Recent Posts

Pages: [1] 2 3 ... 10
After Facebook publicized its intentions to simplify its privacy policy starting in January, a growing number of users have opposed the changes by sharing a private note on their accounts that purports to protect their ownership of their information and photographs.

Post Here for Malware Removal ... / Re: [In Progress] posting for Malware removal
« Last post by Hoov on December 18, 2014, 08:35:19 pm »
Hello, welcome to SpywareHammer.

I go by Hoov, and I will be helping you with your problem. I must ask you to do a few things for me.

First, tell me everything that you have done, if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up. Also let me know of any software you have running that encrypts your harddrive.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.

Can you tell me what problems you are having?
Post Here for Malware Removal ... / [In Progress] posting for Malware removal
« Last post by C Clarke on December 18, 2014, 06:10:16 pm »
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.71.2
Run by Carolyn Clarke at 17:26:22 on 2014-12-18
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2934.1365 [GMT -6:00]
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
============== Running Processes ================
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Froyo_Android_Driver\Bin\MonServiceUDisk.exe
C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Google\Update\\GoogleCrashHandler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft\BingBar\\SeaPort.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\USB Camera\VM331_STI.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Users\Carolyn Clarke\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Program Files\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
============== Pseudo HJT Report ===============
uStart Page = hxxp://
uProxyServer = 127.0.01.:8555
uProxyOverride =;localhost;10.*;192.168.*;;;*.local;<local>
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\\BingExt.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: ooVoo toolbar, powered by {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\\GenericAskToolbar.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: AlxHelper Class: {F443A627-5009-4323-9C1D-7FD598D0D712} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: ooVoo toolbar, powered by {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\\GenericAskToolbar.dll
TB: ooVoo toolbar, powered by {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\\GenericAskToolbar.dll
TB: Amazon Browser Bar: {EA582743-9076-4178-9AA6-7393FDF4D5CE} - c:\program files\amazon browser bar\AmazonBrowserBar.3.0.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - c:\program files\microsoft\bingbar\\BingExt.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [NextLive] c:\windows\system32\rundll32.exe "c:\users\carolyn clarke\appdata\roaming\\nengine.dll",EntryPoint -m l
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN357BXHV105KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [Facebook Update] "c:\users\carolyn clarke\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Driver Detective] c:\program files\pc drivers headquarters\driver detective\DriversHQ.DriverDetective.Client.exe /applicationMode:systemTray /showWelcome:false
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRunOnce: [Uninstall c:\users\carolyn clarke\appdata\local\microsoft\skydrive\16.4.6013.0910] c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\carolyn clarke\appdata\local\microsoft\skydrive\16.4.6013.0910"
uRunOnce: [Uninstall c:\users\carolyn clarke\appdata\local\microsoft\skydrive\17.0.4024.1220] c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\carolyn clarke\appdata\local\microsoft\skydrive\17.0.4024.1220"
uRunOnce: [Adobe Speed Launcher] 1418937569
mRun: [IntelWirelessWiMAX] "c:\program files\intel\wimax\bin\WiMAXCU.exe" /tasktray /nosplash
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\Utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [331BigDog] c:\program files\usb camera\VM331_STI.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://
TCP: NameServer =
TCP: Interfaces\{2B3EDD68-AA06-4995-A920-DAE643B35ABA} : DHCPNameServer =
TCP: Interfaces\{2B3EDD68-AA06-4995-A920-DAE643B35ABA}\14E6769656932313 : DHCPNameServer =
TCP: Interfaces\{2B3EDD68-AA06-4995-A920-DAE643B35ABA}\4736C61627B6561647479773 : DHCPNameServer =
TCP: Interfaces\{2B3EDD68-AA06-4995-A920-DAE643B35ABA}\E45445745414250333 : DHCPNameServer =
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\39.0.2171.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
============= SERVICES / DRIVERS ===============
R0 LHDmgr;LHDmgr;c:\windows\system32\drivers\LhdX86.sys [2010-1-15 32352]
R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2013-4-24 40648]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 176128]
R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg32.exe [2012-12-13 190592]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\intel\wimax\bin\DMAgent.exe [2012-7-18 446464]
R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\common files\epson\epw!3 ssrp\E_JT50RP.EXE [2013-2-19 130944]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2014-4-1 49464]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe [2013-4-26 390440]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2010-10-25 23136]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\\SeaPort.EXE [2014-3-11 247968]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\drivers\bpenum.sys [2012-7-3 67584]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2014-12-16 111408]
