Author Topic: Win32:Adware-gen - HOW TO GET RID OF IT???  (Read 12115 times)

Win32:Adware-gen - HOW TO GET RID OF IT???
« on: July 16, 2007, 02:43:11 PM »

My computer has been infected with Win32:Adware-gen. Avast! can not delete it and it seems to slow down my computer to the point where using the internet is impossible times.

I am using Windows XP home edition and Toucan is my ISP.

Any help would be GREATLY appreciated!!!

Thank you!

Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 13:35:30, on 16/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PaltalkWebLogin - {502C3BA4-2C3E-4317-BC29-C0445E82B1F9} - C:\Program Files\Common Files\Paltalk\PaltalkWebLogin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone:
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) -
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) -
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} -
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList =
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winric32 - winric32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Thank you!


Re: Win32:Adware-gen - HOW TO GET RID OF IT???
« Reply #1 on: July 16, 2007, 03:56:33 PM »
Hi sheila,

For adware problems, try some specialist adware/spyware scanners:

AVG Anti-Spyware Free
Ad-Aware Free
Spybot Search & Destroy
SUPERAntiSpyware Free
a-Squared Free

I suspect this is the problem in your log. One of the above scanners should fix it, if not run HijackThis! again, tick the box next to the entry and click 'fix'.

O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} -

You can alos clean up these entries:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: winric32 - winric32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

When you have finished, scan for out-of-date and insecure software using Secunia Software Inspector and update any vulnerable software: this will help to prevent future infections.

Install SpywareBlaster also to prevent future infections: don't forget to update every month or so.
Re: Win32:Adware-gen - HOW TO GET RID OF IT???
« Reply #2 on: July 16, 2007, 05:26:08 PM »
Why couldn't avast delete it, what errors, etc. ?
The most common reason is file in use so you should schedule a boot-time scan which runs before windows starts so the file won't be in use.

Though as FWF said there are more specialised tools for anti-adware/spyware
Re: Win32:Adware-gen - HOW TO GET RID OF IT???
« Reply #3 on: July 16, 2007, 06:19:33 PM »

Hi Sheila - Welcome to the forums!    :)

I might be wrong but below might be some clues to why this problem happened. Someone please correct me if I am wrong.

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

It is obvious that some product of Symantec has been or is now on your computer. Are you using 2 anti-virus services?    ???


Re: Win32:Adware-gen - HOW TO GET RID OF IT???
« Reply #4 on: July 16, 2007, 08:25:54 PM »
It is obvious that some product of Symantec has been or is now on your computer. Are you using 2 anti-virus services? 
If the program is Norton Antivirus, you need to uninstall for compatibility reasons:


A removal tool for such a number of NAV is SymNRT.

Welcome to forums...
The best things in life are free.


« Reply #5 on: July 17, 2007, 04:24:04 PM »
Hi everyone!

Thanx for all the replies - and so quickly as well!! Thought I would be waiting for ages!

I deleted all Symantic associated files. I used to have Norton antivirus and uninstalled it ages ago but it obviously didn't completely disappear. After running Spybot and AdAware it seems it's all gone now. Or rather Avast! doesn't find it anymore!


Thanks a lot for the help.

Re: Win32:Adware-gen - HOW TO GET RID OF IT???
« Reply #6 on: July 17, 2007, 04:56:16 PM »
Thanx for all the replies - and so quickly as well!! Thought I would be waiting for ages!
Welcome to avast forum speed 8)

I deleted all Symantic associated files. I used to have Norton antivirus and uninstalled it ages ago but it obviously didn't completely disappear.
Did you use the SymNRT tool and follow all the steps?
The best things in life are free.

Re: Win32:Adware-gen - HOW TO GET RID OF IT???
« Reply #7 on: July 17, 2007, 05:25:24 PM »
Thanx for all the replies - and so quickly as well!! Thought I would be waiting for ages!
Thanks a lot for the help.

The avast forum is very different to many other supposed support forums, we respond quickly ;D

Welcome to the forums and the avast family.

Stick around and browse the forums, especially the sticky topics at the top of each of the forums, not to mention the avast help file. They provide a wealth of information to help you get the best from avast.
