help me get rid of xlime!!!

Discussion in 'adware, spyware & hijack cleaning' started by raquor, May 17, 2004.

Thread Status:
Not open for further replies.
  1. raquor

    raquor Registered Member

    May 17, 2004

    I am attempting to get rid of xlime offeroptimizer on my computer at work which means I do not have administrative rights....I realize that this limits my options but I would appreciate whatever you can do to help. I have been unable to run adaware as I cannot install any programs. Here is my hijackthis log:

    Logfile of HijackThis v1.97.7
    Scan saved at 12:36:02 PM, on 5/17/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page ={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Amcore Financial Inc.
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\COMMON~1\WinTools\btiein.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [AeXAgentLogon] "C:\Program Files\Altiris\eXpress\NS Client\AeXAgentActivate.exe" /logon
    O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
    O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Store Forward Upgrade.lnk = C:\Program Files\Vertex\StoreForward\Upgrade.exe
    O4 - Global Startup: SI Viewer Server.lnk = C:\JHA\BIN\vsvr.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O14 - IERESET.INF: START_PAGE_URL=http://intranet/
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} -
    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} -
    O16 - DPF: {4F021AE3-9E98-11D0-A808-00C04FDCD94A} (Novell Directory Control) - http://intranet/referrals/nwdir.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    O16 - DPF: {E7C44C86-0CD3-11D2-9311-00A0247A4E65} (SEAGULL J Walk ActiveX Client) -
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = afi.local
    O17 - HKLM\Software\..\Telephony: DomainName = afi.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = afi.local
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Apr 27, 2002
    Hi raquor,

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll

    O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\COMMON~1\WinTools\btiein.dll (file missing)

    O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe

    O16 - DPF: {26E8361F-BCE7-4F75-A347-98C88B418322} -
    O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} -

    Then reboot into safe mode and delete:
    C:\PROGRAM FILES\COMMON FILES\WinTools <= entire folder


Thread Status:
Not open for further replies.