R3 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\drivers\FPSensor.sys [2011-4-21 30000]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-12-13 348776]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-4-24 37064]
R3 vm331avs;Digital Camera 1;c:\windows\system32\drivers\vm331avs.sys [2012-12-13 218368]
R3 vmuvcflt;Vimicro USB Camera Filter;c:\windows\system32\drivers\vmuvcflt.sys [2012-12-13 5888]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2013-4-26 570664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-1-22 88576]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2013-7-30 49664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2014-3-31 1512640]
S3 Generalusbserialser20675;USB Legacy Serial Communication 20675;c:\windows\system32\drivers\CT_U_USBSER.sys [2013-8-4 112456]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-12-16 102912]
S3 LSCWinService;LSCWinService;c:\program files\lenovo\lenovo solution center\app\LSCWinService.exe [2014-9-3 272776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUVStor.sys [2012-12-13 226408]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [2014-2-4 98560]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-1-22 184192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-13 52224]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
=============== Created Last 30 ================
2014-12-17 19:42:01   539984   ----a-w-   c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2014-12-17 18:47:40   115712   ----a-w-   c:\windows\system32\ieUnatt.exe
2014-12-17 01:10:55   96680   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-12-16 23:47:08   --------   d-sh--w-   c:\users\carolyn clarke\appdata\local\EmieBrowserModeList
2014-12-16 22:58:40   23040   ----a-w-   c:\windows\system32\mfpmp.exe
2014-12-16 22:58:40   2048   ----a-w-   c:\windows\system32\mferror.dll
2014-12-16 22:58:40   103424   ----a-w-   c:\windows\system32\mfps.dll
2014-12-16 22:58:39   50176   ----a-w-   c:\windows\system32\rrinstaller.exe
2014-12-16 22:58:39   3209728   ----a-w-   c:\windows\system32\mf.dll
2014-12-16 22:31:59   4299264   ----a-w-   c:\windows\system32\jscript9.dll
2014-12-16 22:30:59   155136   ----a-w-   c:\windows\system32\charmap.exe
2014-12-16 22:30:59   1177088   ----a-w-   c:\windows\system32\WsmSvc.dll
2014-12-16 22:30:58   571904   ----a-w-   c:\windows\system32\oleaut32.dll
2014-12-16 22:30:58   248832   ----a-w-   c:\windows\system32\WSManMigrationPlugin.dll
2014-12-16 22:30:58   214016   ----a-w-   c:\windows\system32\WsmWmiPl.dll
2014-12-16 22:30:58   198656   ----a-w-   c:\windows\system32\WSManHTTPConfig.exe
2014-12-16 22:30:58   145920   ----a-w-   c:\windows\system32\WsmAuto.dll
2014-12-16 22:23:46   9054624   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{4fc5dc21-fd44-4498-baa9-facbcfe9d44a}\mpengine.dll
2014-12-16 22:22:54   701440   ----a-w-   c:\windows\system32\IMJP10K.DLL
2014-12-16 22:21:01   2363904   ----a-w-   c:\windows\system32\msi.dll
2014-12-03 06:31:20   227048   ----a-w-   c:\program files\internet explorer\plugins\nppdf32.dll
2014-11-25 19:59:38   18638520   ----a-w-   c:\program files\common files\microsoft shared\office14\MSO.DLL
2014-11-19 10:31:16   1217192   ----a-w-   c:\windows\system32\FM20.DLL
==================== Find3M  ====================
2014-12-17 20:28:24   71344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-17 20:28:24   701104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2014-11-24 20:04:58   229000   ------w-   c:\windows\system32\MpSigStub.exe
2014-11-22 02:20:44   2724864   ----a-w-   c:\windows\system32\mshtml.tlb
2014-11-22 02:20:30   4096   ----a-w-   c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07:43   501248   ----a-w-   c:\windows\system32\vbscript.dll
2014-11-22 02:07:17   62464   ----a-w-   c:\windows\system32\iesetup.dll
2014-11-22 02:06:32   47616   ----a-w-   c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05:02   64000   ----a-w-   c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55:14   102912   ----a-w-   c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54:30   620032   ----a-w-   c:\windows\system32\jscript9diag.dll
2014-11-22 01:48:26   667648   ----a-w-   c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40:04   60416   ----a-w-   c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:22:49   2052096   ----a-w-   c:\windows\system32\inetcpl.cpl
2014-11-22 01:21:57   1155072   ----a-w-   c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00:20   1888256   ----a-w-   c:\windows\system32\wininet.dll
2014-11-11 02:44:45   1230336   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44:32   186880   ----a-w-   c:\windows\system32\pku2u.dll
2014-11-11 02:44:25   550912   ----a-w-   c:\windows\system32\kerberos.dll
2014-11-11 01:32:14   74752   ----a-w-   c:\windows\system32\drivers\tdx.sys
2014-11-08 02:45:09   2048   ----a-w-   c:\windows\system32\tzres.dll
2014-10-25 01:32:37   67584   ----a-w-   c:\windows\system32\packager.dll
2014-10-14 01:56:19   136632   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2014-10-14 01:50:50   523776   ----a-w-   c:\windows\system32\termsrv.dll
2014-10-14 01:50:39   1059840   ----a-w-   c:\windows\system32\lsasrv.dll
2014-10-14 01:47:30   146432   ----a-w-   c:\windows\system32\msaudite.dll
2014-10-14 01:46:02   681984   ----a-w-   c:\windows\system32\adtschema.dll
2014-10-10 00:45:54   2379264   ----a-w-   c:\windows\system32\win32k.sys
2014-10-03 01:44:42   442880   ----a-w-   c:\windows\system32\AUDIOKSE.dll
2014-10-03 01:44:31   275968   ----a-w-   c:\windows\system32\EncDump.dll
2014-10-03 01:44:26   475136   ----a-w-   c:\windows\system32\audiosrv.dll
2014-10-03 01:44:26   374784   ----a-w-   c:\windows\system32\AudioEng.dll
2014-10-03 01:44:26   195584   ----a-w-   c:\windows\system32\AudioSes.dll
2014-09-25 01:40:50   519680   ----a-w-   c:\windows\system32\qdvd.dll
2014-04-02 17:24:28   6000640   ----a-w-   c:\program files\GUTA96E.tmp
2013-12-04 05:14:43   49940480   ----a-w-   c:\program files\GUTAB97.tmp
============= FINISH: 17:27:29.18 ===============
DDS (Ver_2012-11-20.01)
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/13/2012 5:09:48 AM
System Uptime: 12/18/2014 3:00:34 PM (2 hours ago)
Motherboard: LENOVO |  | Inagua
Processor: AMD E-450 APU with Radeon(tm) HD Graphics | Socket FT1 | 1320/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 298 GiB total, 226.816 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP314: 11/17/2014 1:47:09 AM - Restore Operation
RP315: 12/10/2014 1:06:06 PM - Scheduled Checkpoint
RP316: 12/15/2014 6:04:46 PM - Configured Microsoft Office Home and Business 2010
RP317: 12/16/2014 3:38:00 AM - Device Driver Package Install: Microsoft Network adapters
RP318: 12/16/2014 3:50:27 PM - Installed Intel® PROSet/Wireless WiMAX Software.
RP319: 12/16/2014 4:23:04 PM - Windows Update
RP320: 12/16/2014 4:38:54 PM - Windows Update
RP321: 12/16/2014 7:09:16 PM - Installed Java 7 Update 71
RP322: 12/18/2014 3:00:23 AM - Windows Update
==== Installed Programs ======================
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Reader XI (11.0.10)
Amazon Browser Bar
Android USB Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Atheros Client Installation Program
Bing Bar
Conexant HD Audio
Coupon Printer for Windows
CWA Reminder by v4.1.22.3
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition
Driver Detective
EgisTec ES603 WDM Driver
Energy Management
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON WorkForce 630 Series Printer Uninstall
EPSON WorkForce 645 Series Printer Uninstall
EpsonNet Print
EpsonNet Setup 3.3
ES603 WDM Driver
Facebook Video Calling
FrostWire 5.6.4
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotspot Shield 2.93
HP Customer Participation Program 14.0
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
HP Deskjet 2050 J510 series Product Improvement Study
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5
HP Imaging Device Functions 14.0
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Photo Creations
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Support Solutions Framework
HP Update
Install Converter
Intel PROSet Wireless
Intel® PROSet/Wireless WiMAX Software
Java 7 Update 71
Java Auto Updater
Junk Mail filter update
Lenovo EasyCamera
Lenovo Solution Center
LiveUpdate 3.3 (Symantec Corporation)
McAfee Security Scan Plus
MediaMonkey 4.0
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft OneDrive
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Maker
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
ooVoo toolbar, powered by Updater
Photo Common
Photo Gallery
QuickTime 7
Realtek Ethernet Controller Driver
Realtek USB 2.0 Reader Driver
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shop for HP Supplies
Skype™ 6.16
Symantec Endpoint Protection
Synaptics Pointing Device Driver
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Video Downloader
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile Device Updater Component
Yahoo! Toolbar
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
==== Event Viewer Messages From Past Week ========
12/18/2014 5:10:40 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
12/18/2014 3:21:55 AM, Error: SNMP [1500]  - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
12/17/2014 12:35:28 PM, Error: Service Control Manager [7022]  - The Internet Connection Sharing (ICS) service hung on starting.
12/17/2014 12:32:40 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
12/17/2014 12:32:40 PM, Error: Service Control Manager [7000]  - The HP Support Solutions Framework Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/16/2014 7:56:37 PM, Error: SRTSPL [11]  - Unable to allocate open file data.
12/16/2014 7:56:37 PM, Error: SRTSP [5]  - Error loading Symantec real time Anti-Virus driver.
12/16/2014 7:56:37 PM, Error: SRTSP [4]  - Error loading virus definitions.
12/16/2014 7:56:37 PM, Error: Service Control Manager [7000]  - The SRTSPL service failed to start due to the following error:  A device attached to the system is not functioning.
12/16/2014 7:56:37 PM, Error: Service Control Manager [7000]  - The SRTSP service failed to start due to the following error:  A device attached to the system is not functioning.
12/16/2014 6:54:48 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SRTSP
==== End Of File ===========================
Current News / Microsoft takes action against tech support scammers
« Last post by Bugbatter on December 18, 2014, 03:01:20 pm »

In its first big strike against technical support scamming companies, today Microsoft’s Digital Crimes Unit will file a civil lawsuit in federal court in Northern California against Omnitech Support and related entities for unfair and deceptive business practices and trademark infringement.

Complete article:
Current News / A Quick Guide to the Worst Corporate Hack Attacks of 2014
« Last post by Bugbatter on December 15, 2014, 07:22:11 pm »
The recent attack on Sony is the latest in a long series of data breaches at corporations in the U.S. by hackers seeking customer credit card numbers, user passwords, internal documents and emails. Here’s a tally of what hackers have made off with, and how the stock market reacted—or didn't—in the immediate aftermath.
Post Here for Malware Removal ... / Re: [In Progress] MS Defender will not start or reload
« Last post by Hoov on December 15, 2014, 04:02:17 pm »
I need you to go to the administration tools in Vista / Windows 7. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on  System. Then up at the top click on Action and then click on Save Events As, type in system as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments. If they are to big to attach, let me know.
Still getting the "This computer is not running genuine windows" popup. Last night and once today. Everything else seems normal.
For Firefox/AVG Secure Search issue go here: follow instructions carefully for clean reinstall.

For Wondershare, Zoek currently has no restore feature (apparently is job progress) best option is to re-install wondershare. Critical system files are whitelisted so are never under threat from Zoek....

For Adobe Speed launcher, is seen as threat because of vulnerability issues as its default setting is to run at boot. It does show as disabled in Zoek so am not really sure why is seen as a threat by Trojan Killer

==== Startup Registry Disabled ======================

"Adobe Reader Speed Launcher"="\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\Reader_sl.exe\""

Does TK allow you to accept the threat and add an exclusion?

Let me know if any remaining issues or concerns...


I just noticed that Zoek did something that's keeping me from using my Wondershare editing software. It's still on my computer, but when I click the shortcut it says VideoEditor.exe has been moved. And when I searched for it, it's in some Zoek folder. How do I restore the program to the way it was?
We are not exactly done yet. There is some cleanup left to do.

Now  there are a few thing's you need to do to fully clean your system and keep it secure.

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Cleaning out Temporary Files etc. There are several different products that you can use for this. You can go thru the Internet Options in the windows Control Panel. There are several programs that also do the job better than windows does it, in my opinion. There is System Security Suite, EasyCleaner, Ccleaner. Also sometimes other program sometimes do it as well as what you originally got it for like ZoneAlarm Security Suite. Just make sure to keep them updated and use them regularly.

Disable and Enable System Restore.
I recommend you turn off System restore, and then turn it back on so that you will not be able to restore your problems to a clean computer.
For Vista use these instructions, Windows Vista Restore Guide
For XP use these instructions, Windows XP System Restore Guide
Re-enable system restore with instructions from tutorial above
Create a System Restore Point
Go to all programs, then to accessories, then to system tools, then to system restore. Check the box for create restore point (not select a restore point), then click next and follow the instructions.

Make your Internet Explorer more secure - This can be done by following these simple instructions: (unless you are using ZoneAlarm Security Suite or something similar, then you would secure the browser thru the firewall). There are some good basic instructions for that here.

Use a different browser other than  IE (most exploits are pointed towards IE). One of them is
It is also worth trying Thunderbird for controlling spam in your e-mail.

Always use an UPDATED anti-virus program Make sure you update this at least weekly, if not more often. This is one thing that may save you more than anything else.

Run malware scanners. Three free ones are Spybot Search and Destroy, and AdAware and Malwarebytes' Anti-Malware

Always use a firewall.
Any firewall is better than none, and you should pick a firewall that you will use, as even the best firewall is worthless if you turn it off.
Learn how to use your firewall Only programs that need it should have access to the net. But these are specific to the firewall you use, so you will need to learn how. Several firewalls have support forums here. My page will help you with ZoneAlarm if that is what you choose. 

Never run two Antivirus programs or two Firewalls  at the same time. They can interfere with each other and cause problems. Some people swear that more protection is provided, but the reverse is true. They tend to argue amongst themselves and end up leaving holes. Now I have more than 1 AV installed on my computer, and I keep them up to date. I only run one at a time, but each program has weakness's, so I keep a backup in case my computer starts acting up.

 MOST IMPORTANT : Windows and IE, and whatever other software that you have that connects to the net, needs to be kept updated. The reason is, these programs connect to the net, and if there is an internal security problem, you have already told your firewall to allow the communication, and thus you will have allowed a hole. UPDATES are important. I suggest that you make sure that Windows Updates and the updates for your antivirus and antimalware programs are set for automatic updates. I also suggest running Secunia PSI. Download version 2. It is not the download button, but just underneath it. It will monitor the software you have installed and let you know when something needs to be updated.

Don't ever use P2P or filesharing software Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Before using any malware detection / removal software Check with Rogue/Suspect Spyware List That way you will know if the program you are looking at is on the up and up. If you want to know how it stacks up against other programs check out SpywareWarrior

We have a good guide here at Spyware Hammer on how to prevent Malware in the Future. You might want to peruse this and follow the recommendations in there.

Let us know if you have any more problems, either new or old.
Have a good time surfing the net, but stay safe.
If you have no more problems, let me know and I will mark this as resolved. Or if you have more questions, ask away, that is why I am here.

Pages: [1] 2 3 ... 10