Files Suddenly Missing

Virus & Spyware

Virus & Spyware
Perspectives on PC security, including antivirus, anti-spyware and firewall solutions.

Files Suddenly Missing

This question is not answered

I'm using a Dell Inspiron 580, Windows 7 and AVG.  When I turned the computer on yesterday and clicked FAVORITES, it was blank.  I then went to Windows Explorer, and discovered all the files I had in my Library folder (photos, letters, etc.) were also gone, as were most of the icons I had on my Desktop and Shortcuts that were on my Start menu.  The virus didn't seem to get to the operating system, since I can go online and Internet Explorer is normal. 

I immediately ran a full scan with AVG (free version) and it found absolutely no threats.  How can this be?

I had been getting a lot of notifications from AVG lately that threats were blocked and requests to move them to Vault, remove all unhealed, etc.  But I assumed AVG was doing its job. 

I have the 2 SYSTEM RESTORE DVDs that I made just after I got this computer in 2010.  Do I need to use them?  Do they completely format my hard drive and re-install Windows 7?  That might not be a bad idea since it seems to have started running slower recently.  I'm sure some files have gotten corrupted in the last 2 years. 

 

All Replies
  • First and foremost, do NOT run any "temp file cleaners" (such as Windows Disk Cleanup, or CCleaner), as it's possible that the missing files have been moved to a "temp" area and hidden.   If you run a temp file cleaner, you risk permanently deleting them.

    One-on-one Malware Analysis/Removal is no longer done at the Dell Forums.  

    Please follow the directions at http://spywarehammer.com/simplemachinesforum/index.php?topic=12262.0 to register and post the requested logs at spywarehammer.com ; there are expert helpers there who can "walk you through" procedures to analyze your system, and clean-up the infection.   All help provided there is FREE.   If you decide to go for help there, please wait for a response, and do NOT attempt to run any other scans/removers on your own --- do exactly what they instruct you to do, no more, no less.

    Good luck!

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v8 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • Thanks, I just checked the spyhammer site out and I'm sure they can help.....IF I can register.  I've tried 5 times.  It lets me enter my chosen user name, email address, and chosen password.  I agree to the conditions, check the box that says I'm over 13, and hit register.  I get an alert which says "The letters you typed don't match the letters that were shown in the picture."  I go back and there's a VISUAL VERIFICATION section on the registration form but no picture.  I can't type in the letters in the picture if there's no picture showing.

    I can't get help with this until I register, but I can't register if the verification picture isn't showing.  I'm wondering if their site has been hacked, too!  If you can get a message to them that there's a problem with their visual verification section I'd appreciate it.

  • I will try to call this to the attention of Bugbatter, who volunteers here, and is an administrator at SpywareHammer.   Please be patient.

    EDIT:   for what it's worth, I just tried going to spywarehammer's registration screen, and words were there for me in the CAPTCHA box.    I guess you can try again... or else wait for Bugbatter to reply here.  

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v8 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [set to BLOCK]; KeyScrambler for IE), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • We have been working on some updates to the site. Issues that you are having will be corrected soon. If you are on Facebook, you can always contact SpywareHammer here: www.facebook.com/SpywareHammer

    For now, I will get you set up for posting over there, and do as much as I can here at Dell.
    SpywareHammer will need to see some additional information about what is happening in your machine.


    Please download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.

    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.

    -----------------------------------------------------

    • Copy/paste both logs to your reply on this forum. Do not attach them. After you are able to register at SpywareHammer, you can include a link to this topic so they can see what we have done so far.
    • Close the program window, and delete the program from your desktop.

    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.


     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

  • .

    DDS (Ver_2011-08-26.01) - NTFSAMD64

    Internet Explorer: 9.0.8112.16421

    Run by Larry at 19:02:04 on 2012-04-18

    Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3959.2195 [GMT -6:00]

    .

    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Program Files\Dell\DellDock\DockLogin.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\WLANExt.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

    C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\WUDFHost.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

    C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

    C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

    C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

    C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\vssvc.exe

    C:\Windows\System32\svchost.exe -k swprv

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\SysWOW64\cmd.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\SysWOW64\cscript.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.yahoo.com/?ilc=1

    mWinlogon: Userinit=userinit.exe

    BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - C:\PROGRA~2\SITERA~1\SiteRank.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: ShopAtHome.com Toolbar: {66516a07-f617-488a-90cf-4e690cfb3c5f} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    TB: ShopAtHome.com Toolbar: {311b58dc-a4dc-4b04-b1b5-60299ad3d803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

    mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

    StartupFolder: C:\Users\Larry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

    StartupFolder: C:\Users\Larry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

    mPolicies-explorer: NoActiveDesktop = 1 (0x1)

    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    TCP: DhcpNameServer = 192.168.1.254

    TCP: Interfaces\{AD254BE0-ABC6-4092-A8A8-570CFD8A21DB} : DhcpNameServer = 192.168.1.254

    TCP: Interfaces\{AD254BE0-ABC6-4092-A8A8-570CFD8A21DB}\375756A7E65647 : DhcpNameServer = 192.168.1.254

    TCP: Interfaces\{AD254BE0-ABC6-4092-A8A8-570CFD8A21DB}\C696E6B6379737 : DhcpNameServer = 192.168.5.1

    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    BHO-X64: : {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll

    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO-X64:     AcroIEHelperStub - No File

    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

    BHO-X64:     WormRadar.com IESiteBlocker.NavFilter - No File

    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO-X64: ShopAtHome.com Toolbar: {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

    BHO-X64:     ShopAtHome.com Toolbar - No File

    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    BHO-X64:     SkypeIEPluginBHO - No File

    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    TB-X64: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

    TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

    mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

    mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

    mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

    mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

    Hosts: 94.63.147.16 www.google.com

    Hosts: 94.63.147.17 www.bing.com

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

    R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2010-10-5 185632]

    R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2010-10-5 212256]

    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-29 1692480]

    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

    S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-3 136176]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 253088]

    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-3 136176]

    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

    .

    =============== Created Last 30 ================

    .

    2012-04-18 00:39:38 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

    2012-04-12 19:06:28 80896 ----a-w- C:\Windows\System32\imagehlp.dll

    2012-04-12 19:06:28 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

    2012-04-12 19:06:28 5120 ----a-w- C:\Windows\System32\wmi.dll

    2012-04-12 19:06:28 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

    2012-04-12 19:06:28 220672 ----a-w- C:\Windows\System32\wintrust.dll

    2012-04-12 19:06:28 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

    2012-04-12 19:06:28 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll

    2012-04-09 17:24:19 20480 ---ha-w- C:\Windows\svchost.exe

    2012-04-09 17:18:08 114176 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\F181.tmp

    2012-04-09 17:17:50 5120 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\ACA5.tmp

    2012-04-09 17:17:50 114176 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\ACA5.tmp.dat

    2012-04-01 01:12:28 8741536 ---ha-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

    2012-04-01 00:46:14 418464 ---ha-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    .

    ==================== Find3M  ====================

    .

    2012-04-13 21:12:51 70304 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-03-01 06:29:53 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

    2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

    2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

    2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

    2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

    2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll

    2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

    2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

    2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll

    2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

    2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll

    2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

    2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

    2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

    2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

    2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

    2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

    2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

    2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys

    2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

    2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

    2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

    .

    ============= FINISH: 19:02:41.71 ===============

  • I tried to register again; no luck....still no visual verification showing up on the registration form.

  • Thank you for the first DDS log. Please post the log named Attach.txt.

    Thanks.


     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

  • .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2011-08-26.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume2

    Install Date: 10/1/2010 3:51:36 PM

    System Uptime: 4/19/2012 9:45:46 AM (1 hours ago)

    .

    Motherboard: Dell Inc. |  | 0C2KJT

    Processor: Intel(R) Pentium(R) CPU        G6950  @ 2.80GHz | CPU 1 | 2800/133mhz

    .

    ==== Disk Partitions =========================

    .

    A: is Removable

    C: is FIXED (NTFS) - 289 GiB total, 242.514 GiB free.

    D: is CDROM (UDF)

    F: is Removable

    G: is Removable

    H: is Removable

    I: is Removable

    J: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP97: 3/14/2012 1:39:42 PM - Windows Update

    RP98: 3/23/2012 8:52:12 AM - Scheduled Checkpoint

    RP99: 3/30/2012 3:47:08 PM - Scheduled Checkpoint

    RP100: 4/7/2012 1:54:36 PM - Scheduled Checkpoint

    RP101: 4/12/2012 1:05:58 PM - Windows Update

    RP102: 4/17/2012 6:38:29 PM - Installed Java(TM) 6 Update 31

    .

    ==== Installed Programs ======================

    .

    Adobe AIR

    Adobe Reader 9.5.1

    Bing Bar

    Cisco EAP-FAST Module

    Cisco LEAP Module

    Cisco PEAP Module

    Compatibility Pack for the 2007 Office system

    Coupon Printer for Windows

    Dell DataSafe Local Backup

    Dell DataSafe Local Backup - Support Software

    Dell DataSafe Online

    Dell Dock

    Dell Getting Started Guide

    Google Chrome

    Google Earth Plug-in

    Google Toolbar for Internet Explorer

    Google Update Helper

    Java Auto Updater

    Java(TM) 6 Update 20

    Java(TM) 6 Update 31

    Junk Mail filter update

    Microsoft Choice Guard

    Microsoft Office PowerPoint Viewer 2007 (English)

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Sync Framework Runtime Native v1.0 (x86)

    Microsoft Sync Framework Services Native v1.0 (x86)

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2005 Redistributable - KB2467175

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

    Microsoft Works

    MSVCRT

    Multimedia Card Reader

    OpenOffice.org 3.2

    Ralink RT2860 Wireless LAN Card

    Realtek High Definition Audio Driver

    Roxio Burn

    Security Update for CAPICOM (KB931906)

    ShopAtHome.com Toolbar

    SiteRanker

    Skype Toolbars

    Skype™ 4.2

    Visual Studio 2008 x64 Redistributables

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Mail

    Windows Live Messenger

    Windows Live Movie Maker

    Windows Live Photo Gallery

    Windows Live Sign-in Assistant

    Windows Live Sync

    Windows Live Upload Tool

    Windows Live Writer

    .

    ==== Event Viewer Messages From Past Week ========

    .

    4/19/2012 9:46:41 AM, Error: Service Control Manager [7023]  - The Peer Name Resolution Protocol service terminated with the following error:  Access is denied.

    4/19/2012 9:46:41 AM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  Access is denied.

    4/19/2012 9:46:41 AM, Error: Microsoft-Windows-PNRPSvc [102]  - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.

    4/19/2012 9:46:40 AM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

    4/19/2012 9:46:24 AM, Error: Microsoft-Windows-WMPNSS-Service [14346]  - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.

    4/19/2012 9:46:12 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.

    4/18/2012 10:12:41 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    4/18/2012 10:12:27 AM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    4/17/2012 9:47:42 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035c13fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041712-37221-01.

    4/17/2012 7:08:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000325d703, 0x0000000000000000, 0x000000007ef60000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041712-20514-01.

    4/16/2012 2:56:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035793fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041612-34476-01.

    4/15/2012 8:21:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003257703, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041512-42978-01.

    4/15/2012 8:07:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035b13fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041512-35006-01.

    4/13/2012 7:06:05 PM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.

    4/12/2012 11:43:08 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.

    4/12/2012 11:43:08 AM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

    4/12/2012 11:03:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035bb3fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041212-23743-01.

    .

    ==== End Of File ===========================

  • Please go to this page: http://www.bleepingcomputer.com/virus-removal/remove-system-repair

    Scroll down the page about halfway to "Automated Removal Instructions for System Repair using Malwarebytes' Anti-Malware"
    Follow the instructions precisely from #1 through #22. Let us know if that helps. You won't need to register there just to use the removal guide, but I would be curious if you have registration problems there as well.


     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

  • Thanks.  I went to the link but I'm again having problems.  I got up to step 5, clicked the iExplore.exe download link but it never asked me if I wanted to save it to Desktop.  I just selected Save and it appears to have saved it to Notepad.  The following appears:

    ****************************************************************************

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 04/19/2012 at 11:54:18.
    Operating System: Windows 7 Home Premium

    Processes terminated by Rkill or while it was running:

     

    Rkill completed on 04/19/2012 at 11:54:20.

    ***************************************************************************

    I'm supposed to now double-click on the iExplore.exe icon but the icon is not appearing on my desktop.   Everything is expanded out in the Safe Mode with Networking mode so maybe the icon is on the hidden edge of my desktop and I'm not seeing it.  I can't figure out how to bring it into view. 

     

     

  • Unfortunately, Dell does not want us to have members post logs and continue with lengthy malware removal procedures at Dell Community. If you still are unable to register at SpywareHammer, please register at Bleeping Computer and post in the Malware Removal Forum there.

    You will be asked to run DDS again and one other tool called GMER. Instructions are provided at the link above. In your summary of your problem, please include a link to this topic so your helper there knows what we've done so far. If possible, please use the same member name as you have here.


     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

  • I see that you were unable to register at BC. There is probably something malware related that is causing the problems.Using another computer to register at SH or BC might help. I've asked a moderator at SpywareHammer to stand by in case you can get into that site with another computer.


     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.

     

  • This issue is being handled HERE so this topic is closed. Everyone else who is having a similar issue, please begin a New Post at the top of the forum.

     


     

    Microsoft MVP - Consumer Security
    Social Media and Community Professional
    SpywareHammer

    I am not a Microsoft or a Dell employee. I am a volunteer.