dwdsregt.exe? Help?

Yes dwdsregt.exe is related to ZenoSearch and should be removed. You could have other files and registry keys around related to this. In order for us to be able to provide you any real help on the malware status of your PC, you really need to run the READ & RUN ME sticky and attach the 5 logs requested in it.

 

Can you run a scan without updating? If not, try running the below instead:

Running Ewido Anti-Malware

As long as HijackThis is in its own folder by itself (and also not in any of the folders we request that it not be in) then all is good.

 

You have a load of problems! We are going to have to do that other scan I gave you from Ewido to help reduce the amount of manual work; however first do the below.


Delete all files in the below folders. Note that Windows my stop you from deleting a few from the current date this is normal.
C:\Windows\Temp
C:\Documents and Settings\Administrator.YOUR-AT5QGAAC3Z.000\Local Settings\Temp
C:\Documents and Settings\Default User\Local Settings\Temp
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp
C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine

Now run the Ewido procedure I previously gave to you and attach the log from Ewido.

Also goto Add/Remove programs and uninstall the below old Sun Java version:
Java 2 Runtime Environment, SE v1.4.2_03

You forgot too attach a log from HijackThis! I need one.

 

You must follow the directions in step 7 of the READ ME. HijackThis must be renamed as requested. Do this now and then move on to the below. Do not attach a new HJT log yet until requested at the end of the below procedure.
Make sure viewing of hidden files is enabled (per the tutorial).
Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
c:\temp\salmau.dat
c:\documents and settings\all users\desktop\Online Security Guide.url
C:\Documents and Settings\Owner\Favorites\Going Places
c:\windows\warnhp.html
C:\WarezP2P.exe
C:\WINDOWS\Eim03.exe
C:\WINDOWS\IA\KE.vbs
C:\WINDOWS\Justin.exe
C:\WINDOWS\popupwithcast.exe
C:\WINDOWS\srvftuvynh.exe
C:\WINDOWS\system32\dwdsregt.exe
c:\windows\uniq <--- the whole folder
c:\program files\SearchRelevant <--- the whole folder
c:\program files\WinAntiSpyware 2006 Scanner <--- the whole folder
C:\Program Files\Batty2 <--- the whole folder
C:\Program Files\DeluxeCommunications <--- the whole folder
C:\Program Files\popupwithcast <--- the whole folder
C:\Program Files\PSDream <--- the whole folder
C:\Program Files\PSLister <--- the whole folder

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now reboot in normal mode and attach new logs from:

• GetRunKey
• ShowNew
• HJT

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You did not attach the 3 followup logs I requested.

 

Okay I assum Ewido and CounterSpy are the free versions. If that is correct, uninstall them now.

Sun Java has updated to version 9! So let's get you updated.

First install the current version of Sun Java from: Sun Java Runtime Environment

Then uninstall the below old versions of software:
2SE Runtime Environment 5.0 Update 8

Now reboot into safe mode and delete the below:
C:\Program Files\Common Files\misc002 <--- the whole folder
C:\Program Files\Common Files\Yazzle1452OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1440OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\Program Files\Common Files\Yazzle1438OinUninstaller.exe
C:\Program Files\Common Files\??mantec <--- this folder will probably looked like symantec
C:\asdf.txt
C:\dfndrff_e12.exe
C:\kybrdff_e12.exe

Reboot into normal mode!

Attach a new log from ShowNew!

How is everything working now?

 

Who is "they"?

You do realize that there are literally thousands of registry entries and every PC is slightly different and has different things installed.


What is in the below folder (if anything)?
C:\Program Files\Common Files\{5C15CD7C-088F-1033-0210-040108030001}

 

I asked what it in the folder, not what is it for. If it is empty, just delete it. If it is not empty, tell me what is in it.

 

If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
3. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and enable System Restore to create a new clean Restore Point.
4. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

I'm not sure what you are talking about having problems logging into. You used the word "forum" so I assume you mean here at Majorgeeks. But then you said "the new password I recovered" so I don't know what you mean because this sounds like you are talking about the password on your PC.

 

Using Firefox is pretty straight forward. You should find it pretty easy to adapt to if you are already familar with IE.

Surf safely!

 

I'm not sure what you mean. The Firefox Themes page is not encryted as far as I know and I have no problems jumping between those two pages. I'm not sure what you are referring to but this is a question better asked in the Software Forum.

You have to be careful on how you interprete things like this. Firefox has fewer security issues than IE. Some of this is due in part to that make that many more people use IE than Firefox and more hackers look to attack IE than they do Firefox. So people will often say Firefox is more secure and from a simplistic view that would appear to be true, but many people using Firefox still have malware issues. In the end, it all comes down to the end user and how they use their PC and what they download and click on ....etc (all of this is mentioned in the How to protect thread). Yes using Firefox can help but nothing will protect your system if you are not careful on what you do.

I use Firefox and I use IE. On many PCs where I only use IE I never have any problems with malware. Even on WinXP SP1 and Win 2K SP4 systems with IE only, I never have malware problems. I have the typical protection software installed and use some common sense on where I surf and what I download and what I click on (and read what messages say before clicking because saying NO may not be the correct thing to click on. The messages are often designed to trick you.)