I posted this over in the virus forum and it was suggested that if those remedies didn't work to post over here as well. I tried what instructions were given and I couldn't get the programs to open once downloaded. Does anyone have any other suggestions? Gina Hi Everyone! I believe that my laptop has a virus. It started last night with messages popping up. Here are the details. I'm hoping from the desktop to the laptop because the connection is so slow so if I don't respond right away you know why. I have a Inspiron E1505, running windows XP I have ran updates, scanned for viruses and adware, malware Problems: It seems that the computer is trying to install a program that I did not download. I suspect that one of the kids clicked on something or opened something that began this whole thing. It looks as if the problem is coming from a website which I think is called Magic Software Inc. This is the web address that I copied: https://secure.spy-protect-2009.com/order?prodid=1&r=17.2 When you go to this page it will only let you place an order with this company. There is no place to click for help, uninstall or anything. another one that pops up: kaka://c:Windows\sysguard.exe/htmlMain.htm It first started with a small window popping up on the bottom tool bar saying windows detected that someone was trying to hack into the computer and this virus program needed to be ran. When you 'x' out of the program that is when the window to purchase comes up. Some of the other messages are as follows: (please note that all of these are coming at different times) The exception breakpoint a breakpoint has been reached(0x80000003) occured in the application at location 0x00406eef click ok to term. click cancel to debug Another file that was trying to open: wmiprvse.exe I have tried to restart the computer at which time a message saying that googleupdate has a problem with this: googleupdate.ext Different message: 0x012e9bbf ref memory @ 0x012e9bbf memory could not be written These are just various different things that popped up and wrote them down in case they mean something: tk2.stc.s.-msn.com msnportal.112.207.net http://browser-security.microsoft.com/block.php?k=17.2 I have also tried to do a system restore and it won't let me. Web pages take long to load as if I were using dial-up....I have DSL. Somtimes the icons on the desktop do not show up and I have to restart the computer again. Right now it is in active desktop mode. Any help that anyone can offer is greatly appreciated! If no one can help here I don't know what else to do. Thanks everyone Gina

Gina, We need to see some additional information about what is happening in your machine. Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.com DDS.scr DDS.pif Double click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. Click Yes at the prompt for Optional Scan. When done, DDS will open two (2) logs 1. DDS.txt 2. Attach.txt Save both reports to your desktop. Copy/paste both logs to your reply on the forum. Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

‎Any help please! | DELL Technologies

Responses(46)
Solutions(0)

Bugbatter

3 Apprentice

•

20.5K Posts

February 28th, 2009 11:00

Gina,
We need to see some additional information about what is happening in your machine.

Download DDS by sUBs from one of the following links. Save it to your desktop.
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.
Click Yes at the prompt for Optional Scan.
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
Copy/paste both logs to your reply on the forum.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

ginar66

59 Posts

February 28th, 2009 12:00

ok, I will try to save this to a flashdrive and put it on the laptop. I can't download it from my laptop.

Also how would I disable the script protection? I have no clue about that.

Thanks

Gina

ginar66

59 Posts

February 28th, 2009 13:00

This is the attach log.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/3/2006 5:47:03 PM
System Uptime: 2/28/2009 2:28:46 PM (2 hours ago)

