Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

jh79

2 Posts

1609

October 19th, 2010 23:00

Windows Error 80072EFE, PC Restore access problems, Windows Host Process Shuts Down

Hey there,

I would greatly appreciate any help you can give me. I am running a Dell XPS 420 with Vista Home Premium SP2. Last week, my computer was infected with some kind of virus/malware.  A program called Antivirus Action kept popping up disabling my computer.  I tried to access my PC restore partition using F8 right before the Vista Startup.  I clicked on Repair the system, and it would begin to go into Vista, but at the windows logon screen, the only thing that popped up was "Other User."  I clicked on Other User, and tried entering my user information, but it stated that the specified domain did not exist.  So, after this, I reverted Vista back to its last known good configuration and was able to run Vista System Restore and restored to a point the week before.  This got rid of the Antivirus Action.  I then went back to PC Restore to do another clean install back to factory defaults, but again "Other User" popped up not allowing me to run PC restore.  I also tried to activiate the hidden administrator privileges thinking that this would bypass the Other User problem, and that did not work as well.

I have tried the following already:

Norton Antivirus - Updated virus definitions and ran in regular and safe mode.  Some infections quarantined, but problem was not fixed.

Kapersky - Again some infections found, problem not fixed.

AVG - Against some infections found, problem not fixed.

Malware Bytes Anti-Malware - Some infections found, problem not fixed.

I then tried to do Windows update, and I get an error message 80072EFE.  After I attempt to run the update, the Windows Host Process svchost.com shuts down.  The windows update website cannot be accessed.  I made sure that proxy connections was not checked in the internet connections options of internet explorer.

After all this, I am tempted to just get Windows 7 and start all over, but I don't want to lose my pc restore partition and the ability to restore to factory contents.  I would appreciate any help in either getting rid of the virus/malware problem or getting me access to the PC restore partition and running PC Restore so that I can get a fresh start (however I have a feeling that PC restore may be corrupted or its being interfered with by the virus).

Just a warning...I am getting sporadic access to regular Vista.  I am mostly running under Safe Mode.  I hope this helps.

Here is the log from Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:26:05 PM, on 10/19/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\VERIZONDM\bin\sprtcmd.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Logitech BT Wizard] LBTWiz.exe -silent
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [dldomon.exe] "C:\Program Files\Dell 968 AIO Printer\dldomon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell 968 AIO Printer\memcard.exe"
O4 - HKLM\..\Run: [Dell 968 AIO Printer Fax Server] "C:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SetPoint.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe
O23 - Service: dldo_device -   - C:\Windows\system32\dldocoms.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files\VERIZONDM\bin\tgsrvc.exe

--
End of file - 13410 bytes

Thank you!

kevin27_b3d29f

2 Intern

 • 

1.5K Posts

October 28th, 2010 05:00

Hi,

 

Welcome to Dell Community Malware Removal Forums,

Sorry for the delay in getting to you, I'm K27 and i will be reviewing your log for you.

Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.

Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more diffecult.

Failure to reply in three (3) days will result in this topic being closed and I will remove it from my notifications, If you require more time then that is fine but please let me know.

 


I need to see some additional information about what is happening in your machine.
Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • When done, DDS will open two (2) logs
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.
    DDS.jpg
  • Instead of attaching, please copy/past both logs into your next reply.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control here

 

YOU MUST DISABLE ALL REAL TIME PROTECTION BEFORE RUNNING THE NEXT TOOL,

Next, download this Antirootkit Program to a folder that you create such as C:\ARK, by choosing the "Download EXE" button on the webpage.

Please Disable all Anti-virus/Anti-Spyware/FireWall on your machine(instructions via links below)

 

Next, please perform a rootkit scan:

  • Double-click the randomly name EXE located in the C:\ARK folder that you just downloaded to launch it
  • When the program opens, it will automatically initiate a very fast scan of common rootkit hiding places.
  • When the "quick" scan is finished (a few seconds), click the Rootkit/Malware tab,and then select the Scan button.
  • Leave your system completely idle while this longer scan is in progress.
  • When the scan is done, save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Exit the Program
  • Save the Scan log as ARK.txt and post it in your next reply.
  • Now, re-enable the active protection component of any antivirus/antimalware programs you disabled before performing the scan.

.
If the ARK tool crashes your machine or causes a Blue Screen error, please post the log results from the first inital quick scan,this can be saved in the same way as the full scan in the above instructions.

 

Please COPY/PASTE BOTH DDS logs and the ARK log back to this thread,
Thanks
K27

Mgbwoso

3 Posts

October 28th, 2010 13:00

I am having the exact same problem with my dell. Any help would be greatly appreciated. Here are my logs.


DDS (Ver_09-09-29.01) - NTFSx86 
Run by Mgbwoso at 13:43:13.91 on Thu 10/28/2010
Internet Explorer: 8.0.6001.18904
============== Pseudo HJT Report ===============
uStart Page = hxxp://news.bbc.co.uk/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080316
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080316
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\users\mgbwoso\desktop\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\users\mgbwoso\desktop\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\users\mgbwoso\desktop\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [SpybotSD TeaTimer] c:\users\mgbwoso\desktop\spybot - search & destroy\TeaTimer.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ ]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [ISTray] "c:\users\mgbwoso\desktop\spyware doctor\pctsTray.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\users\mgbwoso\desktop\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================
2010-10-25 17:33   --dsh--- C:\found.003
2010-10-25 09:33   --d----- c:\programdata\Office Genuine Advantage
==================== Find3M  ====================
2010-10-09 22:48 29,228 a------- c:\users\mgbwoso\appdata\roaming\wklnhst.dat
2010-02-25 10:32 84,192 a------- c:\users\mgbwoso\appdata\roaming\GDIPFONTCACHEV1.DAT
2010-02-10 10:53 3,438,783 a------- c:\program files\InstallRarZilla.exe
2010-02-07 11:18 11,048,376 a------- c:\program files\veetle-0.9.16.exe
2009-07-21 13:52 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-21 13:52 51,200 a------- c:\windows\inf\infpub.dat
2009-07-21 13:52 86,016 a------- c:\windows\inf\infstor.dat
2009-07-20 19:45 174 a--sh--- c:\program files\desktop.ini
2009-07-20 19:39 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 06:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 06:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 06:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 06:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2010-01-25 04:17 245,760 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-19 18:59 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-20 14:15 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2009-11-10 10:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111020091111\index.dat
2010-01-20 14:15 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\iecompatcache\index.dat
2010-01-20 14:15 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\privacie\index.dat
2008-03-15 21:25 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT
============= FINISH: 13:45:48.28 ===============



==== Installed Programs ======================
50 FREE MP3s +1 Free Audiobook!
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
BitTorrent
Bonjour
Browser Address Error Redirector
Browser Defender 2.0.6.11
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
ClientTools
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
DivX Setup
Google Desktop
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
iTunes
Java(TM) SE Runtime Environment 6
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Modem Diagnostic Tool
Move Media Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
NetWaiting
OutlookAddinSetup
PPLive 1.9
Product Documentation Launcher
QuickSet
QuickTime
R for Windows 2.10.1
RarZilla Free Unrar
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Skype Toolbars
Skype™ 4.2
Sonic Activation Module
Spybot - Search & Destroy
Spyware Doctor 7.0
StreamTorrent 1.0
Trend Micro PC-cillin Internet Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
Varian Star 6.41 Chromatography Workstation
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.16
VLC media player 1.0.1
Winamp
==== End Of File ===========================


Inline Attachment Follows: ARK.txt
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-10-28 13:56:42
Windows 6.0.6000
Running: gl6dqspj[1].exe; Driver: C:\Users\Mgbwoso\AppData\Local\Temp\uwdiifob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 01: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 02: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 03: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 04: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 05: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 06: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 07: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 08: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 09: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 10: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 11: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 12: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 13: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 14: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 15: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 16: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 17: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 18: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 19: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 20: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 21: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 22: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 23: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 24: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 25: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 26: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 27: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 28: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 29: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 30: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 31: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 32: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 33: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 34: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 35: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 36: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 37: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 38: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 39: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 40: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 41: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 42: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 43: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 44: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 45: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 46: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 47: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 48: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 49: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 50: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 51: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 52: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 53: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 54: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 55: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 56: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 57: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 58: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 59: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 60: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 61: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 62: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 63: copy of MBR

---- Devices - GMER 1.0.15 ----

Device  \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskST9120823ASG____________________________3.ADD___#4&20766cbe&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}  device not found

---- EOF - GMER 1.0.15 ----

Mgbwoso

3 Posts

October 28th, 2010 13:00

I am having the exact same problem with my dell. Any help would be greatly appreciated. Here are my logs.


DDS (Ver_09-09-29.01) - NTFSx86 
Run by Mgbwoso at 13:43:13.91 on Thu 10/28/2010
Internet Explorer: 8.0.6001.18904
============== Pseudo HJT Report ===============
uStart Page = hxxp://news.bbc.co.uk/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080316
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080316
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\users\mgbwoso\desktop\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\users\mgbwoso\desktop\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\users\mgbwoso\desktop\spyware doctor\bdt\PCTBrowserDefender.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [SpybotSD TeaTimer] c:\users\mgbwoso\desktop\spybot - search & destroy\TeaTimer.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ ]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [ISTray] "c:\users\mgbwoso\desktop\spyware doctor\pctsTray.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\pptv\PPLive.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\users\mgbwoso\desktop\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================
2010-10-25 17:33   --dsh--- C:\found.003
2010-10-25 09:33   --d----- c:\programdata\Office Genuine Advantage
==================== Find3M  ====================
2010-10-09 22:48 29,228 a------- c:\users\mgbwoso\appdata\roaming\wklnhst.dat
2010-02-25 10:32 84,192 a------- c:\users\mgbwoso\appdata\roaming\GDIPFONTCACHEV1.DAT
2010-02-10 10:53 3,438,783 a------- c:\program files\InstallRarZilla.exe
2010-02-07 11:18 11,048,376 a------- c:\program files\veetle-0.9.16.exe
2009-07-21 13:52 86,016 a------- c:\windows\inf\infstrng.dat
2009-07-21 13:52 51,200 a------- c:\windows\inf\infpub.dat
2009-07-21 13:52 86,016 a------- c:\windows\inf\infstor.dat
2009-07-20 19:45 174 a--sh--- c:\program files\desktop.ini
2009-07-20 19:39 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 06:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 06:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 06:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 06:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2010-01-25 04:17 245,760 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-19 18:59 245,760 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-20 14:15 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2009-11-10 10:53 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009111020091111\index.dat
2010-01-20 14:15 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\iecompatcache\index.dat
2010-01-20 14:15 16,384 a--sh--- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\privacie\index.dat
2008-03-15 21:25 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT
============= FINISH: 13:45:48.28 ===============



==== Installed Programs ======================
50 FREE MP3s +1 Free Audiobook!
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.10
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
BitTorrent
Bonjour
Browser Address Error Redirector
Browser Defender 2.0.6.11
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
ClientTools
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
DivX Setup
Google Desktop
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
iTunes
Java(TM) SE Runtime Environment 6
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Modem Diagnostic Tool
Move Media Player
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music, Photos & Videos Launcher
NetWaiting
OutlookAddinSetup
PPLive 1.9
Product Documentation Launcher
QuickSet
QuickTime
R for Windows 2.10.1
RarZilla Free Unrar
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Skype Toolbars
Skype™ 4.2
Sonic Activation Module
Spybot - Search & Destroy
Spyware Doctor 7.0
StreamTorrent 1.0
Trend Micro PC-cillin Internet Security
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
Varian Star 6.41 Chromatography Workstation
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.16
VLC media player 1.0.1
Winamp
==== End Of File ===========================


Inline Attachment Follows: ARK.txt
GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-10-28 13:56:42
Windows 6.0.6000
Running: gl6dqspj[1].exe; Driver: C:\Users\Mgbwoso\AppData\Local\Temp\uwdiifob.sys


---- Disk sectors - GMER 1.0.15 ----

Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 01: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 02: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 03: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 04: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 05: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 06: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 07: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 08: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 09: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 10: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 11: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 12: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 13: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 14: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 15: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 16: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 17: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 18: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 19: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 20: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 21: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 22: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 23: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 24: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 25: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 26: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 27: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 28: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 29: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 30: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 31: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 32: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 33: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 34: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 35: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 36: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 37: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 38: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 39: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 40: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 41: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 42: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 43: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 44: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 45: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 46: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 47: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 48: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 49: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 50: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 51: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 52: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 53: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 54: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 55: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 56: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 57: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 58: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 59: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 60: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 61: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 62: copy of MBR
Disk    \Device\Harddisk0\DR0                                                                                                                                    sector 63: copy of MBR

---- Devices - GMER 1.0.15 ----

Device  \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskST9120823ASG____________________________3.ADD___#4&20766cbe&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}  device not found

---- EOF - GMER 1.0.15 ----

jh79

2 Posts

October 28th, 2010 14:00

Hi,

Thank you for your response.  I however already have upgraded to Windows 7.  I couldn't wait any longer.

Thanks

Jay

kevin27_b3d29f

2 Intern

 • 

1.5K Posts

October 29th, 2010 07:00

@ jh79,

Thank You for letting me know.

 

@ Mgbwoso,

Please follow the instructions in this thread: http://en.community.dell.com/support-forums/virus-spyware/f/3521/t/19251122.aspx and then post the relevant log in a NEW thread. DO NOT post the log to this thread.

A trained analyst will be along as soon as one becomes available.

 

 

This topic is Self Resolved.....

The fixes in this topic were written specifically for this user, following them may cause harm to your machine and render it a brick (useless)

All other user's, please read THIS page and then please start a New Topic at the top of the Malware Removal Forum by clicking the DCFnewpost.png button.

 

Was this post helpful?

View All

0 events found

No Events found!

Top