Advanced System Protector and many other!!!

DR M · May 09, 2014, 11:38:57 AM

OK, Corrine.

ESET'S LOG (I followed instructions in your last post)

C:\Users\???????????\Documents\ApnStub.exe   a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Users\???????????\Downloads\FreeStudio.exe   Win32/Toolbar.Conduit potentially unwanted application
C:\Users\???????????\Downloads\FreeYouTubeDownload.exe   Win32/OpenCandy potentially unsafe application
C:\Users\???????????\Downloads\iMeshSetup-r1227-n-bc.exe   Win32/Toolbar.SearchSuite potentially unwanted application

DDS LOGS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by ΙΕΡΑΠΟΣΤΟΛΗ at 14:26:52 on 2014-05-09
Microsoft Windows 7 Professional 6.1.7601.1.1253.30.1033.18.4030.2277 [GMT 3:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\MCShield\MCShieldRTM.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\igfxsrvc.exe
C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\Desktop\dds.scr
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.bing.com?pc=CMNTDF
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: File Sanitizer for HP ProtectTools: {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coieplg.dll
uRun: [MCShield Monitor] C:\Program Files (x86)\MCShield\mcshieldrtm.exe
uRun: [Google Update] "C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [Uninstall C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
uRunOnce: [Uninstall C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64] C:\windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1\amd64"
uRunOnce: [Uninstall C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1] C:\windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627_1"
uRunOnce: [Uninstall C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] C:\windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
uRunOnce: [Uninstall C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] C:\windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.10.254
TCP: Interfaces\{21E34C60-FA16-419C-B9A5-3EBC965CDBF9} : DHCPNameServer = 192.168.10.254
TCP: Interfaces\{21E34C60-FA16-419C-B9A5-3EBC965CDBF9}\3334F6D6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FB341710-0A27-43B2-B118-4A7E07F7D6A1} : DHCPNameServer = 192.168.10.254
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: DeviceNP - DeviceNP.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = EpePcNp64 DPPassFilter scecli
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coieplg.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Roaming\Mozilla\Firefox\Profiles\5ef4b4g8.default\
.
============= SERVICES / DRIVERS ===============
.
R0 MfeEpeOpal;MfeEpeOpal;C:\windows\System32\drivers\MfeEpeOpal.sys [2013-2-1 101288]
R0 MfeEpePc;MfeEpePc;C:\windows\System32\drivers\MfeEpePc.sys [2013-2-1 158888]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-9-18 55280]
R0 Sahdad64;HDD Filter Driver;C:\windows\System32\drivers\Sahdad64.sys [2012-9-18 27120]
R0 Saibad64;Volume Filter Driver;C:\windows\System32\drivers\Saibad64.sys [2012-9-18 19952]
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1502000.026\symds64.sys [2014-3-23 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1502000.026\symefa64.sys [2014-3-23 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [2014-4-17 1525976]
R1 ccSet_NIS;NIS Settings Manager;C:\windows\System32\drivers\NISx64\1502000.026\ccsetx64.sys [2014-3-23 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140508.001\IDSviA64.sys [2014-5-9 525016]
R1 SaibVdAd64;Virtual Disk Driver;C:\windows\System32\drivers\SaibVdAd64.sys [2012-9-18 27632]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1502000.026\ironx64.sys [2014-3-23 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1502000.026\symnets.sys [2014-3-23 593112]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-6-2 457200]
R2 ABBYY.Licensing.FineReader.Professional.12.0;ABBYY FineReader 12 PE Licensing Service;C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe [2014-1-23 925904]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-12-1 89600]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-8-19 211584]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2011-7-15 137272]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HPDayStarterService;HP DayStarter Service;C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [2011-1-28 133688]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2013-5-13 270624]
R2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2011-2-7 320000]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-6-20 523680]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2012-9-24 31040]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-15 13336]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2010-11-29 210896]
R2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [2013-2-1 1323008]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe [2014-3-23 276376]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-12-25 1128952]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-9-15 113264]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-15 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2012-7-19 2714232]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-8-19 323584]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2013-6-24 88728]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2013-6-24 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2013-6-24 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2013-6-24 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2013-6-24 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2013-6-24 77464]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2013-6-24 135832]
R3 BtFilter;BtFilter;C:\windows\System32\drivers\btfilter.sys [2013-6-24 567808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-1-11 137648]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-9-15 317440]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2013-6-24 175928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-11 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-11 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2013-6-24 708200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2011-3-7 62184]
S3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;C:\windows\System32\drivers\AthDfu.sys [2012-8-19 55448]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S3 DAMDrv;DAMDrv;C:\windows\System32\drivers\DAMDrv64.sys [2011-5-10 64312]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\Windows\SysWOW64\flcdlock.exe [2011-9-5 476728]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-9-15 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]
S3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2012-9-5 1420192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-4-27 111616]
S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-9-5 1255736]
.
=============== File Associations ===============
.
ShellExec: DigitalTheatre.exe: open="c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2014-05-08 15:28:47   --------   d-----w-   C:\Program Files (x86)\ESET
2014-05-08 12:42:18   --------   d-----w-   C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Roaming\Mozilla
2014-05-08 12:42:05   --------   d-----w-   C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-08 11:58:31   --------   d-s---w-   C:\windows\System32\CompatTel
2014-05-07 19:40:37   536576   ----a-w-   C:\windows\SysWow64\sqlite3.dll
2014-05-07 19:28:52   --------   d-----w-   C:\windows\ERUNT
2014-05-07 17:27:59   --------   d-----w-   C:\Users\???????????\AppData\Local\Microsoft
2014-05-07 17:22:38   --------   d-----w-   C:\ProgramData\MCShield
2014-05-07 17:22:38   --------   d-----w-   C:\Program Files (x86)\MCShield
2014-05-07 14:51:30   465408   ----a-w-   C:\windows\System32\aepdu.dll
2014-05-07 14:51:30   424448   ----a-w-   C:\windows\System32\aeinv.dll
2014-05-02 21:20:16   2724864   ----a-w-   C:\windows\SysWow64\mshtml.tlb
2014-05-02 21:20:16   2724864   ----a-w-   C:\windows\System32\mshtml.tlb
2014-05-02 20:03:46   --------   d-----w-   C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Roaming\WildTangent
2014-04-10 03:32:43   27584   ----a-w-   C:\windows\System32\drivers\Diskdump.sys
.
==================== Find3M ====================
.
2014-04-30 15:31:30   70832   ----a-w-   C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-30 15:31:30   692400   ----a-w-   C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-06 09:31:33   4096   ----a-w-   C:\windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04   66048   ----a-w-   C:\windows\System32\iesetup.dll
2014-03-06 08:57:34   548352   ----a-w-   C:\windows\System32\vbscript.dll
2014-03-06 08:57:20   48640   ----a-w-   C:\windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40   139264   ----a-w-   C:\windows\System32\ieUnatt.exe
2014-03-06 08:29:14   111616   ----a-w-   C:\windows\System32\ieetwcollector.exe
2014-03-06 08:28:15   752640   ----a-w-   C:\windows\System32\jscript9diag.dll
2014-03-06 08:15:54   940032   ----a-w-   C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41   5784064   ----a-w-   C:\windows\System32\jscript9.dll
2014-03-06 08:02:34   61952   ----a-w-   C:\windows\SysWow64\iesetup.dll
2014-03-06 08:02:33   455168   ----a-w-   C:\windows\SysWow64\vbscript.dll
2014-03-06 08:01:01   51200   ----a-w-   C:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43   38400   ----a-w-   C:\windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36   4254720   ----a-w-   C:\windows\SysWow64\jscript9.dll
2014-03-06 07:38:13   112128   ----a-w-   C:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40   592896   ----a-w-   C:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43   32256   ----a-w-   C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15   2043904   ----a-w-   C:\windows\System32\inetcpl.cpl
2014-03-06 06:40:39   1967104   ----a-w-   C:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40   2260480   ----a-w-   C:\windows\System32\wininet.dll
2014-03-06 05:41:49   1789440   ----a-w-   C:\windows\SysWow64\wininet.dll
2014-03-04 09:44:21   362496   ----a-w-   C:\windows\System32\wow64win.dll
2014-03-04 09:44:21   243712   ----a-w-   C:\windows\System32\wow64.dll
2014-03-04 09:44:21   13312   ----a-w-   C:\windows\System32\wow64cpu.dll
2014-03-04 09:44:03   16384   ----a-w-   C:\windows\System32\ntvdm64.dll
2014-03-04 09:17:19   14336   ----a-w-   C:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05   44032   ----a-w-   C:\windows\apppatch\acwow64.dll
2014-03-04 09:16:54   25600   ----a-w-   C:\windows\SysWow64\setup16.exe
2014-03-04 09:16:18   5120   ----a-w-   C:\windows\SysWow64\wow32.dll
2014-03-04 08:09:30   7680   ----a-w-   C:\windows\SysWow64\instnm.exe
2014-03-04 08:09:29   2048   ----a-w-   C:\windows\SysWow64\user.exe
2014-03-04 04:18:12   1148120   ----a-w-   C:\windows\System32\drivers\NISx64\1502000.026\symefa64.sys
2014-02-18 01:32:41   593112   ----a-w-   C:\windows\System32\drivers\NISx64\1502000.026\symnets.sys
2014-02-13 01:59:49   875736   ----a-w-   C:\windows\System32\drivers\NISx64\1502000.026\srtsp64.sys
.
============= FINISH: 14:27:19,90 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/9/2012 10:39:37 μμ
System Uptime: 9/5/2014 2:05:36 μμ (0 hours ago)
.
Motherboard: Hewlett-Packard | | 167C
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 572 GiB total, 477,762 GiB free.
E: is FIXED (NTFS) - 19 GiB total, 2,838 GiB free.
F: is FIXED (FAT32) - 5 GiB total, 2,101 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP137: 27/4/2014 4:59:40 μμ - Windows Update
RP138: 3/5/2014 12:19:18 πμ - Windows Update
RP139: 7/5/2014 8:07:08 μμ - Removed ArcSoft Webcam Sharing Manager.
RP140: 7/5/2014 8:08:27 μμ - Removed ArcSoft TotalMedia.
RP141: 8/5/2014 2:57:41 μμ - Windows Update
.
==== Installed Programs ======================
.
Συλλογή φωτογραφιών
Ενημερωμένη έκδοση Microsoft Office Excel 2007 Help (KB963678)
Ενημερωμένη έκδοση Microsoft Office Powerpoint 2007 Help (KB963669)
Ενημερωμένη έκδοση Microsoft Office Word 2007 Help (KB963665)
ABBYY FineReader 12 Professional
Adobe Flash Player 13 ActiveX
Adobe Reader XI (11.0.06)
Agatha Christie - Peril at End House
ArcSoft TotalMedia
BCL easyConverter Desktop 3 (Word Version)
Bejeweled 2 Deluxe
Bing Bar
Blasterball 3
Bounce Symphony
Build-a-Lot - The Elizabethan Era
Cake Mania
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Device Access Manager for HP ProtectTools
Diner Dash 2 Restaurant Rescue
DirectX 9 Runtime
Drive Encryption For HP ProtectTools
Energy Star Digital Logo
ESET Online Scanner v3
Evernote v. 4.6
Face Recognition for HP ProtectTools
Farm Frenzy
FATE
File Sanitizer For HP ProtectTools
Fotogalerie
Galerie de photos
Google Chrome
Google Toolbar for Internet Explorer
Hewlett-Packard ACLM.NET v1.2.2.3
HP 3D DriveGuard
HP Auto
HP Connection Manager
HP Customer Experience Enhancements
HP DayStarter
HP Documentation
HP ESU for Microsoft Windows 7
HP Game Console
HP Games
HP Hotkey Support
HP Power Assistant
HP ProtectTools Security Manager
HP QuickWeb
HP Setup
HP SoftPaq Download Manager
HP Software Framework
HP Software Setup
HP Support Assistant
HP System Default Settings
HP Wallpaper
HP Webcam Driver
IDT Audio
Insaniquarium Deluxe
Intel(R) Identity Protection Technology 1.0.71.0
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Jewel Quest II
Jewel Quest Solitaire
JMicron Flash Media Controller Driver
John Deere Drive Green
Junk Mail filter update
KeyboardTest V3.0
Malwarebytes Anti-Malware version 1.75.0.1300
MCShield ::Anti-Malware Tool::
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (Greek) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Greek) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove MUI (Greek) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (Greek) 2007
Microsoft Office Language Pack 2007 - Greek/Ελληνικά
Microsoft Office O MUI (Greek) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (Greek) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (Greek) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Greek) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Greek) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Greek) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (Greek) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (Greek) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Greek) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (Greek) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Greek) 2007
Microsoft Office X MUI (Greek) 2007
Microsoft OneDrive
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft_VC90_CRT_x86
Movie Maker
Mozilla Firefox 29.0 (x86 el)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
PDF Complete Special Edition
Penguins!
Photo Common
Photo Gallery
Plants vs. Zombies
Polar Bowler
Privacy Manager for HP ProtectTools
Qualcomm Atheros Bluetooth Suite (64)
Qualcomm Atheros Driver Installation Program
Raccolta foto
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller All-In-One Windows Driver
RealUpgrade 1.1
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2010 Pro
Roxio Disaster Recovery
Roxio File Backup
Roxio PhotoShow
Roxio Video Capture USB
SDK
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition
Skype™ 6.11
Slingo Deluxe
SmartSound Quicktracks Plugin
Synaptics Pointing Device Driver
Theft Recovery for HP ProtectTools
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Validity Fingerprint Sensor Driver
VD64Inst
VIP Access SDK x64(1.0.0.50)
Virtual Villagers - The Secret City
VLC media player 2.0.3
VueScan
Wedding Dash
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 14.5
Xobni
Xobni Core
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
9/5/2014 2:06:48 μμ, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
8/5/2014 6:20:08 μμ, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
8/5/2014 6:17:13 μμ, Error: Service Control Manager [7034] - The File Sanitizer for HP ProtectTools service terminated unexpectedly. It has done this 1 time(s).
8/5/2014 6:10:24 μμ, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
8/5/2014 4:13:11 μμ, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/5/2014 4:05:44 μμ, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
8/5/2014 3:31:41 μμ, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
8/5/2014 3:06:55 μμ, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
8/5/2014 3:00:52 μμ, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
8/5/2014 2:54:05 μμ, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
7/5/2014 11:27:07 μμ, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
.
==== End Of File ===========================

