wuauclt1.exe, Windows XP System

View previous topic View next topic Go down

Solved wuauclt1.exe, Windows XP System

Post by Cindy_SD on Wed Dec 17, 2008 8:17 pm

Hi there,

I'm new to geekpolice.net. It was recommended by a colleague. I am not a techie.

My computer is stuck, as the Document Viewer is trying to load.

Microsoft.NET Framework dialog box appeared:
An unhandled exception has occured in a component in your application. Click continue and application will ignore this error and attempt to continue.

The following details are listed:
See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.NullReferenceException: Object reference not set to an instance of an object.
at HP.CUE.Video.PlaybackControl.UpdateProgressBar()
at HP.CUE.Video.PlaybackControl._ProgressTimer_Tick(Object sender, EventArgs e)
at System.Windows.Forms.Timer.OnTick(EventArgs e)
at System.Windows.Forms.Timer.Callback(IntPtr hWnd, Int32 msg, IntPtr idEvent, IntPtr dwTime)


************** Loaded Assemblies **************
mscorlib
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2407
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqimzone
Assembly Version: 3.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqiface
Assembly Version: 4.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
System.Windows.Forms
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2032
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
System.Drawing
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2032
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
System
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2407
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqcc2
Assembly Version: 3.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqutils
Assembly Version: 4.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqfmrsc
Assembly Version: 4.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqtray
Assembly Version: 4.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqovskn
Assembly Version: 3.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqimvlt
Assembly Version: 3.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqimgrc
Assembly Version: 4.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqntrop
Assembly Version: 4.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
Interop.hpqcxm08
Assembly Version: 3.0.0.0
Win32 Version: 53.0.13.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
System.Xml
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2032
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
LEAD
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
LEAD.Wrapper
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
LEAD.Windows.Forms
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
LEAD.Drawing
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
interop.hpqimgr
Assembly Version: 3.0.0.0
Win32 Version: 53.0.13.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqthumb
Assembly Version: 3.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqasset
Assembly Version: 4.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqmirsc
Assembly Version: 3.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqedit
Assembly Version: 3.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqvideo
Assembly Version: 3.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
LEAD.Windows.Forms.DrawingContainer
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqmdmr
Assembly Version: 4.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
LEAD.Drawing.Imaging.ImageProcessing
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqimlib
Assembly Version: 3.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
hpqglutl
Assembly Version: 4.0.0.0
Win32 Version: 053.000.013.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------
Interop.hpqvideo
Assembly Version: 3.0.0.0
Win32 Version: 53.0.13.000
CodeBase: [You must be registered and logged in to see this link.]
----------------------------------------

************** JIT Debugging **************
To enable just in time (JIT) debugging, the config file for this
application or machine (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the machine
rather than being handled by this dialog.


* * * * * message continued

I pressed Continue and the box reappeared. Tried this a couple dozen times and nothing helped. When I tried to restart the computer, this dialog box remained and the computer would not shut down.

I opened the Windows Task Manager and there are about 30 exe. files running. I currently have Registry Booster (free trial) & Spyware Doctor open, as well as the two dialog boxes mentioned above (document viewer and Microsoft. NET Framework).

I typed one of the exe files into Google search, and it appears this may be a virus or is known for creating problems for users: wuauclt1.exe

I searched online for help and found [b]Uniblue Registry Booster[/b]. The scan showed over 700 errors. It will cost $30 to purchase their software and clear all of them.
[b]QUESTION:[/b] Should I do buy the software?

It was also recommended to run [b]Spyware Doctor[/b]. I ran Super Anti Spyware last night, but it found no viruses.

Do you recommend [b]Security Task Manager[/b]?

Am I on track? What would you recommend?

Thank you,

Cindy :Blink: :Blink:

Cindy_SD
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-17
OS OS : windows XP
Points Points : 29090
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: wuauclt1.exe, Windows XP System

Post by Belahzur on Wed Dec 17, 2008 8:41 pm

Hello.
Please read here and post a Hijack This log.

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: wuauclt1.exe, Windows XP System

Post by Cindy_SD on Wed Dec 17, 2008 8:55 pm

From Cindy....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:34 PM, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Security Task Manager\taskman.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\CMD\Desktop\Hijack(GP)This.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\CMD\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\CMD\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Register Mask Pro 3.0.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10323 bytes

Details of problem listed above.

Cindy_SD
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-17
OS OS : windows XP
Points Points : 29090
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: wuauclt1.exe, Windows XP System

Post by Belahzur on Wed Dec 17, 2008 9:06 pm

Hello.
Lets see what this says.


  • Download combofix from here, use the top links - [You must be registered and logged in to see this link.]
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: wuauclt1.exe, Windows XP System

Post by Cindy_SD on Wed Dec 17, 2008 9:18 pm

Belahzur,

I was unable to complete the instructions. Dialog box appeared:

"the procedure entry point InterNetGetSecurityInfoByULR could not be located in the dynamic link library WININET.dll.

Cindy_SD
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-17
OS OS : windows XP
Points Points : 29090
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: wuauclt1.exe, Windows XP System

Post by Cindy_SD on Wed Dec 17, 2008 9:20 pm

Hmmm... now combomix is preparing to run in a dos window.

Cindy_SD
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-17
OS OS : windows XP
Points Points : 29090
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: wuauclt1.exe, Windows XP System

Post by Cindy_SD on Wed Dec 17, 2008 9:21 pm

combo fix has detected that this machine does not have the "Windows Recovery Console" It would be in your best interest to have it installed. Would you like to do so now? Have entered Yes.


Last edited by Cindy_SD on Wed Dec 17, 2008 9:22 pm; edited 1 time in total (Reason for editing : noticed your instructions have directed what to do next)

Cindy_SD
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-17
OS OS : windows XP
Points Points : 29090
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: wuauclt1.exe, Windows XP System

Post by Belahzur on Wed Dec 17, 2008 10:31 pm

Hello.
Please allow it to install the console and post the log when done.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved from Cindy

Post by Cindy_SD on Thu Dec 18, 2008 1:57 am

The Document Viewer and Microsoft.NET Framework dialog boxes continue to appear. My internet service (dsl) stopped for some reason all afternoon. Just came back. I've been backing up my files in the meantime. Thank you.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:34 PM, on 12/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Security Task Manager\taskman.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Documents and Settings\CMD\Desktop\Hijack(GP)This.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\CMD\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\CMD\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070826\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Register Mask Pro 3.0.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10323 bytes

Cindy_SD
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-17
OS OS : windows XP
Points Points : 29090
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: wuauclt1.exe, Windows XP System

Post by Belahzur on Thu Dec 18, 2008 2:09 am

You may need to just re-install the .NET framework, the install right now maybe corrupt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: wuauclt1.exe, Windows XP System

Post by Cindy_SD on Thu Dec 18, 2008 2:18 am

I don't know where to find that. Should I search online for Windows XP .NET framework files? Thanks Belahzur.

Cindy_SD
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-17
OS OS : windows XP
Points Points : 29090
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: wuauclt1.exe, Windows XP System

Post by Belahzur on Thu Dec 18, 2008 4:43 pm

Download link:
[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245049
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: wuauclt1.exe, Windows XP System

Post by Cindy_SD on Thu Dec 18, 2008 9:26 pm

Thank you! I'll give that a try.

Cindy_SD
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-17
OS OS : windows XP
Points Points : 29090
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: wuauclt1.exe, Windows XP System

Post by Cindy_SD on Fri Dec 19, 2008 4:36 am

Belahzur,

I wanted to let you know the status. It looked like the above action helped, but other issues were appearing, so I felt it was best to reinstall the operating system for a fresh start... especially after I found 750 registry errors and a couple .exe files that looked suspicious.

Thanks again for your assistance... have a beautiful Christmas!

Cindy

Cindy_SD
Novice
Novice

Posts Posts : 9
Joined Joined : 2008-12-17
OS OS : windows XP
Points Points : 29090
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: wuauclt1.exe, Windows XP System

Post by Doctor Inferno on Sat Jan 24, 2009 10:11 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104584
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum