Ok, I'm not really sure I am doing this right, but I'll give it a shot.
Fri Aug 12 18:33:57 2005 => File C:\DOCUME~1\Owner\LOCALS~1\Temp\se.dll infected by "Trojan.Win32.StartPage.uz" Virus! Action Taken: No Action Taken.
Fri Aug 12 18:33:58 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df
Fri Aug 12 18:34:05 2005 => ERROR!!! Invalid Entry = C:\WINDOWS\system32\fifm.dll (in key Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{D47E8E4B-3C59-4D5D-AF94-F9E9C6DD6215}). No Action Taken._1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
Fri Aug 12 18:34:09 2005 => ERROR!!! Invalid Entry {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\WINDOWS\Downloaded Program Files\ymmapi.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). No Action Taken.
Fri Aug 12 18:37:45 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Fri Aug 12 18:37:45 2005 => Scanning File C:\WINDOWS\system32\JAVASUP.VXD
Fri Aug 12 18:37:45 2005 => ***** Scanning Registry and File system for Adware/Spyware *****
Fri Aug 12 18:37:45 2005 => Loading Spyware Signatures from FIXED Database...
Fri Aug 12 18:37:45 2005 => System found infected with FunWeb Spyware/Adware ({147A976F-EEE1-4377-8EA7-4716E4CDD239})! Action taken: No Action Taken.
Fri Aug 12 18:37:45 2005 => System found infected with IstBAR Spyware/Adware ({86227d9c-0efe-4f8a-aa55-30386a3f5686})! Action taken: No Action Taken.
Fri Aug 12 18:37:45 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Fri Aug 12 18:37:45 2005 => System found infected with Lycos Sidesearch Spyware/Adware ({000007C6-17DF-4438-92A4-DE5537471BA3})! Action taken: No Action Taken.
Fri Aug 12 18:37:46 2005 => System found infected with MyBar Spyware/Adware ({0494d0d9-f8e0-41ad-92a3-14154ece70ac})! Action taken: No Action Taken.
Fri Aug 12 18:37:46 2005 => Offending Folder C:\PROGRA~1\sidefind present...
Fri Aug 12 18:37:46 2005 => Object "sidefind Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:46 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\power scan !!!
Fri Aug 12 18:37:46 2005 => Offending Folder C:\PROGRA~1\POWERS~1 present...
Fri Aug 12 18:37:46 2005 => Offending Folder C:\DOCUME~1\Owner\STARTM~1\Programs\POWERS~1 present...
Fri Aug 12 18:37:46 2005 => Object "Power scan Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:46 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\wsem update !!!
Fri Aug 12 18:37:46 2005 => Object "DyFuCA Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:46 2005 => Offending value found in HKCU\appevents\schemes\apps\quicken !!!
Fri Aug 12 18:37:46 2005 => Offending Folder C:\PROGRA~1\quicken present...
Fri Aug 12 18:37:46 2005 => Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:46 2005 => Offending Folder C:\PROGRA~1\180SEA~1 present...
Fri Aug 12 18:37:46 2005 => Object "180Solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:46 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\searchassistant uninstall !!!
Fri Aug 12 18:37:46 2005 => Object "CWS.blank Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:46 2005 => Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Fri Aug 12 18:37:46 2005 => Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:46 2005 => Offending value found in HKCU\Software\FunWebProducts !!!
Fri Aug 12 18:37:46 2005 => Object "FunWebProducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:46 2005 => Object "CoolWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:46 2005 => Object "CoolWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:46 2005 => Offending value found in HKEY_USERS\.DEFAULT\Software\mxtarget !!!
Fri Aug 12 18:37:46 2005 => Object "mxtarget Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:47 2005 => Offending value found in HKLM\Software\ptech !!!
Fri Aug 12 18:37:47 2005 => Object "Prutect Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:47 2005 => Offending value found in HKCU\Software\grokster !!!
Fri Aug 12 18:37:47 2005 => Object "GrokSter Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:47 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\Run !!!
Fri Aug 12 18:37:47 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\Run !!!
Fri Aug 12 18:37:47 2005 => Object "Claria Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:47 2005 => Offending Folder C:\DOCUME~1\Owner\FAVORI~1\Living present...
Fri Aug 12 18:37:47 2005 => Object "ISearchTech.ISTdownloader Spyware/Adware" found in File System! Action Taken: No Action Taken.
Fri Aug 12 18:37:47 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.
Fri Aug 12 18:37:47 2005 => System found infected with eZula Spyware/Adware (exclean.exe)! Action taken: No Action Taken.
Fri Aug 12 18:38:06 2005 => System found infected with AdRotator Spyware/Adware (vs.bin)! Action taken: No Action Taken.
Fri Aug 12 18:38:06 2005 => System found infected with SearchEXE Spyware/Adware (se.dll)! Action taken: No Action Taken.
Ok I got this far and I stopped because I'm not even 1/10000 of the way there. I do not understand your directions.
How do I know what is in "recovery or backupfolders " And I don't even know what a "System Volume Information-folder." is. I'm not even sure I am looking at the right log. I have two logs, one is called MWAV.log and it has stuff like the above. And the other log, which is called vlist, I generated by clicking "Generate" under Virus List, and that log has stuff like this.
Virus Count: 142843
KL
pfp
Virus.BAS.Bv3
Virus.BAS.Evod
Virus.BAS.Junkrem
Virus.BAS.Sp1
Virus.DOS.04h.609
Virus.DOS.04h.635
Virus.DOS.1000Years.791.a
Virus.DOS.1000Years.791.b
I am really confused.
Edited by Sk0rch, 13 August 2005 - 01:17 AM.