Motherboard: Dell Inc. | | 0KD882
Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | Microprocessor | 1728/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 50 GiB total, 15.617 GiB free.
D: is Removable
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP393: 1/6/2009 2:13:12 PM - System Checkpoint
RP394: 1/7/2009 5:42:33 PM - System Checkpoint
RP395: 1/8/2009 10:23:56 PM - System Checkpoint
RP396: 1/9/2009 10:53:39 PM - System Checkpoint
RP397: 1/11/2009 1:09:12 PM - System Checkpoint
RP398: 1/12/2009 6:13:32 PM - System Checkpoint
RP399: 1/13/2009 8:59:37 PM - System Checkpoint
RP400: 1/13/2009 9:52:56 PM - Software Distribution Service 3.0
RP401: 1/15/2009 2:03:09 PM - System Checkpoint
RP402: 1/16/2009 3:51:34 PM - System Checkpoint
RP403: 1/17/2009 2:14:54 PM - Installed MP4-based Video Downloader.
RP404: 1/18/2009 2:43:12 PM - System Checkpoint
RP405: 1/20/2009 8:22:38 AM - System Checkpoint
RP406: 1/21/2009 9:35:25 AM - System Checkpoint
RP407: 1/22/2009 6:59:10 PM - System Checkpoint
RP408: 1/25/2009 12:10:03 PM - System Checkpoint
RP409: 1/25/2009 4:35:58 PM - Removed Bonjour
RP410: 1/25/2009 4:36:51 PM - Removed Disney Dreams Screensaver
RP411: 1/25/2009 5:02:28 PM - Installed AVG Free 8.0
RP412: 1/25/2009 8:37:34 PM - Installed Microsoft Office Professional 2007 Subscription
RP413: 1/26/2009 11:27:40 AM - Avg8 Update
RP414: 1/26/2009 11:30:10 AM - Avg8 Update
RP415: 1/26/2009 10:21:55 PM - Software Distribution Service 3.0
RP416: 1/27/2009 8:00:19 AM - Software Distribution Service 3.0
RP417: 1/27/2009 12:40:47 PM - Software Distribution Service 3.0
RP418: 1/28/2009 9:01:57 AM - Avg8 Update
RP419: 1/28/2009 9:04:24 AM - Avg8 Update
RP420: 1/28/2009 1:49:54 PM - Avg8 Update
RP421: 1/29/2009 8:20:11 AM - Removed AVG 8.0
RP422: 1/30/2009 8:59:40 AM - System Checkpoint
RP423: 1/31/2009 1:09:40 PM - System Checkpoint
RP424: 2/1/2009 4:19:32 PM - System Checkpoint
RP425: 2/3/2009 9:19:32 PM - System Checkpoint
RP426: 2/5/2009 9:26:24 PM - System Checkpoint
RP427: 2/7/2009 4:47:14 PM - System Checkpoint
RP428: 2/9/2009 8:40:46 AM - System Checkpoint
RP429: 2/10/2009 9:06:22 AM - System Checkpoint
RP430: 2/10/2009 9:21:45 AM - Avg8 Update
RP431: 2/11/2009 2:31:35 PM - Removed Shipping Assistant 3.5.
RP432: 2/11/2009 2:31:59 PM - Installed Shipping Assistant 3.5.
RP433: 2/12/2009 8:13:17 AM - Software Distribution Service 3.0
RP434: 2/12/2009 12:53:13 PM - Avg8 Update
RP435: 2/14/2009 2:59:51 PM - System Checkpoint
RP436: 2/15/2009 5:18:21 PM - Configured Microsoft Office Professional 2007 Subscription
RP437: 2/16/2009 9:49:30 PM - Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
RP438: 2/18/2009 8:48:50 AM - System Checkpoint
RP439: 2/19/2009 4:34:11 PM - System Checkpoint
RP440: 2/20/2009 7:20:51 PM - System Checkpoint
RP441: 2/22/2009 12:12:41 PM - System Checkpoint
RP442: 2/23/2009 10:41:43 PM - System Checkpoint
RP443: 2/25/2009 8:08:13 AM - Software Distribution Service 3.0
RP444: 2/26/2009 4:01:13 PM - System Checkpoint

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.1.0
Adobe Shockwave Player
AnswerWorks Runtime
AOLIcon
Apple Mobile Device Support
Apple Software Update
ArcSoft Camera Suite
ArcSoft Panorama Maker 4
Broadcom Management Programs
Brother MFL-Pro Suite
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Cricut DesignStudio
CVS Photo Editor Plus
Dell Digital Jukebox Driver
Dell Game Console
Dell Support 3.2
Dell System Restore
Dell Wireless WLAN Card
DellConnect
Digital Camera
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
ELIcon
Games, Music, & Photos Launcher
GDR 3077 for SQL Server Database Services 2005 ENU (KB960089)
GearDrvs
GemMaster Mystic
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Icatch(IV) Camera Driver
iConcepts Music Express
Intel(R) Graphics Media Accelerator Driver
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
LiveUpdate 3.1 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Accounting 2007
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Accounting Equifax Addin
Microsoft Office Accounting Fixed Asset Manager
Microsoft Office Accounting PayPal Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Subscription
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Modem Helper
Mozilla Firefox (3.0.6)
MP4-based Video Downloader
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Musicmatch® Jukebox
NetWaiting
NetZeroInstallers
Nikon Message Center
Nikon Transfer
Otto
PaperPort
PayPal Plug-In
pcHugBug Browser Deluxe Lite
pcHugWare AutoUpdater
PhoTags Express
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer Basic
Safari
SearchAssist
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Shipping Assistant 3.5
Shockwave
Sonic DLA
Sonic Encoders
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sure Cuts A Lot 1.016
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
Verizon Online
Viewpoint Media Player
VSpace 1.5
WebFldrs XP
Windows Communication Foundation
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Presentation Foundation
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Workflow Foundation
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
working_1024x768 Screen Saver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

2/27/2009 1:57:20 PM, error: Service Control Manager [7000] - The Icatch(IV) Video Camera Device service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/27/2009 1:53:06 PM, error: Service Control Manager [7000] - The My Web Search Service service failed to start due to the following error: The system cannot find the path specified.
2/27/2009 1:53:06 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate1c983e9c528881a) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/27/2009 1:53:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1c983e9c528881a) service to connect.
2/27/2009 1:42:37 PM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
2/28/2009 4:18:41 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.

==== End Of File ===========================

This is the dds log

DDS (Ver_09-02-01.01) - NTFSx86
Run by gina reynolds at 16:18:39.09 on Sat 02/28/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1480 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iConcepts Music Express\MEAutoDetect.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0060928
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [rundll32.exe] rundll32.exe "c:\documents and settings\gina reynolds\application data\macromedia\common\e571801a1.dll""
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [rundll32.exe] rundll32.exe "c:\documents and settings\networkservice\application data\macromedia\common\e571801a1.dll""
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autode~1.lnk - c:\program files\iconcepts music express\MEAutoDetect.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSfox000
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/1450/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ginare~1\applic~1\mozilla\firefox\profiles\l1j9kcbg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\documents and settings\gina reynolds\application data\mozilla\firefox\profiles\l1j9kcbg.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-12-18 29181272]
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [2008-1-6 515803]
S2 gupdate1c983e9c528881a;Google Update Service (gupdate1c983e9c528881a);c:\program files\google\update\GoogleUpdate.exe [2009-1-31 133104]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\2.bin\mwssvc.exe [?]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [2008-1-6 10986]

=============== Created Last 30 ================

2009-02-27 17:44

   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-02-27 17:44      --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-26 21:52   9,728   a-------   c:\windows\system32\iehelper.dll
2009-02-26 21:42   364,556   a-------   c:\windows\sysguard.exe
2009-02-12 23:05      --d-----   c:\program files\Craft Edge
2009-02-12 08:22      --d-----   c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$
2009-02-12 08:16      --d-----   c:\windows\SQL9_KB960089_ENU
2009-02-09 18:40      --d-----   c:\program files\iPod
2009-02-09 18:40      --d-----   c:\program files\iTunes
2009-02-09 18:39      --d-----   c:\program files\Bonjour

==================== Find3M ====================

2009-02-19 17:02   1,828   a-------   c:\docume~1\ginare~1\applic~1\wklnhst.dat
2009-01-16 21:35   3,594,752   a-------   c:\windows\system32\dllcache\mshtml.dll
2008-12-19 04:10   70,656   --------   c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 04:10   13,824   --------   c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 00:25   634,024   --------   c:\windows\system32\dllcache\iexplore.exe
2008-12-19 00:23   161,792   --------   c:\windows\system32\dllcache\ieakui.dll
2008-12-11 05:57   333,952   --------   c:\windows\system32\dllcache\srv.sys
2008-09-13 18:01   20   ----h---   c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT
2006-12-21 13:18   439,296   a-------   c:\documents and settings\gina reynolds\GoToAssist_phone__320_en.exe
2006-12-21 09:14   439,296   a-------   c:\documents and settings\gina reynolds\GoToAssist_phone__317_en.exe
2006-11-06 11:21   439,296   a-------   c:\documents and settings\gina reynolds\remote.exe
2007-01-20 16:06   88   ---shr--   c:\windows\system32\5954EF957F.sys
2007-03-04 19:27   6,580   a--sh---   c:\windows\system32\KGyGaAvL.sys
2008-09-07 09:31   32,768   a--sh---   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat

============= FINISH: 16:19:53.60 ===============

I will await your reply.

Gina

Bugbatter

3 Apprentice

•

20.5K Posts

February 28th, 2009 14:00

I am reviewing your log. In the meantime, you can help me by addressing the following:

* Have you have posted this issue on another forum? If so, please provide a link to the topic.

* If you have disabled System Restore in an attempt to begin cleaning malware, please enable it now. We will flush System Restore when we are finished cleaning and we are sure that everything is running smoothly.

* If you are using any cracked software, please remove it. Definition of cracked software HERE.

* If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a list HERE.

* If this computer belongs to someone else, do you have authority to apply the fixes we will use?

* Have you already fixed entries using HijackThis? If so, please restore all the backups and then post another log.

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

* I see Symantec's LiveUpdate, but what anti-virus are you actually running in realtime?

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

I look forward to your reply so we can begin cleaning.

Instructions posted for this user are customized for this user only. The tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log at the top of this board to start a new forum topic.

Bugbatter

3 Apprentice

•

20.5K Posts

February 28th, 2009 17:00

Yes, you should have had an anti-virus. I'm not fond of Norton 360, but since you paid for it, you might as well use it when we you are able to install it.

Let's do this for now:

We will need to disable Spybot's TeaTimer.

To disable TeaTimer: Go to Start>Run. Type Msconfig > OK.

On the next window that opens > Startup tab UNcheck the entry for TeaTimer until this is over...

1. Open Spybot

2. Click Mode -> Advanced Mode

3. Click Yes

4. Click Tools (located in the bottom left corner) -> Resident

5. Uncheck 'Resident "TeaTimer" (Protection of over-all system settings) active

6. Then close Spybot. Reboot. Verify that TeaTimer is not running. After ALL cleaning of your system has been completed and we have confirmed that your computer is clean, reverse these steps and re-enable the protection applets for TeaTimer.

1. Please download The Avenger by Swandog46 to your Desktop

.Right click on the Avenger.zip folder and select "Extract All..."

Follow the prompts and extract the avenger folder to your desktop

2. Copy all the text contained in the bold text below to your Clipboard by highlighting it and pressing (Ctrl+C):
Begin copying here:

Files to delete:
C:\windows\system32\iehelper.dll
c:\windows\sysguard.exe
c:\documents and settings\networkservice\application data\macromedia\common\e571801a1.dll

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger's actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply.

ginar66

59 Posts

February 28th, 2009 17:00

Ok, I will do my best to answer your questions.

I have not posted this to any other forum other than the first time I posted the question.

My system restore isn't working. Originally I tried to use it before posting here and it won't even restore to a previous date. It freezes up.

I don't believe that I have either cracked software or am using P2P programs.

Computer is only mine.

I have not run hijack this.

I have printed the above message.

I won't do any other work.

I am not using any anti-virus software. I had the trial version of Norton 360 so that is what you must be seeing. I have just purchased the program today but have not installed it on the computer yet. I figure I should wait until we are done and then install it.

Thanks again for the help and I will await your next message.

Gina

ginar66

59 Posts

February 28th, 2009 18:00

Ok, once I disabled teatimer then spybot wouldn't run at all. When I clicked on it, it acted as if it were opening to run but never did. A few times I had to restart the computer because it froze up.

What should I do now?

Bugbatter

3 Apprentice

•

20.5K Posts

February 28th, 2009 18:00

Please follow the instructions step-by-step. Do not try to run Spybot or any scanners unless it is part of the instructions. We will enable or reinstall Spybot later if we can clean the malware.

ginar66

59 Posts

March 1st, 2009 09:00

When I tried to run avenger I get the following message:

Invalid script

A valid script must begin with a command directive.

I copied what you said into the box as told and tried to run the program.

I will await further instructions.

Gina

Bugbatter

3 Apprentice

•

20.5K Posts

March 1st, 2009 10:00

You copied everything in bold text?

Open Notepad. Select Format from the menu. Make sure Wordwrap is not checked

Bugbatter

3 Apprentice

•

20.5K Posts

March 1st, 2009 10:00

Gina, you need to include this part just as I posted it with the files under that:

Files to delete:

ginar66

59 Posts

March 1st, 2009 10:00

Yes, this is what I copied;

C:\windows\system32\iehelper.dll
c:\windows\sysguard.exe
c:\documents and settings\networkservice\application data\macromedia\common\e571801a1.dll

I will try it again. I also wanted to explain if I don't get back to you right away its because I'm doing this in between other things. Right now I have to go take my oldest daughter somewhere and will be back in about 30mnts and will try it again then post what happens.

Just so you don't think that I'm not here or slacking off :) (by the way, she's the one that caused this mess in the first place!)

ginar66

59 Posts

March 1st, 2009 11:00

ok will do

ginar66

59 Posts

March 1st, 2009 13:00

just an update. got the avenger to work and got the log file but when I went to copy it, everything froze. I'm trying to copy it now. I've had to restart the computer and do it over several times already.

For some reason everything keeps freezing up.

Gina

Bugbatter

3 Apprentice

•

20.5K Posts

March 1st, 2009 13:00

Good job!

Please run Avenger again.

*You are going to delete a driver, so Avenger will reboot TWICE as it clears it.

Okay here we go...

1. Copy all the text contained in the black bold text below to your Clipboard by highlighting it and pressing (Ctrl+C):
Begin copying here:

Drivers to delete:
UACd.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Now, open the avenger folder and start The Avenger program by clicking on its icon.

Right click on the window under Input script here:, and select Paste.
You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
Click on Execute
Answer "Yes" twice when prompted.

3. The Avenger will automatically do the following

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger�s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

4. Please copy/paste the content of c:\avenger.txt into your reply.

View All

No Events found!

Virus & Spyware

Was this post helpful?