Corrine · May 09, 2014, 02:09:29 PM

Hi, Panos.

There are some orphaned items that we can take care of with ComboFix along with the downloaded PUPs.

Please follow these instructions carefully. Download ComboFix from the following location: Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.

Note: If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum: How to disable your security applications.
If infections are found, ComboFix will automatically reboot the machine to complete the removal process. Please ensure all opened windows are closed before proceeding.
Double-click ComboFix.exe on your desktop and follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.

DR M · May 09, 2014, 05:33:23 PM

Hi, Corrine. Let's take a ... combofix then! (Can it cure the flu too? Here the weather is bad. For ten days it was summer, with 30 degrees C, and the last three days we have winter with 16 degrees...)

I will be back as soon as Combofix finishes its job.

DR M · May 09, 2014, 05:56:37 PM

And the log:

ComboFix 14-05-07.03 - ΙΕΡΑΠΟΣΤΟΛΗ 09/05/2014 20:39:28.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1253.30.1033.18.4030.2030 [GMT 3:00]
Running from: c:\users\-+?+?????T?\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-04-09 to 2014-05-09 )))))))))))))))))))))))))))))))
.
.
2014-05-08 15:28 . 2014-05-08 15:28   --------   d-----w-   c:\program files (x86)\ESET
2014-05-08 12:42 . 2014-05-08 12:42   --------   d-----w-   c:\users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Mozilla
2014-05-08 12:42 . 2014-05-08 12:42   --------   d-----w-   c:\program files (x86)\Mozilla Maintenance Service
2014-05-08 11:58 . 2014-05-08 11:58   --------   d-s---w-   c:\windows\system32\CompatTel
2014-05-07 19:40 . 2010-08-30 05:34   536576   ----a-w-   c:\windows\SysWow64\sqlite3.dll
2014-05-07 19:28 . 2014-05-07 19:28   --------   d-----w-   c:\windows\ERUNT
2014-05-07 17:27 . 2014-05-07 17:27   --------   d-----w-   c:\users\0D50~1
2014-05-07 17:22 . 2014-05-09 11:32   --------   d-----w-   c:\programdata\MCShield
2014-05-07 17:22 . 2014-05-07 17:22   --------   d-----w-   c:\program files (x86)\MCShield
2014-05-07 14:51 . 2014-04-14 02:24   465408   ----a-w-   c:\windows\system32\aepdu.dll
2014-05-07 14:51 . 2014-04-14 02:19   424448   ----a-w-   c:\windows\system32\aeinv.dll
2014-05-02 21:20 . 2014-04-29 14:01   23547904   ----a-w-   c:\windows\system32\mshtml.dll
2014-05-02 21:20 . 2014-04-29 13:40   2724864   ----a-w-   c:\windows\system32\mshtml.tlb
2014-05-02 21:20 . 2014-04-29 12:34   2724864   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2014-05-02 20:03 . 2014-05-02 20:03   --------   d-----w-   c:\users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Roaming\WildTangent
2014-05-02 19:24 . 2014-05-02 19:24   --------   d-sh--w-   c:\users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\EmieUserList
2014-05-02 19:24 . 2014-05-02 19:24   --------   d-sh--w-   c:\users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\EmieSiteList
2014-04-10 03:32 . 2014-02-04 02:35   190912   ----a-w-   c:\windows\system32\drivers\storport.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-30 15:31 . 2012-09-18 05:46   70832   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-30 15:31 . 2012-09-18 05:46   692400   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-16 13:38 . 2012-09-04 22:45   90655440   ----a-w-   c:\windows\system32\MRT.exe
2014-03-04 09:17 . 2014-04-10 03:32   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2014-03-04 04:18 . 2014-03-23 16:53   1148120   ----a-w-   c:\windows\system32\drivers\NISx64\1502000.026\symefa64.sys
2014-02-18 01:32 . 2014-03-23 16:53   593112   ----a-w-   c:\windows\system32\drivers\NISx64\1502000.026\symnets.sys
2014-02-13 01:59 . 2014-03-23 16:53   875736   ----a-w-   c:\windows\system32\drivers\NISx64\1502000.026\srtsp64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-05 05:15   223432   ----a-w-   c:\users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-05 05:15   223432   ----a-w-   c:\users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-05 05:15   223432   ----a-w-   c:\users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="c:\program files (x86)\MCShield\mcshieldrtm.exe" [2014-04-11 650816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2011-05-09 23:43   75320   ----a-w-   c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ     DPPassFilter scecli
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe
R2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe;c:\program files (x86)\Xobni\XobniService.exe
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftVCapture.sys
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys;c:\windows\SYSNATIVE\DRIVERS\DAMDrv64.sys
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe;c:\windows\SysWOW64\flcdlock.exe
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe
R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe
S0 MfeEpeOpal;MfeEpeOpal;
S0 MfeEpePc;MfeEpePc;
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys;c:\windows\SYSNATIVE\Drivers\Sahdad64.sys
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys;c:\windows\SYSNATIVE\Drivers\Saibad64.sys
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1502000.026\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\SYMDS64.SYS
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1502000.026\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\SYMEFA64.SYS
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\ccSetx64.sys
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140508.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140508.001\IDSvia64.sys
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys;c:\windows\SYSNATIVE\Drivers\SaibVdAd64.sys
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1502000.026\Ironx64.SYS
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1502000.026\SYMNETS.SYS
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe;c:\program files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
S2 ABBYY.Licensing.FineReader.Professional.12.0;ABBYY FineReader 12 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe;c:\program files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe
S2 McAfee Endpoint Encryption Agent;McAfee Endpoint Encryption Agent;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe;c:\program files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 15:31]
.
2014-05-02 c:\windows\Tasks\HPCeeScheduleForIERAPOSTOLI-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 01:43]
.
2014-05-07 c:\windows\Tasks\HPCeeScheduleForΙΕΡΑΠΟΣΤΟΛΗ.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 01:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-05 05:15   262344   ----a-w-   c:\users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-05 05:15   262344   ----a-w-   c:\users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-05 05:15   262344   ----a-w-   c:\users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-15 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-15 416024]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.254
FF - ProfilePath - c:\users\ΙΕΡΑΠΟΣΤΟΛΗ\AppData\Roaming\Mozilla\Firefox\Profiles\5ef4b4g8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.2.0.38;c:\program files (x86)\Norton Internet Security\Engine64\21.2.0.38"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="*Spammer*?????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="*Spammer*?????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-05-09 20:51:34 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-09 17:51
.
Pre-Run: 512.827.174.912 bytes free
Post-Run: 512.162.660.352 bytes free
.
- - End Of File - - 8DD8A6B3DF9400D153AE02A3B6406240

Corrine · May 09, 2014, 06:44:41 PM

Hi, Panos.

With the problem ESET had interpreting the Greek username, I doubt ComboFix will find the files to delete, although we could give it a try. However, I think it would be better for you to manually delete those files since one was labeled as "potentially unsafe" and the others as "potentially unwanted). The first file is in the documents folder. You may need to search for the file. I've bolded the location/file names.

C:\Users\???????????\Documents\ApnStub.exe
C:\Users\???????????\Downloads\FreeStudio.exe
C:\Users\???????????\Downloads\FreeYouTubeDownload.exe
C:\Users\???????????\Downloads\iMeshSetup-r1227-n-bc.exe

After deleting, please empty the recycle bin.

How is the computer now?

DR M · May 09, 2014, 06:52:22 PM

I deleted them. The computer is working fine. I have made a restart and it took almost 2 minutes to load Windows. So, it is much better than before. :smiley:

Corrine · May 09, 2014, 07:16:00 PM

Excellent!

Let's go ahead and uninstall ComboFix. Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

You can delete Security Check and DDS from your friend's computer. Seeing as how Adobe and Java were up to date, either you took care of that or your friend is staying on top of third-party programs. (There will be critical security updates for Adobe Reader next Tuesday.)

Please caution your friend to be watchful for pre-checked options when installing programs. The Safe Computing Practices and other recommendations in this updated copy of "So how did I get infected in the first place?" may also be useful.

DR M · May 09, 2014, 07:17:59 PM

I just noticed that google page, when I use Internet Explorer, is a blank page now. With Firefox is ok.

Corrine · May 09, 2014, 07:22:18 PM

It was likely cleared with AdwCleaner. Just go ahead and reset it.

DR M · May 09, 2014, 07:33:12 PM

Corrine, everything is ok, except combofix. I get the message that Windows cannot find it. But the shortcut is on the desktop.

Corrine · May 09, 2014, 07:35:10 PM

Let's give this a try. Please download Delfix from here.

Ensure the following boxes are checked:

Remove disinfection tools
Create registry backup
Purge system restore

Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

DR M · May 09, 2014, 07:42:09 PM

Ok! :mitch:

# DelFix v10.7 - Logfile created 09/05/2014 at 22:39:33
# Updated 27/04/2014 by Xplode
# Username : ΙΕΡΑΠΟΣΤΟΛΗ - IERAPOSTOLI-HP
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\Qoobox
Deleted : C:\ComboFix.txt
Deleted : C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\Desktop\ComboFix.exe
Deleted : C:\Users\ΙΕΡΑΠΟΣΤΟΛΗ\Desktop\TFC.exe
Deleted : C:\windows\grep.exe
Deleted : C:\windows\PEV.exe
Deleted : C:\windows\NIRCMD.exe
Deleted : C:\windows\MBR.exe
Deleted : C:\windows\SED.exe
Deleted : C:\windows\SWREG.exe
Deleted : C:\windows\SWSC.exe
Deleted : C:\windows\SWXCACLS.exe
Deleted : C:\windows\Zip.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #137 [Windows Update | 04/27/2014 13:59:40]
Deleted : RP #138 [Windows Update | 05/02/2014 21:19:18]
Deleted : RP #139 [Removed ArcSoft Webcam Sharing Manager. | 05/07/2014 17:07:08]
Deleted : RP #140 [Removed ArcSoft TotalMedia. | 05/07/2014 17:08:27]
Deleted : RP #141 [Windows Update | 05/08/2014 11:57:41]

New restore point created !

########## - EOF - ##########

DR M · May 09, 2014, 07:56:50 PM

Corrine, I don't feel very well, so I will go to bed... Thank you and I apologize for leaving in the middle of the process. I will be back tomorrow. Good night.

Corrine · May 09, 2014, 08:19:33 PM

Not to worry, we're all set here. You can return the computer to your friend. I hope you feel better tomorrow. Take care, Panos.

DR M · May 10, 2014, 10:09:12 AM

Thank you, Corrine! Just a big THANK YOU! God bless you! :rose: