Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 2 3 [4]  All   Go Down

Author Topic: Infected wuauclt.exe  (Read 30314 times)

0 Members and 1 Guest are viewing this topic.

SuperDave

  • Malware Removal Specialist
  • Moderator


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Infected wuauclt.exe
« Reply #45 on: September 25, 2010, 05:14:28 PM »
If ComboFix is still on your computer you should find it on your desktop. If you can't find, please download and install another one and run another scan and post the log.
Logged
Windows 8 and Windows 10 dual boot with two SSD's

millee81

    Topic Starter


    Rookie

    Re: Infected wuauclt.exe
    « Reply #46 on: September 29, 2010, 05:02:16 PM »
    ComboFix 10-09-29.01 - Jinju 09/29/2010  18:12:08.1.2 - x86
    Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.958.437 [GMT -4:00]
    Running from: c:\users\Jinju\Desktop\ComboFix.exe
    SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
     * Created a new restore point
    .

    (((((((((((((((((((((((((   Files Created from 2010-08-28 to 2010-09-29  )))))))))))))))))))))))))))))))
    .

    2010-09-29 22:28 . 2010-09-29 22:28   --------   d-----w-   c:\users\Public\AppData\Local\temp
    2010-09-29 22:28 . 2010-09-29 22:28   --------   d-----w-   c:\users\Jinhee\AppData\Local\temp
    2010-09-29 22:28 . 2010-09-29 22:28   --------   d-----w-   c:\users\Default\AppData\Local\temp
    2010-09-29 22:07 . 2010-09-29 22:08   --------   d-----w-   C:\32788R22FWJFW
    2010-09-28 20:44 . 2010-06-22 12:57   2048   ----a-w-   c:\windows\system32\tzres.dll
    2010-09-23 20:19 . 2010-09-23 20:19   1377632   ----a-w-   c:\programdata\avg9\update\backup\avgssff.dll
    2010-09-23 20:19 . 2010-09-23 20:19   598368   ----a-w-   c:\programdata\avg9\update\backup\avgsrmx.dll
    2010-09-23 20:19 . 2010-09-23 20:19   942432   ----a-w-   c:\programdata\avg9\update\backup\avgcfgx.dll
    2010-09-23 20:19 . 2010-09-23 20:19   4371296   ----a-w-   c:\programdata\avg9\update\backup\avgcorex.dll
    2010-09-23 20:19 . 2010-09-23 20:19   300896   ----a-w-   c:\programdata\avg9\update\backup\avgchclx.dll
    2010-09-23 20:15 . 2010-09-23 20:15   1690952   ----a-w-   c:\programdata\avg9\update\backup\avgupd.dll
    2010-09-23 07:21 . 2010-04-14 17:47   293376   ----a-w-   c:\windows\system32\psisdecd.dll
    2010-09-23 07:21 . 2010-04-14 17:46   428544   ----a-w-   c:\windows\system32\EncDec.dll
    2010-09-23 07:18 . 2009-11-08 14:55   99176   ----a-w-   c:\windows\system32\PresentationHostProxy.dll
    2010-09-23 07:18 . 2009-11-08 14:55   49472   ----a-w-   c:\windows\system32\netfxperf.dll
    2010-09-23 07:18 . 2009-11-08 14:55   297808   ----a-w-   c:\windows\system32\mscoree.dll
    2010-09-23 07:18 . 2009-11-08 14:55   295264   ----a-w-   c:\windows\system32\PresentationHost.exe
    2010-09-23 07:18 . 2009-11-08 14:55   1130824   ----a-w-   c:\windows\system32\dfshim.dll
    2010-09-23 00:17 . 2010-06-11 15:31   274432   ----a-w-   c:\windows\system32\schannel.dll
    2010-09-23 00:17 . 2008-08-02 01:01   625152   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
    2010-09-23 00:17 . 2008-06-26 03:29   565248   ----a-w-   c:\windows\system32\emdmgmt.dll
    2010-09-23 00:17 . 2008-08-02 03:26   36864   ----a-w-   c:\windows\system32\cdd.dll
    2010-09-23 00:17 . 2008-06-26 03:29   45056   ----a-w-   c:\windows\system32\dataclen.dll
    2010-09-23 00:17 . 2008-05-20 02:07   148480   ----a-w-   c:\windows\system32\drivers\nwifi.sys
    2010-09-23 00:17 . 2010-05-27 19:16   81920   ----a-w-   c:\windows\system32\iccvid.dll
    2010-09-23 00:17 . 2009-08-24 12:16   378368   ----a-w-   c:\windows\system32\winhttp.dll
    2010-09-23 00:17 . 2010-04-05 16:07   67072   ----a-w-   c:\windows\system32\asycfilt.dll
    2010-09-23 00:17 . 2010-06-21 13:18   2036736   ----a-w-   c:\windows\system32\win32k.sys
    2010-09-23 00:08 . 2010-06-08 17:00   3598216   ----a-w-   c:\windows\system32\ntkrnlpa.exe
    2010-09-23 00:08 . 2010-06-08 17:00   3545992   ----a-w-   c:\windows\system32\ntoskrnl.exe
    2010-09-23 00:07 . 2010-04-16 16:10   1314816   ----a-w-   c:\windows\system32\quartz.dll
    2010-09-23 00:07 . 2010-06-11 15:30   1257472   ----a-w-   c:\windows\system32\msxml3.dll
    2010-09-23 00:07 . 2008-09-18 04:56   125952   ----a-w-   c:\windows\system32\wersvc.dll
    2010-09-23 00:07 . 2008-09-18 04:56   147456   ----a-w-   c:\windows\system32\Faultrep.dll
    2010-09-23 00:07 . 2010-06-18 14:43   302080   ----a-w-   c:\windows\system32\drivers\srv.sys
    2010-09-23 00:07 . 2010-06-18 14:43   144896   ----a-w-   c:\windows\system32\drivers\srv2.sys
    2010-09-23 00:07 . 2008-05-08 21:59   90112   ----a-w-   c:\windows\system32\wshext.dll
    2010-09-23 00:07 . 2008-05-08 21:59   155648   ----a-w-   c:\windows\system32\wscript.exe
    2010-09-23 00:07 . 2008-05-08 21:59   180224   ----a-w-   c:\windows\system32\scrobj.dll
    2010-09-23 00:07 . 2008-05-08 21:59   172032   ----a-w-   c:\windows\system32\scrrun.dll
    2010-09-23 00:07 . 2008-05-08 21:58   135168   ----a-w-   c:\windows\system32\cscript.exe
    2010-09-23 00:03 . 2008-04-05 03:34   15360   ----a-w-   c:\windows\system32\pacerprf.dll
    2010-09-23 00:03 . 2008-04-05 01:21   72192   ----a-w-   c:\windows\system32\drivers\pacer.sys
    2010-09-23 00:03 . 2010-04-16 16:05   28672   ----a-w-   c:\windows\system32\Apphlpdm.dll
    2010-09-23 00:03 . 2010-04-16 14:17   4240384   ----a-w-   c:\windows\system32\GameUXLegacyGDFs.dll
    2010-09-23 00:02 . 2010-06-18 16:43   36352   ----a-w-   c:\windows\system32\rtutils.dll
    2010-09-23 00:02 . 2010-05-26 14:25   289792   ----a-w-   c:\windows\system32\atmfd.dll
    2010-09-23 00:02 . 2009-10-19 14:24   72704   ----a-w-   c:\windows\system32\fontsub.dll
    2010-09-23 00:02 . 2010-05-26 16:16   34304   ----a-w-   c:\windows\system32\atmlib.dll
    2010-09-23 00:02 . 2009-06-15 15:20   10240   ----a-w-   c:\windows\system32\dciman32.dll
    2010-09-23 00:00 . 2010-06-16 15:59   898952   ----a-w-   c:\windows\system32\drivers\tcpip.sys
    2010-09-22 23:51 . 2010-08-17 13:32   126464   ----a-w-   c:\windows\system32\spoolsv.exe
    2010-09-22 23:40 . 2010-04-16 16:10   501760   ----a-w-   c:\windows\system32\usp10.dll
    2010-09-22 23:34 . 2010-04-05 16:08   317952   ----a-w-   c:\windows\system32\MP4SDECD.DLL
    2010-09-22 23:26 . 2010-05-27 19:16   738816   ----a-w-   c:\windows\system32\inetcomm.dll
    2010-09-22 23:25 . 2009-10-19 14:27   156672   ----a-w-   c:\windows\system32\t2embed.dll
    2010-09-22 23:25 . 2010-02-23 11:32   105984   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
    2010-09-22 23:25 . 2010-02-23 11:32   78848   ----a-w-   c:\windows\system32\drivers\mrxsmb20.sys
    2010-09-22 23:25 . 2010-02-23 11:32   212992   ----a-w-   c:\windows\system32\drivers\mrxsmb10.sys
    2010-09-22 23:24 . 2009-07-11 19:32   513024   ----a-w-   c:\windows\system32\wlansvc.dll
    2010-09-22 23:24 . 2009-07-11 19:32   302592   ----a-w-   c:\windows\system32\wlansec.dll
    2010-09-22 23:24 . 2009-07-11 19:32   293376   ----a-w-   c:\windows\system32\wlanmsm.dll
    2010-09-22 23:24 . 2009-07-11 19:29   127488   ----a-w-   c:\windows\system32\L2SecHC.dll
    2010-09-22 23:22 . 2009-08-14 14:16   9728   ----a-w-   c:\windows\system32\TCPSVCS.EXE
    2010-09-22 23:22 . 2009-08-14 14:16   17920   ----a-w-   c:\windows\system32\ROUTE.EXE
    2010-09-22 23:22 . 2009-08-14 14:16   27136   ----a-w-   c:\windows\system32\NETSTAT.EXE
    2010-09-22 23:21 . 2009-08-14 16:29   104960   ----a-w-   c:\windows\system32\netiohlp.dll
    2010-09-22 23:21 . 2009-08-14 14:16   11264   ----a-w-   c:\windows\system32\MRINFO.EXE
    2010-09-22 23:21 . 2009-08-14 14:16   8704   ----a-w-   c:\windows\system32\HOSTNAME.EXE
    2010-09-22 23:21 . 2009-08-14 14:16   10240   ----a-w-   c:\windows\system32\finger.exe
    2010-09-22 23:21 . 2009-08-14 14:16   19968   ----a-w-   c:\windows\system32\ARP.EXE
    2010-09-22 23:21 . 2009-08-14 16:29   17920   ----a-w-   c:\windows\system32\netevent.dll
    2010-09-22 23:19 . 2009-09-10 17:30   213504   ----a-w-   c:\windows\system32\msv1_0.dll
    2010-09-22 23:09 . 2008-10-22 03:57   241152   ----a-w-   c:\windows\system32\PortableDeviceApi.dll
    2010-09-22 04:34 . 2008-06-20 01:14   97800   ----a-w-   c:\windows\system32\infocardapi.dll
    2010-09-22 04:34 . 2008-06-20 01:14   105016   ----a-w-   c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2010-09-22 04:34 . 2008-06-20 01:14   11264   ----a-w-   c:\windows\system32\icardres.dll
    2010-09-22 04:34 . 2008-06-20 01:14   622080   ----a-w-   c:\windows\system32\icardagt.exe
    2010-09-22 04:34 . 2008-06-20 01:14   781344   ----a-w-   c:\windows\system32\PresentationNative_v0300.dll
    2010-09-22 04:25 . 2008-07-27 18:03   158720   ----a-w-   c:\windows\system32\mscorier.dll
    2010-09-22 04:25 . 2008-07-27 18:03   83968   ----a-w-   c:\windows\system32\mscories.dll
    2010-09-22 04:22 . 2010-02-20 23:39   24064   ----a-w-   c:\windows\system32\nshhttp.dll
    2010-09-22 04:22 . 2010-02-20 23:37   31232   ----a-w-   c:\windows\system32\httpapi.dll
    2010-09-22 04:22 . 2010-02-20 21:18   411136   ----a-w-   c:\windows\system32\drivers\http.sys
    2010-09-22 03:59 . 2010-04-29 19:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-22 03:59 . 2010-04-29 19:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
    2010-09-22 03:40 . 2010-09-22 03:40   52224   ----a-w-   c:\users\Jinju\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-09-22 03:40 . 2010-09-22 03:40   63488   ----a-w-   c:\users\Jinju\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-09-22 03:40 . 2010-09-22 03:40   117760   ----a-w-   c:\users\Jinju\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-09-21 22:00 . 2010-09-21 22:00   165632   ---ha-w-   c:\windows\system32\mlfcache.dat
    2010-09-21 22:00 . 2010-09-21 22:00   2788816   ----a-w-   c:\users\Jinju\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
    2010-09-21 11:56 . 2010-09-21 11:56   658184   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-09-21 11:28 . 2010-09-21 11:28   --------   d-----w-   c:\programdata\Office Genuine Advantage
    2010-09-21 05:37 . 2010-09-21 05:37   2384752   ----a-w-   c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
    2010-09-21 05:28 . 2010-09-21 05:29   20519176   ----a-w-   c:\programdata\WildTangent\My HP Game Console\Downloads\Installers\SetupGamesClient.exe
    2010-09-21 05:08 . 2008-01-19 07:36   1541120   ----a-w-   c:\windows\system32\onex.dll
    2010-09-21 05:08 . 2008-01-19 07:33   2623488   ----a-w-   c:\windows\system32\SLsvc.exe
    2010-09-21 05:06 . 2008-01-19 07:36   1013760   ----a-w-   c:\windows\system32\wevtsvc.dll
    2010-09-21 05:04 . 2008-01-19 07:35   216064   ----a-w-   c:\windows\system32\ntprint.dll
    2010-09-21 05:03 . 2008-01-19 07:36   242688   ----a-w-   c:\windows\system32\pdh.dll
    2010-09-21 05:02 . 2008-01-19 07:34   394240   ----a-w-   c:\windows\system32\dsquery.dll
    2010-09-21 05:01 . 2008-01-19 07:37   1329152   ----a-w-   c:\windows\system32\WMSPDMOE.DLL
    2010-09-21 05:00 . 2008-01-19 07:33   31744   ----a-w-   c:\windows\system32\bitsigd.dll
    2010-09-21 04:59 . 2008-01-19 07:33   17408   ----a-w-   c:\windows\system32\cfgmgr32.dll
    2010-09-21 04:58 . 2008-01-19 07:33   599552   ----a-w-   c:\windows\system32\vsp1cln.exe
    2010-09-21 04:57 . 2008-01-19 07:34   102400   ----a-w-   c:\windows\system32\wbem\mofinstall.dll
    2010-09-21 04:57 . 2008-01-19 07:36   83968   ----a-w-   c:\windows\system32\wbem\wmiutils.dll
    2010-09-21 04:57 . 2008-01-19 07:36   742912   ----a-w-   c:\windows\system32\wbem\wbemcore.dll
    2010-09-21 04:57 . 2008-01-19 07:36   30208   ----a-w-   c:\windows\system32\wbem\wbemprox.dll
    2010-09-21 04:57 . 2008-01-19 07:36   357888   ----a-w-   c:\windows\system32\wbemcomn.dll
    2010-09-21 04:57 . 2008-01-19 07:36   264704   ----a-w-   c:\windows\system32\wbem\repdrvfs.dll
    2010-09-21 04:57 . 2008-01-19 07:34   191488   ----a-w-   c:\windows\system32\wbem\mofd.dll
    2010-09-21 04:57 . 2008-01-19 07:34   263168   ----a-w-   c:\windows\system32\wbem\esscli.dll
    2010-09-21 04:56 . 2008-01-19 07:36   139264   ----a-w-   c:\windows\system32\SmiInstaller.dll
    2010-09-21 04:56 . 2008-01-19 07:36   704512   ----a-w-   c:\windows\system32\SmiEngine.dll
    2010-09-21 04:56 . 2008-01-19 07:36   218624   ----a-w-   c:\windows\system32\wdscore.dll
    2010-09-21 04:56 . 2008-01-19 07:33   130560   ----a-w-   c:\windows\system32\PkgMgr.exe
    2010-09-21 04:54 . 2008-01-19 07:34   246784   ----a-w-   c:\windows\system32\drvstore.dll
    2010-09-21 04:54 . 2008-01-19 07:35   35328   ----a-w-   c:\windows\system32\mspatcha.dll
    2010-09-21 04:54 . 2008-01-19 07:34   305152   ----a-w-   c:\windows\system32\msdelta.dll
    2010-09-21 04:54 . 2008-01-19 07:34   258560   ----a-w-   c:\windows\system32\dpx.dll
    2010-09-21 04:52 . 2008-10-21 05:25   1645568   ----a-w-   c:\windows\system32\connect.dll
    2010-09-21 04:51 . 2010-01-25 08:34   511488   ----a-w-   c:\windows\system32\RMActivate.exe
    2010-09-21 04:51 . 2010-01-25 08:35   523776   ----a-w-   c:\windows\system32\RMActivate_isv.exe
    2010-09-21 04:51 . 2010-01-25 12:48   472576   ----a-w-   c:\windows\system32\secproc_isv.dll

    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-23 22:55 . 2010-09-23 22:55   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2010-09-23 20:30 . 2008-07-25 21:33   --------   d-----w-   c:\users\Jinju\AppData\Roaming\OpenOffice.org2
    2010-09-23 07:54 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
    2010-09-23 07:26 . 2007-06-29 13:00   --------   d-----w-   c:\programdata\Microsoft Help
    2010-09-22 00:25 . 2007-09-05 00:50   97936   ----a-w-   c:\users\Jinju\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-09-22 00:16 . 2006-11-02 10:25   86016   ----a-w-   c:\windows\Inf\infstor.dat
    2010-09-22 00:16 . 2006-11-02 10:25   51200   ----a-w-   c:\windows\Inf\infpub.dat
    2010-09-22 00:16 . 2006-11-02 10:25   143360   ----a-w-   c:\windows\Inf\infstrng.dat
    2010-09-22 00:07 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Sidebar
    2010-09-22 00:07 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Calendar
    2010-09-22 00:07 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Collaboration
    2010-09-22 00:07 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Journal
    2010-09-22 00:07 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Photo Gallery
    2010-09-22 00:07 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Defender
    2010-09-22 00:01 . 2006-11-02 10:25   665600   ----a-w-   c:\windows\Inf\drvindex.dat
    2010-09-21 23:14 . 2006-11-02 10:32   101888   ----a-w-   c:\windows\system32\ifxcardm.dll
    2010-09-21 23:13 . 2006-11-02 10:32   82432   ----a-w-   c:\windows\system32\axaltocm.dll
    2010-09-21 06:42 . 2007-06-29 12:58   --------   d-----w-   c:\program files\Microsoft Works
    2010-09-21 06:32 . 2008-08-07 02:45   --------   d-----w-   c:\programdata\WildTangent
    2010-09-21 06:32 . 2008-03-29 02:28   --------   d-----w-   c:\program files\Safari
    2010-09-21 06:32 . 2008-08-11 03:25   --------   d-----w-   c:\program files\QuickTime
    2010-09-21 06:32 . 2007-09-10 01:12   --------   d-----w-   c:\program files\NetZero
    2010-09-21 06:32 . 2008-08-11 03:29   --------   d-----w-   c:\program files\iTunes
    2010-09-21 06:32 . 2006-11-30 22:49   --------   d-----w-   c:\program files\HP Games
    2010-09-21 06:32 . 2008-08-11 03:27   --------   d-----w-   c:\program files\Bonjour
    2010-09-21 06:29 . 2007-10-22 07:00   --------   d-----w-   c:\users\Jinju\AppData\Roaming\Move Networks
    2010-09-21 06:29 . 2007-09-10 01:19   --------   d-----w-   c:\program files\iPod
    2010-09-21 06:29 . 2007-06-29 13:05   --------   d-----w-   c:\program files\HP
    2010-09-21 03:49 . 2007-09-05 02:36   13025   ----a-w-   c:\users\Jinju\AppData\Roaming\nvModes.dat
    2010-09-21 03:25 . 2007-10-03 03:09   --------   d-----w-   c:\programdata\Viewpoint
    2010-09-19 22:45 . 2008-07-08 21:07   --------   d-----w-   c:\program files\AVG
    2010-09-15 22:51 . 2010-06-27 19:43   --------   d-----w-   c:\programdata\WinZip
    2010-09-14 04:00 . 2007-11-29 01:09   1356   ----a-w-   c:\users\Jinju\AppData\Local\d3d9caps.dat
    2010-09-13 13:49 . 2010-02-16 20:17   --------   d-----w-   c:\program files\Microsoft Silverlight
    2010-09-08 00:30 . 2009-05-28 18:37   --------   d-----w-   c:\programdata\Motive
    .

    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2007-03-07 1629184]
    "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-21 1474560]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Aim6"="c:\program files\AIM6\aim6.exe" [2008-03-25 50528]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
    "Mouse Suite 98 Daemon"="ICO.EXE" [2006-11-03 49152]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-23 116040]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2006-11-18 90191]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-18 7753728]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-18 81920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

    c:\users\Jinju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MEMonitor.lnk - c:\program files\V CAST Music Manager\MEMonitor.exe [2007-11-2 951640]
    OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2007-6-29 34520]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S4 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys



    --- Other Services/Drivers In Memory ---

    *Deregistered* - AvgLdx86
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{90EE62B4-9066-4567-B527-472EEF2CA871}.job
    - c:\windows\system32\msfeedssync.exe [2010-09-21 07:33]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.aol.com/?src=aim
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
    IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
    IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: netzero.com
    Trusted Zone: netzero.net
    FF - ProfilePath - c:\users\Jinju\AppData\Roaming\Mozilla\Firefox\Profiles\w5fweigy.default\
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-29 18:28
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ... 

    scanning hidden autostart entries ...

    scanning hidden files ... 

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-09-29  18:33:46
    ComboFix-quarantined-files.txt  2010-09-29 22:33

    Pre-Run: 73,712,840,704 bytes free
    Post-Run: 73,612,976,128 bytes free

    - - End Of File - - BAAE23D9312E5BAE78E43F64E6E7ED60
    Logged

    millee81

      Topic Starter


      Rookie

      Re: Infected wuauclt.exe
      « Reply #47 on: September 29, 2010, 05:04:38 PM »
      oh and what is an HJT? You've never told me to run it before and I have no idea what that is...
      Logged

      SuperDave

      • Malware Removal Specialist
      • Moderator


        • Genius
        • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Infected wuauclt.exe
      « Reply #48 on: September 29, 2010, 05:30:37 PM »
      Re-running ComboFix to remove infections:

      • Close any open browsers.
      • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Open notepad and copy/paste the text in the quotebox below into it:
        Quote
        KillAll::

        DDS::
        Trusted Zone: netzero.com
        Trusted Zone: netzero.net

      • Save this as CFScript.txt, in the same location as ComboFix.exe



      • Referring to the picture above, drag CFScript into ComboFix.exe
      • When finished, it shall produce a log for you at C:\ComboFix.txt
      • I do not need to see the log from this action.
      Quote
      oh and what is an HJT? You've never told me to run it before and I have no idea what that is...
      Sorry.Here it is.

      Please download: HiJackThis to your Desktop.
      • Double Click the HijackThis icon, located on your Desktop.
      • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
      • Accept the license agreement.
      • Click the Open the Misc Tools section button.
      • Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
      • Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
      • Please post the log in your next reply.
      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      millee81

        Topic Starter


        Rookie

        Re: Infected wuauclt.exe
        « Reply #49 on: September 29, 2010, 09:50:23 PM »
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 11:49:34 PM, on 9/29/2010
        Platform: Windows Vista SP1 (WinNT 6.00.1905)
        MSIE: Internet Explorer v7.00 (7.00.6001.18498)
        Boot mode: Normal

        Running processes:
        C:\Windows\system32\taskeng.exe
        C:\Windows\system32\Dwm.exe
        C:\Windows\system32\conime.exe
        C:\Windows\system32\wuauclt.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\HP\QuickPlay\QPService.exe
        C:\Windows\System32\ICO.EXE
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
        C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
        C:\Program Files\Windows Sidebar\sidebar.exe
        C:\Program Files\NetZero\exec.exe
        C:\Windows\ehome\ehtray.exe
        C:\Program Files\AIM6\aim6.exe
        C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
        C:\Program Files\V CAST Music Manager\MEMonitor.exe
        C:\Program Files\Windows Media Player\wmpnscfg.exe
        C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
        C:\Windows\ehome\ehmsas.exe
        C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
        C:\Windows\System32\rundll32.exe
        C:\Windows\System32\Pelmiced.exe
        C:\Program Files\Windows Sidebar\sidebar.exe
        C:\Program Files\NetZero\exec.exe
        C:\Program Files\NetZero\qsacc\x1exec.exe
        C:\Program Files\AIM6\aolsoftware.exe
        C:\Windows\system32\taskeng.exe
        C:\Windows\system32\sdclt.exe
        C:\Windows\Explorer.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (filesize 62080 bytes, MD5 C11F6A1F61481E24BE3FDC06EA6F7D2A)
        O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (filesize 211720 bytes, MD5 E194E3DF6BA5487F2B67FFAED9CF4D49)
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (filesize 509328 bytes, MD5 F921D875A1CBD69A6A462BA2514BC831)
        O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (filesize 297456 bytes, MD5 F65776B8C0C9DF600BC6FBD73796F5D3)
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (filesize 413696 bytes, MD5 F34EB5D4F145ED5FE50033CA3A41ED24)
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (filesize 289064 bytes, MD5 4CED92963F453EB8DCFE67FD4248D657)
        O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" (filesize 167936 bytes, MD5 F4810C2DC4F2E92E1B5EBCA2173DBBCE)
        O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
        O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE (filesize 49152 bytes, MD5 EDE74971B94F39238817BD0362FA171A)
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (filesize 39792 bytes, MD5 8B9145D229D4E89D15ACB820D4A3A90F)
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (filesize 144784 bytes, MD5 6AB4C021FBD36DC6764924C312428D97)
        O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
        O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
        O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
        O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeC:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
        O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A)
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A)
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (filesize 44544 bytes, MD5 4B555106290BD117334E9A08761C035A)
        O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
        O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (filesize 1233920 bytes, MD5 FD278E51A7D6F52D22FCE6C67E037AD6)
        O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun (filesize 1629184 bytes, MD5 105BCCEF090AE7DA70046E3FB0EC10C8)
        O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
        O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeC:\Windows\ehome\ehTray.exe
        O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (filesize 50528 bytes, MD5 A29F21DC5C28D85592E84CFCAD3ED52B)
        O4 - Startup: MEMonitor.lnk = C:\Program Files\V CAST Music Manager\MEMonitor.exe (filesize 951640 bytes, MD5 C1EEFC1FC617ED9CC1808C20F5E801A3)
        O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (filesize 393216 bytes, MD5 F5CECCFE0CF964B209DCAB226D4C1DE3)
        O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe (filesize 34520 bytes, MD5 3754F4C688BFD04BC886112BD6566A9B)
        O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
        O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll (filesize 509328 bytes, MD5 F921D875A1CBD69A6A462BA2514BC831)
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll (filesize 509328 bytes, MD5 F921D875A1CBD69A6A462BA2514BC831)
        O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (filesize 603040 bytes, MD5 79F7DB36E67B9E8365FA824AD96DF400)
        O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (filesize 603040 bytes, MD5 79F7DB36E67B9E8365FA824AD96DF400)
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (filesize 39464 bytes, MD5 AEF204E782BFA2C8448CB43A58960744)
        O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
        O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
        O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
        O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
        O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1217560870556&h=abf1acf1380dd4d78c5840bafbfae17d/&filename=jinstall-6u7-windows-i586-jc.cab
        O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exeC:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
        O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exeC:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
        O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
        O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exeC:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
        O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
        O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeC:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeC:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeC:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
        O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeC:\Program Files\Common Files\SureThing Shared\stllssvr.exe
        O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exeC:\Windows\system32\DRIVERS\xaudio.exe

        --
        End of file - 11542 bytes
        Logged

        SuperDave

        • Malware Removal Specialist
        • Moderator


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Infected wuauclt.exe
        « Reply #50 on: September 30, 2010, 01:30:35 PM »
        The logs look clean. Please go ahead with the cleanup listed in Reply #30
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        millee81

          Topic Starter


          Rookie

          Re: Infected wuauclt.exe
          « Reply #51 on: September 30, 2010, 06:44:52 PM »
          Thanks SuperDave!
          Okay so just to clarify before I commence clean up, when TFC restarts my computer and if I need to manually restart my computer, what do you mean by that?  because last time it restarted and then gave me a choice of restarting normally and then a recommended choice of restarting with the restore because the laptop thought that there was damage which I did and then screwed everything up again.
          Logged

          SuperDave

          • Malware Removal Specialist
          • Moderator


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Infected wuauclt.exe
          « Reply #52 on: September 30, 2010, 06:52:35 PM »
          Just skip the TFC. You can do a disk cleanup yourself. Just click on My Computer, right-click on your C drive, click Properties and select Disk cleanup.
          Logged
          Windows 8 and Windows 10 dual boot with two SSD's

          millee81

            Topic Starter


            Rookie

            Re: Infected wuauclt.exe
            « Reply #53 on: September 30, 2010, 07:40:21 PM »
            I don't see disk cleanup.  Is that the same as format?
            Logged

            SuperDave

            • Malware Removal Specialist
            • Moderator


              • Genius
              • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Infected wuauclt.exe
            « Reply #54 on: October 01, 2010, 04:54:14 PM »
            No. Not the same as format. After you click Properties, Select General at the top left. Disk Cleanup is just below the pie chart of your C drive to the right.
            Logged
            Windows 8 and Windows 10 dual boot with two SSD's

            millee81

              Topic Starter


              Rookie

              Re: Infected wuauclt.exe
              « Reply #55 on: October 01, 2010, 09:31:20 PM »
              I did it!!! Thank you, SuperDave!!!! It took a bit longer than expected because of the unexpected bump we encountered but I really appreciate all your advice and patience!!
              Logged

              SuperDave

              • Malware Removal Specialist
              • Moderator


                • Genius
                • Thanked: 1020
              • Certifications: List
              • Experience: Expert
              • OS: Windows 10
              Re: Infected wuauclt.exe
              « Reply #56 on: October 02, 2010, 01:03:36 PM »
              You're welcome. Stay safe.
              Logged
              Windows 8 and Windows 10 dual boot with two SSD's

              millee81

                Topic Starter


                Rookie

                Re: Infected wuauclt.exe
                « Reply #57 on: October 03, 2010, 11:01:09 PM »
                Quote
                You can uninstall it or download and install MSE which, in my opinion, is a better AV program. If you do decide to change AV's download and install the new one before uninstalling the old one. You will also have to re-install MicroSoft Word.

                Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
                Microsoft Security Essentials for Windows XP

                The link on the Microsoft Security Essentials for Windows Vista\Windows 7 downloaded a program that wouldn't install saying it wasn't compatible with my system and then the 64 bit Download downloaded SPYWARE DOCTOR WITH ANTIVIRUS.  Should I have both on here?  I have Vista.
                Logged

                SuperDave

                • Malware Removal Specialist
                • Moderator


                  • Genius
                  • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Infected wuauclt.exe
                « Reply #58 on: October 04, 2010, 04:39:23 PM »
                Try this site   for the download. You can select the one for Vista and you can also keep Spyware Doctor, if you wish.
                Logged
                Windows 8 and Windows 10 dual boot with two SSD's
                Pages: 1 2 3 [4]  All   Go Up
                « previous next »