Files Suddenly Missing

First and foremost, do NOT run any "temp file cleaners" (such as Windows Disk Cleanup, or CCleaner), as it's possible that the missing files have been moved to a "temp" area and hidden.   If you run a temp file cleaner, you risk permanently deleting them.

One-on-one Malware Analysis/Removal is no longer done at the Dell Forums.  

Please follow the directions at http://spywarehammer.com/simplemachinesforum/index.php?topic=12262.0 to register and post the requested logs at spywarehammer.com ; there are expert helpers there who can "walk you through" procedures to analyze your system, and clean-up the infection.   All help provided there is FREE.   If you decide to go for help there, please wait for a response, and do NOT attempt to run any other scans/removers on your own --- do exactly what they instruct you to do, no more, no less.

Good luck!

I will try to call this to the attention of Bugbatter, who volunteers here, and is an administrator at SpywareHammer.   Please be patient.

EDIT:   for what it's worth, I just tried going to spywarehammer's registration screen, and words were there for me in the CAPTCHA box.    I guess you can try again... or else wait for Bugbatter to reply here.  

Thanks, I just checked the spyhammer site out and I'm sure they can help.....IF I can register.  I've tried 5 times.  It lets me enter my chosen user name, email address, and chosen password.  I agree to the conditions, check the box that says I'm over 13, and hit register.  I get an alert which says "The letters you typed don't match the letters that were shown in the picture."  I go back and there's a VISUAL VERIFICATION section on the registration form but no picture.  I can't type in the letters in the picture if there's no picture showing.

I can't get help with this until I register, but I can't register if the verification picture isn't showing.  I'm wondering if their site has been hacked, too!  If you can get a message to them that there's a problem with their visual verification section I'd appreciate it.

We have been working on some updates to the site. Issues that you are having will be corrected soon. If you are on Facebook, you can always contact SpywareHammer here: www.facebook.com/SpywareHammer

For now, I will get you set up for posting over there, and do as much as I can here at Dell.
SpywareHammer will need to see some additional information about what is happening in your machine.

Please download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.

-----------------------------------------------------

• Copy/paste both logs to your reply on this forum. Do not attach them. After you are able to register at SpywareHammer, you can include a link to this topic so they can see what we have done so far.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

I tried to register again; no luck....still no visual verification showing up on the registration form.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Larry at 19:02:04 on 2012-04-18

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3959.2195 [GMT -6:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Ralink\Common\RaRegistry.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/?ilc=1

mWinlogon: Userinit=userinit.exe

BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - C:\PROGRA~2\SITERA~1\SiteRank.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: ShopAtHome.com Toolbar: {66516a07-f617-488a-90cf-4e690cfb3c5f} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: ShopAtHome.com Toolbar: {311b58dc-a4dc-4b04-b1b5-60299ad3d803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

StartupFolder: C:\Users\Larry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe

StartupFolder: C:\Users\Larry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{AD254BE0-ABC6-4092-A8A8-570CFD8A21DB} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{AD254BE0-ABC6-4092-A8A8-570CFD8A21DB}\375756A7E65647 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{AD254BE0-ABC6-4092-A8A8-570CFD8A21DB}\C696E6B6379737 : DhcpNameServer = 192.168.5.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: : {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64:     AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64:     WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: ShopAtHome.com Toolbar: {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

BHO-X64:     ShopAtHome.com Toolbar - No File

BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64:     SkypeIEPluginBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2010-10-5 185632]

R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2010-10-5 212256]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-9-29 1692480]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-3 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-31 253088]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-3 136176]

S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-18 00:39:38 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-04-12 19:06:28 80896 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-12 19:06:28 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-12 19:06:28 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-12 19:06:28 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-12 19:06:28 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-12 19:06:28 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-12 19:06:28 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-09 17:24:19 20480 ---ha-w- C:\Windows\svchost.exe

2012-04-09 17:18:08 114176 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\F181.tmp

2012-04-09 17:17:50 5120 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\ACA5.tmp

2012-04-09 17:17:50 114176 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\ACA5.tmp.dat

2012-04-01 01:12:28 8741536 ---ha-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-01 00:46:14 418464 ---ha-w- C:\Windows\SysWow64\FlashPlayerApp.exe

.

==================== Find3M  ====================

.

2012-04-13 21:12:51 70304 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-01 06:29:53 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-10 06:18:10 1541120 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 06:17:55 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-02-10 06:17:54 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-02-10 06:17:54 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-02-10 06:17:54 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-02-10 05:41:38 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-10 05:41:20 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-02-10 05:41:20 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-02-10 05:41:20 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-02-10 05:41:19 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys

2012-01-25 06:27:11 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-01-25 06:27:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-01-25 06:20:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

.

============= FINISH: 19:02:41.71 ===============

Thank you for the first DDS log. Please post the log named Attach.txt.

Thanks.

Please go to this page: http://www.bleepingcomputer.com/virus-removal/remove-system-repair

Scroll down the page about halfway to "Automated Removal Instructions for System Repair using Malwarebytes' Anti-Malware"
Follow the instructions precisely from #1 through #22. Let us know if that helps. You won't need to register there just to use the removal guide, but I would be curious if you have registration problems there as well.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 10/1/2010 3:51:36 PM

System Uptime: 4/19/2012 9:45:46 AM (1 hours ago)

.

Motherboard: Dell Inc. |  | 0C2KJT

Processor: Intel(R) Pentium(R) CPU        G6950  @ 2.80GHz | CPU 1 | 2800/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 289 GiB total, 242.514 GiB free.

D: is CDROM (UDF)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP97: 3/14/2012 1:39:42 PM - Windows Update

RP98: 3/23/2012 8:52:12 AM - Scheduled Checkpoint

RP99: 3/30/2012 3:47:08 PM - Scheduled Checkpoint

RP100: 4/7/2012 1:54:36 PM - Scheduled Checkpoint

RP101: 4/12/2012 1:05:58 PM - Windows Update

RP102: 4/17/2012 6:38:29 PM - Installed Java(TM) 6 Update 31

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Reader 9.5.1

Bing Bar

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Coupon Printer for Windows

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Getting Started Guide

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

Java Auto Updater

Java(TM) 6 Update 20

Java(TM) 6 Update 31

Junk Mail filter update

Microsoft Choice Guard

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

Microsoft Works

MSVCRT

Multimedia Card Reader

OpenOffice.org 3.2

Ralink RT2860 Wireless LAN Card

Realtek High Definition Audio Driver

Roxio Burn

Security Update for CAPICOM (KB931906)

ShopAtHome.com Toolbar

SiteRanker

Skype Toolbars

Skype™ 4.2

Visual Studio 2008 x64 Redistributables

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

4/19/2012 9:46:41 AM, Error: Service Control Manager [7023]  - The Peer Name Resolution Protocol service terminated with the following error:  Access is denied.

4/19/2012 9:46:41 AM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  Access is denied.

4/19/2012 9:46:41 AM, Error: Microsoft-Windows-PNRPSvc [102]  - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.

4/19/2012 9:46:40 AM, Error: Service Control Manager [7024]  - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

4/19/2012 9:46:24 AM, Error: Microsoft-Windows-WMPNSS-Service [14346]  - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.

4/19/2012 9:46:12 AM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.

4/18/2012 10:12:41 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

4/18/2012 10:12:27 AM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

4/17/2012 9:47:42 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035c13fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041712-37221-01.

4/17/2012 7:08:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff8000325d703, 0x0000000000000000, 0x000000007ef60000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041712-20514-01.

4/16/2012 2:56:18 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035793fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041612-34476-01.

4/15/2012 8:21:58 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80003257703, 0x0000000000000000, 0x000007fffffa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041512-42978-01.

4/15/2012 8:07:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035b13fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041512-35006-01.

4/13/2012 7:06:05 PM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.

4/12/2012 11:43:08 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 107.

4/12/2012 11:43:08 AM, Error: Schannel [36874]  - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

4/12/2012 11:03:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035bb3fa, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041212-23743-01.

.

==== End Of File ===========================

Thanks.  I went to the link but I'm again having problems.  I got up to step 5, clicked the iExplore.exe download link but it never asked me if I wanted to save it to Desktop.  I just selected Save and it appears to have saved it to Notepad.  The following appears:

****************************************************************************

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/19/2012 at 11:54:18.
Operating System: Windows 7 Home Premium

Processes terminated by Rkill or while it was running:

Rkill completed on 04/19/2012 at 11:54:20.

***************************************************************************

I'm supposed to now double-click on the iExplore.exe icon but the icon is not appearing on my desktop.   Everything is expanded out in the Safe Mode with Networking mode so maybe the icon is on the hidden edge of my desktop and I'm not seeing it.  I can't figure out how to bring it into view. 

Unfortunately, Dell does not want us to have members post logs and continue with lengthy malware removal procedures at Dell Community. If you still are unable to register at SpywareHammer, please register at Bleeping Computer and post in the Malware Removal Forum there.

You will be asked to run DDS again and one other tool called GMER. Instructions are provided at the link above. In your summary of your problem, please include a link to this topic so your helper there knows what we've done so far. If possible, please use the same member name as you have here.

I see that you were unable to register at BC. There is probably something malware related that is causing the problems.Using another computer to register at SH or BC might help. I've asked a moderator at SpywareHammer to stand by in case you can get into that site with another computer.

This issue is being handled HERE so this topic is closed. Everyone else who is having a similar issue, please begin a New Post at the top of the forum.