TechSpot

A challenge for you: nightmare log

By uzumaki
Dec 20, 2006
  1. Recently I received a "non working" PC for free. From the picture linked below, you can guess why it wasn't working.

    DSC01714.jpg
    DSC01720.jpg
    DSC01719.jpg
    DSC01718.jpg
    DSC01716.jpg
    DSC01717.jpg
    DSC01715.jpg

    After it was cleaned and done, I was able to boot it and it seemed "fine" hardware wise but at software level it is obvious the PC is badly infested. The size of the log file alone scares me.

    I'm inclined to just forget about it and reformat the hard drive. Except I don't have the install CD for this PC and I can't find the hidden partition so it's probably on separate CDs rather than built into the PC like most later HP and Compaq PCs were. The Win XP CD I have are retail version and probably won't work with the XP key that is on the PC case.
     

    Attached Files:

  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Actually, your HJT log isn`t that bad at all, certainly not as far as any nasties are concerned.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how HERE.

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    ALURIA~1 or Alura spyware eliminator.
    ASE

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ASEserv.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mi.gov

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://boards.babycenter.com/n/pfx/forum.aspx?webtag=bcus6346

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    O2 - BHO: CWinAffiliateIEExtension Object - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Program Files\Common Files\midaddle\midaddle.dll (file missing)

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

    O15 - Trusted Zone: http://ad.searchsquire.com

    O15 - Trusted Zone: http://search.searchsquire.com

    O15 - Trusted Zone: http://update.searchsquire.com

    O15 - Trusted Zone: http://www.searchsquire.com

    O15 - Trusted Zone: http://*.searchsquire.com

    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX.cab

    O16 - DPF: {93829908-07C2-44A2-95DB-F78F201A9B48} - http://adblock.linkz.com/APHelper.dll

    O16 - DPF: {D8EE8DC0-F193-11D0-B1E5-08005A885319} (MicroX Persistent Mainframe Display Control) - https://calltaking2.workathomeagent.net/walldata/curVersion/hostexpress.cab

    O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livenj02.rightnowtech.com/7502-b145h/rnl/java/RntX.cab

    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup141.cab

    O23 - Service: Aluria Spyware Eliminator Service (ASEService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ASE\ASEserv.exe

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\PROGRA~1\ALURIA~1<Delete the entire folder.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Go HERE and follow the instructions for downloading, installing and running AVG Antispyware.

    Post a fresh HJT log as well as an AVg Antispyware log.

    Regards Howard :)

    This thread is for the use of uzumaki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. uzumaki

    uzumaki TS Rookie Topic Starter

    latest log from Hijackthis.

    I went ahead and dumped Norton in favor of AVG antivirus and spyware tools. Both reported clean though I had to run the spyware tool 3 times to clean out junk.
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Getting rid of Norton was in my opinion a good move. It`s a resource hog and isn`t very good at killing viruses either.

    There`s still a bit of the Aluria Spyware Eliminator running which needs to be stopped.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Aluria Spyware Eliminator Service (ASEService)<The service name can be either the main name or the name in brackets.

    Close the services window.

    Locate and delete the following bold files and/or directories(if there).

    C:\PROGRA~1\ALURIA~1<Delete the entire folder. If you can`t delete it, then boot into safe mode and delete it.

    Other than the above, your HJT log is clean.

    Regards Howard :)

    This thread is for the use of uzumaki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. uzumaki

    uzumaki TS Rookie Topic Starter

    Hmmm... I don't see Aluria anywhere. Not in the task manager, not in the Program folder, and not in add/remove program. They show up only in service.msc so it may be an obsolete entry? I searched the entire hard drive for ase and aluria and found a couple broken shortcuts in the Start menu, nowhere else.

    It's been set to disabled anyway.
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    In that case, you`re good to go mate.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of uzumaki only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. TimeParadoX

    TimeParadoX TS Rookie Posts: 2,273

    You need to clean out your computer! :D
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...