Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please help removing *ware [RESOLVED]


  • This topic is locked This topic is locked

#16
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Let's register the Wups2.dll file in Windows

Click Start >> Run >> Type net stop wuauserv then Enter.

Then,

Click Start >> Run >> Type regsvr32 %windir%\system32\wups2.dll then Enter.
Click OK on each verification message that you receive.

Next,

Click Start >> Run >> Type net start wuauserv then Enter.


Finally,

  • Click Start, click All Programs, and then click Windows Update or Microsoft Update.
  • On the Windows Update Web site or on the Microsoft Update Web site, click Review your update history. A window opens that shows all the updates that have been installed or that have failed to install on the computer.
  • In the Status column of this window, locate latest successful install (should be green check mark).
  • Organize date by latest then posting a screenshot would useful.

Edited by koko_crunch, 14 June 2008 - 09:21 AM.

  • 0

Advertisements


#17
solley

solley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
There were not any with a green check mark. The attached screenshot shows all of the failures. I reinstalled XP a couple of months ago (not positive on the date) but that may be why there is no history from farther back...?

screenshot2.jpg
  • 0

#18
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey solley,

There were not any with a green check mark. The attached screenshot shows all of the failures. I reinstalled XP a couple of months ago (not positive on the date) but that may be why there is no history from farther back...?


There's no trace of June updates either.
I'll consult an expert then get back to you on that.

koko
  • 0

#19
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey solley,

While waiting, could you try updating Windows again.
Click here for instructions.

Let me know if there are changes after trying installing it again? e.g history or whether or not update was successful this time.

koko
  • 0

#20
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Ok, just got input from JSntgRvr. :)

Lets try the Automated Windows Update Fix from Castlecops
  • Download WUFix.zip and unzip to your desktop.
  • Double-Click WUFix.bat to run fix.
  • You will see a window open and commands processing. When the window closes the fix will have completed.
  • Restart the computer.
This fix will clear the proxy cache, places Windows Update sites in the Trusted Zone, places Windows Update sites in the exception list of IE Popup Blocker, starts all dependent services, registers required DLLS, empties the Windows Update temporary folder (with backup), renames the catroot2 folder, retains update history and Event log, and deletes BITS pending download queue.

Once done, go back to the Windows Update Website (You must use the Microsoft Internet Explorer to do this). Check your history to see if the update is already installed.
  • 0

#21
solley

solley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
OK. Much improvement. All the updates from June (today) showed up as successful now, except for one.

Windows Genuine Advantage Validation Tool (KB892130)
Date 15June08
Error Code: 0x80246007
  • 0

#22
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Try this fix by TaurArian [MS-MVP] 2005-2006

Register the Qmgr.dll and Qmgrprxy.dll BITS files.

Close all browser before proceeding.

1. Click Start, click Run, type regsvr32 qmgr.dll in the Open box, and then click OK.

2. Click OK.

3. Click Start, click Run, type regsvr32 qmgrprxy.dll in the Open box, and then click OK.

4. Click OK.

Now open a fresh IE window try Windows Update again
  • 0

#23
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Could you also include this on your next post...

  • Click on start >> Run >> paste text in code box below

    C:\windows\WindowsUpdate.log
  • Press Enter key.
  • Notepad will open with the contents of the log.
  • Please paste first 30 lines from that log.

  • 0

#24
solley

solley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Good. Update worked that time. No failures. First 30 lines of log below.

2008-06-07 17:38:47:046 916 fa0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab:
2008-06-07 17:38:47:078 916 fa0 Misc Microsoft signed: Yes
2008-06-07 17:38:47:109 916 fa0 Setup *********** Setup: Checking whether self-update is required ***********
2008-06-07 17:38:47:125 916 fa0 Setup * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf
2008-06-07 17:38:47:171 916 fa0 Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2008-06-07 17:38:47:203 916 fa0 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2008-06-07 17:38:47:250 916 fa0 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2008-06-07 17:38:47:265 916 fa0 Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.0.6000.381, required version = 7.0.6000.381
2008-06-07 17:38:47:296 916 fa0 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.0.6000.381, required version = 7.0.6000.381
2008-06-07 17:38:47:296 916 fa0 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2008-06-07 17:38:47:312 916 fa0 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2008-06-07 17:38:47:359 916 fa0 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2008-06-07 17:38:47:390 916 fa0 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2008-06-07 17:38:47:406 916 fa0 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.0.6000.381, required version = 7.0.6000.381
2008-06-07 17:38:47:437 916 fa0 Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2008-06-07 17:38:47:453 916 fa0 Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2008-06-07 17:38:47:500 916 fa0 Setup Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.0.6000.381, required version = 7.0.6000.381
2008-06-07 17:38:47:515 916 fa0 Setup * IsUpdateRequired = No
2008-06-07 17:38:52:078 916 fa0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2008-06-07 17:38:52:125 916 fa0 Misc Microsoft signed: Yes
2008-06-07 17:38:52:187 916 fa0 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab:
2008-06-07 17:38:52:218 916 fa0 Misc Microsoft signed: Yes
2008-06-07 17:38:52:250 916 fa0 PT +++++++++++ PT: Synchronizing server updates +++++++++++
2008-06-07 17:38:52:250 916 fa0 PT + ServiceId = {9482F4B4-E343-43B6-B170-9A65BC822C77}, Server URL = https://www.update.m...ice/client.asmx
2008-06-07 17:38:52:484 916 fa0 EEHndlr FATAL: MSI DLL version is 3.0. Version 3.1 is required.
2008-06-07 17:38:52:484 916 fa0 Agent WARNING: Failed to evaluate Installable rule, updateId = {81C45F05-5B72-433E-BDB8-18E511CBF465}.102, hr = 80241001
2008-06-07 17:38:56:062 916 fa0 EEHndlr FATAL: MSI DLL version is 3.0. Version 3.1 is required.
2008-06-07 17:38:56:062 916 fa0 Agent WARNING: Failed to evaluate Installable rule, updateId = {DE357453-4A7E-4E72-8F2F-6852727238F1}.104, hr = 80241001
2008-06-07 17:38:56:406 916 fa0 EEHndlr FATAL: MSI DLL version is 3.0. Version 3.1 is required.
2008-06-07 17:38:56:406 916 fa0 Agent WARNING: Failed to evaluate Installable rule, updateId = {F60C47C1-1386-4D9C-B153-E99CF0E217C5}.100, hr = 80241001
  • 0

#25
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
That's good to hear. :)

Let's do a final scan before we wrap things up.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a new Hijackthis log

  • 0

Advertisements


#26
solley

solley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here's what IE said in the new window after I clicked Scan Your PC Now (after a couple minute wait).

Gateway Timeout
The proxy server did not receive a timely response from the upstream server.
Reference #1.1719f648.1213592869.3db2668

I did this panda scan before, when I followed the instructions in the "read this before posting a log" thread, so maybe it's a temporary problem. I'll try again tomorrow.
  • 0

#27
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Ok. Just post back when you're done. :)
  • 0

#28
solley

solley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-06-16 18:51:53
PROTECTIONS: 1
MALWARE: 27
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
McAfee VirusScan Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
01176994 Bck/VB.XB Virus/Trojan No 0 No No C:\Documents and Settings\Owner\Desktop\Downloaded Apllications\ComboFix.exe[327882R2FWJFW\NirCmdC.cfexe]
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================


==================================================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:47 PM, on 6/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Java\jre1.6.0_06\bin\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wireless LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: http://download.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.co...?BundleId=21871
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wireless LAN Utility\tiwlnsvc.exe

--
End of file - 6796 bytes
  • 0

#29
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Congratulations, your log is clean! :)
We have a couple of last steps to perform and then you're all set.

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image

Next, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Then, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

If you don't have one yet, you should install a good firewall. Here are 3 free ones available for personal use:
including a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Goodluck! :)
  • 0

#30
solley

solley

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thanks. You've been very helpful.

Best Wishes.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP