BleepingComputer.com: Video Activex Access Trojan

I used to have MWAV subscription, which has now run out. When running MWAV it now reports I have the following

Video activex access trojan
gain.gator adware/spyware
possible fujacks type worm

How do I get rid of these without subscribing again to mwav?

This post has been edited by alt3rn1ty: 29 July 2007 - 06:40 AM

If it helps here are the offending entries in the MWAV log file

Sun Jul 29 12:45:59 2007 => System found infected with video activex access Trojan ({7e853d72-626a-48ec-a868-ba8d5e23e045})! Action taken: No Action Taken.
Sun Jul 29 12:46:01 2007 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com !!!
Sun Jul 29 12:46:01 2007 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:01 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Sun Jul 29 12:46:01 2007 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:01 2007 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Sun Jul 29 12:46:01 2007 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:13 2007 => Checking MountPoints2 Registry Key...
Sun Jul 29 12:46:13 2007 => Executable Command Found in {50252a90-9d92-11da-98dc-806d6172696f}\Shell\AutoRun\command: J:\Setup\rsrc\Autorun.exe
Sun Jul 29 12:46:13 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50252a90-9d92-11da-98dc-806d6172696f} !!!
Sun Jul 29 12:46:13 2007 => Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:13 2007 => Executable Command Found in {50252a91-9d92-11da-98dc-806d6172696f}\GAME_EXE\GAME_GUID\GAME_NAME\Shell\AutoRun\command: K:\Autorun.exe
Sun Jul 29 12:46:13 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{50252a91-9d92-11da-98dc-806d6172696f} !!!
Sun Jul 29 12:46:13 2007 => Object "Possible Fujacks-type Worm" found in File System! Action Taken: No Action Taken.

Sun Jul 29 12:46:13 2007 => Checking CLSID Reference Entries...
Sun Jul 29 12:46:17 2007 => Entry "HKCR\PhotoRecord.Album" refers to invalid object "{FEDCFFC1-BEC4-11D1-93B9-0060979C8AB8}". Action Taken: No Action Taken.

Sun Jul 29 12:46:18 2007 => Checking Module Usage Entries...
Sun Jul 29 12:46:18 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\avsniff.dll". Action Taken: No Action Taken.

Sun Jul 29 12:46:18 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\rufsi.dll". Action Taken: No Action Taken.

Bump - Helloooo!, is anybody out there? <OH NO, MAYBE EVERYONES 'PUTERS TRASHED TOO, MAYBE I PASSED IT ON, NOOOO!>

hi alt3rn1ty
the reason you have been overlooked is you have posted in the wrong section you should post your logs here

good luck

I have split your HJT log away from this thread and moved it into the HJT forum.

You can find it here: http://www.bleepingcomputer.com/forums/topic102044.html

Now that your log is posted there, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files on your own, etc.) unless advised by a HJT Team member. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and complicate the malware removal process.

Please be patient and wait for a response from an HJT Team member. It may take a while to get a response because team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. While waiting, please DO NOT make another reply to your log until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have no replies as this makes it easier for them to identify those who have not been helped. If you post another response, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

Thanx guyz my bad, going across to the link and wont alter anything until advised.

Your welcome and good luck.

If you followed any other advice in regards to this issue, please ensure you inform the HJT Helper when they respond to assist you with your log. This will help them know what has been done and they probably will ask for an updated log.

To avoid confusing, I am closing this thread. Should you need it reopened after your log has been reviewed and you have been cleared, please PM me or another moderator.

Again, thanks for your cooperation.