Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop Ups & Ads have taken over laptop [Solved]


  • This topic is locked This topic is locked

#46
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Sorry, not the Recovery scan, but the Service scan, C:\Users\John\Desktop\FSS.exe.  That will allow me to see any changes in the services.


  • 0

Advertisements


#47
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

In addition, download the enclosed file: 

 

Save and extract its contents to the desktop.

 

Once extracted, open FRST.

 

Type the following in the edit box on FRST, after "Search:".
 
svchost*
 
It then should look like:
 
Search: svchost*
 
Click Search button and wait until finished. Post the log (Search.txt) it makes on the location FRST is saved, in your next reply.

  • 0

#48
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

Here is the Farbar Service Scan log:

 

Farbar Service Scanner Version: 25-02-2014
Ran by John (administrator) on 02-04-2014 at 06:07:43
Running from "C:\Users\John\Desktop"
Microsoft Windows 7 Home Premium   (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****
 
 
 
Also, here is the search log for svchost*  :
 
Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by John at 2014-04-02 06:13:17
Running from C:\Users\John\Desktop
Boot Mode: Normal
 
================== Search: "svchost*" ===================
 
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-13 18:19] - [2014-03-09 13:15] - 0589312 ____A (Microsoft Corporation) 8DDE1A539CBC01AB2D80D1CE61C05A98
 
C:\Windows\winsxs\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_511f46fd08cd38e1\svchost.exe.mui
[2009-07-14 00:35] - [2009-07-13 21:02] - 0002048 ____A (Microsoft Corporation) FBC18BEE67E9179F02E7894EB548F18D
 
C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 18:31] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
 
C:\Windows\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad3de280c12aaa17\svchost.exe.mui
[2009-07-14 00:35] - [2009-07-13 21:26] - 0002048 ____A (Microsoft Corporation) 712EBAA6DD6DBA7DDEE0A3D03C98E6D1
 
C:\Windows\SysWOW64\svchost.exe
[2009-07-13 18:19] - [2014-03-09 13:15] - 0589312 ____A (Microsoft Corporation) 8DDE1A539CBC01AB2D80D1CE61C05A98
 
C:\Windows\SysWOW64\en-US\svchost.exe.mui
[2009-07-14 00:35] - [2009-07-13 21:02] - 0002048 ____A (Microsoft Corporation) FBC18BEE67E9179F02E7894EB548F18D
 
C:\Windows\System32\svchost.exe
[2009-07-13 18:31] - [2009-07-13 20:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
 
C:\Windows\System32\en-US\svchost.exe.mui
[2009-07-14 00:35] - [2009-07-13 21:26] - 0002048 ____A (Microsoft Corporation) 712EBAA6DD6DBA7DDEE0A3D03C98E6D1
 
C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.2252.dmp
[2014-03-09 13:41] - [2014-03-09 13:41] - 1124328 ____A () 241A001F4F5CE90007C184C212B931BC
 
C:\Windows\System32\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.5824.dmp
[2014-03-09 13:39] - [2014-03-09 13:39] - 1124568 ____A () 91CE66E581E36DF77C2A87344AE004F1
 
C:\Windows\Prefetch\SVCHOST.EXE-007FEA55.pf
[2014-03-28 06:03] - [2014-04-02 06:03] - 0023434 ____A () 65B14445B9E028C7B67C6686861D878D
 
C:\Windows\Prefetch\SVCHOST.EXE-3AB35CA7.pf
[2014-03-28 06:03] - [2014-03-29 08:06] - 0019986 ____A () D0A6B30F2E5837644579814854B231BC
 
C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf
[2014-03-14 08:44] - [2014-03-27 15:30] - 0016724 ____A () 72302400149EBF5F5F9BC679D12A1A34
 
C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf
[2014-03-27 15:39] - [2014-03-27 15:39] - 0019936 ____A () BC5AA5CB3C2BD910D88928AD0FA07D54
 
