Error 1706 on Bootup ... acts like malware

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by azjimbo, Feb 2, 2010.

  1. azjimbo

    azjimbo Private E-2

    Upon bootup, my system tries to install ScanSoft PaperPort. There are multiple msiexec.exe process running ... it's a repetitive flashing sequence which can only be stopped by doing several End Process. I've done the following: (1) Uninstalled the Windows Installer, then reinstalled the latest Installer. (2) Uninstalled PaperPort, then reinstalled it. (3) Cleared all %temp%, prefetch files numerous times along with emptying the Recycle Binn, always BEFORE the reinstall of Windows Installer and PaperPort. (4) Googled the error 1706, all have pointed to other programs, not to PaperPort; hence, not sure if it's a Windows Installer error or a PaperPort error. (5) Followed the steps in the MALWARE REMOVAL guide, yet the situation still exists. Attached the files indicated by the Malware Removal Guide. FIRST ATTACHMENTS
     

    Attached Files:

  2. azjimbo

    azjimbo Private E-2

    SECOND FILES ATTACHED (NOT) ... the RRlog.txt could not be run. I started the Running RootRepeal program which FROZE my system. I tried two times, left it for over 1 hour, the drive active light went out, the cursor disappeared, the ALT-CTL-DEL didn't function, and the ALT-TAB didn't either. Hence, I don't know what to do in getting the RootRepeal to run.
     
  3. azjimbo

    azjimbo Private E-2

    Snap shots of the error messages that I captured ... perhaps they'll clarify the challenge.
    The Ereg.exe and the MSVCR71.dll were the initial errors ... they don't seem to be happening at this time, yet they were the initial errors that showed.
     

    Attached Files:

    Last edited: Feb 2, 2010
  4. evilfantasy

    evilfantasy Malware Fighter

    Welcome to MajorGeeks!

    I'm not sure this belongs in the malware forum so we may be sending you off to the Software forum if the few things we do here do not help.

    Disable Spybot's TeaTimer

    While TeaTimer is an excellent tool for the prevention of spyware, it can also interfere with HijackThis fixes and installing/uninstalling in general. It's always best to disable Tea-Timer when uninstalling software. Please disable TeaTimer for now until you are completely done working on your computer.

    1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D Resident
    2. Run Spybot S&D
    3. Go to the Mode menu, and make sure Advanced Mode is selected.
    4. On the left hand side, choose Tools > Resident
    uncheck Resident TeaTimer and OK any prompt and Restart your computer.

    Note:
    If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    If TeaTimer will not turn off then uninstall Spybot until you are done.



    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX Checked until you exit all browser sessions including the one you are reading in right now:

    Note: These are not malicious but since they have the '(file missing)' they could be causing errors.


    • O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
    • O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    • O9 - Extra \'Tools\' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
    After clicking Fix checked, exit HijackThis.



    This is a security risk! See Updating Sun Java



    Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

    Do not confuse Windows Messenger with MSN Messenger or Windows Live Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

    Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

    Exit out of MessengerDisable then delete the two files that were put on the desktop.



    Now with Tea-Timer disabled. Unplug all of your periferials except for your keyboard and mouse then uninstall all your printer software and drivers.

    Restart the computer.

    Are the errors still happening with the printer software uninstalled?
     
  5. azjimbo

    azjimbo Private E-2

    Followed the steps ... thank you. However, upon rebooting, the Ereg.exe error pointing to MSVCR71.dll shows up. Also, the PaperPort 11 still wants to install.
     
  6. evilfantasy

    evilfantasy Malware Fighter

    Download the attached zip file to your desktop.

    Unzip it and copy the msvcr71.dll file into the C:\Windows\System32 folder.

    Restart the computer.

    You may need to register the dll file.

    Go to Star t> Run> then type:

    Code:
    regsvr32 msvcr71.dll
    Click OK

    Restart the computer.

    Is the error still happening?
     

    Attached Files:

  7. azjimbo

    azjimbo Private E-2

    FIXED ... THANK YOU VERY MUCH for your directions, help, and assistance. Everything is back to normal now and functioning smoothly. Appreciate the excellent guidance. :=))
     
  8. evilfantasy

    evilfantasy Malware Fighter

    Glad it worked.

    You need to be sure and clean up and get the computer secured.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /uninstall
        • Notes: The space between the combofix" and the /uninstall, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    6. If running Vista, it is time to make sure you have re-enabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    7. Go to add/remove programs and uninstall HijackThis.
    8. Go to the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    9. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    10. After doing the above, you should work through the below link:
     
  9. azjimbo

    azjimbo Private E-2

    It's been a month now, the system is running very clean and mean. THANK YOU VERY MUCH for your understanding, help and guidance. Appreciate everything. :-D
     
  10. evilfantasy

    evilfantasy Malware Fighter

    Your welcome.

    Safe surfing.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds