Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

What in the world is this?

Started by gordot , Aug 20 2005 01:55 PM

  • Please log in to reply

#1
gordot
Posted 20 August 2005 - 01:55 PM

gordot

    New Member

  • Member
  • Pip
  • 1 posts
This is the mwav log:


Sat Aug 20 14:37:42 2005 => System found infected with bearshare Spyware/Adware ({905d0df2-3a0a-4d94-853c-54a12a745905})! Action taken: No Action Taken.
Sat Aug 20 14:37:42 2005 => System found infected with bearshare Spyware/Adware ({9f95f736-0f62-4214-a4b4-caa6738d4c07})! Action taken: No Action Taken.
Sat Aug 20 14:37:42 2005 => System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
Sat Aug 20 14:37:42 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken.
Sat Aug 20 14:37:48 2005 => System found infected with WhenU.SaveNow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken.

Sat Aug 20 14:37:50 2005 => Offending value found in HKLM\Software\Microsoft\Windows\CurrentVersion\uninstall\bearshare !!!
Sat Aug 20 14:37:50 2005 => Offending value found in HKCU\appevents\schemes\apps\bearshare !!!
Sat Aug 20 14:37:50 2005 => Offending value found in HKLM\Software\magnet\handlers\bearshare !!!
Sat Aug 20 14:37:50 2005 => Offending value found in HKLM\Software\bearshare !!!
Sat Aug 20 14:37:50 2005 => Offending Folder found: C:\PROGRA~1\bearshare
Sat Aug 20 14:37:50 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Aug 20 14:37:50 2005 => Offending Folder found: C:\PROGRA~1\bearsh~1
Sat Aug 20 14:37:50 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Aug 20 14:37:50 2005 => Offending value found in HKCU\appevents\eventlabels\bearsharechatnotifymsg !!!
Sat Aug 20 14:37:50 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Aug 20 14:37:50 2005 => Offending value found in HKLM\Software\Licenses !!!
Sat Aug 20 14:37:50 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Aug 20 14:37:50 2005 => Offending value found in HKLM\Software\Licenses !!!
Sat Aug 20 14:37:50 2005 => Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sat Aug 20 14:38:21 2005 => Offending file found: C:\DOCUME~1\GORDON~1\LOCALS~1\Temp\insthelp.dll
Sat Aug 20 14:38:21 2005 => System found infected with RedV Spyware/Adware (insthelp.dll)! Action taken: No Action Taken.


Sat Aug 20 14:38:47 2005 => ***** Scanning Registry for errors created because of Adware/Spyware *****
Sat Aug 20 14:38:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxsfs.dll". Action Taken: No Action Taken.

Sat Aug 20 14:38:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.

Sat Aug 20 14:38:47 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ahead\Nero BackItUp\BackItUp-Deu.nls". Action Taken: No Action Taken.

Sat Aug 20 14:38:53 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.

Sat Aug 20 14:38:53 2005 => Entry "HKCR\CLSID\{8EC31897-D1E6-4758-80BE-31E873AC2903}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamui.dll". Action Taken: No Action Taken.

Sat Aug 20 14:38:53 2005 => Entry "HKCR\CLSID\{8EC31898-D1E6-4758-80BE-31E873AC2903}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamui.dll". Action Taken: No Action Taken.

Sat Aug 20 14:38:54 2005 => Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.

Sat Aug 20 14:38:56 2005 => Entry "HKCR\CLSID\{D9C027CF-DF75-4D2C-B763-AC1CA31C4AF8}" refers to invalid object "C:\Program Files\Grisoft\AVG Free\avgamiui.dll". Action Taken: No Action Taken.

Sat Aug 20 14:38:57 2005 => Entry "HKCR\CLSID\{F83865C0-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.

Sat Aug 20 14:38:57 2005 => Entry "HKCR\CLSID\{F83865C2-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.

Sat Aug 20 14:38:57 2005 => Entry "HKCR\CLSID\{F83865C3-92C3-11d3-B41E-0010DC973BDB}" refers to invalid object "CamExL20.ax". Action Taken: No Action Taken.

Sat Aug 20 14:39:00 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Sat Aug 20 14:39:00 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Sat Aug 20 14:39:06 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Sat Aug 20 14:39:06 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Sat Aug 20 14:39:07 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Sat Aug 20 14:39:07 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Sat Aug 20 14:39:09 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Sat Aug 20 14:39:09 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Sat Aug 20 14:39:09 2005 => Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Sat Aug 20 14:39:09 2005 => Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

*****************************

I Keep getting some AVG popup claiming there's a virus in C:\Windows\system32\mskav.exe and I CAN'T GET RID OF IT!

I've read through some of the posts here and I still can't figure it out...what is wrong with this system?
  • 0

Advertisements

#2
Retired Tech
Posted 20 August 2005 - 01:59 PM

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
The Malware Team will deal with this

Please go here:

http://www.geekstogo..._Log-t2852.html

Run all the programmes as advised then post a current Hijack This Log in a new topic in the Malware Forum
  • 0
Back to Windows XP, 2000, 2003, NT · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows XP, 2000, 2003, NT

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP