1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Msg: Error loading E6F1873B.DLL...HJT Log

Discussion in 'Virus & Other Malware Removal' started by JimmyDutch, Feb 4, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. JimmyDutch

    JimmyDutch Thread Starter

    Joined:
    Feb 4, 2005
    Messages:
    6
    Hi, I am running windows XP with Service pac 2, System has a mind of it's own. It closes Explorer when I attempt to change anything in the Control Panel lots of hard drive activity when I'm not doing anything! At start up it displays (in two separate windows) "Error Loading E6F1873B.DLL and Doceoc16B1 Specified Module could not be found". Below is my Hijack This log. Thanks for any help you folks can provide...I am a beginner, so please type slow...jim :)

    Logfile of HijackThis v1.99.0
    Scan saved at 6:08:37 PM, on 2/4/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
    C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\AVPersonal\AVSCHED32.EXE
    C:\WINDOWS\System32\??chost.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\explorer.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {2340FD3F-B793-52D4-1F14-EFC67354939C} - blank (file missing)
    O2 - BHO: (no name) - {58CE07ED-CC78-EBAD-7B65-EEDC3C49BA9D} - blank (file missing)
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
    O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking\Program\ereg.ini"
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKCU\..\Run: [Cmeubpfy] C:\WINDOWS\System32\??chost.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
    O4 - Startup: CLOCK.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Organize Quick and Easy.lnk = C:\Program Files\Organize Quick and Easy\QNE.exe
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://msn.com
    O14 - IERESET.INF: MS_START_PAGE_URL=http://msn.com
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105771097053
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: Aluria Spyware Eliminator Service - Unknown - C:\Program Files\Aluria Software\ASE\ASEServ.exe
    O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  2. Cretemonster

    Cretemonster

    Joined:
    Jan 29, 2005
    Messages:
    31
    Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm

    O2 - BHO: (no name) - {2340FD3F-B793-52D4-1F14-EFC67354939C} - blank (file missing)

    O2 - BHO: (no name) - {58CE07ED-CC78-EBAD-7B65-EEDC3C49BA9D} - blank (file missing)

    O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C

    O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1

    O4 - HKCU\..\Run: [Cmeubpfy] C:\WINDOWS\System32\??chost.exe

    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall...meInstaller.exe

    Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!!

    Reboot into SAFE MODE(F5 or F8 when restarting)
    Here is a link on how to boot into Safe Mode:
    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

    After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!
    Here is a link to help with that:
    http://www.bleepingcomputer.com/forums/index.php?showtutorial=62

    Once in Safe Mode and Windows has been properly configured to Show Hidden Files!

    Locate and Delete:

    E6F1873B.DLL<<< Not sure of exact location!
    Use Windows Search Assistant(Click Start>>>Click Search>>>Select All Files and Folders)

    When finished, reboot your system again and bring it back up in normal mode. Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK.
    Select the tab labeled Startup and put a Check by every box there!! Once everything is enabled, run "Hijack This!" and post a new log to this thread!!

    Here is a link explaining:

    http://netsquirrel.com/msconfig/
     
  3. JimmyDutch

    JimmyDutch Thread Starter

    Joined:
    Feb 4, 2005
    Messages:
    6
    Hey CreteMonster, Thanks for the quick response and your help. Here is my new log.

    Logfile of HijackThis v1.99.0
    Scan saved at 8:01:23 PM, on 2/4/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
    C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe
    C:\Program Files\AVPersonal\AVSCHED32.EXE
    C:\Program Files\AVPersonal\AVGNT.EXE
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Spyware Doctor\swdoctor.exe
    C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
    C:\Documents and Settings\User\Start Menu\Programs\Startup\CLOCK.EXE
    C:\Program Files\AVPersonal\AVGUARD.EXE
    C:\Program Files\AVPersonal\AVWUPSRV.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\unzipped\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
    O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe"
    O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
    O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking\Program\ereg.ini"
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
    O4 - Startup: CLOCK.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Organize Quick and Easy.lnk = C:\Program Files\Organize Quick and Easy\QNE.exe
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://msn.com
    O14 - IERESET.INF: MS_START_PAGE_URL=http://msn.com
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1105771097053
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
    O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: Aluria Spyware Eliminator Service - Unknown - C:\Program Files\Aluria Software\ASE\ASEServ.exe
    O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  4. The_Egg

    The_Egg

    Joined:
    Sep 16, 2002
    Messages:
    1,157
    O4 - Startup: CLOCK.EXE
    C:\Documents and Settings\User\Start Menu\Programs\Startup\CLOCK.EXE

    Is that a legit clock application?
    If not, or you aren't sure what it is, then I suggest that you also fix that entry.


    O4 - Startup: ASE Scheduler.lnk = C:\Program Files\Aluria Software\ASE\ASE Scheduler.exe
    O23 - Service: Aluria Spyware Eliminator Service - Unknown - C:\Program Files\Aluria Software\ASE\ASEServ.exe

    I recommend that you uninstall Aluria via Add/Remove Programs Control Panel.
    Aluria is listed on the known rogue/suspect anti-spyware products list, mainly for its association with WhenU Advertising Adware:
    http://www.spywareinfo.com/articles/aluria/delisted.php



    The following are all legit, but are known resource hogs, all of which can be started manually if and when required (via: Start > Programs). You can disable these either with HJT or msconfig.

    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l

    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\ScanSoft\NaturallySpeaking\Program\Ereg.exe" -r "C:\Program Files\ScanSoft\NaturallySpeaking\Program\ereg.ini"

    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


    Please download, install & run the following free spyware/adware removal apps:

    Spybot Search & Destroy
    http://www.safer-networking.org

    Follow the setup guide to immuninze your system, download updates, and then run the scan.
    As before, make sure all other windows are closed first.

    AdawareSE
    http://www.lavasoft.de/software/adaware

    Be sure to install all detection updates before running the scan.
    Then click "Start"
    Uncheck "search for negligible risk entries"
    Checkmark "Perform full system scan"
    Click "Next"
    Let the scan run
    When done, checkmark all results and click "Next".

    Scan with SpybotSD and Adaware regularly, at least once a week
    (make sure you check for detection updates first before running the scans).

    If needs be, further instructions can be found in the sticky threads at the top of this forum.


    Please also visit the following sites to run a free online antivirus scan:
    http://housecall.trendmicro.com
    http://www.pandasoftware.com/activescan/com/
     
  5. JimmyDutch

    JimmyDutch Thread Starter

    Joined:
    Feb 4, 2005
    Messages:
    6
    "I recommend that you uninstall Aluria via Add/Remove Programs Control Panel.
    Aluria is listed on the known rogue/suspect anti-spyware products list, mainly for its association with WhenU Advertising Adware:
    http://www.spywareinfo.com/articles/aluria/delisted.php"

    And I paid for that Spyware! CLOCK.EXE is a program to put a clock on my desktop. I've uesd it for years, I hope its not Spyware? I'm still getting the "Windows Explorer has encountered a problem and needs to close. We are sorry for the incovenience" message when I try to open Items in "My Computer". I'll follow your instructions and let you know how it goes...Thanks again...jim
     
  6. Cretemonster

    Cretemonster

    Joined:
    Jan 29, 2005
    Messages:
    31
    I have to Agree,both of those have been known to bring Spyware to the PC!

    Aluria,promotes whats called False Positives!

    Here is a good way to tell whats lurking!

    Click here to download eScan:
    http://www.mwti.net/antivirus/free_utilities.asp

    Double-click it to run it, select all local drives, scan all files, press 'scan' and when it is completed, anything found will be displayed in the lower pane. Highlight it, Copy and paste it in your next reply.
    All I need to see is what is in the Bottom Window!
     
  7. JimmyDutch

    JimmyDutch Thread Starter

    Joined:
    Feb 4, 2005
    Messages:
    6
    I LIED...I just rebooted after doing everything in The Egg's last post and everything is working GREAT! Thanks CreteMonster, The Egg and all!! And I am going to make a $25 donation RIGHT NOW!!!
     
  8. Cretemonster

    Cretemonster

    Joined:
    Jan 29, 2005
    Messages:
    31
    Try eScan and lets take the rest of the trash out!
     
  9. JimmyDutch

    JimmyDutch Thread Starter

    Joined:
    Feb 4, 2005
    Messages:
    6
    OK, I ran eScan and it looks like the uninstaller for Aluria did not remove all its files. Can I just delete the "INFECTED" file from the tree "Program Files\AVPersonal\INFECTED"? Below is my eScan log, again thanks in advance...And I did donate to help this site stay running and I would hope that anyone who finds it helpfull would. This kind of help would cost at least $100 if you went to a computer repair shop. Thanks again...jim

    File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\Anna\palm stuff\battleship_handango.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAffWinshow4.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken.
    File C:\Documents and Settings\User\Desktop\Drivers & Upgrades\mdc3000v103.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\Documents and Settings\User\My Documents\My Downloads\MPSSSetup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\Program Files\AVPersonal\INFECTED\A0062426.DLL.VIR infected by "Trojan-Downloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
    File C:\Program Files\AVPersonal\INFECTED\A0062479.DLL.VIR infected by "Trojan-Downloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
    File C:\Program Files\AVPersonal\INFECTED\A0062488.DLL.VIR infected by "Trojan-Downloader.Win32.WinShow.ak" Virus. Action Taken: No Action Taken.
    File C:\Program Files\AVPersonal\INFECTED\A0062540.DLL.VIR infected by "Trojan-Downloader.Win32.Agent.z" Virus. Action Taken: No Action Taken.
    File C:\Program Files\AVPersonal\INFECTED\RROE.EXE.VIR infected by "not-a-virus:AdWare.PurityScan.v" Virus. Action Taken: No Action Taken.
    File C:\Program Files\Organize Quick and Easy\register.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\Sierra\Counter-Strike\hltv.exe tagged as not-a-virus:RiskWare.Proxy.Hltv. No Action Taken.
    File C:\WINDOWS\MVUNINST\App1\mvuninst.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\WINDOWS\MVUNINST\App1\mvuninst.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    File C:\WINDOWS\_MSRSTRT.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.


    The eScan also indicated I had 110 total errors (reminded me of my High School days) I'm not sure what those were.
     
  10. Cretemonster

    Cretemonster

    Joined:
    Jan 29, 2005
    Messages:
    31
    Thats what I like to see!!

    I do like the Antivir Program,one of the best I have seen for free!!

    How is the Machine running today?
     
  11. JimmyDutch

    JimmyDutch Thread Starter

    Joined:
    Feb 4, 2005
    Messages:
    6
    Hey CreteMonster! Everything is running great. I'm just getting ready to try this Turbo Tax thing! After that I'm going to run some Spyware (or is it anti-spyware) on my son's PC, you may see me back with his HJT log! Thanks again...jim
     
  12. Cretemonster

    Cretemonster

    Joined:
    Jan 29, 2005
    Messages:
    31
    Thats fine Jim,bring it on!!!

    Let me give you some of my material to avoid these infections in the future!

    First,lets flush out System Restore,and remove all the nasty old Restore points!
    Here is a link to help with System Restore:
    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

    Disbale it and restart the Machine,once restarted Renable it,this should flush all old restore points and create a nice new clean one!

    Reconfigure Windows to Hide Files!

    Reset the Startup area of Msconfig to the way your prefer you PC to Startup!!

    Here is my one stop shop:

    http://majorgeeks.com/downloads31.html

    Here you can pick up some great FREE programs to help you keep the PC clean!

    Ad Aware SE 1.05

    Spybot Search and Destroy 1.3

    Spyware Blaster

    Spyware Guard

    Here is my choice of FREE Firewalls:

    Sygate Personal Firewall:
    http://majorgeeks.com/download3356.html

    I use all these and make sure they are Updated with My Antivirus once a week!!

    Read up,these will really open you eyes to what could happen!

    http://forums.thetechguys.com/showthread.php?t=4544

    http://www.pcstats.com/articleview.cfm?articleID=1579

    http://forums.thetechguys.com/showthread.php?t=8859
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/326883

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice