I have a problem with desktop icons rearranging every now and then. I want to know if there is some malware involved.
Please help I have attached the necessary files
Mcafee blocked the download for GMER.exe hence I havent attached it.]
Hijack this! log
--------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:02, on 09-06-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16545)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\windows\explorer.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\rs250483\AppData\Local\Temp\Rar$EXa0.679\LastActivityView.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://intranet.ncr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://intranet.ncr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by NCR IE9 Installation
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140416085332.dll
O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] \DellTPad\Apoint.exe
O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [EZSETUP] D:\Easy_Setup\English\EZSetup.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NCR_AI_INVOKE] "C:\Program Files\NCR APTRA\Aggregate Installer\SETUP.EXE"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.adobe.com
O15 - Trusted Zone: *.centra.com
O15 - Trusted Zone: *.fidelity.com
O15 - Trusted Zone: *.macromedia.com
O15 - Trusted Zone: *.radiant.com
O15 - Trusted Zone: *.radiantsystems.com
O15 - Trusted Zone: *.skillport.com
O15 - Trusted Zone: http://support.skillsoft.com
O15 - Trusted Zone: *.skillwsa.com
O15 - Trusted Zone: *.adobe.com (HKLM)
O15 - Trusted Zone: *.centra.com (HKLM)
O15 - Trusted Zone: *.fidelity.com (HKLM)
O15 - Trusted Zone: *.macromedia.com (HKLM)
O15 - Trusted Zone: *.radiant.com (HKLM)
O15 - Trusted Zone: *.radiantsystems.com (HKLM)
O15 - Trusted Zone: *.skillport.com (HKLM)
O15 - Trusted Zone: http://support.skillsoft.com (HKLM)
O15 - Trusted Zone: *.skillwsa.com (HKLM)
O15 - ESC Trusted Zone: http://*.ncr.com
O15 - ESC Trusted Zone: http://*.ncr.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/W...x/ieatgpc1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/J...etupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.ncr.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.ncr.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.ncr.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.ncr.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Atlassian Confluence (Confluence121213112957) - Apache Software Foundation - C:\Program Files\Atlassian\Confluence\bin\tomcat6.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Host Intrusion Prevention lpc Service (HipMgmt) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\HipMgmt.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe
O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\windows\system32\mfevtps.exe
O23 - Service: NCR Activate Core Service (NCR.APTRA.ActivateCoreSrv) - NCR - C:\Program Files\NCR APTRA\Activate Core Service\bin\NCR.APTRA.ActivateCoreSrv.exe
O23 - Service: NCRAggregateService - NCR - C:\Program Files\NCR APTRA\Aggregate Installer\AggSrv.exe
O23 - Service: O2FLASH - O2Micro International - C:\windows\system32\DRIVERS\o2flash.exe
O23 - Service: O2SDIOAssist - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Reliance Netconnect. OUC (Reliance Netconnect. RunOuc) - Unknown owner - C:\Program Files\Reliance Netconnect+\UpdateDog\ouc.exe
O23 - Service: RSO3 MiddleTier Service (RSO3MiddleTierService) - Adobe Systems - C:\Program Files\Adobe\RoboSource Control 3\RSO3MiddleTierService.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: USBWRNG - Jewettware - C:\Windows\System32\USBWRNG.EXE
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
--
End of file - 13665 bytes
--------------------------------------------------------------------------------------------------------------------------------------------------
dds.txt file
--------------------------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545
Run by rs250483 at 12:22:16 on 2014-06-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.91.1033.18.2977.1157 [GMT 5.5:30]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Host Intrusion Prevention Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\Program Files\NCR APTRA\Aggregate Installer\AggSrv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Atlassian\Confluence\bin\tomcat6.exe
C:\windows\system32\conhost.exe
C:\windows\system32\conhost.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HipMgmt.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\srvany.exe
C:\Windows\system32\SDIOAssist.exe
C:\ProgramData\Reliance Netconnect+\OnlineUpdate\ouc.exe
C:\Program Files\Adobe\RoboSource Control 3\RSO3MiddleTierService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\windows\system32\conhost.exe
C:\Windows\System32\USBWRNG.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\NCR APTRA\Activate Core Service\bin\NCR.APTRA.ActivateCoreSrv.exe
C:\windows\system32\CCM\CcmExec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\windows\explorer.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\rs250483\AppData\Local\Temp\Rar$EXa0.679\LastActivityView.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k AcfXAudioService
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://intranet.ncr.com
uWindow Title = Windows Internet Explorer provided by NCR IE9 Installation
uDefault_Page_URL = hxxps://intranet.ncr.com
uProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20140416085332.dll
BHO: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
TB: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - c:\program files\webex\productivity tools\ptonecli.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [Apoint] \DellTPad\Apoint.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [EZSETUP] d:\easy_setup\english\EZSetup.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NCR_AI_INVOKE] "c:\program files\ncr aptra\aggregate installer\SETUP.EXE"
