PDA

View Full Version : Adware Generic EMG



Coyotegonemad
2005-10-29, 22:13
Hi All,

New to this forum, but not new to Spybot, think its a great tool. I have a problem, and not sure that here's where to ask about it. I run spybot, and dont find this Adware, but do find it on my anti virus. It is located in system32 file, C:\WINDOWS\system32\r?ndll.exe, but if i try to do a search for it, of course, i come up empty. It will delete, however, it returns, almost immediately. (I'm not the most computer literate person). HELPPPPPPPP

Thanks
Coyotegonemadddddddddd

LonnyRJones
2005-10-30, 12:43
Hello

Welcome to the forum
Post or attach a SSD 1.4 report please

Open SpyBot 1.4, check for and get any updates available, close all browsers, check for problems and fix everything found. Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools,and view report, ensure all the options are select near the bottom except
Uncheck[ ] do not report disabled or known legitimate Items,
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.
Now select (near the top) view report, Press export, in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button , navigate to and attach or post that report please.

Also Make and run this simple batch file please.
Launch Notepad, and copy/paste the bolded below into a new text file. Save it as FindFile.bat and save it on your Desktop.

dir C:\WINDOWS\system32\r?ndll.exe /a h > files.txt
notepad files.txt

Locate FindFile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.

kurtbarrington
2007-01-28, 16:46
Hi,

I have the same problem spybot can not find the adware but AVG 7.5 does and deletes the files straight after bootup but then the files keep coming back and I am still having the adware poping up all the time GRrrrrrrrrrrrrrrr

Sometimes I can not turn off my PC because it says: Setpoint gaming running or Panel Popup running.

Anybody got any answers.

Cheers

--- Startup entries list ---
Located: HK_LM:Run, ATIPTA
command: "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 8824078bda1635639aae125d24b85383

Located: HK_LM:Run, AudioDrvEmulator
command: "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
file: C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
size: 49152
MD5: 54b3827a5e5b2abd546d4cf059e4a742

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 411648
MD5: 2a62570d13f14f49218ce7b03caa9cb2

Located: HK_LM:Run, CTDVDDET
command: "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
file: C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
size: 45056
MD5: db20fce248d269e1c396e70a91e587c8

Located: HK_LM:Run, CTHelper
command: CTHELPER.EXE
file: C:\WINDOWS\CTHELPER.EXE
size: 16384
MD5: 7cd6c8181bd89eac664f84f3ead08dd2

Located: HK_LM:Run, CTxfiHlp
command: CTXFIHLP.EXE
file: C:\WINDOWS\system32\CTXFIHLP.EXE
size: 19968
MD5: e845fdb1ce5f0850fdb61dfd7cdda520

Located: HK_LM:Run, CTXFIREG
command: CTxfiReg.exe
file:

Located: HK_LM:Run, DataLayer
command: C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
file: C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
size: 820736
MD5: ccf90d8716e7a494b4ad9038f54fd142

Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 127035
MD5: 2ca827ba68d0cdb5437c40c6f53d7f20

Located: HK_LM:Run, DVDLauncher
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: b3e3c57fd22e71ce20389372d972c6dc

Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7e48b4958c131e9643ddcd2e7ca3fe9f

Located: HK_LM:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 190464
MD5: 4ffd225c1cb52c0d198edd8b189eadf9

Located: HK_LM:Run, IAAnotif
command: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
file: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 139264
MD5: 6ca4cc14fda11978617057e73d588475

Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 583b7d111304be63d7d9cb65482d2187

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
file:

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, PCSuiteTrayApplication
command: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
file:

Located: HK_LM:Run, PWRISOVM.EXE
command: C:\Program Files\PowerISO\PWRISOVM.EXE
file: C:\Program Files\PowerISO\PWRISOVM.EXE
size: 188416
MD5: 9cc86ba7156660d27ebf48c7a48fcb41

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: c341ccfbe98bc7df6e0b856bb9fc265a

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
file: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
size: 32881
MD5: ed85b344e6edc30c1bc57ec1a2a56bf3

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1ac2c58b587c70de64582ad41ee79fba

Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: c419df63e0121d72411285780c2fc6cc

Located: HK_LM:Run, UserFaultCheck
command: %systemroot%\system32\dumprep 0 -u
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, VolPanel
command: "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
file: C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
size: 122880
MD5: 41e9661915eb682362adbe84c547d909

