Plez Help!! Digital Protection Virus
Solved/Closed
WitzxEndz
Posts
6
Registration date
Friday April 30, 2010
Status
Member
Last seen
July 3, 2010
-
Apr 30, 2010 at 06:31 PM
witz - May 17, 2010 at 12:06 AM
witz - May 17, 2010 at 12:06 AM
Related:
- Plez Help!! Digital Protection Virus
- Digital convergence - Guide
- Goose virus - Download - Other
- Ntuser.dat virus - Guide
- K9 web protection - Download - Networks
- Can jpg have virus - Guide
6 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
May 1, 2010 at 04:50 AM
May 1, 2010 at 04:50 AM
Hello,
You sound as if you are a little frustrated and combat fatigue.
Here is the cavalry to your rescue:
1. Please download and install Hyjackthis.
2. Manually delete the file : C:\DOCUME~1\Mak\LOCALS~1\Temp\davclnt.exe
3. Run a scan with Hyjacthis.
4. Locate and check the entries: (If you do not find them all don't worry)
O1 - Hosts: 59.53.91.102 www.google.com
O1 - Hosts: 59.53.91.102 google.com
O2 - BHO: C:\WINDOWS\system32\zq5e7t.dll - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\zq5e7t.dll
O2 - BHO: (no name) - {BF565D8B-48EB-445F-B2A2-5B3C3B4A7BE0} - c:\windows\system32\vurrozj.dll
O4 - HKCU\..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\DOCUME~1\Mak\LOCALS~1\Temp\np28bqj.exe
O4 - HKCU\..\Run: [davclnt.exe] C:\DOCUME~1\Mak\LOCALS~1\Temp\davclnt.exe
O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\DOCUME~1\Mak\LOCALS~1\Temp\avp.exe
O4 - HKCU\..\Run: [Digital Protection] "C:\Program Files\Digital Protection\digprot.exe" -noscan
O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\zq5e7t.dll
5. Click on Fix checked and close Hyjackthis
6. Download, install and update Malwarebyte:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
7. Run a FULL system scan, I insist FULL.
Please, I would appreciate some feedback for all of my typing.
If you do not reply, I may cast a spell on your system worst that Digital Protection: your system will bark all the time! :)))
Very best regards
You sound as if you are a little frustrated and combat fatigue.
Here is the cavalry to your rescue:
1. Please download and install Hyjackthis.
2. Manually delete the file : C:\DOCUME~1\Mak\LOCALS~1\Temp\davclnt.exe
3. Run a scan with Hyjacthis.
4. Locate and check the entries: (If you do not find them all don't worry)
O1 - Hosts: 59.53.91.102 www.google.com
O1 - Hosts: 59.53.91.102 google.com
O2 - BHO: C:\WINDOWS\system32\zq5e7t.dll - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\zq5e7t.dll
O2 - BHO: (no name) - {BF565D8B-48EB-445F-B2A2-5B3C3B4A7BE0} - c:\windows\system32\vurrozj.dll
O4 - HKCU\..\Run: [hf8wefhuaihf8ewfydiujhfdsfdf] C:\DOCUME~1\Mak\LOCALS~1\Temp\np28bqj.exe
O4 - HKCU\..\Run: [davclnt.exe] C:\DOCUME~1\Mak\LOCALS~1\Temp\davclnt.exe
O4 - HKCU\..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\DOCUME~1\Mak\LOCALS~1\Temp\avp.exe
O4 - HKCU\..\Run: [Digital Protection] "C:\Program Files\Digital Protection\digprot.exe" -noscan
O22 - SharedTaskScheduler: hasiufhiusdfjdhfudd - {A9BA40A1-74F1-52BD-F431-00B15A2C8953} - C:\WINDOWS\system32\zq5e7t.dll
5. Click on Fix checked and close Hyjackthis
6. Download, install and update Malwarebyte:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
7. Run a FULL system scan, I insist FULL.
Please, I would appreciate some feedback for all of my typing.
If you do not reply, I may cast a spell on your system worst that Digital Protection: your system will bark all the time! :)))
Very best regards
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
May 5, 2010 at 05:50 AM
May 5, 2010 at 05:50 AM
Na... it ain't hopeless.. just wait a second...
Ya this is it...
We shall administrate this very potent medicinal compound, fit to kill a horse:
To keep your system safe, you must follow the instructions hereunder to the letter:
1. Download Combofix to your desktop.
http://www.combofix.org/download.php
2.Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
3. Double click on the ComboFix icon.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
4. Accept the disclaimer and the recovery
5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.
ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.
If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.
Once you are done, paste the log here and report to me on how your system is behaving.
Ya this is it...
We shall administrate this very potent medicinal compound, fit to kill a horse:
To keep your system safe, you must follow the instructions hereunder to the letter:
1. Download Combofix to your desktop.
http://www.combofix.org/download.php
2.Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
3. Double click on the ComboFix icon.
Windows is issuing this prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
4. Accept the disclaimer and the recovery
5.You should now press the Yes button to continue. If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.
ComboFix will disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings.
If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
During the process, please do not mouse click nor must you tap on the keyboard. Let the tool run.
Once you are done, paste the log here and report to me on how your system is behaving.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
May 9, 2010 at 05:11 AM
May 9, 2010 at 05:11 AM
It is a 32 bit.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
May 9, 2010 at 05:20 AM
May 9, 2010 at 05:20 AM
Hey Witz
Can you open your task manager and see in the processes if you have:
digitprot.exe if so terminate the process then see if you can find "davclnt.dll" and delete it.
If you were successfull, rerun Malwarebyte and your system should be free at last.
Can you open your task manager and see in the processes if you have:
digitprot.exe if so terminate the process then see if you can find "davclnt.dll" and delete it.
If you were successfull, rerun Malwarebyte and your system should be free at last.
The digprot thing in taskmanager i got rid of the 1st day it was on my computer so its no longer there. :) But im having trouble finding the other thing u said to delete. Its not on the task manager but when i search it i do find it. Do i have to delete it from someone else?
And btw Thx for your patience I know this is irritating :)
And btw Thx for your patience I know this is irritating :)
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
May 10, 2010 at 04:03 PM
May 10, 2010 at 04:03 PM
I take it that you are at your witzends,
Please be patient for patience is a vertue, we will get through this.
If you rebooted after your terminated digprot and may have reappeared.
1. So ensure again that digprot.exe is terminated.
2. Reboot in safe mode with networking.
3. Download Malwarebyte:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
4.Once downloaded, close all programs and Windows on your computer, including this one.
5.Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
6.When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
7.MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install.
8.On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for Digital Protection related files.
9.MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else (beer or pop and potato chips, watch a movie) and periodically check on the status of the scan.
10. Once the scan is over, delete the items found.
11. Reboot your computer to see that it is virus free.
12. Smile and have another tall cool refreshing beverage.
Please be patient for patience is a vertue, we will get through this.
If you rebooted after your terminated digprot and may have reappeared.
1. So ensure again that digprot.exe is terminated.
2. Reboot in safe mode with networking.
3. Download Malwarebyte:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
4.Once downloaded, close all programs and Windows on your computer, including this one.
5.Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MBAM onto your computer.
6.When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure you leave both the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware checked. Then click on the Finish button.
7.MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan. As MBAM will automatically update itself after the install.
8.On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer for Digital Protection related files.
9.MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else (beer or pop and potato chips, watch a movie) and periodically check on the status of the scan.
10. Once the scan is over, delete the items found.
11. Reboot your computer to see that it is virus free.
12. Smile and have another tall cool refreshing beverage.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
May 16, 2010 at 06:46 AM
May 16, 2010 at 06:46 AM
Okay Witz,
This is it! (You and your 64 bit thing, it is making me sweat!)
1. Download Smitfraudfix to your desktop
http://www.bleepingcomputer.com/resources/link243.html
2. Reboot in safe mode
3. Double click on the Smitfraud icon to lauch it.
4. Once the presentation over choose Clean (safe mode recommended) (option2)
click enter
Smitfraud will go through a serie of stages and will automatially launch disk clean-up
5. Once terminated the tool will ask you if you: Do you want to clean the registry
Type Y and click enter
6. Reboot your system
7. Smitfraud will check if wininet.dll is infected (if there is one) to the question:
Replace infected file type Y and press enter.
8. Reboot to complete the clean-up.
9. Reboot again into safe mode
10. Go to: C:\Documents and Settings\[user]\Local Settings\Temp
11. Click on edit and on select all then on delete. Confirm that you wish to send to trash.
12. Ensure that you have the most recent Windows safety update.
I am waiting for you feedback which I hope positive, just as you are hoping.
This is it! (You and your 64 bit thing, it is making me sweat!)
1. Download Smitfraudfix to your desktop
http://www.bleepingcomputer.com/resources/link243.html
2. Reboot in safe mode
3. Double click on the Smitfraud icon to lauch it.
4. Once the presentation over choose Clean (safe mode recommended) (option2)
click enter
Smitfraud will go through a serie of stages and will automatially launch disk clean-up
5. Once terminated the tool will ask you if you: Do you want to clean the registry
Type Y and click enter
6. Reboot your system
7. Smitfraud will check if wininet.dll is infected (if there is one) to the question:
Replace infected file type Y and press enter.
8. Reboot to complete the clean-up.
9. Reboot again into safe mode
10. Go to: C:\Documents and Settings\[user]\Local Settings\Temp
11. Click on edit and on select all then on delete. Confirm that you wish to send to trash.
12. Ensure that you have the most recent Windows safety update.
I am waiting for you feedback which I hope positive, just as you are hoping.
Good news!! i found out the problem! i just had to restore windows! and everything is back to normal! :P i had to dig threw stuff and find it but it was worth it. Thank you so much for your help and ur advice did help me alot i know so much more about my computer than i did before.
=D this time i wont be so careless ^_^
=D this time i wont be so careless ^_^
WitzxEndz
Posts
6
Registration date
Friday April 30, 2010
Status
Member
Last seen
July 3, 2010
May 3, 2010 at 09:23 AM
May 3, 2010 at 09:23 AM
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:20:29 AM, on 5/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Muffy\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2480816
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
R3 - URLSearchHook: Device Doctor Toolbar - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Program Files (x86)\Device_Doctor\tbDevi.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSWOW64\userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - (no file)
O2 - BHO: FCTBPos00Pos - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: Wowd Page Grabber - {99756919-C498-4D97-9E20-2076DE0E42B9} - C:\Program Files (x86)\Wowd\ext\eiexxpw.dll (file missing)
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - (no file)
O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O2 - BHO: Device Doctor Toolbar - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Program Files (x86)\Device_Doctor\tbDevi.dll (file missing)
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Device Doctor Toolbar - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Program Files (x86)\Device_Doctor\tbDevi.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RunAIShell] C:\Program Files\ASUS\AI Manager\AsShellApplication.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Driver Fetch] "C:\Program Files (x86)\Driver Fetch\2.4.0.2\DriverFetch.exe" --start-trayed
O4 - HKLM\..\Run: [PC Medkit] "C:\Program Files (x86)\PC Medkit\2.4.0.2\PCMedkit.exe" --start-trayed
O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files (x86)\Trojan Remover\Trjscan.exe" /boot
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-4RNM4.exe" /REG
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - HKCU\..\Run: [WowdStartup] C:\Program Files (x86)\Wowd\wowd.exe auto_started=true
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2709209736-1521553660-512063846-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2709209736-1521553660-512063846-1000\..\Run: [WowdStartup] C:\Program Files (x86)\Wowd\wowd.exe auto_started=true (User '?')
O4 - HKUS\S-1-5-21-2709209736-1521553660-512063846-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - S-1-5-21-2709209736-1521553660-512063846-1000 Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (User '?')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - ?s=100000344&p=RGfox000&si=&a=3s4BjcRPQhxdre6QweRk4w&n=2010031410
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Wowd Home - {D7A4591C-912F-4E83-B90F-EB82E0AC1808} - C:\Program Files (x86)\Wowd\ext\eiexxpw.dll (file missing) (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Device Handle Service - ASUSTeK - C:\Windows\SysWOW64\AsHookDevice.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Scan saved at 9:20:29 AM, on 5/3/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Safe mode with network support
Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Muffy\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2480816
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=53EEB45F21EA47F2B95DF58497B5E6B6
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
R3 - URLSearchHook: Device Doctor Toolbar - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Program Files (x86)\Device_Doctor\tbDevi.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSWOW64\userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - (no file)
O2 - BHO: FCTBPos00Pos - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - (no file)
O2 - BHO: Wowd Page Grabber - {99756919-C498-4D97-9E20-2076DE0E42B9} - C:\Program Files (x86)\Wowd\ext\eiexxpw.dll (file missing)
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - (no file)
O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O2 - BHO: Device Doctor Toolbar - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Program Files (x86)\Device_Doctor\tbDevi.dll (file missing)
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Device Doctor Toolbar - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Program Files (x86)\Device_Doctor\tbDevi.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RunAIShell] C:\Program Files\ASUS\AI Manager\AsShellApplication.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Babylon Client] "C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe" -AutoStart
O4 - HKLM\..\Run: [ISTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Driver Fetch] "C:\Program Files (x86)\Driver Fetch\2.4.0.2\DriverFetch.exe" --start-trayed
O4 - HKLM\..\Run: [PC Medkit] "C:\Program Files (x86)\PC Medkit\2.4.0.2\PCMedkit.exe" --start-trayed
O4 - HKLM\..\Run: [TrojanScanner] "C:\Program Files (x86)\Trojan Remover\Trjscan.exe" /boot
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-4RNM4.exe" /REG
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Registry Repair Wizard Scheduler] "C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
O4 - HKCU\..\Run: [WowdStartup] C:\Program Files (x86)\Wowd\wowd.exe auto_started=true
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-2709209736-1521553660-512063846-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2709209736-1521553660-512063846-1000\..\Run: [WowdStartup] C:\Program Files (x86)\Wowd\wowd.exe auto_started=true (User '?')
O4 - HKUS\S-1-5-21-2709209736-1521553660-512063846-1000\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - S-1-5-21-2709209736-1521553660-512063846-1000 Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (User '?')
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - ?s=100000344&p=RGfox000&si=&a=3s4BjcRPQhxdre6QweRk4w&n=2010031410
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Wowd Home - {D7A4591C-912F-4E83-B90F-EB82E0AC1808} - C:\Program Files (x86)\Wowd\ext\eiexxpw.dll (file missing) (HKCU)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Device Handle Service - ASUSTeK - C:\Windows\SysWOW64\AsHookDevice.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Didn't find the answer you are looking for?
Ask a question
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
May 3, 2010 at 12:59 PM
May 3, 2010 at 12:59 PM
Hello Witz,
You machine is badly infected!
You had more than Digital Protection, like several Trojans. Your browser must have going all over the place.
Also even after desinfection, your system will remain vulnerable for in your efforts to clean it, you have too many antiviruses applications which conflict. One is sufficient as long as you have a good firewall
Please run Hyjackthis and request a scan, no log.
When the scan is over a window will open permitting you to check mark.
Please check the following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2480816
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
R3 - URLSearchHook: Device Doctor Toolbar - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Program Files (x86)\Device_Doctor\tbDevi.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - (no file)
O2 - BHO: FCTBPos00Pos - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - (no file)
O2 - BHO: Wowd Page Grabber - {99756919-C498-4D97-9E20-2076DE0E42B9} - C:\Program Files (x86)\Wowd\ext\eiexxpw.dll (file missing)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - (no file)
O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O2 - BHO: Device Doctor Toolbar - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Program Files (x86)\Device_Doctor\tbDevi.dll (file missing)
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Device Doctor Toolbar - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Program Files (x86)\Device_Doctor\tbDevi.dll (file missing)
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - ?
s=100000344&p=RGfox000&si=&a=3s4BjcRPQhxdre6QweRk4w&n=2010031410
O9 - Extra button: Wowd Home - {D7A4591C-912F-4E83-B90F-EB82E0AC1808} - C:\Program Files (x86)\Wowd\ext\eiexxpw.dll (file missing) (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
Once check, click on fix checked and close Hyjackthis
Once all checked click on Fix Checked.
Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Once on the desk top, to outwit any rogue, rename it kioskea.exe
Ensure you make an update.
Please request a FULL system scan, which may take about 90 minutes.
When the scan is completed, delete all items found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Good luck
You machine is badly infected!
You had more than Digital Protection, like several Trojans. Your browser must have going all over the place.
Also even after desinfection, your system will remain vulnerable for in your efforts to clean it, you have too many antiviruses applications which conflict. One is sufficient as long as you have a good firewall
Please run Hyjackthis and request a scan, no log.
When the scan is over a window will open permitting you to check mark.
Please check the following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2480816
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: (no name) - {03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
R3 - URLSearchHook: (no name) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
R3 - URLSearchHook: Device Doctor Toolbar - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Program Files (x86)\Device_Doctor\tbDevi.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - (no file)
O2 - BHO: FCTBPos00Pos - {399C60D2-38B1-4E25-B9E7-6498C1BC2DCD} - (no file)
O2 - BHO: Wowd Page Grabber - {99756919-C498-4D97-9E20-2076DE0E42B9} - C:\Program Files (x86)\Wowd\ext\eiexxpw.dll (file missing)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - (no file)
O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O2 - BHO: Device Doctor Toolbar - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Program Files (x86)\Device_Doctor\tbDevi.dll (file missing)
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Device Doctor Toolbar - {bb6d9528-45f5-4c75-91c9-93290710ec4c} - C:\Program Files (x86)\Device_Doctor\tbDevi.dll (file missing)
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - ?
s=100000344&p=RGfox000&si=&a=3s4BjcRPQhxdre6QweRk4w&n=2010031410
O9 - Extra button: Wowd Home - {D7A4591C-912F-4E83-B90F-EB82E0AC1808} - C:\Program Files (x86)\Wowd\ext\eiexxpw.dll (file missing) (HKCU)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
Once check, click on fix checked and close Hyjackthis
Once all checked click on Fix Checked.
Download, install and run Malwarebyte which you can find on this site:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/ es-anti-malware
Once on the desk top, to outwit any rogue, rename it kioskea.exe
Ensure you make an update.
Please request a FULL system scan, which may take about 90 minutes.
When the scan is completed, delete all items found.
Once your computer is clean and working normally just to be on the safe side
*Turn off system restore and wait 30 seconds,
*Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Good luck
WitzxEndz
Posts
6
Registration date
Friday April 30, 2010
Status
Member
Last seen
July 3, 2010
May 4, 2010 at 10:47 PM
May 4, 2010 at 10:47 PM
>.< I thought so... darn it
when i scanned i found most of the files and fixed them but im still having trouble with the malwarebytes it wont install in safe mode or reg.
It always says either Cocreateinstance failer or error runtime 0
T.T its hopeless
when i scanned i found most of the files and fixed them but im still having trouble with the malwarebytes it wont install in safe mode or reg.
It always says either Cocreateinstance failer or error runtime 0
T.T its hopeless
jorhay
Posts
20
Registration date
Sunday May 9, 2010
Status
Member
Last seen
May 11, 2010
May 9, 2010 at 05:04 AM
May 9, 2010 at 05:04 AM
the best to do is format ur computer and install the avast anti vrus..dont use avg bcoz is not good anti vrus
May 2, 2010 at 10:41 AM
Thx
May 2, 2010 at 05:03 PM
1. You do not need Hyjackthis to delete:
C:\DOCUME~1\Mak\LOCALS~1\Temp\davclnt.exe
Did you do it?
2. Open your registry editor (you have Vista so don't ask me how, I forgot!)
While you are looking at this wonderful message I am wrtting, go to edit of your registry editor, open search and copy in the search field, one by one, every single key I have mentioned. Launch the search and once the key is found, delete it.
Careful, when copying the key do not include the numbers at the beginning like o2, 04, 022 not the hyphen following.
Then do the Malwarebyte bit. If you can install it, run it from download.
Let me know
May 3, 2010 at 09:23 AM