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
StartupFolder: c:\users\rs250483\appdata\roaming\micros~1\windows\startm~1\programs\startu p\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: Btn_Home = dword:1
uPolicies-Explorer: SpecifyDefaultButtons = dword:1
uPolicies-Explorer: Btn_Tools = dword:1
uPolicies-Windows\System: ExcludeProfileDirs = AppData\Roaming\Microsoft\Credentials;AppData\Roaming\Microsoft\Crypto;AppD ata\Roaming\Microsoft\Protect;AppData\Roaming\Microsoft\SystemCertificates; Application Data\Microsoft\Crypto;Application Data\Microsoft\Protect;Application Data\Microsoft\SystemCertificates
mPolicies-Explorer: NoPublishingWizard = dword:1
mPolicies-Explorer: NoWebServices = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: FilterAdministratorToken = dword:1
mPolicies-Windows\System: AllowX-ForestPolicy-and-RUP = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Trusted Zone: adobe.com
Trusted Zone: centra.com
Trusted Zone: fidelity.com
Trusted Zone: macromedia.com
Trusted Zone: microsoft.com
Trusted Zone: radiant.com
Trusted Zone: radiantsystems.com
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
Trusted Zone: adobe.com
Trusted Zone: centra.com
Trusted Zone: fidelity.com
Trusted Zone: macromedia.com
Trusted Zone: microsoft.com
Trusted Zone: radiant.com
Trusted Zone: radiantsystems.com
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 125.22.47.125 202.56.250.5
TCP: Interfaces\{29C478CF-94FD-4680-8C68-97DF5F8F31A1} : DHCPNameServer = 125.22.47.125 202.56.250.5
TCP: Interfaces\{29C478CF-94FD-4680-8C68-97DF5F8F31A1}\357423530343 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{8BE188E0-10E9-4A12-AA75-1C71BB1B66CB} : DHCPNameServer = 131.222.138.30 192.127.26.102
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-9-6 573136]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-9-6 213872]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-5-18 17904]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2013-9-6 67400]
R2 AcfXAudioService;AcfXAudioService;c:\windows\system32\svchost.exe -k AcfXAudioService [2009-7-14 20992]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-5-18 81920]
R2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\drivers\CipcCdp.sys [2013-10-8 24064]
R2 Confluence121213112957;Atlassian Confluence;c:\program files\atlassian\confluence\bin\tomcat6.exe [2013-12-12 74752]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2013-12-18 525144]
R2 HipMgmt;McAfee Host Intrusion Prevention lpc Service;c:\program files\mcafee\host intrusion prevention\HipMgmt.exe [2013-12-18 153832]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDe viceService.exe [2011-3-14 271712]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\mcafee\endpoint encryption agent\MfeEpeHost.exe [2013-8-8 1865760]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2012-8-13 177768]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2012-8-21 132712]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2013-9-6 204320]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2014-1-15 208416]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-9-6 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-9-6 174968]
R2 NCR.APTRA.ActivateCoreSrv;NCR Activate Core Service;c:\program files\ncr aptra\activate core service\bin\NCR.APTRA.ActivateCoreSrv.exe [2012-3-2 36864]
R2 NCRAggregateService;NCRAggregateService;c:\program files\ncr aptra\aggregate installer\AggSrv.exe [2013-9-11 10240]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [2012-5-18 8192]
R2 RSO3MiddleTierService;RSO3 MiddleTier Service;c:\program files\adobe\robosource control 3\RSO3MiddleTierService.exe [2007-9-20 28672]
R2 UDisk Monitor;UDisk Monitor;c:\program files\reliance netconnect+\bin\MonServiceUDisk.exe [2014-6-2 512000]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2012-5-18 2656280]
R2 USBWRNG;USBWRNG;c:\windows\system32\USBWRNG.EXE [2013-9-6 132096]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2012-5-18 44144]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2011-2-7 349736]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenu m.sys [2014-5-5 73216]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-5-18 269824]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-5-18 41088]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-9-6 236480]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-9-6 365928]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2011-1-5 62440]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2011-3-24 63976]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 Reliance Netconnect. RunOuc;Reliance Netconnect. OUC;c:\program files\reliance netconnect+\updatedog\ouc.exe [2014-5-5 218624]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2012-5-18 87424]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-5-18 302120]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-5-18 33832]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2012-5-18 28928]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2014-5-5 102784]
S3 FireNfcp;McAfee Inc. FireNfcp;c:\windows\system32\drivers\FireNfcp.sys [2014-4-23 43352]
S3 Generalusbserialser20679;Legacy Serial Communication 20679;c:\windows\system32\drivers\CT_U_USBSER.sys [2014-6-2 108544]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2014-4-23 149864]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-9-6 66408]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-9-6 93144]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2011-1-5 60904]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-9-6 52224]
.
=============== Created Last 30 ================
.
2014-06-09 06:48:50 388096 ----a-r- c:\users\rs250483\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2014-06-09 06:48:50 -------- d-----w- c:\program files\Trend Micro
2014-06-06 09:40:45 -------- d-----w- c:\users\rs250483\Syt
2014-06-06 09:20:10 -------- d-----w- c:\users\rs250483\StudioCHM
2014-06-02 10:10:38 -------- d-----w- c:\users\rs250483\appdata\roaming\arcot
2014-06-02 04:40:01 108544 ----a-w- c:\windows\system32\drivers\CT_U_USBSER.sys
2014-05-28 04:59:45 -------- d-----w- c:\users\rs250483\StudioUG_SourceDoc 4_files
2014-05-27 12:54:05 -------- d-----w- c:\program files\HTML Help Workshop
2014-05-21 06:16:39 -------- d-----w- c:\users\rs250483\appdata\roaming\Adobe Systems Incorporated
2014-05-21 05:07:05 -------- d-----w- c:\program files\common files\Macrovision Shared
2014-05-21 04:42:37 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2014-05-21 04:42:37 -------- d-----w- c:\program files\MagicDisc
2014-05-21 04:39:26 -------- d-----w- c:\users\rs250483\appdata\roaming\TuneUp Software
2014-05-21 04:39:26 -------- d-----w- c:\users\rs250483\appdata\local\TuneUp Software
2014-05-21 04:39:11 -------- d-----w- C:\_From nm185057
2014-05-21 04:39:03 -------- d-----w- c:\programdata\TuneUp Software
2014-05-21 04:38:58 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-21 04:38:57 -------- d--h--w- c:\programdata\Common Files
2014-05-21 04:38:20 -------- d-----w- c:\users\rs250483\appdata\roaming\OpenCandy
2014-05-21 04:33:08 -------- d-----w- c:\program files\_From nm185057
2014-05-20 13:17:30 -------- d-----w- c:\users\rs250483\appdata\local\Sonic_Solutions
2014-05-20 13:00:53 -------- d-----w- c:\users\rs250483\appdata\roaming\Roxio Log Files
2014-05-20 11:49:43 -------- d-----w- c:\users\rs250483\appdata\roaming\Macrovision
.
==================== Find3M ====================
.
2014-05-21 18:33:46 43352 ----a-w- c:\windows\system32\drivers\FireNfcp.sys
2014-04-16 03:22:22 94080 ------w- c:\windows\system32\MfeOtlkAddin.dll
2014-04-16 03:22:22 93144 ------w- c:\windows\system32\drivers\mferkdet.sys
2014-04-16 03:22:22 573136 ------w- c:\windows\system32\drivers\mfehidk.sys
2014-04-16 03:22:22 25088 ------w- c:\windows\system32\MFEOtlk.dll
2014-04-16 03:22:22 213872 ------w- c:\windows\system32\drivers\mfewfpk.sys
2014-04-16 03:22:22 174968 ------w- c:\windows\system32\mfevtps.exe
2014-04-16 03:22:21 66408 ------w- c:\windows\system32\drivers\mfebopk.sys
2014-04-16 03:22:21 236480 ------w- c:\windows\system32\drivers\mfeavfk.sys
2014-04-16 03:22:21 134472 ------w- c:\windows\system32\drivers\mfeapfk.sys
2014-04-16 03:22:21 10568 ------w- c:\windows\system32\drivers\mfeclnk.sys
2014-04-08 15:00:34 237680 ------w- c:\windows\system32\dsGinaLoader.dll
2014-04-08 15:00:30 409712 ------w- c:\windows\system32\dsNcSmartCardProv.dll
2014-04-08 15:00:30 364656 ------w- c:\windows\system32\dsNcCredProv.dll
2014-04-08 14:32:44 27648 ------w- c:\windows\system32\drivers\dsNcAdpt.sys
.
