Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

How to remove Searchcompletion/AutocompletePro/Widdit.com Malware

This is a discussion on How to remove Searchcompletion/AutocompletePro/Widdit.com Malware within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category.


Reply
 
Thread Tools Search this Thread
Old 01-09-2012, 10:26 AM   #1
Registered Member
 
Join Date: Dec 2009
Posts: 19
OS: winxp



Malware had infected my computer is starting to take over my search inquires on nearly every website now. Searchcompletion / AutocompletePRO / Widdit.com (Are they the same?) have somehow buried their nasty heads in my OS. They show up in Firefox 3.6 but not Internet Explorer. The basic problem I am having is that malware detection software won’t pick these viruses up ( and they are a virus!). There are no add/remove options and they don’t appear on running processes. I have attempted to detect/disable/remove Searchcompletion / AutocompletePro using the following methods:

1. MalwareBytes
2. Combofix
3. BlockSites (Firefox addon)
4. Process Explorer – SysInternals
5. XP Files or Folders Search
6. Uninstalling/Reinstalling Firefox

Nothing I have tried to date can even detect them let alone remove them. There are websites for Widdit.com and Searchcompletion but as expected they only give you the basic add/remove programs spiel. I have also tried Googling the problem but there are no definitive answers on how to stop the process and remove the registry and dll entries. Any help in removing this malware is most appreciated, as it is becoming a bit more than an annoyance.

I do have a Windows Install Disc / Boot CD

Gmer / DDS Logs posted

Thanks in Advance

Danbarr

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_29
Run by Dan at 11:54:25 on 2012-01-09
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1748 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: ZoneAlarm Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - c:\program files\crossriderwebapps\Crossrider.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [VTPreset] VTPreset.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMan] SOUNDMAN.EXE
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.15.1
TCP: Interfaces\{1DF931B2-DB56-4E91-BFEA-B866661B8321} : DhcpNameServer = 192.168.15.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dan\application data\mozilla\firefox\profiles\s857xbff.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Premiumplay Codec-C: crossriderapp435@crossrider.com - c:\documents and settings\all users\application data\codeccheck\firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: WebMail Notifier: {37fa1426-b82d-11db-8314-0800200c9a66} - %profile%\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-8-28 64512]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-8-5 13496]
R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2011-8-15 20512]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-8-24 532224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz135;cpuz135;\??\c:\docume~1\dan\locals~1\temp\cpuz135\cpuz135_x32.sys --> c:\docume~1\dan\locals~1\temp\cpuz135\cpuz135_x32.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-8-27 129808]
S3 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 Vsp;Vsp;c:\windows\system32\drivers\vsp.sys [2011-4-23 3351]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-08 19:35:40 -------- d-sha-r- C:\cmdcons
2012-01-08 19:34:10 98816 ----a-w- c:\windows\sed.exe
2012-01-08 19:34:10 518144 ----a-w- c:\windows\SWREG.exe
2012-01-08 19:34:10 256000 ----a-w- c:\windows\PEV.exe
2012-01-08 19:34:10 208896 ----a-w- c:\windows\MBR.exe
2011-12-19 00:58:19 -------- d-----w- c:\documents and settings\dan\application data\DDMSettings
.
==================== Find3M ====================
.
2011-12-16 15:45:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-20 23:26:22 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-10-14 15:00:56 90112 ----a-w- c:\windows\DUMP4805.tmp
2011-10-14 14:59:58 90112 ----a-w- c:\windows\DUMP77b0.tmp
2011-10-14 14:54:54 90112 ----a-w- c:\windows\DUMP4759.tmp
2011-10-14 14:53:47 90112 ----a-w- c:\windows\DUMP4640.tmp
2011-10-13 23:29:28 15452536 ----a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2011-10-11 15:15:02 6776168 ----a-w- c:\program files\WindowsUpdateAgent30-x86.exe
2011-10-10 18:20:46 2107529 ----a-w- c:\program files\attsetup.exe
2011-09-01 19:12:50 197344 ----a-w- c:\program files\eraser2k.exe
2011-09-01 15:43:05 74066832 ----a-w- c:\program files\msert.exe
2011-08-14 12:55:38 63671296 ----a-w- c:\program files\wwtsetuppenumbra_1.msi
2011-08-14 11:27:14 63671296 ----a-w- c:\program files\wwtsetuppenumbra.msi
2002-04-15 18:48:54 233472 ----a-w- c:\program files\oclean9.dll
2002-04-15 18:48:54 217088 ----a-w- c:\program files\offcln9.exe
.
============= FINISH: 11:55:12.40 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/14/2011 11:35:45 AM
System Uptime: 1/9/2012 11:50:13 AM (0 hours ago)
.
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6390
Processor: AMD Athlon(tm) XP 2600+ | Socket A | 2131/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 64.509 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Lucent Win Modem
Device ID: PCI\VEN_11C1&DEV_044C&SUBSYS_044C11C1&REV_02\3&61AAA01&0&30
Manufacturer: Lucent
Name: Lucent Win Modem
PNP Device ID: PCI\VEN_11C1&DEV_044C&SUBSYS_044C11C1&REV_02\3&61AAA01&0&30
Service: Modem
.
==== System Restore Points ===================
.
RP1: 1/8/2012 2:34:11 PM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.21beta
AC3Filter 1.63b
Aces High
Ad-Aware
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.6
AMD APP SDK Runtime
ATI - Software Uninstall Utility
ATI Display Driver
Belarc Advisor 8.2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Crossrider Web Apps
DH Driver Cleaner Professional Edition
DivX Setup
EASEUS Data Recovery Wizard Free Edition 5.5.1
Gadwin PrintScreen
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 29
Malwarebytes' Anti-Malware version 1.51.1.1800
Media Player Codec Pack 4.0.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2000 Premium
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.6.25)
MSXML 6 Service Pack 2 (KB973686)
Platform
PokerTH
Ray Adams ATI Tray Tools
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Revo Uninstaller 1.93
S3Display
S3Gamma2
S3Info2
S3Overlay
Sandboxie 3.58 (32-bit)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Windows XP (KB923789)
SIW version 2011.10.29
Skins
Smart Defrag 2
swMSM
System Explorer 3.0.6
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.6195
Veetle TV
VIA Audio Driver Setup Program
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Wise Registry Cleaner 5.9.4
Xvid MPEG-4 Video Codec
ZoneAlarm
.
==== Event Viewer Messages From Past Week ========
.
1/8/2012 2:55:32 PM, error: Service Control Manager [7001] - The Windows Firewall/Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/8/2012 2:34:22 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Cryptographic Services service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/8/2012 2:33:56 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {C49E32C6-BC8B-11D2-85D4-00105A1F8304}
1/8/2012 2:33:45 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
1/8/2012 2:01:11 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
1/8/2012 1:19:15 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/8/2012 1:19:15 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/7/2012 11:42:22 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
.
==== End Of File ===========================
Attached Files
File Type: zip ark.zip (884 Bytes, 20 views)

__________________
Danbarr is offline   Reply With Quote
Old 01-09-2012, 05:25 PM   #2
Registered Member
 
Join Date: Dec 2009
Posts: 19
OS: winxp



Seems to have been a very simple problem and fix. Followed the instructions listed here Remove Startsear.ch and search.searchcompletion.com (Uninstall Guide) and removed all search engines in Firefox except my preferred. Seems to have worked.
__________________
Danbarr is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Remove 2nd Install of XP
After tons of research and all kinds of conflicting information, I am trying to confirm the right process to accomplish what I have outlined below. I have 2 installs of XP Home, one for a backup in case my working OS died. Both are installed on separate partitions, my working copy on disk 1,...
Coastalguy Windows XP Support 7 07-17-2011 10:37 AM
Need Help To Remove Backdoor.Bot Malware!!!! Please Help!!
I have a Dell Optiplex 755 with Windows Vista Service Pack 2. After noticing that my antivirus software (McAfee) had a strange problem where it said error initializing updater interface, I tried to install another antivirus (AVG Free Edition) and scanned it to find out that my computer has a...
kkumon35 Inactive Malware Help Topics 2 07-13-2011 12:47 AM
Twenty glorious years of Windows malware
Back when Windows was young, viruses scampered from system to system, occasionally deleting files, which could almost always be retrieved, and putting up dialog boxes with inscrutable contents, like the numeral 1. Nowadays, Windows malware locks up your data and holds it for ransom. It...
Glaswegian Computer Security News 0 03-02-2011 12:29 PM
Microsoft patches security bug in Malware Protection Engine
Microsoft has patched a bug in its malware scanning engine that could be used as a stepping stone for an attacker looking to seize control of a Windows box. The bug is fixed in an update to the Microsoft Malware Protection Engine that was pushed out to users of Microsoft's security products on...
Glaswegian Computer Security News 0 02-24-2011 12:15 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 12:36 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts