Home > Search Engine > Search Engine Virus And A DCOM Error

Search Engine Virus And A DCOM Error

It is important to rename ComboFix before the download. A case like this could easily cost hundreds of thousands of dollars. Jun 24, 2010 #18 asyyz TS Rookie Topic Starter Posts: 16 Here are the two log files. (I note an entry: 2010-06-23 07:26: c:\documents and settings\All Users\Application Data\Office Genuine Advantage Is Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. check over here

Web Scanner;avast! I will create one when it is clean. TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! INFO: HKLM has more than 50 listed domains.

Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. I've read several post on this forum and have since disconnected my pc from the internet. Please uninstall HitmanPro. Go to top Share this post Link to post Share on other sites Littleolady    Member Members 36 posts Age: 71 May 24, 2012 Gender: Female Location: California OS: Windows XP

I was unaware this machine had no restore points. c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-12-25 1207312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Microsoft Windows Installer 3.1 Microsoft Management Console version 1.2 or above. There are 2 different versions.

Questions: Why are there No restore points in the system? Please post the C:\ComboFix.txt in next reply. Post back with that log.Do not mouseclick ComboFix's window while it's running. http://www.techspot.com/community/topics/search-engine-redirect-virus-malware.148604/ Terms of Use Privacy Policy Licensing Advertise International Editions: US / UK India Login _ Social Sharing Find TechSpot on...

If you wish to scan all of them, select the 'Force scan all domains' option. . . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dllTB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLLTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileEB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dlluRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startupuRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" bootuRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" The pre-checked toolbars/software are not part of the Java update.Be sure to close all browser windows before beginning the install.Remove the old version(s)Download JavaRa[*]Unzip the file and open the JavaRa.exe[*]Click Remove

It has done this 1 time(s). 6/17/2010 12:30:46 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. https://forums.malwarebytes.com/topic/125192-possible-infection-rundll-error-after-removing-virus/ Why do you have Open Office, Microsoft Office and HP Digital Imaging on Startup? DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Gene Ebbrecht at 9:13:26 on 2012-09-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3966.2446 [GMT -4:00] . Even if your computer appears to act better, it may still be infected.

Download Rkill (courtesy of BleepingComputer.com) to your desktop. check my blog WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished. Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-12-27 352920] S3 gUSBSTOi;gUSBSTOi; [x] =============== Created Last 30 ================ 2010-06-17 23:51:56 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-17 23:51:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-17 06:55:57 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-06-17 06:53:07 self protection module/ALWIL Software) ZwOpenProcess [0x9D45B08C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast!

If one of them won't run then download and try to run the other one. So Im not sure yet if it has disappeared or if there is another malware program. It has done this 1 time(s). http://indignago.org/search-engine/search-engine-redirect-virus-hijackthis-logfile.html Name the file CFScript.txt - Save the file to your Desktop6.

Let's finish the cleaning and see if it makes a difference. Go to top Share this post Link to post Share on other sites Littleolady    Member Members 36 posts Age: 71 May 24, 2012 Gender: Female Location: California OS: Windows XP If Combofix asks you to update the program, always do so.

After the download: Close any open browsers.

Attached Files: Combolog2.txt File size: 73.3 KB Views: 1 Jun 19, 2010 #11 asyyz TS Rookie Topic Starter Posts: 16 One other thing: I did not remove the ATI Catalyst Controller uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer TrayApp Unity Web Player Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet I believe this is an error.

These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.. The Windows XP request is the one thats the nag. Do NOT take any actions on "<--- ROOKIT" entries Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. http://indignago.org/search-engine/search-engine-redirecting-virus-possibly-trojan-pakes-av.html It is a bundle of programs that are all free on the internet, most being used without the authors permission.

I did find the folder in the program folder and it was deleted. Click OK to either and let MBAM proceed with the disinfection process. Click NO.In the right panel, you will see several boxes that have been checked. Contents of the 'Scheduled Tasks' folder . 2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 00:58] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc20c3b49c6072.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23 19:15] . 2012-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc20c3b4c01512.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-23

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged Copy the text in the below code box by highlighting all the text and pressing Ctrl+C--- Code: ---KillAll::DDS::mStart Page = hxxp://www.dell4me.com/mywayTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeFile::c:\windows\Tasks\RegCure Program Check.jobc:\windows\Tasks\RegCure.jobFolder::C:\SDFixc:\program I have included a copy of my HiJack Report.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 14:48:41, on 23/01/2010Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18385)Boot mode: NormalRunning processes:C:\Windows\System32\smss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\csrss.exeC:\Program

Please don't run any other cleaning programs or scans while I'm helping you unless I direct you to. I cant seem to run rootpeal it freezes my computer, and then when it does start to work it stops responding.