============= FINISH: 12:22:56.38 ===============
--------------------------------------------------------------------------------------------------------------------------------------------------
attach.txt
--------------------------------------------------------------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 06-09-2013 05:21:42
System Uptime: 05-06-2014 03:59:01 (105 hours ago)
.
Motherboard: Dell Inc. | | 0Y3TWM
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 250.298 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP45: 21-05-2014 10:12:44 - Device Driver Package Install: MagicISO, Inc. Storage controllers
RP46: 21-05-2014 10:35:02 - Installed Adobe RoboHelp 7
RP47: 21-05-2014 10:45:31 - Installed RoboSource Control 3.1
RP48: 21-05-2014 10:47:16 - Installed Adobe® PDF Creation Add-On
RP49: 21-05-2014 11:39:51 - Removed TuneUp Utilities 2014
RP50: 21-05-2014 11:40:18 - Removed TuneUp Utilities 2014 (en-GB)
RP51: 21-05-2014 12:05:33 - Windows Update
RP52: 28-05-2014 18:04:52 - Scheduled Checkpoint
RP53: 09-06-2014 12:18:32 - Installed HiJackThis
.
==== Installed Programs ======================
.
.NET 2.x Runtime
_NCR License for Microsoft Office 2003 Standard
_NCR License for Microsoft Office Standard 2010
3rd Party Runtime
AccelerometerP11
Activate Core Service
ActiveXFS Controls
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Adobe RoboHelp 7
Adobe® PDF Creation Add-On
Aggregate Builder
APTRA Activate Reference Application
APTRA Simulator 94.00.00.06
Broadcom NetXtreme-I Netlink Driver and Management Installer
Camtasia Studio 6
Cisco EAP-FAST Module
Cisco IP Communicator
Cisco LEAP Module
Cisco PEAP Module
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system
Conexant USB D400 V.92 Modem
Configuration Manager Client
Confluence 5.4
CyberLink PowerDVD 9.5
Dell Touchpad
DirectX 9 Runtime
DW WLAN Card Utility
Easy PC Asset Information
Easy Setup Installer
HiJackThis
HTML Help Workshop
IDT Audio
ImgBurn
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 6 Update 24
Juniper Networks Host Checker
Juniper Networks Network Connect 7.1.0
Juniper Networks Network Connect 7.4.0
Juniper Networks, Inc. Setup Client
Juniper Networks, Inc. Setup Client Activex Control
MagicDisc 2.7.106
McAfee Agent
McAfee Endpoint Encryption Agent
McAfee Host Intrusion Prevention
McAfee SiteAdvisor Enterprise
McAfee VirusScan Enterprise
Microsoft .NET Framework 4 Client Profile
Microsoft Lync 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSXML 4.0 SP2 (KB954430)
NCR USB Warning
O2Micro Flash Memory Card Windows Driver
Problem Determination Analysis
Problem Determination Collection
Reliance Netconnect+
RoboSource Control 3.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
SPL COM Dependencies 92.01.00.02
Studio for APTRA Activate
Studio for APTRA Activate 93.03.00.04
WebEx Productivity Tools
WebEx Recorder and Player
WIDCOMM Bluetooth Software
WinRAR 5.10 beta 4 (32-bit)
WinZip 14.0
XFS Manager
XFS Simulator
.
==== Event Viewer Messages From Past Week ========
.
09-06-2014 11:46:27, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {EE1BD859-AACD-48FE-A9B6-9358DC21ADAE} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
09-06-2014 11:46:11, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain CORP due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
09-06-2014 11:45:08, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
06-06-2014 09:54:48, Error: Microsoft-Windows-GroupPolicy [1097] - The processing of Group Policy failed. Windows could not determine the computer account to enforce Group Policy settings. This may be transient. Group Policy settings, including computer configuration, will not be enforced for this computer.
06-06-2014 09:54:27, Error: Microsoft-Windows-GroupPolicy [1080] - The processing of Group Policy failed. Windows could not search the Active Directory organization unit hierarchy. View the event details for more information.
02-06-2014 10:10:46, Error: Service Control Manager [7030] - The UDisk Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
--------------------------------------------------------------------------------------------------------------------------------------------------
Please help I have attached the necessary files
Mcafee blocked the download for GMER.exe hence I havent attached it.]
Hijack this! log
--------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:20:02, on 09-06-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16545)
Boot mode: Normal
Running processes:
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\windows\explorer.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\rs250483\AppData\Local\Temp\Rar$EXa0.679\LastActivityView.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://intranet.ncr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://intranet.ncr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by NCR IE9 Installation
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140416085332.dll
O2 - BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O3 - Toolbar: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] \DellTPad\Apoint.exe
O4 - HKLM\..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [EZSETUP] D:\Easy_Setup\English\EZSetup.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NCR_AI_INVOKE] "C:\Program Files\NCR APTRA\Aggregate Installer\SETUP.EXE"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Lync\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.adobe.com
O15 - Trusted Zone: *.centra.com
O15 - Trusted Zone: *.fidelity.com
O15 - Trusted Zone: *.macromedia.com
O15 - Trusted Zone: *.radiant.com
O15 - Trusted Zone: *.radiantsystems.com
O15 - Trusted Zone: *.skillport.com
O15 - Trusted Zone: http://support.skillsoft.com
O15 - Trusted Zone: *.skillwsa.com
O15 - Trusted Zone: *.adobe.com (HKLM)
O15 - Trusted Zone: *.centra.com (HKLM)
O15 - Trusted Zone: *.fidelity.com (HKLM)
O15 - Trusted Zone: *.macromedia.com (HKLM)
O15 - Trusted Zone: *.radiant.com (HKLM)
O15 - Trusted Zone: *.radiantsystems.com (HKLM)
O15 - Trusted Zone: *.skillport.com (HKLM)
O15 - Trusted Zone: http://support.skillsoft.com (HKLM)
O15 - Trusted Zone: *.skillwsa.com (HKLM)
O15 - ESC Trusted Zone: http://*.ncr.com
O15 - ESC Trusted Zone: http://*.ncr.com (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/W...x/ieatgpc1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/J...etupClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.ncr.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.ncr.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.ncr.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.ncr.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Atlassian Confluence (Confluence121213112957) - Apache Software Foundation - C:\Program Files\Atlassian\Confluence\bin\tomcat6.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: McAfee Host Intrusion Prevention lpc Service (HipMgmt) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\HipMgmt.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe
O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\windows\system32\mfevtps.exe
O23 - Service: NCR Activate Core Service (NCR.APTRA.ActivateCoreSrv) - NCR - C:\Program Files\NCR APTRA\Activate Core Service\bin\NCR.APTRA.ActivateCoreSrv.exe
O23 - Service: NCRAggregateService - NCR - C:\Program Files\NCR APTRA\Aggregate Installer\AggSrv.exe
O23 - Service: O2FLASH - O2Micro International - C:\windows\system32\DRIVERS\o2flash.exe
O23 - Service: O2SDIOAssist - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Reliance Netconnect. OUC (Reliance Netconnect. RunOuc) - Unknown owner - C:\Program Files\Reliance Netconnect+\UpdateDog\ouc.exe
O23 - Service: RSO3 MiddleTier Service (RSO3MiddleTierService) - Adobe Systems - C:\Program Files\Adobe\RoboSource Control 3\RSO3MiddleTierService.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: USBWRNG - Jewettware - C:\Windows\System32\USBWRNG.EXE
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
--
End of file - 13665 bytes
--------------------------------------------------------------------------------------------------------------------------------------------------
dds.txt file
--------------------------------------------------------------------------------------------------------------------------------------------------
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545
Run by rs250483 at 12:22:16 on 2014-06-09
Microsoft Windows 7 Professional 6.1.7601.1.1252.91.1033.18.2977.1157 [GMT 5.5:30]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Host Intrusion Prevention Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\Program Files\NCR APTRA\Aggregate Installer\AggSrv.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Atlassian\Confluence\bin\tomcat6.exe
C:\windows\system32\conhost.exe
C:\windows\system32\conhost.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HipMgmt.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\McAfee\Endpoint Encryption Agent\MfeEpeHost.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\srvany.exe
C:\Windows\system32\SDIOAssist.exe
C:\ProgramData\Reliance Netconnect+\OnlineUpdate\ouc.exe
C:\Program Files\Adobe\RoboSource Control 3\RSO3MiddleTierService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\windows\system32\conhost.exe
C:\Windows\System32\USBWRNG.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\NCR APTRA\Activate Core Service\bin\NCR.APTRA.ActivateCoreSrv.exe
C:\windows\system32\CCM\CcmExec.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\taskhost.exe
C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\windows\explorer.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\rs250483\AppData\Local\Temp\Rar$EXa0.679\LastActivityView.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k AcfXAudioService
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://intranet.ncr.com
uWindow Title = Windows Internet Explorer provided by NCR IE9 Installation
uDefault_Page_URL = hxxps://intranet.ncr.com
uProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20140416085332.dll
BHO: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
TB: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - c:\program files\webex\productivity tools\ptonecli.dll
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [Apoint] \DellTPad\Apoint.exe
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [EZSETUP] d:\easy_setup\english\EZSetup.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NCR_AI_INVOKE] "c:\program files\ncr aptra\aggregate installer\SETUP.EXE"
mRun: [Communicator] "c:\program files\microsoft lync\communicator.exe" /fromrunkey
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
StartupFolder: c:\users\rs250483\appdata\roaming\micros~1\windows\startm~1\programs\startu p\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: Btn_Home = dword:1
uPolicies-Explorer: SpecifyDefaultButtons = dword:1
uPolicies-Explorer: Btn_Tools = dword:1
uPolicies-Windows\System: ExcludeProfileDirs = AppData\Roaming\Microsoft\Credentials;AppData\Roaming\Microsoft\Crypto;AppD ata\Roaming\Microsoft\Protect;AppData\Roaming\Microsoft\SystemCertificates; Application Data\Microsoft\Crypto;Application Data\Microsoft\Protect;Application Data\Microsoft\SystemCertificates
mPolicies-Explorer: NoPublishingWizard = dword:1
mPolicies-Explorer: NoWebServices = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: FilterAdministratorToken = dword:1
mPolicies-Windows\System: AllowX-ForestPolicy-and-RUP = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - c:\program files\microsoft lync\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Trusted Zone: adobe.com
Trusted Zone: centra.com
Trusted Zone: fidelity.com
Trusted Zone: macromedia.com
Trusted Zone: microsoft.com
Trusted Zone: radiant.com
Trusted Zone: radiantsystems.com
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
Trusted Zone: adobe.com
Trusted Zone: centra.com
Trusted Zone: fidelity.com
Trusted Zone: macromedia.com
Trusted Zone: microsoft.com
Trusted Zone: radiant.com
Trusted Zone: radiantsystems.com
Trusted Zone: skillport.com
Trusted Zone: skillwsa.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 125.22.47.125 202.56.250.5
TCP: Interfaces\{29C478CF-94FD-4680-8C68-97DF5F8F31A1} : DHCPNameServer = 125.22.47.125 202.56.250.5
TCP: Interfaces\{29C478CF-94FD-4680-8C68-97DF5F8F31A1}\357423530343 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{8BE188E0-10E9-4A12-AA75-1C71BB1B66CB} : DHCPNameServer = 131.222.138.30 192.127.26.102
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-9-6 573136]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-9-6 213872]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-5-18 17904]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2013-9-6 67400]
R2 AcfXAudioService;AcfXAudioService;c:\windows\system32\svchost.exe -k AcfXAudioService [2009-7-14 20992]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-5-18 81920]
R2 CipcCdp;Cisco IP Communicator driver for CDP;c:\windows\system32\drivers\CipcCdp.sys [2013-10-8 24064]
R2 Confluence121213112957;Atlassian Confluence;c:\program files\atlassian\confluence\bin\tomcat6.exe [2013-12-12 74752]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2013-12-18 525144]
R2 HipMgmt;McAfee Host Intrusion Prevention lpc Service;c:\program files\mcafee\host intrusion prevention\HipMgmt.exe [2013-12-18 153832]
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDe viceService.exe [2011-3-14 271712]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\mcafee\endpoint encryption agent\MfeEpeHost.exe [2013-8-8 1865760]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2012-8-13 177768]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2012-8-21 132712]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2013-9-6 204320]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2014-1-15 208416]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-9-6 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-9-6 174968]
R2 NCR.APTRA.ActivateCoreSrv;NCR Activate Core Service;c:\program files\ncr aptra\activate core service\bin\NCR.APTRA.ActivateCoreSrv.exe [2012-3-2 36864]
R2 NCRAggregateService;NCRAggregateService;c:\program files\ncr aptra\aggregate installer\AggSrv.exe [2013-9-11 10240]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [2012-5-18 8192]
R2 RSO3MiddleTierService;RSO3 MiddleTier Service;c:\program files\adobe\robosource control 3\RSO3MiddleTierService.exe [2007-9-20 28672]
R2 UDisk Monitor;UDisk Monitor;c:\program files\reliance netconnect+\bin\MonServiceUDisk.exe [2014-6-2 512000]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2012-5-18 2656280]
R2 USBWRNG;USBWRNG;c:\windows\system32\USBWRNG.EXE [2013-9-6 132096]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\accelern.sys [2012-5-18 44144]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2011-2-7 349736]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenu m.sys [2014-5-5 73216]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-5-18 269824]
R3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-5-18 41088]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-9-6 236480]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-9-6 365928]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2011-1-5 62440]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2011-3-24 63976]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 Reliance Netconnect. RunOuc;Reliance Netconnect. OUC;c:\program files\reliance netconnect+\updatedog\ouc.exe [2014-5-5 218624]
S3 acfva;acfva;c:\windows\system32\drivers\ACFVA32.sys [2012-5-18 87424]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2012-5-18 302120]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-5-18 33832]
S3 dgcfltr;DGC Filter Driver;c:\windows\system32\drivers\ACFDCP32.sys [2012-5-18 28928]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2014-5-5 102784]
S3 FireNfcp;McAfee Inc. FireNfcp;c:\windows\system32\drivers\FireNfcp.sys [2014-4-23 43352]
S3 Generalusbserialser20679;Legacy Serial Communication 20679;c:\windows\system32\drivers\CT_U_USBSER.sys [2014-6-2 108544]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2014-4-23 149864]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-9-6 66408]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-9-6 93144]
S3 O2MDFRDR;O2MDFRDR;c:\windows\system32\drivers\o2mdfw7.sys [2011-1-5 60904]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-9-6 52224]
.
=============== Created Last 30 ================
.
2014-06-09 06:48:50 388096 ----a-r- c:\users\rs250483\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2014-06-09 06:48:50 -------- d-----w- c:\program files\Trend Micro
2014-06-06 09:40:45 -------- d-----w- c:\users\rs250483\Syt
2014-06-06 09:20:10 -------- d-----w- c:\users\rs250483\StudioCHM
2014-06-02 10:10:38 -------- d-----w- c:\users\rs250483\appdata\roaming\arcot
2014-06-02 04:40:01 108544 ----a-w- c:\windows\system32\drivers\CT_U_USBSER.sys
2014-05-28 04:59:45 -------- d-----w- c:\users\rs250483\StudioUG_SourceDoc 4_files
2014-05-27 12:54:05 -------- d-----w- c:\program files\HTML Help Workshop
2014-05-21 06:16:39 -------- d-----w- c:\users\rs250483\appdata\roaming\Adobe Systems Incorporated
2014-05-21 05:07:05 -------- d-----w- c:\program files\common files\Macrovision Shared
2014-05-21 04:42:37 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2014-05-21 04:42:37 -------- d-----w- c:\program files\MagicDisc
2014-05-21 04:39:26 -------- d-----w- c:\users\rs250483\appdata\roaming\TuneUp Software
2014-05-21 04:39:26 -------- d-----w- c:\users\rs250483\appdata\local\TuneUp Software
2014-05-21 04:39:11 -------- d-----w- C:\_From nm185057
2014-05-21 04:39:03 -------- d-----w- c:\programdata\TuneUp Software
2014-05-21 04:38:58 -------- d-sh--w- c:\programdata\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-05-21 04:38:57 -------- d--h--w- c:\programdata\Common Files
2014-05-21 04:38:20 -------- d-----w- c:\users\rs250483\appdata\roaming\OpenCandy
2014-05-21 04:33:08 -------- d-----w- c:\program files\_From nm185057
2014-05-20 13:17:30 -------- d-----w- c:\users\rs250483\appdata\local\Sonic_Solutions
2014-05-20 13:00:53 -------- d-----w- c:\users\rs250483\appdata\roaming\Roxio Log Files
2014-05-20 11:49:43 -------- d-----w- c:\users\rs250483\appdata\roaming\Macrovision
.
==================== Find3M ====================
.
2014-05-21 18:33:46 43352 ----a-w- c:\windows\system32\drivers\FireNfcp.sys
2014-04-16 03:22:22 94080 ------w- c:\windows\system32\MfeOtlkAddin.dll
2014-04-16 03:22:22 93144 ------w- c:\windows\system32\drivers\mferkdet.sys
2014-04-16 03:22:22 573136 ------w- c:\windows\system32\drivers\mfehidk.sys
2014-04-16 03:22:22 25088 ------w- c:\windows\system32\MFEOtlk.dll
2014-04-16 03:22:22 213872 ------w- c:\windows\system32\drivers\mfewfpk.sys
2014-04-16 03:22:22 174968 ------w- c:\windows\system32\mfevtps.exe
2014-04-16 03:22:21 66408 ------w- c:\windows\system32\drivers\mfebopk.sys
2014-04-16 03:22:21 236480 ------w- c:\windows\system32\drivers\mfeavfk.sys
2014-04-16 03:22:21 134472 ------w- c:\windows\system32\drivers\mfeapfk.sys
2014-04-16 03:22:21 10568 ------w- c:\windows\system32\drivers\mfeclnk.sys
2014-04-08 15:00:34 237680 ------w- c:\windows\system32\dsGinaLoader.dll
2014-04-08 15:00:30 409712 ------w- c:\windows\system32\dsNcSmartCardProv.dll
2014-04-08 15:00:30 364656 ------w- c:\windows\system32\dsNcCredProv.dll
2014-04-08 14:32:44 27648 ------w- c:\windows\system32\drivers\dsNcAdpt.sys
.
============= FINISH: 12:22:56.38 ===============
--------------------------------------------------------------------------------------------------------------------------------------------------
attach.txt
--------------------------------------------------------------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 06-09-2013 05:21:42
System Uptime: 05-06-2014 03:59:01 (105 hours ago)
.
Motherboard: Dell Inc. | | 0Y3TWM
Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 250.298 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP45: 21-05-2014 10:12:44 - Device Driver Package Install: MagicISO, Inc. Storage controllers
RP46: 21-05-2014 10:35:02 - Installed Adobe RoboHelp 7
RP47: 21-05-2014 10:45:31 - Installed RoboSource Control 3.1
RP48: 21-05-2014 10:47:16 - Installed Adobe® PDF Creation Add-On
RP49: 21-05-2014 11:39:51 - Removed TuneUp Utilities 2014
RP50: 21-05-2014 11:40:18 - Removed TuneUp Utilities 2014 (en-GB)
RP51: 21-05-2014 12:05:33 - Windows Update
RP52: 28-05-2014 18:04:52 - Scheduled Checkpoint
RP53: 09-06-2014 12:18:32 - Installed HiJackThis
.
==== Installed Programs ======================
.
.NET 2.x Runtime
_NCR License for Microsoft Office 2003 Standard
_NCR License for Microsoft Office Standard 2010
3rd Party Runtime
AccelerometerP11
Activate Core Service
ActiveXFS Controls
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Adobe RoboHelp 7
Adobe® PDF Creation Add-On
Aggregate Builder
APTRA Activate Reference Application
APTRA Simulator 94.00.00.06
Broadcom NetXtreme-I Netlink Driver and Management Installer
Camtasia Studio 6
Cisco EAP-FAST Module
Cisco IP Communicator
Cisco LEAP Module
Cisco PEAP Module
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system
Conexant USB D400 V.92 Modem
Configuration Manager Client
Confluence 5.4
CyberLink PowerDVD 9.5
Dell Touchpad
DirectX 9 Runtime
DW WLAN Card Utility
Easy PC Asset Information
Easy Setup Installer
HiJackThis
HTML Help Workshop
IDT Audio
ImgBurn
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 6 Update 24
Juniper Networks Host Checker
Juniper Networks Network Connect 7.1.0
Juniper Networks Network Connect 7.4.0
Juniper Networks, Inc. Setup Client
Juniper Networks, Inc. Setup Client Activex Control
MagicDisc 2.7.106
McAfee Agent
McAfee Endpoint Encryption Agent
McAfee Host Intrusion Prevention
McAfee SiteAdvisor Enterprise
McAfee VirusScan Enterprise
Microsoft .NET Framework 4 Client Profile
Microsoft Lync 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSXML 4.0 SP2 (KB954430)
NCR USB Warning
O2Micro Flash Memory Card Windows Driver
Problem Determination Analysis
Problem Determination Collection
Reliance Netconnect+
RoboSource Control 3.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 32-Bit Edition
SPL COM Dependencies 92.01.00.02
Studio for APTRA Activate
Studio for APTRA Activate 93.03.00.04
WebEx Productivity Tools
WebEx Recorder and Player
WIDCOMM Bluetooth Software
WinRAR 5.10 beta 4 (32-bit)
WinZip 14.0
XFS Manager
XFS Simulator
.
==== Event Viewer Messages From Past Week ========
.
09-06-2014 11:46:27, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {EE1BD859-AACD-48FE-A9B6-9358DC21ADAE} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
09-06-2014 11:46:11, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain CORP due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
09-06-2014 11:45:08, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
06-06-2014 09:54:48, Error: Microsoft-Windows-GroupPolicy [1097] - The processing of Group Policy failed. Windows could not determine the computer account to enforce Group Policy settings. This may be transient. Group Policy settings, including computer configuration, will not be enforced for this computer.
06-06-2014 09:54:27, Error: Microsoft-Windows-GroupPolicy [1080] - The processing of Group Policy failed. Windows could not search the Active Directory organization unit hierarchy. View the event details for more information.
02-06-2014 10:10:46, Error: Service Control Manager [7030] - The UDisk Monitor service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
--------------------------------------------------------------------------------------------------------------------------------------------------