C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf
[2014-03-09 17:01] - [2014-04-02 06:08] - 0019484 ____A () 7EABEFD7306D0E558C4F1602535C5DD7
 
C:\Windows\Prefetch\SVCHOST.EXE-E2C2633A.pf
[2014-03-31 16:34] - [2014-03-31 16:34] - 0028234 ____A () DB03FEE9319FBA7E1CCAF85F24C39C24
 
C:\Users\John\Downloads\SVCHOSTS.zip
[2014-04-02 06:10] - [2014-04-02 06:10] - 0107234 ____A () 3EF6638607A5DF172F7F4384AE90CBA9
 
C:\Users\John\Desktop\SVCHOSTS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009-07-13 21:14] - [2014-04-02 06:12] - 0020992 ____A (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866
 
C:\Users\John\Desktop\SVCHOSTS\winsxs\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_511f46fd08cd38e1\svchost.exe.mui
[2009-07-13 22:02] - [2014-04-02 06:12] - 0002048 ____A (Microsoft Corporation) FBC18BEE67E9179F02E7894EB548F18D
 
C:\Users\John\Desktop\SVCHOSTS\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009-07-13 21:39] - [2014-04-02 06:12] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
 
C:\Users\John\Desktop\SVCHOSTS\winsxs\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad3de280c12aaa17\svchost.exe.mui
[2009-07-13 22:26] - [2014-04-02 06:12] - 0002048 ____A (Microsoft Corporation) 712EBAA6DD6DBA7DDEE0A3D03C98E6D1
 
C:\Users\John\Desktop\SVCHOSTS\SysWOW64\svchost.exe
[2009-07-13 21:14] - [2014-04-02 06:12] - 0020992 ____A (Microsoft Corporation) 54A47F6B5E09A77E61649109C6A08866
 
C:\Users\John\Desktop\SVCHOSTS\SysWOW64\en-US\svchost.exe.mui
[2009-07-13 22:02] - [2014-04-02 06:12] - 0002048 ____A (Microsoft Corporation) FBC18BEE67E9179F02E7894EB548F18D
 
C:\Users\John\Desktop\SVCHOSTS\System32\svchost.exe
[2009-07-13 21:39] - [2014-04-02 06:12] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D
 
C:\Users\John\Desktop\SVCHOSTS\System32\en-US\svchost.exe.mui
[2009-07-13 22:26] - [2014-04-02 06:12] - 0002048 ____A (Microsoft Corporation) 712EBAA6DD6DBA7DDEE0A3D03C98E6D1
 
C:\Users\John\Desktop\SVCHOSTS\Prefetch\SVCHOST.EXE-05F624AB.pf
[2014-04-01 07:50] - [2014-04-02 06:12] - 0012398 ____A () 4ECDF4D918AF96900D96D0D0F1EC934D
 
C:\Users\John\Desktop\SVCHOSTS\Prefetch\SVCHOST.EXE-3AB35CA7.pf
[2014-03-31 07:10] - [2014-04-02 06:12] - 0092352 ____A () C90688754AEC3AC45E6FC16B1A026EF8
 
C:\Users\John\Desktop\SVCHOSTS\Prefetch\SVCHOST.EXE-61AE5AB6.pf
[2014-04-01 07:49] - [2014-04-02 06:12] - 0030594 ____A () 2746DFF6EE16BBCBF29126E27B4C918A
 
C:\Users\John\Desktop\SVCHOSTS\Prefetch\SVCHOST.EXE-7AC6742A.pf
[2014-04-01 09:11] - [2014-04-02 06:12] - 0016822 ____A () 734266AC099E0CDEBA7C8770B5E1EAC6
 
C:\Users\John\Desktop\SVCHOSTS\Prefetch\SVCHOST.EXE-7CFEDEA3.pf
[2014-04-01 09:21] - [2014-04-02 06:12] - 0018044 ____A () 397C9BBDDFA7119A300916C69A86D3C9
 
C:\Users\John\Desktop\SVCHOSTS\Prefetch\SVCHOST.EXE-80F4A784.pf
[2014-03-21 16:44] - [2014-04-02 06:12] - 0008400 ____A () 9208CA1D6225D856A91CDE2B5ECC0350
 
C:\Users\John\AppData\Roaming\Microsoft\Windows\Recent\SVCHOSTS.lnk
[2014-04-02 06:10] - [2014-04-02 06:10] - 0000529 ____A () AA9812FFA0482EEC87B38E21063CC93F
 
C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2014-03-11 21:48] - [2013-04-04 14:50] - 0218184 ____A () B4C6E3889BB310CA7E974A04EC6E46AC
 
C:\FRST\Quarantine\C\Windows\SysWOW64\svchost.exe.xBAD
[2009-07-13 18:19] - [2014-03-09 13:15] - 0589312 ____A (Microsoft Corporation) 8DDE1A539CBC01AB2D80D1CE61C05A98
 
C:\32788R22FWJFW\svchost.dat
[2012-06-20 08:03] - [2012-06-20 08:03] - 0000582 ____A () 43FA2B90D89009C075FFF2CC94F9DEB4
 
C:\32788R22FWJFW\svchost.vista.dat
[2000-08-30 19:00] - [2000-08-30 19:00] - 0000668 ____A () 321DC9CBE7CCD7696F46CF0002354181
 
C:\32788R22FWJFW\svchost.vista.x64.dat
[2010-11-27 00:12] - [2010-11-27 00:12] - 0000749 ____A () 14CAA9E2E82256EC016BE799DE6498DB
 
C:\32788R22FWJFW\svchost.w7.dat
[2013-06-03 12:06] - [2013-06-03 12:06] - 0001117 ____A () AD67BCEC0F0A67C2DFE81D6EC6D130A1
 
C:\32788R22FWJFW\svchost.w7.x64.dat
[2013-06-03 12:06] - [2013-06-03 12:06] - 0001467 ____A () C2E72487677B80EAFAF344E76BCB7535
 
C:\32788R22FWJFW\svchost.w8.dat
[2013-07-07 11:57] - [2013-07-07 11:57] - 0001348 ____A () 7910B5653CEEE311B51B77DA2AFB21FF
 
C:\32788R22FWJFW\svchost.w8.x64.dat
[2012-11-02 02:03] - [2012-11-02 02:03] - 0001268 ____A () 1D1CBFEF8314625A1F8A1AF75B2AA4C2
 
====== End Of Search ======

  • 0

#49
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Please first have the following file uploaded here.

 

C:\Windows\SysWOW64\svchost.exe

 

I will submit the file to the developers and anti-virus companies.

 

Then download the enclosed file. 

 

Save it in the same location FRST is saved.

 

Open FRST and click on the Fix button.

 

The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.

 

This will replace the svchost.exe file with a fresh copy.

 

Once done, restart the computer and attempt Windows Updates. Let me know the outcome.

 

  • 0

#50
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

I sent the file to bleepingcomputers for analysis.  Following is the fixlog you requested.  I will restart my computer now and let you know about Windows Update.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by John at 2014-04-03 05:59:23 Run:5
Running from C:\Users\John\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
Replace: C:\Users\John\Desktop\SVCHOSTS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe C:\Windows\SysWOW64\svchost.exe
Replace: C:\Users\John\Desktop\SVCHOSTS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
End
*****************
 
C:\Windows\SysWOW64\svchost.exe => Moved successfully.
C:\Users\John\Desktop\SVCHOSTS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe copied successfully to C:\Windows\SysWOW64\svchost.exe
C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe => Moved successfully.
Could not replace C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe.
 
==== End of Fixlog ====

  • 0

#51
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

After restarting my computer and then attempting to check for Windows updates, a message popped up that said: "Windows Update cannot currently check for updates, because the service is not running.  You may need to restart your computer."

 

Sorry =(


  • 0

#52
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Download the enclosed file. 
 
Save it in the same location FRST is saved.
 
Open FRST and click on the Fix button.
 
The tool will make a log in the same location FRST is saved (Fixlog.txt), Please post it to your reply.
 
Open an administrator Command prompt (Click on Start, type CMD and press CRTL+SHIFT+ENTER). At the prompt type the following and press Enter:
 
netsh winsock reset

net start bits
net start wuauserv

 
Let me know of any error message
 
Type EXIT and press Enter to leave the prompt.

 

Please open the following file in Notepad:

 

C:\Windows\WindowsUpdate.log

 

Copy and paste the last 50 lines of that report in your reply.


  • 0

#53
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

Here is the most recent fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by John at 2014-04-04 06:22:31 Run:6
Running from C:\Users\John\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
Replace: C:\Windows\SysWOW64\svchost.exe C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
file: C:\Windows\SysWOW64\svchost.exe
CMD: Net Start
End
*****************
 
Could not find C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe.
Could not replace C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe.
 
========================= file: C:\Windows\SysWOW64\svchost.exe ========================
 
MD5: 3E180FBF7A37069A3E292684C8CEABD2
Creation and modification date: 2009-07-13 18:19 - 2014-04-03 06:03
Size: 0589312
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: svchost.exe
Original Name: svchost.exe.mui
Product Name: Microsoft® Windows® Operating System
Description: Host Process for Windows Services
File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
Product Version: 6.1.7600.16385
Copyright: © Microsoft Corporation. All rights reserved.
 
====== End Of File: ======
 
 
=========  Net Start =========
 
These Windows services are started:
 
   Apple Mobile Device
   Application Experience
   Base Filtering Engine
   Bonjour Service
   CNG Key Isolation
   COM+ Event System
   Com4QLBEx
   Cryptographic Services
   Cyberlink RichVideo Service(CRVS)
   DCOM Server Process Launcher
   Desktop Window Manager Session Manager
   DHCP Client
   Diagnostic Policy Service
   Diagnostic Service Host
   Diagnostic System Host
   Distributed Link Tracking Client
   DNS Client
   Encrypting File System (EFS)
   Extensible Authentication Protocol
   Function Discovery Provider Host
   Function Discovery Resource Publication
   GameConsoleService
   Group Policy Client
   HomeGroup Provider
   HP Health Check Service
   hpqwmiex
   HsfXAudioService
   IKE and AuthIP IPsec Keying Modules
   Interactive Services Detection
   IP Helper
   iPod Service
   Network Connections
   Network List Service
   Network Location Awareness
   Network Store Interface Service
   Office Source Engine
   Plug and Play
   PnP-X IP Bus Enumerator
   Power
   Print Spooler
   Program Compatibility Assistant Service
   Remote Procedure Call (RPC)
   RPC Endpoint Mapper
   Secondary Logon
   Security Accounts Manager
   Server
   Shell Hardware Detection
   SSDP Discovery
   Superfetch
   System Event Notification Service
   Task Scheduler
   TCP/IP NetBIOS Helper
   Themes
   User Profile Service
   Virtual Disk
   Volume Shadow Copy
   Windows Audio
   Windows Audio Endpoint Builder
   Windows Driver Foundation - User-mode Driver Framework
   Windows Event Log
   Windows Firewall
   Windows Font Cache Service
   Windows Image Acquisition (WIA)
   Windows Management Instrumentation
   Windows Media Player Network Sharing Service
   Windows Search
   WinHTTP Web Proxy Auto-Discovery Service
   WLAN AutoConfig
   WMI Performance Adapter
   Workstation
 
The command completed successfully.
 
 
========= End of CMD: =========
 
 
==== End of Fixlog ====
 
I typed in the command prompts.  Here are the responses:
 
netsh winsock reset:  "Successfully reset the Winsock Catalog. You must restart your computer in order to complete the reset."
 
net start bits: "The Background Intelligent Transfer service is starting. The Background Intelligent Transfer Services service was started successfully."
 
net start wuauserv: "System Error 1058 has occurred.  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."
 
 
Here are the last 50 (approximately) lines of the WindowsUpdate.log you requested:
 
2013-09-25 23:24:02:423 2148 92c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2013-09-25 23:24:02:431 2148 92c COMAPI FATAL: Unable to connect to the service (hr=80070424)
2013-09-25 23:24:02:431 2148 92c COMAPI WARNING: Unable to establish connection to the service. (hr=80070424)
2014-02-07 23:01:37:623 352 f2c Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0600)  ===========
2014-02-07 23:01:37:632 352 f2c Misc  = Process: C:\Windows\Explorer.EXE
2014-02-07 23:01:37:632 352 f2c Misc  = Module: C:\Windows\system32\wucltux.dll
2014-02-07 23:01:37:620 352 f2c WUApp FATAL: Failed to cocreate AU object, hr=0X80070424
2014-02-07 23:01:37:632 352 f2c WUApp FATAL: Failed to initialize WU app, hr=80070424
2014-02-07 23:01:37:641 352 f2c WUApp WARNING: Cannot load updates because AU service is not available, hr=80010108
2014-02-07 23:01:37:641 352 f2c WUApp WARNING: Failed to load the update list, error 80010108
2014-02-07 23:01:37:641 352 f2c WUApp WARNING: Failed to populate update list with error 80010108
2014-02-07 23:01:37:831 352 f2c WUApp WARNING: Error displaying Opted In Service summary: 80070424
2014-02-07 23:01:48:675 352 f2c WUApp WARNING: Couldn't handle 'Check for Updates' click -- service not running
2014-02-07 23:02:30:003 352 f2c WUApp WARNING: Couldn't handle 'Check for Updates' click -- service not running
2014-02-07 23:02:51:919 3704 1154 Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0600)  ===========
2014-02-07 23:02:51:919 3704 1154 Misc  = Process: C:\Windows\system32\wuauclt.exe
2014-02-07 23:02:51:919 3704 1154 Misc  = Module: C:\Windows\system32\wucltux.dll
2014-02-07 23:02:51:919 3704 1154 CltUI FATAL: Dialog thread failed for directive Featured Opt-In with error 80070424
2014-03-24 06:06:28:055 2176 12b0 Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0500)  ===========
2014-03-24 06:06:28:062 2176 12b0 Misc  = Process: C:\Windows\Explorer.EXE
2014-03-24 06:06:28:062 2176 12b0 Misc  = Module: C:\Windows\system32\wucltux.dll
2014-03-24 06:06:28:055 2176 12b0 WUApp FATAL: Failed to cocreate AU object, hr=0X80070424
2014-03-24 06:06:28:062 2176 12b0 WUApp FATAL: Failed to initialize WU app, hr=80070424
2014-03-24 06:06:28:398 2176 12b0 WUApp WARNING: Cannot load updates because AU service is not available, hr=80010108
2014-03-24 06:06:28:398 2176 12b0 WUApp WARNING: Failed to load the update list, error 80010108
2014-03-24 06:06:28:398 2176 12b0 WUApp WARNING: Failed to populate update list with error 80010108
2014-03-24 06:06:28:784 2176 12b0 WUApp WARNING: Error displaying Opted In Service summary: 80070424
2014-03-24 06:06:38:288 2176 12b0 WUApp WARNING: Couldn't handle 'Check for Updates' click -- service not running
2014-03-24 06:07:06:588 2176 12b0 WUApp WARNING: Error displaying Update Service setting: 80070424
2014-03-24 06:07:40:306 2176 12b0 Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0500)  ===========
2014-03-24 06:07:40:306 2176 12b0 Misc  = Process: C:\Windows\Explorer.EXE
2014-03-24 06:07:40:306 2176 12b0 Misc  = Module: C:\Windows\system32\wucltux.dll
2014-03-24 06:07:40:306 2176 12b0 WUApp FATAL: Failed to cocreate AU object, hr=0X80070424
2014-03-24 06:07:40:306 2176 12b0 WUApp FATAL: Failed to initialize WU app, hr=80070424
2014-03-24 06:07:40:622 2176 12b0 WUApp WARNING: Cannot load updates because AU service is not available, hr=80010108
2014-03-24 06:07:40:622 2176 12b0 WUApp WARNING: Failed to load the update list, error 80010108
2014-03-24 06:07:40:622 2176 12b0 WUApp WARNING: Failed to populate update list with error 80010108
2014-03-24 06:07:41:060 2176 12b0 WUApp WARNING: Error displaying Opted In Service summary: 80070424
2014-03-24 06:07:46:745 2176 12b0 WUApp WARNING: Couldn't handle 'Check for Updates' click -- service not running
2014-04-03 06:12:07:080 460 1360 Misc ===========  Logging initialized (build: 7.6.7600.256, tz: -0500)  ===========
2014-04-03 06:12:07:080 460 1360 Misc  = Process: C:\Windows\Explorer.EXE
2014-04-03 06:12:07:080 460 1360 Misc  = Module: C:\Windows\system32\wucltux.dll
2014-04-03 06:12:07:080 460 1360 WUApp WARNING: AU service is disabled (error 80070422); ignoring.
2014-04-03 06:12:07:533 460 1360 WUApp WARNING: Cannot load updates because AU service is not available, hr=80010108
2014-04-03 06:12:07:533 460 1360 WUApp WARNING: Failed to load the update list, error 80010108
2014-04-03 06:12:07:533 460 1360 WUApp WARNING: Failed to populate update list with error 80010108
2014-04-03 06:12:08:141 460 1360 WUApp WARNING: Error displaying Opted In Service summary: 80070422
2014-04-03 06:12:08:141 460 1360 Misc wuauserv is disabled
2014-04-03 06:12:16:909 460 1360 WUApp WARNING: Couldn't handle 'Check for Updates' click -- service not running
 
 
Hopefully I did all this right.  Please let me know if I missed something.  Thank you!

  • 0

#54
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

I have checked the file uploaded to my channel first hand and it is infeted with what appears to be Virus Win32/Expiro. This virus is a Windows executable file infecting virus. It is also capable of stealing credit card and personal information.

As W32/Expiro is a file infector, any filename is fair game. As you can see, the file we replaced is already re-infected with the previous code.

You can read about this here.
 
W32/Expiro  (and related variants) is a dangerous file infector which infects mostly .exe files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in the thousands) cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer it remains on a computer, the more files it infects and corrupts so the degree of damage can vary.
 
Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

Just to see if these files are detected, please run a free online scan with the ESET Online Scanner

I would suggest you backup your persobnal data before proceeding.

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#55
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

Thank  you for all the information.  I am sorry to hear that this is such a bad infection, but after all the attempts you have made to get rid of it, I am not surprised.  Right now, we are trying to figure out which files we need to save.  As soon as I am done saving them, I will run the ESET Online Scanner and send the report to you.

 

Thank you!


  • 0

Advertisements


#56
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

You are welcome! :)


  • 0

#57
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

I have been having a lot of trouble with completing the ESET scanner. I have tried running it three times and I can't get it past 95%.  The first two times it ran several hours, then my computer went to sleep, so i thought when I moved my mouse to wake it up, I caused it to stall (because it wasn't continuing during the sleep).  Last night I changed settings so it would not go to sleep.  I let the scan run all night and this morning it was still at 95%.  I moved my mouse to click finish so I could see an incomplete report and the whole ESET screen disappeared. Do you want me to keep trying?

 

Melanie


  • 0

#58
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Try following the instructions here. If a report is produced, please posted in your reply.


  • 0

#59
mckinney7

mckinney7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 60 posts

I want to be sure I understand correctly.  I didn't see any instructions on the link you gave me until I scrolled down to the very bottom of the webpage.  It said: Steps to remove "Win32.Expiro.57" automatically

Is this what you are wanting me to do?


  • 0

#60
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts

Yes. That will confirm our findings.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP