This topic is lockedTrevuren
Smithfraud (I think?) [RESOLVED]
Started by
Summer_24
, Jul 16 2005 04:05 PM
#121
Posted 27 July 2005 - 12:30 AM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
Trevuren
#122
Posted 27 July 2005 - 08:44 AM
Summer_24
- Topic Starter
-
- Member
-
- 114 posts
Member
I ran the Ewido scan for you, but it does not save to my desktop in normal mode, its only in safe mode...so I just wrote down exactly what it said.
Ewido Security Suite - Scan Report
+Created on: 9:18:23 AM, 07-27-2005
+Report-checksum: FFA75718
+Scan Result:
D:\Documents and settings\Sherry\Cookies\[email protected][2].txt--> spyware.cookie.yieldmanager : cleaned with backup
D:\Documents and settings\Sherry\Cookies\sherry@advertising[1].txt--> spyware.cookie.advertising : cleaned with backup
D:\Documents and settings\Sherry\Cookies\sherry@atdmt[2].txt--> spyware.cookie.atdmt : cleaned with backup
D:\Documents and settings\Sherry\Cookies\[email protected] [1].txt--> spyware.cookie.Advertising : cleaned with backup
D:\Documents and settings\Sherry\Cookies\sherry@trafficmp[2].txt--> spyware.cookie.trafficmp : cleaned with backup
D:\WINDOWS\sizjhh.exe-->Adware.BetterInternet : cleand with backup
Logfile of HijackThis v1.99.1
Scan saved at 9:42:43 AM, on 7/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\Program Files\SpyCatcher\DeleteSatellite.exe
D:\PROGRA~1\AIM\aim.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\SpyCatcher\Protector.exe
D:\Program Files\SpyCatcher\Scheduler daemon.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "D:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "D:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Protector.lnk = D:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = D:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121549626671
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
Ewido Security Suite - Scan Report
+Created on: 9:18:23 AM, 07-27-2005
+Report-checksum: FFA75718
+Scan Result:
D:\Documents and settings\Sherry\Cookies\[email protected][2].txt--> spyware.cookie.yieldmanager : cleaned with backup
D:\Documents and settings\Sherry\Cookies\sherry@advertising[1].txt--> spyware.cookie.advertising : cleaned with backup
D:\Documents and settings\Sherry\Cookies\sherry@atdmt[2].txt--> spyware.cookie.atdmt : cleaned with backup
D:\Documents and settings\Sherry\Cookies\[email protected] [1].txt--> spyware.cookie.Advertising : cleaned with backup
D:\Documents and settings\Sherry\Cookies\sherry@trafficmp[2].txt--> spyware.cookie.trafficmp : cleaned with backup
D:\WINDOWS\sizjhh.exe-->Adware.BetterInternet : cleand with backup
Logfile of HijackThis v1.99.1
Scan saved at 9:42:43 AM, on 7/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\Program Files\SpyCatcher\DeleteSatellite.exe
D:\PROGRA~1\AIM\aim.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\SpyCatcher\Protector.exe
D:\Program Files\SpyCatcher\Scheduler daemon.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "D:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "D:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Protector.lnk = D:\Program Files\SpyCatcher\Protector.exe
O4 - Startup: Scheduler.lnk = D:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121549626671
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
#123
Posted 27 July 2005 - 08:56 AM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
Are you raedy to close it down? If there are no more malware issues, just give me the OK and we will procede with the final but essential cleanup procedures
Trevuren
Trevuren
#124
Posted 27 July 2005 - 01:14 PM
Summer_24
- Topic Starter
-
- Member
-
- 114 posts
Member
I am ready to clean up everything! But I think that I should let you know that I am still receiving those pop ups that I posted earlier about from Messenger Service, and my computer seems to be running a little slower than usual. Oh, and my desktop is still that blue screen that took over my normal desktop that I had....and it also has an icon downloaded to it that reads "Free XXX" underneath it (which will not let me delete it, b/c it says I have to do so through add/remove programs...but I dont see any programs in there that should be removed). If you think we can get these things fixed with the clean up, then im ready to start!! Thanks for your help!
#125
Posted 27 July 2005 - 01:33 PM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
1. Right click on http://www.greyknigh...pairDesktop.reg and download that file. Double click on it and click on Yes when it asks you if you want to merge it into the registry. Once that's done, restart your computer.
2. Login as usual and now right click on your Desktop and go to Properties. Next go to Desktop tab->Customize Desktop button->Web tab. Uncheck everything listed there. Then delete all the entries listed except for 'My Current Home Page'. Click OK and OK.
3. REBOOT your system.
4. Pleae tell me if it had the desired effect.
Trevuren
2. Login as usual and now right click on your Desktop and go to Properties. Next go to Desktop tab->Customize Desktop button->Web tab. Uncheck everything listed there. Then delete all the entries listed except for 'My Current Home Page'. Click OK and OK.
3. REBOOT your system.
4. Pleae tell me if it had the desired effect.
Trevuren
#126
Posted 27 July 2005 - 08:34 PM
Summer_24
- Topic Starter
-
- Member
-
- 114 posts
Member
I got it to work!!!! the desktop is back to normal 
#127
Posted 27 July 2005 - 08:48 PM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
Excellent Summer. Well done
Now for the remaining popups.
Please tell me what messenger service is popping up? If it is a Windows product, do you use it?
Trevuren
Now for the remaining popups.
Please tell me what messenger service is popping up? If it is a Windows product, do you use it?
Trevuren
#128
Posted 27 July 2005 - 10:00 PM
Summer_24
- Topic Starter
-
- Member
-
- 114 posts
Member
Message from SYSTEM to ALERT on 7-27-05 10:54:30 PM
Microsoft Windows has encountered an Internal Error, your windows registry is corrupted. We recommend a complete system scan.
Visit http://FixReg32.com to repair now...and then an ok button
Message from FROM to TO on 7-27-05 10:55:23 PM
STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.
Windows has found 47 CRITICAL SYSTEM ERRORS!
To fix the errors please do the following: 1. download registry repair from: http://www.regcleanser.com. install registry repair 3. run registry repair 4. reboot your computer.
FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!
Message from SYSTEM to ALERT on 7-27-05 10:55:26 PM
Windows has encountered an Internal Error, your Windows registry is corrupted. An Immediate system scan is recommended. Visit http://e-regpatch.com to repair...and then an ok button.
The list just goes on and on....but I have no idea what these messages are talking about. But I did look on my add/reomove progams list and found that my little sister had installed Windows Media Player & Windows Mediat Format Runtime sometime last Friday when I didnt know she got on the computer. Do you think that could be it? Im actually positive thats what it is, because I was looking back through the posts and I noticed that I first mentioned it to you on Saturday the 23, and the add/remove programs list says it was downloaded the 22nd. I think I remember getting one of these messages Friday night, but am not for sure...definitely on Saturday though! I bet this is it!!
I just went into the control panel under add/remove programs and deleted both of these programs, and then rebooted the computer.
Microsoft Windows has encountered an Internal Error, your windows registry is corrupted. We recommend a complete system scan.
Visit http://FixReg32.com to repair now...and then an ok button
Message from FROM to TO on 7-27-05 10:55:23 PM
STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.
Windows has found 47 CRITICAL SYSTEM ERRORS!
To fix the errors please do the following: 1. download registry repair from: http://www.regcleanser.com. install registry repair 3. run registry repair 4. reboot your computer.
FAILURE TO ACT NOW MAY LEAD TO DATA LOSS AND CORRUPTION!
Message from SYSTEM to ALERT on 7-27-05 10:55:26 PM
Windows has encountered an Internal Error, your Windows registry is corrupted. An Immediate system scan is recommended. Visit http://e-regpatch.com to repair...and then an ok button.
The list just goes on and on....but I have no idea what these messages are talking about. But I did look on my add/reomove progams list and found that my little sister had installed Windows Media Player & Windows Mediat Format Runtime sometime last Friday when I didnt know she got on the computer. Do you think that could be it? Im actually positive thats what it is, because I was looking back through the posts and I noticed that I first mentioned it to you on Saturday the 23, and the add/remove programs list says it was downloaded the 22nd. I think I remember getting one of these messages Friday night, but am not for sure...definitely on Saturday though! I bet this is it!!
I just went into the control panel under add/remove programs and deleted both of these programs, and then rebooted the computer.
Edited by Summer_24, 27 July 2005 - 10:20 PM.
#129
Posted 27 July 2005 - 10:24 PM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
1. Download "Registry Search Tool" (RegSrch.vbs) from here
http://www.billsway.com/vbspage/
2. Start it and paste in FixReg32.com, wait for it to complete the search, click ok at the prompt.
3. Then when wordpad opens, copy that back here please.
Trevuren
http://www.billsway.com/vbspage/
2. Start it and paste in FixReg32.com, wait for it to complete the search, click ok at the prompt.
3. Then when wordpad opens, copy that back here please.
Trevuren
#130
Posted 27 July 2005 - 10:39 PM
Summer_24
- Topic Starter
-
- Member
-
- 114 posts
Member
The message I got was....Search completed in 27 seconds, No instances of "FixReg32.com" found
#131
Posted 28 July 2005 - 10:54 AM
Summer_24
- Topic Starter
-
- Member
-
- 114 posts
Member
The message I got was....Search completed in 27 seconds, No instances of "FixReg32.com" found
#132
Posted 28 July 2005 - 11:17 AM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
I haven't abandonned you. It is just that I have put out a request for some assistance with these messages as they do not appear to reflect any existing known sites.
I will get back to you as soon as possible.
Trevuren
I will get back to you as soon as possible.
Trevuren
#133
Posted 28 July 2005 - 11:29 AM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
To make things easier to read and pull out the possible bad stuff, please do the following:
1. This will clean the malware that still resides in your temporary folders
Download the .exe format of Cleanup by Steven Gould from :HERE
2. Reset your System Restore (To clean out the malware)
TO DISABLE SYSTEM RESTORE
This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe. This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.
Put a check next to the below items before scanning:
**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.
On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.
REMEMBER just the bottom part, the infected files part
Regards,
Trevuren
1. This will clean the malware that still resides in your temporary folders
Download the .exe format of Cleanup by Steven Gould from :HERE
- A window will open and choose SAVE, then DESKTOP as the destination.
- On your Desktop, click on Cleanup40.exe icon.
- Then, click RUN and place a checkmark beside "I Agree"
- Then click NEXT followed by START and OK.
- A window will appear with many choices, keep all the defaultsas set when the Slide Bar to the left is set to Standard Quality.
- Click OK
- Finally click "CleanUp"
2. Reset your System Restore (To clean out the malware)
TO DISABLE SYSTEM RESTORE
- Right-click "My Computer", and then left click "Properties".
- Left click on "System Restore Tab"
- Check box beside "Turn Off System Restore"
- Left click on "Apply"
- Remove check mark from "Turn Off System Restore"
- Click on "Apply"
- REBOOT your system.
This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe. This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.
Put a check next to the below items before scanning:
- Memory
- Startup Folders
- Drive - All Local Drives
- Folder - then click "browse" to change the directory to C: (default is C:\Windows)
- Registry
- System Folders
- Services
- Include Sub-Directory
- Scan All Files
**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.
On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.
REMEMBER just the bottom part, the infected files part
Regards,
Trevuren
#134
Posted 28 July 2005 - 05:33 PM
Summer_24
- Topic Starter
-
- Member
-
- 114 posts
Member
When doing step 2, do I disable first and then enable system restore? Or should I only be doing one of these two? Thanks,
Summer
Summer
#135
Posted 28 July 2005 - 06:30 PM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
Both and more is coming
Trevuren
Trevuren
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
