | 000,000,000 | ---D | C] -- C:\Users\Gibran\Desktop\temp2
[2015-12-16 22:19:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SleepStudy
[2015-12-15 21:30:42 | 000,000,000 | ---D | C] -- C:\Users\Gibran\AppData\Local\ActiveSync
[2015-12-15 21:30:03 | 000,000,000 | -HSD | C] -- C:\Recovery
[2015-12-15 21:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2015-12-15 21:27:04 | 000,000,000 | ---D | C] -- C:\Windows.old
[2015-12-15 21:26:05 | 000,264,192 | ---- | C] (Nokia) -- C:\WINDOWS\SysNative\NmaDirect.dll
[2015-12-15 21:26:05 | 000,205,824 | ---- | C] (Nokia) -- C:\WINDOWS\SysWow64\NmaDirect.dll
[2015-12-15 21:23:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\Microsoft
[2015-12-15 21:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2015-12-15 21:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2015-12-15 21:20:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2015-12-15 21:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2015-12-15 21:17:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2015-12-15 21:17:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2015-12-15 21:17:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2015-12-15 21:17:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2015-12-15 21:17:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2015-12-15 20:39:47 | 000,000,000 | --SD | C] -- C:\Users\Gibran\AppData\Roaming\Microsoft
[2015-12-15 20:39:47 | 000,000,000 | R-SD | C] -- C:\Users\Gibran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[2015-12-15 20:39:47 | 000,000,000 | R--D | C] -- C:\Users\Gibran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2015-12-15 20:39:47 | 000,000,000 | R--D | C] -- C:\Users\Gibran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2015-12-15 20:39:47 | 000,000,000 | R--D | C] -- C:\Users\Gibran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\AppData\Local\Temporary Internet Files
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\Templates
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\Start Menu
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\SendTo
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\Recent
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\PrintHood
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\NetHood
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\Documents\My Videos
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\Documents\My Pictures
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\Documents\My Music
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\My Documents
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\Local Settings
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\AppData\Local\History
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\Cookies
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\Application Data
[2015-12-15 20:39:47 | 000,000,000 | -HSD | C] -- C:\Users\Gibran\AppData\Local\Application Data
[2015-12-15 20:39:47 | 000,000,000 | -H-D | C] -- C:\Users\Gibran\AppData
[2015-12-15 20:39:47 | 000,000,000 | ---D | C] -- C:\Users\Gibran\AppData\Local\Temp
[2015-12-15 20:39:47 | 000,000,000 | ---D | C] -- C:\Users\Gibran\AppData\Local\Microsoft
[2015-12-15 20:39:47 | 000,000,000 | ---D | C] -- C:\Users\Gibran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2015-12-15 20:35:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\sda
[2015-12-15 20:35:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2015-12-15 20:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2015-12-15 20:35:17 | 000,105,472 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.DLL
[2015-12-15 20:35:17 | 000,099,856 | ---- | C] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.DLL
[2015-12-15 20:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2015-12-15 20:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2015-12-15 20:31:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2015-12-15 18:51:35 | 000,000,000 | ---D | C] -- C:\Users\Gibran\Documents\Outlook Files
[2015-12-14 20:26:54 | 000,000,000 | ---D | C] -- C:\Users\Gibran\Desktop\images for portfolio
[2015-12-10 17:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BookWright
[2 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2016-01-05 17:34:38 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2016-01-05 16:54:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2016-01-05 14:12:51 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2016-01-05 14:01:08 | 000,972,104 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2016-01-05 14:01:08 | 000,813,336 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2016-01-05 14:01:08 | 000,168,878 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2016-01-05 13:56:54 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2016-01-05 13:56:51 | 3400,040,448 | -HS- | M] () -- C:\hiberfil.sys
[2016-01-05 12:12:36 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2016-01-05 10:54:21 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2016-01-05 09:33:17 | 000,002,364 | ---- | M] () -- C:\Users\Gibran\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2016-01-05 09:23:06 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\herdProtect.lnk
[2016-01-05 09:04:37 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2016-01-04 22:49:24 | 002,039,504 | ---- | M] () -- C:\Users\Gibran\Desktop\viruses.png
[2016-01-04 22:45:26 | 000,001,014 | ---- | M] () -- C:\ProgramData\JunkCleaner.lnk
[2016-01-04 22:40:08 | 000,001,183 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hp.bak
[2016-01-04 22:40:08 | 000,001,183 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2016-01-04 21:33:48 | 000,690,147 | ---- | M] () -- C:\Users\Gibran\Desktop\Dec-2015-Newsletter-Web-Version.pdf
[2016-01-03 18:49:49 | 000,002,332 | -H-- | M] () -- C:\Users\Gibran\Documents\Default.rdp
[2015-12-26 20:34:32 | 000,001,420 | ---- | M] () -- C:\Users\Gibran\Desktop\Compressed (zipped) folder.lnk
[2015-12-26 20:23:57 | 000,372,776 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015-12-16 20:55:06 | 000,002,264 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015-12-15 21:26:05 | 002,653,816 | ---- | M] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
[2015-12-15 21:26:05 | 001,859,448 | ---- | M] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2015-12-15 21:26:05 | 000,264,192 | ---- | M] (Nokia) -- C:\WINDOWS\SysNative\NmaDirect.dll
[2015-12-15 21:26:05 | 000,205,824 | ---- | M] (Nokia) -- C:\WINDOWS\SysWow64\NmaDirect.dll
[2015-12-15 21:16:49 | 000,019,053 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2015-12-15 21:16:49 | 000,019,053 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2015-12-15 21:10:33 | 000,022,840 | ---- | M] () -- C:\WINDOWS\SysNative\emptyregdb.dat
[2015-12-15 20:39:14 | 000,929,278 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015-12-15 20:35:41 | 000,000,000 | -H-- | M] () -- C:\ProgramData\DP45977C.lfl
[2015-12-15 20:35:22 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf
[2015-12-15 20:35:21 | 000,000,200 | ---- | M] () -- C:\WINDOWS\SysNative\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
[2015-12-15 20:34:17 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2015-12-15 18:55:57 | 000,002,058 | ---- | M] () -- C:\Users\Public\Desktop\abMedia.lnk
[2015-12-15 18:51:40 | 000,001,212 | ---- | M] () -- C:\Users\Gibran\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2015-12-10 19:08:48 | 000,006,154 | ---- | M] () -- C:\Users\Gibran\AppData\Local\recently-used.xbel
[2 C:\WINDOWS\SysNative\drivers\*.tmp files -> C:\WINDOWS\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2016-01-05 12:12:36 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2016-01-04 22:49:24 | 002,039,504 | ---- | C] () -- C:\Users\Gibran\Desktop\viruses.png
[2016-01-04 22:45:26 | 000,001,014 | ---- | C] () -- C:\ProgramData\JunkCleaner.lnk
[2016-01-04 21:35:02 | 000,690,147 | ---- | C] () -- C:\Users\Gibran\Desktop\Dec-2015-Newsletter-Web-Version.pdf
[2015-12-26 20:33:49 | 000,001,420 | ---- | C] () -- C:\Users\Gibran\Desktop\Compressed (zipped) folder.lnk
[2015-12-15 21:29:52 | 000,036,746 | ---- | C] () -- C:\WINDOWS\SysWow64\license.rtf
[2015-12-15 21:29:52 | 000,036,746 | ---- | C] () -- C:\WINDOWS\SysNative\license.rtf
[2015-12-15 21:26:05 | 002,653,816 | ---- | C] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
[2015-12-15 21:26:05 | 001,859,448 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2015-12-15 21:03:52 | 3400,040,448 | -HS- | C] () -- C:\hiberfil.sys
[2015-12-15 21:00:19 | 000,001,576 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2015-12-15 20:39:47 | 000,000,352 | ---- | C] () -- C:\Users\Gibran\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2015-12-15 20:39:47 | 000,000,334 | ---- | C] () -- C:\Users\Gibran\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2015-12-15 20:39:18 | 000,972,104 | ---- | C] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2015-12-15 20:39:14 | 000,929,278 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2015-12-15 20:35:41 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2015-12-15 20:35:22 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf
[2015-12-15 20:35:21 | 000,000,200 | ---- | C] () -- C:\WINDOWS\SysNative\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
[2015-12-15 20:34:17 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
[2015-12-15 20:32:28 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2015-12-15 20:31:00 | 000,372,776 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2015-12-15 18:55:57 | 000,002,058 | ---- | C] () -- C:\Users\Public\Desktop\abMedia.lnk
[2015-12-15 18:51:40 | 000,001,212 | ---- | C] () -- C:\Users\Gibran\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2015-12-10 19:08:48 | 000,006,154 | ---- | C] () -- C:\Users\Gibran\AppData\Local\recently-used.xbel
[2015-10-30 00:24:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2015-10-30 00:24:43 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2015-10-30 00:18:39 | 000,164,224 | ---- | C] () -- C:\WINDOWS\SysWow64\weretw.dll
[2015-10-30 00:18:36 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2015-10-30 00:18:36 | 000,047,104 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2015-10-30 00:18:34 | 000,157,696 | ---- | C] () -- C:\WINDOWS\SysWow64\MTF.dll
[2015-10-30 00:18:34 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2015-10-30 00:18:31 | 000,252,928 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2015-10-30 00:18:31 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\dtdump.exe
[2015-10-30 00:18:29 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2015-10-30 00:18:29 | 000,293,376 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2015-10-30 00:18:26 | 000,022,528 | ---- | C] () -- C:\WINDOWS\SysWow64\efsext.dll
[2015-10-30 00:18:25 | 000,002,269 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2015-10-30 00:18:23 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2015-10-30 00:17:40 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

========== ZeroAccess Check ==========

[2016-01-04 22:36:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2015-10-30 00:17:59 | 006,601,408 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2015-10-30 00:18:31 | 005,237,336 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2015-10-30 00:17:43 | 000,987,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2015-10-30 00:18:21 | 000,765,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2015-10-30 00:17:45 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015-11-11 01:31:42 | 000,000,000 | ---D | M] -- C:\Users\Gibran\AppData\Roaming\Audacity
[2015-10-04 15:00:49 | 000,000,000 | ---D | M] -- C:\Users\Gibran\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2015-10-13 17:25:07 | 000,000,000 | ---D | M] -- C:\Users\Gibran\AppData\Roaming\Foxit Software
[2015-08-27 20:38:13 | 000,000,000 | ---D | M] -- C:\Users\Gibran\AppData\Roaming\Mp3tag
[2015-12-16 20:37:07 | 000,000,000 | ---D | M] -- C:\Users\Gibran\AppData\Roaming\Notepad++
[2015-08-18 19:38:40 | 000,000,000 | ---D | M] -- C:\Users\Gibran\AppData\Roaming\NuGet
[2015-05-10 12:09:34 | 000,000,000 | ---D | M] -- C:\Users\Gibran\AppData\Roaming\OpenVPN Technologies
[2015-09-12 22:13:29 | 000,000,000 | ---D | M] -- C:\Users\Gibran\AppData\Roaming\Spotify
[2015-07-11 12:20:40 | 000,000,000 | ---D | M] -- C:\Users\Gibran\AppData\Roaming\TotalRecorder

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Gibran\OneDrive:ms-properties
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:C39E55C5

< End of report >

Do you see anything suspicious?

johnb35 · Jan 6, 2016

Rerun OTL but this time copy and paste the contents of the codebox below into the custom scans/fixes box at the bottom and then click on run fix button up top.

Code:

:OTL
PRC - File not found
O4 - HKLM..\Run: [] File not found
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:C39E55C5

:commands

[emptytemp]
[resethosts]
[reboot]

The system will reboot. Please post the log that it produces.

gib65 · Jan 6, 2016

Well, I ran OTL one more time (Quick Scan), then posted the contents of the codebox above (verbatim) into the custome scans/fixes box, and then clicked run fix. I let it run for a good long while but it seems to freeze up (it says Not Responding in the title bar). How long is it supposed to take?

On another note, I've noticed that since the virus clean up, a few of my programs won't start anymore. For example, Calculator, certain PDF redears, etc. It gives a message like the one attached.

Is it possible that the fix we are trying to run with OTL will fix this too?

johnb35 · Jan 6, 2016

Ok, Try this one instead. I havce a feeling its freezing on the first entry.

Code:

:OTL

O4 - HKLM..\Run: [] File not found
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:C39E55C5

:commands

[emptytemp]
[resethosts]
[reboot]

I'm not sure whats going on with your programs.

gib65 · Jan 7, 2016

OK, here's the log:

Code:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
ADS C:\ProgramData\Temp:C39E55C5 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default.migrated

User: Gibran
->Temp folder emptied: 434272327 bytes
->Temporary Internet Files folder emptied: 28188698 bytes
->Google Chrome cache emptied: 348494116 bytes
->Flash cache emptied: 10402 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65233988 bytes
RecycleBin emptied: 4993061005 bytes

Total Files Cleaned = 5,597.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 01062016_171548

Files\Folders moved on Reboot...
File\Folder C:\Users\Gibran\AppData\Local\Temp\etilqs_BT7E0h1ofVOaIJv not found!
File\Folder C:\Users\Gibran\AppData\Local\Temp\etilqs_r6AA7eA7e4zc34T not found!
File\Folder C:\Users\Gibran\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRF{C84E8344-18F0-4735-A378-ECF0FDDCEF0B}.tmp not found!
File\Folder C:\Users\Gibran\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{2132E395-2557-48D0-8405-C78AFAC4BDA5}.tmp not found!
File\Folder C:\Users\Gibran\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{88056886-9A31-4154-878C-AC65AE094201}.tmp not found!
File\Folder C:\Users\Gibran\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{91340726-C0DE-4D81-B1F8-635604C4F369}.tmp not found!
File\Folder C:\Users\Gibran\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{BB23CDF6-3BCC-4855-9FFC-6A5AE3935FE4}.tmp not found!
File\Folder C:\Users\Gibran\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{F57B0F45-81F5-463B-95C6-7306CD8D9142}.tmp not found!
C:\Users\Gibran\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Gibran\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

About the programs that won't start--I'm pretty sure this is caused by some damage left behind by the virus or the virus cleanup. After we're done with OTL, would you mind helping me fix it (maybe guide me in running combofix)? I really do appreciate all the help.

johnb35 · Jan 7, 2016

gib65 said:
would you mind helping me fix it (maybe guide me in running combofix)?

Unfortunately, combofix won't run on windows 10 or 8.1. Now know all the programs you have ran and what they removed, its hard telling what happened. After running what program did this start happening?

gib65 · Jan 7, 2016

johnb35 said:
Unfortunately, combofix won't run on windows 10 or 8.1. Now know all the programs you have ran and what they removed, its hard telling what happened. After running what program did this start happening?

Not sure. I just noticed it after all the mayhem was over.

Punk · Jan 8, 2016

gib65 said:
Not sure. I just noticed it after all the mayhem was over.

What programs are not starting? Have you tried re-installing them?

gib65 · Jan 14, 2016

Sorry for not replying in days. Been busy with a practicum for a potential job.

The programs that won't start are Calculator, IE Edge, Reader (a PDF reader), and a few others I don't recall right now.

I tried running this:

Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"}

which I'm told will reinstall the built-in apps on Windows 10 but it didn't help. I also remember from one of my recent google searches that certain programs (like Calculator) won't reinstall, at least not this way.

I'm also told that I should not be logged in as the built-in administrator and that the OS will not allow certain programs (like IE Edge) to run as the built-in administrator. Don't know how this happened. Don't know if I always was the built-in administrator or something happened in the process of incurring and removing the virus. I log in with the same password though, so that doesn't make any sense to me. I also doubt some of the other symptoms are a result of being logged in as the built-in administrator.

Anyway, will post back if I find a way to fix this.

KNCTR invade my computer

gib65

Member

johnb35

Administrator

gib65

Member

johnb35

Administrator

gib65

Member

Attachments

johnb35

Administrator

gib65

Member

johnb35

Administrator

gib65

Member

Punk

Moderator

gib65

Member