Located: HK_LM:RunServices, Windows
command: taskmngr.exe
file:

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, DellSupport
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 306688
MD5: cea4715092cb7984420dbc9f51fb4c35

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, PcSync
command: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
file:

Located: HK_CU:Run, swg
command: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
size: 171448
MD5: 0fa44ea8b03aba3e1d240b5a333d8e6a

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (common), Google Updater.lnk
command: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
file: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 123640
MD5: c6522f74334b34233a0b50fbb81cfbf9

Located: Startup (common), Watch.lnk
command: C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
file: C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
size: 364544
MD5: 6417c0220835a5367f2b4fafa6b082eb

Located: Startup (user), Cyber-shot Viewer Media Check Tool.lnk
command: C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
file: C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
size: 155648
MD5: 5f2a81d0edb9d4f6a95cb08fc4a3ef26

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, pmkhh
command: C:\WINDOWS\system32\pmkhh.dll
file: C:\WINDOWS\system32\pmkhh.dll
size: 277160
MD5: 05ce3c1ab535db33636aae6eb326d8fc

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, ssqqppn
command: ssqqppn.dll
file: ssqqppn.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

tashi
2007-01-28, 18:56
Hello kurtbarrington.

The log you posted is a partial one showing only Startup entries, however it does show a very old version of Sun Java is on the PC making it susceptible to infection:


file: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe


Please do the following so someone can take a look at a closer look at the system.

Follow the procedure in this link: "BEFORE you POST" -Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)

Make sure you run the on-line anti virus scanner. :) Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22)

Once you have posted a helper will advise you as soon as available.

Cheers.

Sun Microsystems~Java. Security vunerability in older versions left on system (http://forums.spybot.info/showpost.php?p=12880&postcount=2 )

thuhbadguy
2008-06-28, 21:32
When I ran a computer search, I found the adware.generic problem in the Spybot folder.
When I removed Spybot from ADD/REMOVE Programs, restarted my computer, went to C: drive, Program Files folder and completely removed the Spybot folder, I got rid of all my adware.generic problems. Adware was inside the Spybot folder and planted 20 ad viruses on my registry.
I now us Yahoo CA spy program.


Hi,

I have the same problem spybot can not find the adware but AVG 7.5 does and deletes the files straight after bootup but then the files keep coming back and I am still having the adware poping up all the time GRrrrrrrrrrrrrrrr

Sometimes I can not turn off my PC because it says: Setpoint gaming running or Panel Popup running.

Anybody got any answers.

Cheers

--- Startup entries list ---
Located: HK_LM:Run, ATIPTA
command: "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 8824078bda1635639aae125d24b85383

Located: HK_LM:Run, AudioDrvEmulator
command: "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
file: C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
size: 49152
MD5: 54b3827a5e5b2abd546d4cf059e4a742

Located: HK_LM:Run, AVG7_CC
command: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
file: C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
size: 411648
MD5: 2a62570d13f14f49218ce7b03caa9cb2

Located: HK_LM:Run, CTDVDDET
command: "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
file: C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
size: 45056
MD5: db20fce248d269e1c396e70a91e587c8

Located: HK_LM:Run, CTHelper
command: CTHELPER.EXE
file: C:\WINDOWS\CTHELPER.EXE
size: 16384
MD5: 7cd6c8181bd89eac664f84f3ead08dd2

Located: HK_LM:Run, CTxfiHlp
command: CTXFIHLP.EXE
file: C:\WINDOWS\system32\CTXFIHLP.EXE
size: 19968
MD5: e845fdb1ce5f0850fdb61dfd7cdda520

Located: HK_LM:Run, CTXFIREG
command: CTxfiReg.exe
file:

Located: HK_LM:Run, DataLayer
command: C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
file: C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
size: 820736
MD5: ccf90d8716e7a494b4ad9038f54fd142

Located: HK_LM:Run, dla
command: C:\WINDOWS\system32\dla\tfswctrl.exe
file: C:\WINDOWS\system32\dla\tfswctrl.exe
size: 127035
MD5: 2ca827ba68d0cdb5437c40c6f53d7f20

Located: HK_LM:Run, DVDLauncher
command: "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
file: C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
size: 53248
MD5: b3e3c57fd22e71ce20389372d972c6dc

Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 67584
MD5: 7e48b4958c131e9643ddcd2e7ca3fe9f

Located: HK_LM:Run, Google Desktop Search
command: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
file: C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
size: 190464
MD5: 4ffd225c1cb52c0d198edd8b189eadf9

Located: HK_LM:Run, IAAnotif
command: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
file: C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
size: 139264
MD5: 6ca4cc14fda11978617057e73d588475

Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 583b7d111304be63d7d9cb65482d2187

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
file:

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3e4c03cefad8de135263236b61a49c90

Located: HK_LM:Run, PCSuiteTrayApplication
command: C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
file:

Located: HK_LM:Run, PWRISOVM.EXE
command: C:\Program Files\PowerISO\PWRISOVM.EXE
file: C:\Program Files\PowerISO\PWRISOVM.EXE
size: 188416
MD5: 9cc86ba7156660d27ebf48c7a48fcb41

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: c341ccfbe98bc7df6e0b856bb9fc265a

Located: HK_LM:Run, SunJavaUpdateSched
command: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
file: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
size: 32881
MD5: ed85b344e6edc30c1bc57ec1a2a56bf3

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 180269
MD5: 1ac2c58b587c70de64582ad41ee79fba

Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: c419df63e0121d72411285780c2fc6cc

Located: HK_LM:Run, UserFaultCheck
command: %systemroot%\system32\dumprep 0 -u
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922eb54890c77005268882629a31fe

Located: HK_LM:Run, VolPanel
command: "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
file: C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
size: 122880
MD5: 41e9661915eb682362adbe84c547d909

Located: HK_LM:RunServices, Windows
command: taskmngr.exe
file:

Located: HK_CU:Run, ctfmon.exe
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996a38c0b0cf151c2140ae29fc8

Located: HK_CU:Run, DellSupport
command: "C:\Program Files\Dell Support\DSAgnt.exe" /startup
file: C:\Program Files\Dell Support\DSAgnt.exe
size: 306688
MD5: cea4715092cb7984420dbc9f51fb4c35

Located: HK_CU:Run, MSMSGS
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74e6e96c6f0e2eca4edbb7f7a468f259

Located: HK_CU:Run, PcSync
command: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
file:

Located: HK_CU:Run, swg
command: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
size: 171448
MD5: 0fa44ea8b03aba3e1d240b5a333d8e6a

Located: Startup (common), Adobe Reader Speed Launch.lnk
command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
size: 29696
MD5: 43362b96870ce8649f4f2ec893da93f0

Located: Startup (common), Google Updater.lnk
command: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
file: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 123640
MD5: c6522f74334b34233a0b50fbb81cfbf9

Located: Startup (common), Watch.lnk
command: C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
file: C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
size: 364544
MD5: 6417c0220835a5367f2b4fafa6b082eb

Located: Startup (user), Cyber-shot Viewer Media Check Tool.lnk
command: C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
file: C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
size: 155648
MD5: 5f2a81d0edb9d4f6a95cb08fc4a3ef26

Located: System.ini, crypt32chain
command: crypt32.dll
file: crypt32.dll

Located: System.ini, cryptnet
command: cryptnet.dll
file: cryptnet.dll

Located: System.ini, cscdll
command: cscdll.dll
file: cscdll.dll

Located: System.ini, pmkhh
command: C:\WINDOWS\system32\pmkhh.dll
file: C:\WINDOWS\system32\pmkhh.dll
size: 277160
MD5: 05ce3c1ab535db33636aae6eb326d8fc

Located: System.ini, ScCertProp
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, Schedule
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll

Located: System.ini, SensLogn
command: WlNotify.dll
file: WlNotify.dll

Located: System.ini, ssqqppn
command: ssqqppn.dll
file: ssqqppn.dll

Located: System.ini, termsrv
command: wlnotify.dll
file: wlnotify.dll

Located: System.ini, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll

Located: System.ini, wlballoon
command: wlnotify.dll
file: wlnotify.dll

md usa spybot fan
2008-06-28, 21:45
thuhbadguy:


When I ran a computer search, I found the adware.generic problem in the Spybot folder. ...
What software did you find that with? If that software produces a listing of the detection, can you post it?