dcom_14.dll

Everytime i start windows a message comes up saying that dcom_14.dll could not be accessed. My AVG anti virus calls it a virus... should i delete it or what? I tried hitting the "heal" button but it still comes up

 

If that file exist chances are there are further issues, please follow the steps below:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

http://www.majorgeeks.com/images/grenade.gif When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

 

ok heres the HJT file

 

You did not complete any of the steps listed in the READ ME which is required for us to provide assistance.

Go to the sticky below and start with step 0 and work your way thru to the end posting your logs to your next post.

Please complete every step because you have multiple issues.

http://www.majorgeeks.com/images/grenade.gif READ & RUN ME FIRST Before Asking for Support

Also, please see the thread below, be sure you run the smitRem utility and attach the log to your next post.

SpywareStrike, Smitfraud, SpySheriff, SpyAxe & PSGuard Removal


Your next post should contain the following logs...

 

ok... panda wont run because of an active x control even though i installed it and clicked run.. it would keep askin me to run it... smitrem didnt give me a log... and the bitdefender froze... wtf is going on in my comp?? plz help!! ill try bitdefender again.... plz reply

 

Try to run them again, also if you have DSL/Cable try them in Safe Mode.

Search for the file "smitfiles.txt" and attach this to your next post.

 

ok heres the smitfile

 

Okay, now once again try the online scans, if you can't run them in normal mode try them in Safe Mode.

 

ok just FYI when i ran the bitdefender it said like file 93415 out of 93405. and then it was like scanning c:/windows and like 12:45 mins left

 

Okay, attach the logs when they complete.

 

heres the bitdefender

 

Please see the below thread on how to install and run Ewido Anti-Malware.

• Running Ewido Anti-Malware...

 

heres the panda scan

 

After you post the Ewido log also attach a fresh HJT log and we will begin a fix.

 

ok here it is

 

I also requested the Ewido log?

 

and heres this

 

Before we start the fix, did you update Ewido and configure the scan settings per the thread?

 

yes sir i did

 

Attach a fresh HJT log because you ran Ewido after the last log.

 

oooh no i did the hjt log first cuz the otherone wouldnt attach i did the hjt scan after ewido

 

Please read this fix VERY carefully. Do NOT skip any step in the below. It is very important you follow this exactly as it appears skipping nothing.

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Please look in Add/Remove Programs for the following and uninstall them if found:

Ewido

Spybot S&D

SpySheriff

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O2 - BHO: (no name) - {39580911-93F2-A3BB-E33F-91F26642075A} - (no file)
O2 - BHO: (no name) - {780B19B9-D505-F3D0-2DF1-D4F88DCEC097} - (no file)
O2 - BHO: (no name) - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - (no file)

O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Wrxtmv] C:\WINDOWS\System32\w?crtupd.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [SNInstall] C:\WINDOWS\System32\vxh8jkdq2.exe
O4 - HKCU\..\Run: [Etoc] C:\Program Files\deup\sctu.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symcsvc.exe

O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\system32\dcom_12.dll
O21 - SSODL: System - {FD6D1AAF-6EFB-4C9B-9EE5-ED6C086C7335} - (no file)
O21 - SSODL: SpySheriff - {0F24727B-81A1-5F0D-9CD1-C3A2249855C1} - (no file)

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\SpySheriff ← Delete this whole folder if it exist!

C:\Program Files\deup ← Delete this whole folder if it exist!

C:\Program Files\Ebates_MoeMoneyMaker ← Delete this whole folder if it exist!

C:\WINDOWS\System32\w?crtupd.exe ← Manually locate this file and delete when found. Note that the ? represent an unprintable character so it will not look normal. Locate this file and delete it!

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\winstall.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\system32\dcom_9.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\system32\dcom_12.dll into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\System32\vxh8jkdq2.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\System32\symcsvc.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\system32\Tools\Restart.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete this post, reboot again and attach a fresh HJT log.

 

when i boot into safe mode.... go to administrator or my accout "LJ"


edit: and after i go to delete the folders do i stay in safe mode

 

Choose your account.

 

i cannot find this file

 

can we continue this tomorrow? i need some sleep got skool 2moro.... thx 4 ur help so far tho....

 

Okay, just procede!

 

It's important you complete this or else things may mutate but it's up to you. If you need to go come back and we will finish later however we will have to start over.

 

stay in safe mode for the rest also?

 

Yes, read carefully, you should now run CCleaner and then run Killbox to delete the remaining files.

 

not all of those files are there... this is ok right?

 

Just read and follow the fix exactly as it is and then attach a fresh HJT log.

 

and when i run hjt (when im done)... go bak in safe mode or reg mode

 

When you are done with the entire fix, run HJT from normal mode.

 

its takin for ever to restart.. manual restart??


edit nevermind restarted finally

 

What are you referring to? If you ran everything as you were supposed to Killbox will restart automatically. If not reboot manually.

 

ok here is the new hjt file *crosses fingers*

 

Looks good, are you having any current problems?

 

no.... no problems...
is there anything i can do to prevent this from happening again?

 

Yes, get a firewall to start with.

You should go thru this article on How to Protect yourself from malware!

Surf Safely!

 

Thank you so much!! You dont no how greatful i am!


Thanks
LJ

 

Your Welcome!

 

quick question.... was all this stuff screwing me up or what? and what exactly was it...

 

Yes, whether you knew it or not it was causing problems as in computer running slower than normal and other things. It's just typical malware, it's all over the internet so it's hard to say exactly how you get it. The most common ways are surfing the net without proper protection and P2P programs such as Kazaa, Limewire, etc;.