Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Adware problems
   
BullGuard Antivirus Forum > Virus Removal > Removal Tools > Adware problems  
Forum Quick Jump
 
New Topic Post reply to : Adware problems Printable version of : Adware problems
[ << Previous Thread | Next Thread >> ]

Anjuvenkat
New Member


Date Joined Apr 2008
Total Posts : 6
  		   Posted 4-8-2008 7:41 (GMT +1)    Quote: Adware problemsAlert an admin about: Adware problems
Hello,
 
I have installed AVG Free edition with latest update. From last few days, automatically populating some sites reg. advertisement.
 
I tried to remove using Adware Alert 2008, everytime its founding somthing .....after restart its showing same thing.
 
Kindly guide us to remove the same.
 
regards,
Venkat
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13642
  		   Posted 4-8-2008 8:28 (GMT +1)    Quote: Adware problemsAlert an admin about: Adware problems
Hello smile
 
 
Click here - ->>  Before posting a log 
 
 
 After You have run the scan tools -
 
Reboot normally
 
Post Hijackthis log along with SuperAntiSpyware log, , C: combofix TXT  in this topic
 
 
 

Do NOT post your problem in someone elses thread.

Back to Top
 

Anjuvenkat
New Member


Date Joined Apr 2008
Total Posts : 6
  		   Posted 4-8-2008 6:05 (GMT +1)    Quote: Adware problemsAlert an admin about: Adware problems
Hi,
Kindly find the super anti spyware log file and hijack log.
Still problem was not resolved.
Regards...Venkat


File Attachment :
SUPERAntiSpyware Scan Log - 04-08-2008 - 22-10-25.log   1KB (application/octet-stream)
This file has been downloaded 70 time(s).

File Attachment :
hijackthis.log   3KB (application/octet-stream)
This file has been downloaded 96 time(s).
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13642
  		   Posted 4-9-2008 9:22 (GMT +1)    Quote: Adware problemsAlert an admin about: Adware problems
I´m waiting for a combofix log
 
 
NB. Don´t attach it

Do NOT post your problem in someone elses thread.

Back to Top
 

Anjuvenkat
New Member


Date Joined Apr 2008
Total Posts : 6
  		   Posted 4-9-2008 3:42 (GMT +1)    Quote: Adware problemsAlert an admin about: Adware problems
Hello,

Sorry for delay. Here find COMBOFIX log:

ComboFix 08-04-08.9 - Shyamu 2008-04-09 20:01:08.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.490 [GMT 5.5:30]
Running from: C:\Documents and Settings\Shyamu\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-09 to 2008-04-09 )))))))))))))))))))))))))))))))
.

2008-04-09 19:51 . 2008-04-09 19:51 <DIR> d--hs---- C:\FOUND.000
2008-04-09 09:44 . 2008-04-09 09:44 0 --a------ C:\WINDOWS\vpc32.INI
2008-04-09 09:43 . 2008-04-09 09:43 <DIR> d-------- C:\Program Files\Symantec AntiVirus
2008-04-09 09:43 . 2008-04-09 09:43 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-09 09:43 . 2008-04-09 09:43 110,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-09 09:43 . 2008-04-09 09:43 48,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-09 09:43 . 2008-04-09 09:43 8,014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-09 09:43 . 2008-04-09 09:43 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-09 07:24 . 2008-04-09 09:39 121 --a------ C:\WINDOWS\bdagent.INI
2008-04-09 07:17 . 2008-04-09 07:17 <DIR> d-------- C:\Program Files\BitDefender
2008-04-09 07:17 . 2008-04-09 07:17 <DIR> d-------- C:\Documents and Settings\Shyamu\Application Data\BitDefender
2008-04-09 07:17 . 2008-04-09 07:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-04-09 07:17 . 2008-04-09 09:14 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-04-09 07:16 . 2008-04-09 07:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-09 07:15 . 2008-04-09 07:15 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-04-09 03:00 . 2008-04-09 03:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-04-08 22:02 . 2008-04-08 22:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-08 22:02 . 2008-04-08 22:02 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-08 22:02 . 2008-04-08 22:02 <DIR> d-------- C:\Documents and Settings\Shyamu\Application Data\SUPERAntiSpyware.com
2008-04-08 22:02 . 2008-04-08 22:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-08 21:59 . 2008-04-08 21:59 <DIR> d-------- C:\Program Files\CCleaner
2008-04-07 11:25 . 2008-04-07 11:25 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-04-07 11:25 . 2008-04-01 01:12 22,512 --a------ C:\WINDOWS\system32\drivers\adwarealert.sys
2008-04-07 11:04 . 2008-04-07 11:04 <DIR> d-------- C:\Program Files\AdwareAlert
2008-04-07 11:04 . 2008-04-07 11:04 <DIR> d-------- C:\Documents and Settings\Shyamu\Application Data\AdwareAlert
2008-04-07 07:01 . 2008-04-09 10:14 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-04-07 06:49 . 2008-04-07 06:49 <DIR> d-------- C:\Documents and Settings\Shyamu\Application Data\Ahead
2008-04-07 06:49 . 2008-04-07 06:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-07 06:47 . 2008-04-07 06:47 <DIR> d-------- C:\Program Files\Nero
2008-04-07 06:47 . 2008-04-07 06:47 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-07 06:47 . 2008-04-07 06:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-07 00:03 . 2008-04-07 00:03 <DIR> d-------- C:\Documents and Settings\Shyamu\Application Data\dvdcss
2008-04-06 22:41 . 2006-06-02 00:17 163,840 --------- C:\WINDOWS\system32\dllcache\jgdw400.dll
2008-04-06 22:41 . 2006-06-02 00:17 27,648 --------- C:\WINDOWS\system32\dllcache\jgpl400.dll
2008-04-06 22:40 . 2006-05-05 15:11 453,120 --------- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2008-04-06 22:25 . 2008-04-06 22:25 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-06 15:19 . 2008-04-06 15:19 <DIR> d-------- C:\Program Files\Symantec
2008-04-06 15:19 . 2008-04-06 15:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-06 14:53 . 2004-08-03 23:08 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2008-04-05 22:37 . 2008-04-05 22:37 <DIR> d-------- C:\Documents and Settings\Shyamu\Application Data\vlc
2008-04-05 22:28 . 2008-04-05 22:28 <DIR> d-------- C:\Program Files\VideoLAN
2008-04-05 20:07 . 2008-04-05 20:07 <DIR> d-------- C:\Program Files\Intelore
2008-04-05 16:55 . 2008-04-05 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-04-05 16:54 . 2008-04-05 16:54 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-05 02:00 . 2001-08-23 12:00 176,157 --a------ C:\WINDOWS\system32\dllcache\dgrpsetu.dll
2008-04-05 00:04 . 2008-04-05 00:04 <DIR> d-------- C:\Program Files\Real
2008-04-05 00:04 . 2008-04-05 00:04 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-05 00:04 . 2008-04-05 00:04 <DIR> d-------- C:\Program Files\Common Files\Real
2008-04-04 23:44 . 2008-04-04 23:44 <DIR> d-------- C:\Documents and Settings\Shyamu\Application Data\COWON
2008-04-04 23:37 . 2008-04-04 23:37 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2008-04-04 23:14 . 2008-04-04 23:14 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-04 23:06 . 2008-04-04 23:06 <DIR> d-------- C:\WINDOWS\WinAVI Video Converter 9.0
2008-04-04 23:06 . 2008-04-04 23:06 <DIR> d-------- C:\Program Files\WinAVI Video Converter 9.0
2008-04-04 21:48 . 2008-04-04 21:48 <DIR> d-------- C:\Documents and Settings\Shyamu\Application Data\BitTorrent
2008-04-04 21:44 . 2008-04-04 21:44 <DIR> d-------- C:\Program Files\Picasa2
2008-04-04 21:44 . 2008-04-04 21:44 <DIR> d-------- C:\Program Files\DNA
2008-04-04 21:44 . 2008-04-04 21:44 <DIR> d-------- C:\Program Files\BitTorrent
2008-04-04 21:44 . 2008-04-04 21:44 <DIR> d-------- C:\Documents and Settings\Shyamu\Application Data\DNA
2008-04-04 21:44 . 2006-10-05 08:12 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-04-04 21:44 . 2006-10-05 08:12 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-04-04 21:43 . 2008-04-04 21:43 <DIR> d-------- C:\Program Files\Rediff Toolbar
2008-04-04 21:43 . 2008-04-04 21:43 <DIR> d-------- C:\Program Files\Rediff Bol
2008-04-04 21:43 . 2008-04-04 21:43 <DIR> d-------- C:\Documents and Settings\Shyamu\Application Data\Rediff.com
2008-04-04 21:42 . 2008-04-04 21:42 <DIR> d-------- C:\Program Files\JetAudio
2008-04-04 21:41 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-04 21:40 . 2008-04-04 21:40 <DIR> d-------- C:\Program Files\MSBuild
2008-04-04 21:40 . 2008-04-04 21:40 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-04 21:37 . 2008-04-04 21:37 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-04 21:36 . 2008-04-04 21:36 <DIR> dr-h----- C:\MSOCache
2008-04-04 21:36 . 2008-04-04 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-04 21:34 . 2008-04-04 21:34 <DIR> d-------- C:\Program Files\Google
2008-04-04 21:33 . 2008-04-04 21:33 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-04-04 21:20 . 2008-04-04 21:20 <DIR> d---s---- C:\Documents and Settings\Shyamu\UserData
2008-04-04 21:17 . 2008-04-04 21:17 <DIR> d--hs---- C:\Recycled

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 15:25 --------- d-----w C:\Documents and Settings\Shyamu\Application Data\InstallShield
2008-04-04 15:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-04 15:24 --------- d-----w C:\Program Files\Realtek
2008-04-04 15:24 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-04 15:21 --------- d-----w C:\Program Files\Intel
2008-04-04 15:13 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-16 22:29 3,059,712 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-15 09:23 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 19:26 15360]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2008-04-04 21:50 587568]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-03-25 15:18 906480]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 16:33 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-10-07 20:48 125368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Documents and Settings\Shyamu\Local Settings\Temp\Rar$EX01.578\Uti\Winzip 9.0\WZQKPICK.EXE [2008-04-09 12:52:21 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Rediff Bol\\RediffMessenger.exe"=

R3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 14:05]
S0 adwarealert;adwarealert;C:\WINDOWS\system32\DRIVERS\adwarealert.sys [2008-04-01 01:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{151bfc8a-03bb-11dd-9c31-001d7d8efaff}]
\Shell\AutoRun\command - H:\3o.exe
\Shell\explore\Command - H:\3o.exe
\Shell\open\Command - H:\3o.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-04-09 01:19:56 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert.ShyamuWRuns AdwareAlert to scan your computer for malicious and potenially unwanted programs.
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-09 20:02:10
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
Completion time: 2008-04-09 20:02:29
ComboFix-quarantined-files.txt 2008-04-09 14:32:26
Pre-Run: 9,649,307,648 bytes free
Post-Run: 9,640,230,912 bytes free
.
2008-04-09 13:42:42 --- E O F ---

Regards,
Venkat
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13642
  		   Posted 4-9-2008 4:45 (GMT +1)    Quote: Adware problemsAlert an admin about: Adware problems
It looks clean. How are things running ?

Do NOT post your problem in someone elses thread.

Back to Top
 
New Topic Post reply to : Adware problems Printable version of : Adware problems
 
Forum Information
Currently it is Saturday, November 22, 2008 3:11 PM (GMT +1)
There are a total of 64.053 posts in 15.836 threads.
In the last 3 days there were 26 new threads and 156 reply posts. View Active Threads
Who's Online
This forum has 27198 registered members. Please welcome our newest member, shahed.
41 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
HELP I AM GOING MAD (6)22-11-2008 13:54:37 (traceyd31)
Redirecting virus? (7)22-11-2008 13:42:54 (r1ch1e)
Antivirus trigger is now the threat or what? (6)22-11-2008 13:01:06 (thegascomp)
Generic.PWS.WoW.B7078E0 (16)22-11-2008 11:55:15 (Behram)
Help please!!! (15)22-11-2008 10:05:45 (Touch)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard