Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

What in the world is this?


  • Please log in to reply

#1
gordot

gordot

    New Member

  • Member
  • Pip
  • 1 posts
This is the mwav log:


Sat Aug 20 14:37:42 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.
Sat Aug 20 14:37:42 2005 => System found infected with bearshare Spyware/Adware ({9f95f736-0f62-4214-a4b4-caa6738d4c07})! Action taken: No Action Taken.
Sat Aug 20 14:37:42 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
Sat Aug 20 14:37:42 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken.
Sat Aug 20 14:37:48 2005 => System found infected with WhenU.SaveNow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.

Sat Aug 20 14:37:50 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare !!!
Sat Aug 20 14:37:50 2005 => Offending value found in HKCU\appevents\schemes\apps\bearshare !!!
Sat Aug 20 14:37:50 2005 => Offending value found in HKLM\Software\magnet\handlers\bearshare !!!
Sat Aug 20 14:37:50 2005 => Offending value found in HKLM\Software\bearshare !!!
Sat Aug 20 14:37:50 2005 => Offending Folder found: C:\PROGRA~1\bearshare
Sat Aug 20 14:37:50 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Aug 20 14:37:50 2005 => Offending Folder found: C:\PROGRA~1\bearsh~1
Sat Aug 20 14:37:50 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Aug 20 14:37:50 2005 => Offending value found in HKCU\appevents\eventlabels\bearsharechatnotifymsg !!!
Sat Aug 20 14:37:50 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Aug 20 14:37:50 2005 => Offending value found in HKLM\Software\Licenses !!!
Sat Aug 20 14:37:50 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Aug 20 14:37:50 2005 => Offending value found in HKLM\Software\Licenses !!!
Sat Aug 20 14:37:50 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Aug 20 14:38:21 2005 => Offending file found: C:\DOCUME~1\GORDON~1\LOCALS~1\Temp\insthelp.dll
Sat Aug 20 14:38:21 2005 => System found infected with RedV Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.


Sat Aug 20 14:38:47 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Sat Aug 20 14:38:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxsfs.dll". Action Taken: No Action Taken.

Sat Aug 20 14:38:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.

Sat Aug 20 14:38:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Deu.nls". Action Taken: No Action Taken.

Sat Aug 20 14:38:53 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.

Sat Aug 20 14:38:53 2005 => Entry "HKCR\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamui.dll". Action Taken: No Action Taken.

Sat Aug 20 14:38:53 2005 => Entry "HKCR\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamui.dll". Action Taken: No Action Taken.

Sat Aug 20 14:38:54 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.

Sat Aug 20 14:38:56 2005 => Entry "HKCR\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamiui.dll". Action Taken: No Action Taken.

Sat Aug 20 14:38:57 2005 => Entry "HKCR\CLSID\{F83865C0-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.

Sat Aug 20 14:38:57 2005 => Entry "HKCR\CLSID\{F83865C2-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.

Sat Aug 20 14:38:57 2005 => Entry "HKCR\CLSID\{F83865C3-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.

Sat Aug 20 14:39:00 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Sat Aug 20 14:39:00 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Sat Aug 20 14:39:06 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Sat Aug 20 14:39:06 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Sat Aug 20 14:39:07 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Sat Aug 20 14:39:07 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Sat Aug 20 14:39:09 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Sat Aug 20 14:39:09 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Sat Aug 20 14:39:09 2005 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Sat Aug 20 14:39:09 2005 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

*****************************

I Keep getting some AVG popup claiming there's a virus in C:\Windows\system32\mskav.exe and I CAN'T GET RID OF IT!

I've read through some of the posts here and I still can't figure it out...what is wrong with this system?
  • 0

Advertisements


#2
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
The Malware Team will deal with this

Please go here:

http://www.geekstogo..._Log-t2852.html

Run all the programmes as advised then post a current Hijack This Log in a new topic in the Malware Forum
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP