WiredWX Hobby Weather ToolsLog in

 


Urgent help! Wuauclt.exe infection Please Help

2 posters

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
This is OTL.TxT:

OTL logfile created on: 5/22/2010 8:04:06 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Tommy\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 64.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.30 Gb Total Space | 142.42 Gb Free Space | 76.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOMMY-6C39B6E96
Current User Name: Tommy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tommy\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AIM\aim.exe (AOL Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tommy\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100521.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100521.002\NAVENG.SYS (Symantec Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (sfman) Creative SoundFont Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) Creative Interface Manager Driver (WDM) -- C:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) Creative SB Live! (WDM) -- C:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
DRV - (ctljystk) -- C:\WINDOWS\system32\drivers\ctljystk.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1aeaf837-aa42-46ba-9c44-7afc7678bb55}:2.5.8.6
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/19 20:45:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/19 20:45:41 | 000,000,000 | ---D | M]

[2010/02/23 19:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Extensions
[2010/02/23 19:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/05/22 15:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rzcr99kf.default\extensions
[2010/04/15 15:16:42 | 000,000,000 | ---D | M] (LockerzAlerts Toolbar) -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rzcr99kf.default\extensions\{1aeaf837-aa42-46ba-9c44-7afc7678bb55}
[2010/02/23 19:48:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rzcr99kf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/22 07:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tommy\Application Data\Mozilla\Firefox\Profiles\rzcr99kf.default\extensions\autofillForms@blueimp.net
[2010/05/22 15:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 09:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tommy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tommy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/23 17:52:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/22 19:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommy\Application Data\Malwarebytes
[2010/05/22 19:44:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/22 19:44:28 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/22 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/22 19:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/22 16:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/22 15:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommy\Local Settings\Application Data\eyilduqgs
[2010/05/20 14:57:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/05/19 18:51:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommy\My Documents\Gunz
[2010/05/19 18:51:32 | 003,555,568 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2010/05/19 18:51:21 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2010/05/19 18:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2010/05/19 18:49:02 | 000,000,000 | ---D | C] -- C:\ijji
[2010/05/19 18:46:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tommy\Application Data\ijjigame
[2010/05/19 18:45:07 | 000,000,000 | ---D | C] -- C:\Program Files\ijji
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/22 19:58:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/22 19:57:36 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/22 19:57:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/22 19:57:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/22 19:56:36 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Tommy\NTUSER.DAT
[2010/05/22 17:51:08 | 003,725,978 | -H-- | M] () -- C:\Documents and Settings\Tommy\Local Settings\Application Data\IconCache.db
[2010/05/19 20:47:50 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Tommy\Desktop\Counter-Strike Source Beta.url
[2010/05/14 07:48:40 | 000,018,868 | ---- | M] () -- C:\Documents and Settings\Tommy\My Documents\Jefferson.docx
[2010/05/09 21:03:30 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Tommy\My Documents\Jefferson.doc
[2010/05/09 17:42:03 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Tommy\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
[2010/05/02 21:37:02 | 000,011,917 | ---- | M] () -- C:\Documents and Settings\Tommy\Desktop\Spanish Conversation 1 PAGE.docx
[2010/05/02 21:30:02 | 000,010,906 | ---- | M] () -- C:\Documents and Settings\Tommy\My Documents\Spanish Conversation.docx
[2010/05/01 17:11:50 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Tommy\Desktop\Portal.url
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 16:30:00 | 003,555,568 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\GameMon.des
[2010/04/27 12:30:52 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/04/25 20:14:27 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\Tommy\My Documents\Winamp.m3u
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/19 20:47:50 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Tommy\Desktop\Counter-Strike Source Beta.url
[2010/05/19 18:51:20 | 000,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2010/05/09 17:41:46 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Tommy\Desktop\Call of Duty Modern Warfare 2 - Multiplayer.url
[2010/05/02 21:37:51 | 000,011,917 | ---- | C] () -- C:\Documents and Settings\Tommy\Desktop\Spanish Conversation 1 PAGE.docx
[2010/05/02 21:30:02 | 000,010,906 | ---- | C] () -- C:\Documents and Settings\Tommy\My Documents\Spanish Conversation.docx
[2010/05/01 17:11:50 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Tommy\Desktop\Portal.url
[2010/04/30 07:50:58 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Tommy\My Documents\Jefferson.doc
[2010/04/28 19:40:35 | 000,018,868 | ---- | C] () -- C:\Documents and Settings\Tommy\My Documents\Jefferson.docx
[2010/03/29 20:56:48 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/02/23 19:45:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
< End of report >

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
    [2010/05/22 15:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommy\Local Settings\Application Data\eyilduqgs

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
Is the OTL.exe just the OTL i had just previously used to run the scan? cuz i cant seem to find a program named OTL.exe

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
btw i highlight everything up there that is in bold text right?

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
Yes.
It's located here: C:\Documents and Settings\Tommy\My Documents\Downloads\OTL.exe

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
Here are the logs from the Run Fix:

All processes killed
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret <[2010/05/22 15:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tommy\Local Settings\Application Data\eyilduqgs> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 85468 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 35614 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Tommy
->Temp folder emptied: 139614160 bytes
->Temporary Internet Files folder emptied: 93161887 bytes
->Java cache emptied: 24259294 bytes
->FireFox cache emptied: 87785755 bytes
->Flash cache emptied: 186101 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1307959 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1175864 bytes

Total Files Cleaned = 334.00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05222010_201349

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
Hello.
Please run it again, you missed the :OTL in the script, so the script didn't work correctly.

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
Ok i reran it, here are the logs:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{724D43A0-0D85-11D4-9908-00400523E39A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{724D43A0-0D85-11D4-9908-00400523E39A}\ not found.
C:\Documents and Settings\Tommy\Local Settings\Application Data\eyilduqgs folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Tommy
->Temp folder emptied: 401 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15623087 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15.00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05222010_202206

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.3
    Java(TM) 6 Update 17
    LimeWire 5.4.8

Please download CKScanner by askey127 from here
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
Hm well, i do not believe those programs have caused the problem. The truth is, i downloaded a toolbar to alert me for a redemption to redeem items at Lockerz lol Goofy. And so far, youve been a humongous help cause whenever i reboot, the virus pop-up does not appear anymore but i still wanna do w\e you say just to get completely rid of this virus and and other particular ones out there on my comp. So may you skip to the next step?

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
Btw i have not used limewire in awhile if that changes anything.

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
Okay, so remove it and run CKScanner please.

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
So remove just limewire or do i also have to remove adobe and java?

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
Remove those too, they need updating, so we'll do that soon.

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
ok

descriptionUrgent help! Wuauclt.exe infection Please Help - Page 2 EmptyRe: Urgent help! Wuauclt.exe infection Please Help

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum