Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

wuaumqr blues 2

Status
Not open for further replies.
reflecx

reflecx

Technical User
Oct 31, 2003
10
SE
I guess my freeloading days are over: picking and choosing from forums whenever niggles appear. This is just too complicated for makeshift fixes. Can someone give me a step by step remedy for this pernicious malady. Below are the xrays.
Bcastner: I did read your successful cure for jmoore4948's problem. My apologies to you if the pocedure is identical. The risk is that it isn't.

My sincere thanks Jamie

Logfile of HijackThis v1.97.3
Scan saved at 12:30:08, on 2003-10-31
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuaumqr.exe
C:\Program\QuickTime\qttask.exe
C:\Program\Vanliga filer\Real\Update_OB\realsched.exe
C:\Program\FSI\F-Prot\F-StopW.EXE
C:\Program\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = (obfuscated)
F1 - win.ini: load=???
??? ???
?
? ??
F1 - win.ini: run=???
??? ???
?
? ??
O1 - Hosts: 194.237.110.170 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Kangaroo - {663C7429-E454-11D3-B9AE-0000B4C32B4D} - C:\IDC\WEBKA.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Winsock2 driver] wuaumqr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program\Vanliga filer\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [F-StopW] C:\Program\FSI\F-Prot\F-StopW.EXE
O4 - HKCU\..\RunOnce: [Winsock2 driver] wuaumqr.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program\Zone Labs\ZoneAlarm\zonealarm.exe
O9 - Extra button: Kangaroo (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - O16 - DPF: {0DCABC94-5086-4E08-A4C9-BF284A614E81} ( Class) - O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} - O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAE} - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
 
Sort by date Sort by votes
I think carr's post will help you a great deal. Disable System Restore (Start, All Programs, Accessories, System Utilities, System Restore) and then:

1. As you have Hijack This! let it remove at least these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = (obfuscated)
F1 - win.ini: load=???
??? ???
?
? ??
F1 - win.ini: run=???
??? ???
?
? ??
O1 - Hosts: 194.237.110.170 O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Kangaroo - {663C7429-E454-11D3-B9AE-0000B4C32B4D} - C:\IDC\WEBKA.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Winsock2 driver] wuaumqr.exe

O4 - HKCU\..\RunOnce: [Winsock2 driver] wuaumqr.exe

Reboot

2. Use carr's link above and make as many manual edits as you feel comfortable, and remain after your Hijack session work above.

3. Do the manual fixes, then run two of smah's faq online antivirus selections (Trend Micro and Panda would be my personal choice): faq760-3862

Reboot

4. If things seem reasonably sorted at this point, re-enable System Restore and manually create a new restore point.


Best,
Bill Castner
 
Upvote 0 Downvote
Many thanks to both of you! Along with a Single Malted dedication to your good health.

Cheers,
Jamie
 
Upvote 0 Downvote
Could you make mine a Springbank or a Talisker?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

micker377
  • Locked
  • Question
Bluescreen is back.
Replies
6
Views
45
micker377
micker377
vanka25
  • Locked
  • Helpful tip
Win 7 RC and Firefox - Bluescreen
Replies
3
Views
38
BadBigBen
BadBigBen
DTSMAN
  • Locked
  • Question
Scandisk = Bluescreen
Replies
5
Views
38
linney
linney
jlockley
  • Locked
  • Question
64 bit blues: Installer error (1719) 1
Replies
5
Views
33
linney
linney
jlockley
  • Locked
  • Question
64 bit blues yet again. How to restore, recover, whatever...???
Replies
4
Views
23
jlockley
jlockley

Part and Inventory Search

Sponsor

Back
Top