Infected wuauclt.exe

[SuperDave]

So does this mean my laptop and my usb are clean and ready for use?

Yes. Let's do some cleanup.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type commy /uninstall in the runbox
* Make sure there's a space between commy and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
********************************
Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

**************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
********************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

[millee81]

I typed in commy /uninstall but a message popped up saying that Windows cannot find it, make sure I typed the name in correctly and to try again.  I tried commy.exe /uninstall and the same message popped up.  Should I uninstall it through add/remove programs?

[SuperDave]

You won't find in there in Control Panel, Add/Remove. Use this.

Delete the Combo-Fix.exe file, C:\Combo-Fix folder, C:\QooBox folder, C:\WINDOWS\nircmd.exe, C:\combo-fix.txt and C:\Combo-Fix-quarantined-files.txt

 
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6.  When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.

[millee81]

I deleted the combofix/commy files and then dled and started the OTC program.  It restarted the computer but stayed on the black screen before fully starting up for about ten minutes... so I manually shut it down (by holding down the power button) and then started it up again and then windows is doing a startup repair and apparently I can't cancel this operation~  Do you know how long this might take? Are my pictures and documents safe?

[millee81]

okay so it finally stopped and it actually said that windows couldn't repair the system so it restarted and it looks like OTC did it's job! all those programs (including SAS and MBAM) you had told to dl are gone but the txt files are still on my desktop.  Should I delete those too?  Also I noticed that my AVG was reverted to the 8.0v instead of the 9.0 that I had just installed.  I should just reinstall that, SAS, Panda, and MBAM right?  Thanks for your help!!

[millee81]

ummm okay so I also notice my firefox wasn't working I'm trying to download a new one through IE and then I also noticed that Viewpoint Media Player reappeared on my programs and features.  I also had to retype my pw for my wireless~ Is it possible that "bad" files or programs might've been reinstalled?

[millee81]

I looked into the program features more closely and noticed that the last thing it says that was installed was on 9/14/2008. so basically anything that I update or installed after that date was deleted.... *argh* windows update is also telling me that there are 89 updates available which I'm dling right now.  Mozilla firefox won't dl whether I go into IE or safari. it closes and so I'm hoping that updating windows will help..  AVG 8.0 won't open at all... should I just uninstall and then try to dl the 9.0 after I update windows?  What do you recommend?  Also my computer is sloooow again~ It was so fast when we were done before so you can imagine my frustration right now...

[millee81]

It also reverted my microsoft word 2010 to 2007!!

[SuperDave]

Also I noticed that my AVG was reverted to the 8.0v instead of the 9.0 that I had just installed.  I should just reinstall that, SAS, Panda, and MBAM right?

It sounds like your system was restored back to an earlier time. I really don't know how that happened as all the previous restore points were deleted. You should update your AVG immediately. You can download SAS and MBAM. Keep them updated and run them every so often.

Viewpoint Media Player reappeared on my programs and features.  I also had to retype my pw for my wireless~ Is it possible that "bad" files or programs might've been reinstalled?

Go ahead and uninstall ViewPoint Media Player. You had to retype your password because that particular cookie was deleted. Just to be on the safe side, run the SAS and MBAM scans again. Post them here if anything shows up.

AVG 8.0 won't open at all

You can uninstall it or download and install MSE which, in my opinion, is a better AV program. If you do decide to change AV's download and install the new one before uninstalling the old one. You will also have to re-install MicroSoft Word.

Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Microsoft Security Essentials for Windows XP

Also my computer is sloooow again~ It was so fast when we were done before so you can imagine my frustration right now...

We'll have to wait until everything gets updated again and see if it's still slow. Sorry.

[SuperDave]

Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. System Restore starts.
On the Welcome to System Restore page, click Restore my computer to an earlier time (if it is not already selected), and then click Next.
On the Select a Restore Point page, check to see if there are any dates closer to today's date. Please let me know.

[millee81]

the only date that showed up was 9/21/10 7:36:01 AM which is after the computer restored itself... I was able to finally download AVG 9.0 and install it, (it's running right now) but that was before I saw your recommendation for MSE.  I will be posting logs soon as they finish... Thanks for your patience! I'm starting to lose my sanity~~   

[millee81]

I'm going to have to scan SAS again because I forgot to:
Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked



but here's my MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4667

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

9/23/2010 12:07:13 AM
mbam-log-2010-09-23 (00-07-13).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 392954
Time elapsed: 2 hour(s), 24 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[millee81]

SAS log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/23/2010 at 03:18 AM

Application Version : 4.43.1000

Core Rules Database Version : 5556
Trace Rules Database Version: 3368

Scan type       : Complete Scan
Total Scan Time : 03:02:13

Memory items scanned      : 698
Memory threats detected   : 0
Registry items scanned    : 8887
Registry threats detected : 0
File items scanned        : 248555
File threats detected     : 0

[SuperDave]

Please delete your copy of ComboFix, download a new one and run another scan. Also, please run another HJT and post the log.

Download ComboFix by sUBs from one of the below links. 

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on ComboFix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.
 
Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

[millee81]

I looked through the C:\ drive and didn't find combofix or commy.exe or any of the other files... Did the scans say that it was still on my laptop?