Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


top adware removal...

  • Please log in to reply
2 replies to this topic

#1 citizenx


  • Members
  • 12 posts
  • Local time:11:28 PM

Posted 09 February 2005 - 02:01 AM

i cant seem to get rid of it i did a search and located an older verison but mine still pops up my desktop wont go back to normal or anything please help me thanks

also when i run hijack and scan it will exit out i tried the miniremoval and it still stops when i hit scan something about unhooker or something thanks again

StartupList report, 2/9/2005, 12:57:25 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Jerry\Desktop\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options

Running processes:

C:\Program Files\iRiver\iHP100\iHPDetect.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail Notifier\G001-\gnotify.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\Jerry\Desktop\HijackThis.exe


Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe


Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,


Autorun entries from Registry:

dla = C:\WINDOWS\system32\dla\tfswctrl.exe
iHP-100 = C:\Program Files\iRiver\iHP100\iHPDetect.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
bcmwltry = bcmwltry.exe
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} = C:\Program Files\Google\Gmail Notifier\G001-\gnotify.exe
SunJavaUpdateSched = C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
ATIPTA = atiptaxx.exe
WinampAgent = C:\Program Files\Winamp\winampa.exe
ICQ Lite = C:\Program Files\ICQLite\ICQLite.exe -minimize
SysTime = C:\WINDOWS\System32\systime.exe
aVQL = C:\WINDOWS\System32\mivailmgprwqk.exe
process.exe = C:\WINDOWS\process.exe


Autorun entries from Registry:

(Default) =
hnetmon = C:\WINDOWS\System32\hnetmon.exe
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
shgina = C:\WINDOWS\System32\shgina.exe
Steam = "c:\program files\valve\steam\steam.exe" -silent


Autorun entries from Registry:

ICQ Lite = C:\Program Files\ICQLite\ICQLite.exe -trayboot


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}


Enumerating Download Program Files:

CODEBASE = file://c:\counter.cab

CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB

[CDKey Class]
InProcServer32 = C:\WINDOWS\System32\ITCDKey.dll
CODEBASE = http://www.cdkeybonus.com/cdkey/ITCDKey.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v5co...b?1096850987839

[GDIChk Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GDIChk.dll
CODEBASE = http://www.microsoft.com/security/controls/GDI/0/GDIChk.CAB

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab


Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

End of report, 6,263 bytes
Report generated in 0.110 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Edited by citizenx, 09 February 2005 - 02:03 AM.

BC AdBot (Login to Remove)



#2 citizenx

  • Topic Starter

  • Members
  • 12 posts
  • Local time:11:28 PM

Posted 09 February 2005 - 11:50 AM

just bumping it please help thanks

#3 Grinler


    Lawrence Abrams

  • Admin
  • 43,392 posts
  • Gender:Male
  • Location:USA
  • Local time:11:28 PM

Posted 16 March 2005 - 04:23 PM

We just implemented a way to find posts that may have been over looked. We apologize for that and if you are still having a problem, which we hope you are not, then post a new log.

Sorry for the inconvenience.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users