Inactive-A Possible Browser hijacker and malware, interferes with work

Status
Not open for further replies.
K

Kazi

Posts: 120   +0
I am trying to repair this laptop that apparently redirects the browser to unwanted places and the owner's company is blocking this work computer from doing anything through its spam filter, I will post the logs in the next reply
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/28/2014
Scan Time: 5:39:43 PM
Logfile: okay.txt
Administrator: No

Version: 2.00.2.1012
Malware Database: v2014.08.28.06
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: leungb

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370950
Time Elapsed: 4 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16563 BrowserJavaVersion: 10.67.2
Run by leungb at 18:09:03 on 2014-08-28
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.4046.1465 [GMT -7:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Host Intrusion Prevention Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\lsm.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k GPSvcGroup
C:\WINDOWS\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\PureLeads\plsapp.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Program Files (x86)\McAfee\Real Time\rtsc.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\Secunia\CSI Agent\csia.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
C:\Program Files\Websense\Websense Endpoint\wepsvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe
C:\Program Files\Websense\Websense Endpoint\EndPointClassifier.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Websense\Websense Endpoint\FilterSDK\kvoop.exe
C:\Program Files\Websense\Websense Endpoint\FilterSDK\kvoop.exe
C:\Program Files\Websense\Websense Endpoint\FilterSDK\kvoop.exe
C:\Program Files\Websense\Websense Endpoint\FilterSDK\kvoop.exe
C:\Program Files\Websense\Websense Endpoint\FilterSDK\kvoop.exe
C:\Program Files\Websense\Websense Endpoint\FilterSDK\kvoop.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\taskhost.exe
C:\WINDOWS\system32\Dwm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Websense\Websense Endpoint\Dserui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\McAfee\Endpoint Encryption\EpePcMonitor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\PureLeads\PureLeadsTray.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\WINDOWS\CCM\CcmExec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
C:\WINDOWS\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\PureLeads\PureLeads.Service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\CCM\SCNotification.exe
C:\WINDOWS\ccmcache\1z\QTimeReminder.EXE
C:\Users\leungb\AppData\Local\Temp\GLBAEA5.tmp
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\WINDOWS\System32\WUDFHost.exe
C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe
C:\WINDOWS\System32\WUDFHost.exe
C:\WINDOWS\system32\WLANExt.exe
C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://qhome.qualcomm.com/web/qhome/home
uSearch Bar = Preserve
mStart Page = hxxps://www.yahoo.com?fr=hp-avast&type=tdc905
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [GoogleChromeAutoLaunch_ABEC2CECA528678B7CAF40B6E8183AA1] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [Lync] "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mRun: [AgentUiRunKey] "C:\Program Files (x86)\Iron Mountain\Connected BackupPC\Agent.exe" -ni -sss -e http://localhost:16386/
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [PureLeads Tray] "C:\Program Files (x86)\PureLeads\PureLeadsTray.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: DisallowRun = dword:1
uPolicies-DisallowRun: 1 = 1hellbot.exe
uPolicies-DisallowRun: 2 = hellmsn.exe
uPolicies-DisallowRun: 3 = internet.exe
uPolicies-DisallowRun: 4 = rpcsvc.exe
uPolicies-DisallowRun: 5 = starwin32.exe
uPolicies-DisallowRun: 6 = test3.exe
uPolicies-DisallowRun: 7 = wfdmgr.exe
uPolicies-DisallowRun: 8 = wmisg.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: HideSCAHealth = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: legalnoticecaption = DO NOT EXPECT PRIVACY WHEN USING THIS SYSTEM
mPolicies-System: legalnoticetext = You are about to access a Qualcomm e-media system. It is for authorized users only. You should have no expectation of privacy when using this system and may use it only as authorized. To protect Qualcomm's interests, this system and its data may be monitored, intercepted, recorded, read, copied, captured and disclosed, to the fullest extent permitted by law. Use of this system constitutes your consent to these terms.
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: C:\WINDOWS\System32\plsapp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://myvpn.qualcomm.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{C5585E26-D273-4C98-874D-90C61B66ED83} : DHCPNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
LSA: Notification Packages = EpePcNp64 scecli
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [MfeEpePcMonitor] "C:\Program Files\McAfee\Endpoint Encryption\EpePcMonitor.exe"
x64-Run: [EpeFprTrainer] "C:\Program Files\McAfee\Endpoint Encryption\EpeFprTrainer.exe"
x64-Run: [SpywareClearShield] C:\Program Files (x86)\Spyware Clear\SpywareClearShield.exe
x64-Run: [SpywareClearUpdater] C:\Program Files (x86)\Spyware Clear\SpywareClearUpdate.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 192.35.156.91 myvpn.qualcomm.com
Hosts: 192.35.156.52 skull-ng.qualcomm.com
Hosts: 192.35.156.160 bones.qualcomm.com
Hosts: 192.35.156.22 hostel1.qualcomm.com
Hosts: 192.35.156.235 hostel.qualcomm.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 mfeccde;mfeccde;C:\WINDOWS\System32\drivers\mfeccde.sys [2013-12-13 79144]
R0 MfeEpeOpal;MfeEpeOpal;C:\WINDOWS\System32\drivers\MfeEpeOpal.sys [2013-12-13 79400]
R0 MfeEpePc;MfeEpePc;C:\WINDOWS\System32\drivers\MfeEpePc.sys [2013-12-13 208424]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2012-3-6 782968]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2012-3-6 344176]
R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\drivers\PxHlpa64.sys [2011-9-8 55856]
R1 ctxusbm;Citrix USB Monitor Driver;C:\WINDOWS\System32\drivers\ctxusbm.sys [2013-9-24 97768]
R1 mfenlfk;McAfee NDIS Light Filter;C:\WINDOWS\System32\drivers\mfenlfk.sys [2011-8-16 76224]
R1 QIP;QIP;C:\WINDOWS\System32\drivers\Qip.sys [2013-12-15 78696]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-8 89600]
R2 AgentService;AgentService;C:\Program Files (x86)\Iron Mountain\Connected BackupPC\AgentService.exe [2011-6-26 7625120]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2011-8-8 203776]
R2 CmRcService;Configuration Manager Remote Control;C:\Windows\CCM\RemCtrl\CmRcService.exe [2014-5-29 577712]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [2012-7-3 646192]
R2 GobiQDLService;Sierra Wireless QDL Service;C:\Program Files (x86)\Sierra Wireless Inc\Gobi\QDLService\GobiQDLService.exe [2011-3-16 308592]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-3-17 132152]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-5-13 317496]
R2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2011-5-13 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-8 13336]
R2 LV_Tracker;LV_Tracker;C:\WINDOWS\System32\drivers\LV_Tracker64.sys [2011-6-26 54824]
R2 McAfee Endpoint Encryption Agent;McAfee Drive Encryption Agent;C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe [2013-12-13 1894432]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2013-12-4 127520]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-8-28 242448]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2014-1-15 208416]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-3-6 212664]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2012-3-6 185280]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-8-8 1128952]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2011-8-8 113264]
R2 plsapp;plsapp;C:\Program Files (x86)\PureLeads\plsapp.exe [2014-1-23 3690784]
R2 PlsvcV1;PlsvcV1;C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [2014-1-23 91936]
R2 PlsvcV2;PlsvcV2;C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [2014-1-23 24352]
R2 RTSC;RTSC;C:\Program Files (x86)\McAfee\Real Time\rtsc.exe [2013-5-3 6857592]
R2 Secunia CSI Agent;Secunia CSI Agent;C:\Program Files (x86)\Secunia\CSI Agent\csia.exe [2014-3-19 648704]
R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2011-8-8 502464]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-8 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\WINDOWS\System32\vcsFPService.exe [2011-3-24 3161904]
R2 WSDLP;Websense Client Agent;C:\Program Files\Websense\Websense Endpoint\wepsvc.exe [2012-12-7 176128]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\WINDOWS\System32\drivers\ArcSoftVCapture.sys [2011-8-8 32192]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdW76.sys [2011-8-8 115216]
R3 FireNfcp;McAfee Inc. FireNfcp;C:\WINDOWS\System32\drivers\FireNfcp.sys [2012-3-6 52992]
R3 HipShieldK;McAfee Inc. HipShieldK;C:\WINDOWS\System32\drivers\HipShieldK.sys [2012-3-6 197576]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2012-3-6 311600]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2012-3-6 496592]
R3 Nep;Nep;C:\WINDOWS\System32\drivers\cwNep.sys [2013-12-15 183144]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\WINDOWS\System32\drivers\nusb3hub.sys [2011-8-8 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\WINDOWS\System32\drivers\nusb3xhc.sys [2011-8-8 181248]
R3 swg3kflt02;Sierra Wireless USB Composite Device Filter Driver 02;C:\WINDOWS\System32\drivers\swg3kflt02.sys [2011-2-3 34304]
R3 swg3kmbb02;Sierra Wireless QMI USB-NDIS 6.20 miniport for HP;C:\WINDOWS\System32\drivers\swg3kmbb02.sys [2011-2-3 424448]
R3 swg3knmea02;Sierra Wireless QMI NMEA Communication - HP;C:\WINDOWS\System32\drivers\swg3knmea02.sys [2011-2-3 256384]
R3 swg3kser02;Sierra Wireless QMI USB Device for Legacy Serial Communication - HP;C:\WINDOWS\System32\drivers\swg3kser02.sys [2011-2-3 256384]
R3 swibus02;Sierra Wireless Bus Enumerator 02;C:\WINDOWS\System32\drivers\swibus02.sys [2011-2-3 73216]
R3 swibusflt02;Sierra Wireless Bus Enumerator Filter 02;C:\WINDOWS\System32\drivers\swibusflt02.sys [2011-2-3 73216]
R3 SzCCID;USB SmartCard Reader Driver;C:\WINDOWS\System32\drivers\SzCCID.sys [2011-1-13 40448]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\WINDOWS\System32\drivers\ssadadb.sys [2011-5-13 36328]
S3 btusbflt;Bluetooth USB Filter;C:\WINDOWS\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 BTWAMPFL;BTWAMPFL;C:\WINDOWS\System32\drivers\btwampfl.sys [2011-9-8 349736]
S3 btwl2cap;Bluetooth L2CAP Service;C:\WINDOWS\System32\drivers\btwl2cap.sys [2011-9-8 39464]
S3 dmvsc;dmvsc;C:\WINDOWS\System32\drivers\dmvsc.sys [2011-8-8 71168]
S3 hpqilo2;hpqilo2;C:\WINDOWS\System32\drivers\hpqilo2.sys [2011-8-8 120320]
S3 JMCR;JMCR;C:\WINDOWS\System32\drivers\jmcr.sys [2011-8-8 174680]
S3 johci;JMicron 1394 Filter Driver;C:\WINDOWS\System32\drivers\johci.sys [2011-8-8 26712]
S3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-8-2 50280]
S3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-8-2 50280]
S3 mferkdet;McAfee Inc. mferkdet;C:\WINDOWS\System32\drivers\mferkdet.sys [2012-8-28 107032]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\WINDOWS\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
S3 QipTdi;WEP QipTdi Driver;C:\WINDOWS\System32\drivers\QIPTDI.sys [2013-12-15 66920]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\WINDOWS\System32\drivers\rdpvideominiport.sys [2012-11-18 19456]
S3 RNetCore;RF RNetCore Driver;C:\WINDOWS\System32\drivers\RNetCore.sys [2013-12-15 39272]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\WINDOWS\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\WINDOWS\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\WINDOWS\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 StorSvc;Storage Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-4-12 27136]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\WINDOWS\System32\drivers\Synth3dVsc.sys [2011-8-8 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\WINDOWS\System32\drivers\terminpt.sys [2012-11-18 29696]
S3 TsUsbFlt;TsUsbFlt;C:\WINDOWS\System32\drivers\TsUsbFlt.sys [2014-2-17 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\WINDOWS\System32\drivers\TsUsbGD.sys [2012-11-18 30208]
S3 tsusbhub;Remote Deskotop USB Hub;C:\WINDOWS\System32\drivers\tsusbhub.sys [2011-8-8 117248]
S3 vmxnet3ndis6;vmxnet3 NDIS 6 Ethernet Adapter Driver;C:\WINDOWS\System32\drivers\vmxnet3n61x64.sys [2009-11-30 70192]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\WINDOWS\System32\Wat\WatAdminSvc.exe [2011-4-29 1255736]
S3 WNetCore;WEB WNetCore Driver;C:\WINDOWS\System32\drivers\WNetCore.sys [2013-12-15 76136]
S4 WSPXY;Websense SaaS Service;C:\Program Files\Websense\Websense Endpoint\wepsvc.exe [2012-12-7 176128]
S4 WSRF;Websense Desktop Client;C:\Program Files\Websense\Websense Endpoint\wepsvc.exe [2012-12-7 176128]
.
=============== Created Last 30 ================
.
2014-08-29 00:57:45 -------- d-----w- C:\Users\leungb\AppData\Roaming\SUPERAntiSpyware.com
2014-08-29 00:57:35 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-08-29 00:57:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-08-27 23:30:32 33512 ----a-w- C:\WINDOWS\SysWow64\drivers\TrueSight.sys
2014-08-27 23:30:30 -------- d-----w- C:\ProgramData\RogueKiller
2014-08-27 23:07:22 -------- d-----w- C:\ProgramData\bomgar-au
2014-08-27 22:56:31 -------- d-----w- C:\Users\leungb\AppData\Roaming\SparkTrust
2014-08-27 22:56:31 -------- d-----w- C:\Users\leungb\AppData\Roaming\DriverCure
2014-08-27 22:56:15 -------- d-----w- C:\ProgramData\SparkTrust
2014-08-19 01:48:54 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2014-08-19 01:47:21 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2014-08-19 01:46:21 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2014-08-17 16:36:38 99480 ----a-w- C:\WINDOWS\SysWow64\infocardapi.dll
2014-08-17 16:36:38 171160 ----a-w- C:\WINDOWS\System32\infocardapi.dll
2014-08-17 16:36:37 8856 ----a-w- C:\WINDOWS\SysWow64\icardres.dll
2014-08-17 16:36:37 8856 ----a-w- C:\WINDOWS\System32\icardres.dll
2014-08-17 16:36:37 619672 ----a-w- C:\WINDOWS\SysWow64\icardagt.exe
2014-08-17 16:36:37 1389208 ----a-w- C:\WINDOWS\System32\icardagt.exe
2014-08-17 16:36:34 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2014-08-17 16:36:34 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2014-08-17 16:36:10 985536 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2014-08-17 16:35:41 504320 ----a-w- C:\WINDOWS\System32\msihnd.dll
2014-08-17 16:35:41 337408 ----a-w- C:\WINDOWS\SysWow64\msihnd.dll
2014-08-17 16:35:41 3241984 ----a-w- C:\WINDOWS\System32\msi.dll
2014-08-17 16:35:41 2363392 ----a-w- C:\WINDOWS\SysWow64\msi.dll
2014-08-17 16:35:41 1942016 ----a-w- C:\WINDOWS\System32\authui.dll
2014-08-17 16:35:41 1806336 ----a-w- C:\WINDOWS\SysWow64\authui.dll
2014-08-17 16:35:41 112576 ----a-w- C:\WINDOWS\System32\consent.exe
2014-08-17 16:33:05 404480 ----a-w- C:\WINDOWS\System32\gdi32.dll
2014-08-17 16:33:05 3166720 ----a-w- C:\WINDOWS\System32\win32k.sys
2014-08-17 16:33:05 311808 ----a-w- C:\WINDOWS\SysWow64\gdi32.dll
2014-08-17 16:28:13 529920 ----a-w- C:\WINDOWS\System32\aepdu.dll
2014-08-17 16:28:13 424448 ----a-w- C:\WINDOWS\System32\aeinv.dll
2014-08-17 16:26:14 7168 ----a-w- C:\WINDOWS\SysWow64\KBDYAK.DLL
2014-08-17 16:26:14 7168 ----a-w- C:\WINDOWS\System32\KBDYAK.DLL
2014-08-17 16:26:14 7168 ----a-w- C:\WINDOWS\System32\KBDBASH.DLL
2014-08-17 16:26:14 6656 ----a-w- C:\WINDOWS\SysWow64\KBDBASH.DLL
2014-08-17 16:25:57 2048 ----a-w- C:\WINDOWS\SysWow64\tzres.dll
2014-08-17 16:25:57 2048 ----a-w- C:\WINDOWS\System32\tzres.dll
2014-08-12 15:06:53 -------- d-----w- C:\Program Files\CCleaner
2014-08-11 16:22:22 -------- d-----w- C:\ProgramData\Oracle
2014-08-11 16:21:43 98216 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M ====================
.
2014-08-29 00:39:43 122584 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2014-08-29 00:39:06 17920 ----a-w- C:\WINDOWS\System32\rpcnetp.exe
2014-08-29 00:06:06 58288 ----a-w- C:\WINDOWS\SysWow64\rpcnet.dll
2014-07-24 19:12:19 2339328 ----a-w- C:\WINDOWS\System32\jscript9.dll
2014-07-24 19:06:41 1392128 ----a-w- C:\WINDOWS\System32\wininet.dll
2014-07-24 19:05:30 1494016 ----a-w- C:\WINDOWS\System32\inetcpl.cpl
2014-07-24 19:04:37 173056 ----a-w- C:\WINDOWS\System32\ieUnatt.exe
2014-07-24 19:04:22 599040 ----a-w- C:\WINDOWS\System32\vbscript.dll
2014-07-24 19:03:22 2382848 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2014-07-24 19:03:10 12800 ----a-w- C:\WINDOWS\System32\mshta.exe
2014-07-24 17:58:33 1810432 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2014-07-24 17:51:52 1129472 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2014-07-24 17:51:19 1427968 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl
2014-07-24 17:49:47 142848 ----a-w- C:\WINDOWS\SysWow64\ieUnatt.exe
2014-07-24 17:49:38 421376 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2014-07-24 17:48:28 2382848 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2014-07-24 17:48:21 11776 ----a-w- C:\WINDOWS\SysWow64\mshta.exe
2014-07-18 18:37:24 22912 ----a-w- C:\WINDOWS\SysWow64\cshost.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\WINDOWS\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\WINDOWS\SysWow64\rpcrt4.dll
2014-07-13 14:49:37 71344 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-07-13 14:49:37 699056 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2014-06-18 02:18:30 692736 ----a-w- C:\WINDOWS\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\WINDOWS\SysWow64\osk.exe
2014-06-06 10:10:34 624128 ----a-w- C:\WINDOWS\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\WINDOWS\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\WINDOWS\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\WINDOWS\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\WINDOWS\SysWow64\sspicli.dll
2014-06-02 18:27:50 310272 ----a-w- C:\OpalStatus.efi
.
============= FINISH: 18:09:22.47 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 3/6/2012 10:19:43 AM
System Uptime: 8/28/2014 5:05:56 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 161C
Processor: Intel(R) Core(TM) i5-2540M CPU @ 2.60GHz | CPU 1 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 147.7 GiB free.
D: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP188: 8/19/2014 5:54:46 PM - Windows Update
RP189: 8/22/2014 5:13:59 AM - Windows Update
RP190: 8/22/2014 8:19:53 AM - Installed Extended Asian Language font pack for Adobe Reader XI.
RP191: 8/22/2014 8:21:31 AM - Installed Extended Asian Language font pack for Adobe Reader XI.
.
==== Hosts File Hijack ======================
.
Hosts: 192.35.156.91 myvpn.qualcomm.com
Hosts: 192.35.156.52 skull-ng.qualcomm.com
Hosts: 192.35.156.160 bones.qualcomm.com
Hosts: 192.35.156.22 hostel1.qualcomm.com
Hosts: 192.35.156.235 hostel.qualcomm.com
Hosts: 207.114.132.8 myvpn-scl.qualcomm.com
Hosts: 207.114.132.6 qvpn-scl.qualcomm.com
Hosts: 67.52.129.9 myvpn-austin.qualcomm.com
Hosts: 67.52.129.7 qvpn-austin.qualcomm.com
Hosts: 67.52.130.13 myvpn-ral.qualcomm.com
Hosts: 67.52.130.6 qvpn-ral.qualcomm.com
Hosts: 65.169.156.14 myvpn-lv.qualcomm.com
Hosts: 65.169.156.11 hostel-lv1.qualcomm.com
Hosts: 202.46.23.19 myvpn-india.qualcomm.com
Hosts: 202.46.23.14 qconnect-india.qualcomm.com
Hosts: 202.46.23.14 skull-india-ng.qualcomm.com
Hosts: 202.46.23.9 qvpn-india.qualcomm.com
Hosts: 185.23.60.12 myvpn-israel.qualcomm.com
Hosts: 180.166.53.10 myvpn-china.qualcomm.com
Hosts: 180.166.53.10 myvpn-china-rdc.qualcomm.com
Hosts: 180.166.53.10 skull-china-ng.qualcomm.com
Hosts: 180.166.53.13 qvpn-china.qualcomm.com
Hosts: 106.187.126.7 myvpn-aprdc.qualcomm.com
Hosts: 106.187.126.7 myvpn-singapore.qualcomm.com
Hosts: 106.187.126.10 qvpn-aprdc.qualcomm.com
Hosts: 106.187.126.10 qvpn-singapore.qualcomm.com
Hosts: 212.136.9.12 myvpn-ams.qualcomm.com
Hosts: 212.136.9.12 myvpn-europe.qualcomm.com
Hosts: 212.136.9.12 skull-europe-ng.qualcomm.com
Hosts: 212.136.9.16 qvpn-europe.qualcomm.com
Hosts: 212.136.9.16 qvpn-ams.qualcomm.com
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
ActiveCheck component for HP Active Support Library
Add Programs Shortcut
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Reader XI (11.0.08)
Advantest Service 7.2.2 Documentation
Advantest Technical Documentation Center
Alcor Micro Smart Card Reader Driver
ArcSoft Webcam Sharing Manager
ATI Catalyst Install Manager
Bomgar Button itsupport.qualcomm.com
Bomgar™ Button 12.2.3 [itsupport.qualcomm.com]
Broadcom 2070 Bluetooth 3.0
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(SSON)
Citrix Receiver(USB)
Computrace
Configuration Manager Client
Connected Backup/PC Agent
CVE-2012-1889
CVE-2013-3893
CVE-2014-0322
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Endpoint Classifier
Free YouTube Downloader 3.5.187
Google Chrome
Google Update Helper
HP Client Automation Agent Preload
HP Connection Manager
HP ESU for Microsoft Windows 7
HP HotKey Support
HP Power Assistant
HP SoftPaq Download Manager
HP Software Framework
HP Support Assistant
HP System Default Settings
HP Wallpaper
HP Web Camera
HP Webcam
HP Webcam Driver
HPAsset component for HP Active Support Library
IDT Audio
Intel PROSet Wireless
Intel(R) Management Engine Components
Intel(R) Network Connections Drivers
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
J2SE Runtime Environment 5.0 Update 11
Java 7 Update 67
Java Auto Updater
JMicron 1394 Filter Driver
JMicron Flash Media Controller Driver
Juniper Networks Host Checker
Juniper Networks Network Connect 7.4.0
Juniper Networks, Inc. Setup Client
Juniper Networks, Inc. Setup Client 64-bit Activex Control
LightScribe System Software
LSI HDA Modem
Malwarebytes Anti-Malware version 2.0.2.1012
McAfee Agent
McAfee Drive Encryption
McAfee Drive Encryption Agent
McAfee Host Intrusion Prevention
McAfee Real Time Client 1.0.1.7032
McAfee VirusScan Enterprise
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft Application Virtualization Desktop Client
Microsoft Conferencing Add-in for Microsoft Office Outlook
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft IntelliPoint 8.2
Microsoft Lync
Microsoft Lync MUI (English) 2013
Microsoft Office 64-bit Components 2013
Microsoft Office File Validation Add-In
Microsoft Office Live Meeting 2007
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook 2010
Microsoft Outlook MUI (English) 2013
Microsoft Policy Platform
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft Visio Viewer 2013
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
myVPN
Online Plug-in
Oracle VM VirtualBox 4.2.4
Outils de vérification linguistique 2013 de Microsoft Office - Français
PDF Complete Special Edition
PH MDB
PureLeads
Qualcomm Application Fixes
QualNet Internet Explorer 8
RBVirtualFolder64Inst
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Express Labeler 3
Roxio Secure Burn
SDK
Secunia CSI Agent (6.0.0.16002)
SecureCRT x64 6.5.4
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition
Self-service Plug-in
Service Pack 1 for Microsoft Office 2013 (KB2817430) 32-Bit Edition
Sierra Wireless (HP un2430) Mobile Broadband Driver Package
SUPERAntiSpyware
Synaptics Pointing Device Driver
Update for Microsoft Excel 2013 (KB2883061) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2881070) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2881083) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition
Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition
Update for Microsoft Office 2013 (KB2883052) 32-Bit Edition
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition
Update for Microsoft Office 2013 (KB2883062) 32-Bit Edition
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2883051) 32-Bit Edition
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition
Update for Microsoft Word 2013 (KB2883058) 32-Bit Edition
Validity Fingerprint Sensor Driver
Websense Endpoint
XenApp Lync 2013
XenApp Outlook 2013
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url][b][url=https://www.techspot.com/downloads/5603-malwarebytes-anti-rootkit.html][color=#0000FF]Malwarebytes Anti-Rootkit[/color][/url][/b] to your desktop.
[LIST]
[*][b][color=#FF0000]Warning![/color][/b] [I]Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.[/I]
[*]Double click on downloaded file. OK self extracting prompt.
[*]MBAR will start. Click "[b]Next[/b]" to continue.
[*]Click in the following screen "[b]Update[/b]" to obtain the latest malware definitions.
[*]Once the update is complete select "[b]Next[/b]" and click "[b]Scan[/b]".
[*]When the scan is finished and no malware has been found select "[b]Exit[/b]".
[*]If malware was detected, make sure to check all the items and click "[b]Cleanup[/b]". Reboot your computer.
[*]Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
[LIST]
[*][b]"mbar-log-[I]{date} (xx-xx-xx)[/I].txt"[/b]
[*][b]"system-log.txt"[/b]
[/LIST]
[/LIST]
 
done
RogueKiller V9.2.8.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : leungb [Admin rights]
Mode : Remove -- Date : 08/28/2014 19:27:27

¤¤¤ Bad processes : 2 ¤¤¤
[ZeroAccess] mcshield.exe -- [x] -> ERROR [12]
[Suspicious.Path] GLBAEA5.tmp -- C:\Users\leungb\AppData\Local\Temp\GLBAEA5.tmp[-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{18F08910-0F6F-45EE-89F9-5D037EDCE963} | DhcpNameServer : 129.46.132.28 129.46.64.55 -> NOT SELECTED
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3946683463-1870429459-2206251643-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> NOT SELECTED
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3946683463-1870429459-2206251643-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3946683463-1870429459-2206251643-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://qcwww.qualcomm.com -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3946683463-1870429459-2206251643-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://qcwww.qualcomm.com -> NOT SELECTED
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-945540591-4024260831-3861152641-52608\Software\Microsoft\Internet Explorer\Main | Start Page : http://qhome.qualcomm.com/web/qhome/home -> NOT SELECTED
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-945540591-4024260831-3861152641-52608\Software\Microsoft\Internet Explorer\Main | Start Page : http://qhome.qualcomm.com/web/qhome/home -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 32 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts]
[C:\WINDOWS\System32\drivers\etc\hosts] 192.35.156.91 myvpn.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 192.35.156.52 skull-ng.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 192.35.156.160 bones.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 192.35.156.22 hostel1.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 192.35.156.235 hostel.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 207.114.132.8 myvpn-scl.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 207.114.132.6 qvpn-scl.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 67.52.129.9 myvpn-austin.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 67.52.129.7 qvpn-austin.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 67.52.130.13 myvpn-ral.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 67.52.130.6 qvpn-ral.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 65.169.156.14 myvpn-lv.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 65.169.156.11 hostel-lv1.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 202.46.23.19 myvpn-india.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 202.46.23.14 qconnect-india.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 202.46.23.14 skull-india-ng.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 202.46.23.9 qvpn-india.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 185.23.60.12 myvpn-israel.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 180.166.53.10 myvpn-china.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 180.166.53.10 myvpn-china-rdc.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 180.166.53.10 skull-china-ng.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 180.166.53.13 qvpn-china.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 106.187.126.7 myvpn-aprdc.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 106.187.126.7 myvpn-singapore.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 106.187.126.10 qvpn-aprdc.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 106.187.126.10 qvpn-singapore.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 212.136.9.12 myvpn-ams.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 212.136.9.12 myvpn-europe.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 212.136.9.12 skull-europe-ng.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 212.136.9.16 qvpn-europe.qualcomm.com
[C:\WINDOWS\System32\drivers\etc\hosts] 212.136.9.16 qvpn-ams.qualcomm.com

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: MTFDDAK256MAM-1K1 +++++
--- User ---
[MBR] 9cac30618b292b6efe13e8cd204e4ca4
[BSP] 537a53fb4cf362c74a0911489ade76e6 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 244196 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_08272014_164142.log - RKreport_DEL_08272014_164650.log - RKreport_DEL_08272014_165157.log - RKreport_DEL_08272014_165655.log
RKreport_DEL_08272014_170243.log - RKreport_SCN_08272014_164015.log - RKreport_SCN_08272014_164644.log - RKreport_SCN_08272014_165049.log
RKreport_SCN_08272014_165642.log - RKreport_SCN_08272014_170031.log - RKreport_SCN_08282014_192624.log
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.08.28.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
leungb :: LEUNGB [limited]

8/28/2014 7:32:40 PM
mbar-log-2014-08-28 (19-32-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 372571
Time elapsed: 5 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Non-administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4242890752, free: 599216128

Downloaded database version: v2014.08.28.06
Downloaded database version: v2014.08.21.01
Initializing...
======================
------------ Kernel report ------------
08/28/2014 19:32:31
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\System32\Drivers\mfeccde.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\mfehidk.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\mfewfpk.sys
\SystemRoot\System32\Drivers\MfeEpeOpal.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\Drivers\MfeEpePc.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\system32\drivers\hpdskflt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\mfenlfk.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\Qip.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\nusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dsNcAdpt.sys
\SystemRoot\system32\DRIVERS\ArcSoftVCapture.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\nusb3hub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\agrsm64.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\mfefirek.sys
\SystemRoot\system32\drivers\mfeavfk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_MfeEpeHb.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\cwNep.sys
\SystemRoot\system32\DRIVERS\LV_Tracker64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\SzCCID.sys
\SystemRoot\system32\DRIVERS\AlcGener.sys
\SystemRoot\system32\DRIVERS\SMCLIB.SYS
\SystemRoot\System32\DRIVERS\scfilter.sys
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\HipShieldK.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\drivers\FireNfcp.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\rdpdr.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\prepdrv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\drivers\mfeapfk.sys
\SystemRoot\system32\DRIVERS\swg3kflt02.sys
\SystemRoot\system32\DRIVERS\swibus02.sys
\SystemRoot\system32\DRIVERS\swibusflt02.sys
\SystemRoot\system32\DRIVERS\swg3kmbb02.sys
\SystemRoot\system32\DRIVERS\swg3kser02.sys
\SystemRoot\system32\DRIVERS\swg3knmea02.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\shlwapi.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\shell32.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\lpk.dll
\Windows\System32\ole32.dll
\Windows\System32\setupapi.dll
\Windows\System32\imm32.dll
\Windows\System32\usp10.dll
\Windows\System32\ws2_32.dll
\Windows\System32\nsi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\gdi32.dll
\Windows\System32\kernel32.dll
\Windows\System32\user32.dll
\Windows\System32\normaliz.dll
\Windows\System32\difxapi.dll
\Windows\System32\Wldap32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msctf.dll
\Windows\System32\imagehlp.dll
\Windows\System32\advapi32.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005e70790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80040c6050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005e70790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8005d809d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005e8f030, DeviceName: Unknown, DriverName: \Driver\MfeEpePc\
DevicePointer: 0xfffffa8005d82850, DeviceName: Unknown, DriverName: \Driver\MfeEpeOpal\
DevicePointer: 0xfffffa8005e70790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8005d7e950, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa8004080970, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80040c6050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\MfeEpePc\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: UNKNOWN
Can't access volume using primary device, the volume might be encrypted.
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Alternate device has been used.
<<<2>>>
<<<3>>>
Volume: C:
File system type: UNKNOWN
<<<2>>>
<<<3>>>
Volume: C:
File system type: UNKNOWN
Can't access volume using primary device, the volume might be encrypted.
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Alternate device has been used.
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 337A6403

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 500113408
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 256060514304 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-500098192-500118192)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Hello, it is impossible to disable the antivirus because it is a corporate version of McAfee and the check boxes / disable commands are greyed out. Should I proceed to run combofix or no?
 
It is impossible to boot it up in safe mode. Tapping F8 repeatedly or holding down does not work and it will continually boot to the normal login screen.
 
Run it in normal mode than.

P. S. I'm going out of town this afternoon. I'll be back on Sunday evening.
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
144
James Ryan
J
A
Google will introduce one-tap "Unsubscribe" in Gmail for Android
Replies
2
Views
214
Mr Majestyk
M
A
Windows Phone returns from grave as an anti-ad-blocker on YouTube
Replies
17
Views
535
Vanderlinde
V

Latest posts

Back