Xlime help

Discussion in 'adware, spyware & hijack cleaning' started by ashevilleTS, Jun 9, 2004.

Thread Status:
Not open for further replies.
  1. ashevilleTS

    ashevilleTS Registered Member

    Joined:
    Jun 9, 2004
    Posts:
    1
    I'm having trouble with xlime optimizer on my work terminal, (I guess that's what happens when you let other people use your desk while on vacation). I have run AdAware 6.0 and then ran HihackThis

    Logfile of HijackThis v1.97.7
    Scan saved at 4:44:46 PM, on 6/9/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\hkcmd.exe
    C:\winnt\temp\msbb.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
    C:\WINNT\system32\mshta.exe
    C:\WINNT\system32\mshta.exe
    C:\Program Files\Support.com\bin\healtop.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Temporary Internet Files\Content.IE5\O9QFCHIV\HijackThis[1].exe
    C:\Program Files\Trillian\trillian.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://biis01/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=5.5&plcid=0x0409
    O1 - Hosts: 169.1.20.88 proxycluster
    O1 - Hosts: 137.66.253.3 srv0509 #netaspX Lawson server
    O1 - Hosts: 137.66.253.6 srv0003 #netaspX Lawson server
    O1 - Hosts: 137.66.253.12 srv0004 #netaspX Lawson server
    O1 - Hosts: 137.66.253.8 srv0001 #netaspX Lawson server
    O1 - Hosts: 207.179.155.142 app03su-e1
    O1 - Hosts: 172.30.4.240 r3sscmn lccms01s
    O1 - Hosts: 172.30.26.240 r3scnmn starkcms01s
    O1 - Hosts: 172.30.38.240 r3scmmn bogcms01s
    O1 - Hosts: 172.30.18.240 r3nammn pacms01s
    O1 - Hosts: 172.30.11.240 hamcms01s
    O1 - Hosts: 172.30.35.240 r3sznok wincms01s
    O1 - Hosts: 172.30.47.240 r3sdcmn andcms01s
    O1 - Hosts: 101.113.0.16 r3vovie mancms01s
    O1 - Hosts: 32.78.206.163 amc_prod
    O1 - Hosts: 192.212.94.129 TN_SCE
    O1 - Hosts: 204.194.127.3 aws.aws.neteps.com
    O1 - Hosts: 169.1.140.10 tscluster02
    O1 - Hosts: 169.1.150.1 l001nprimus1drac
    O1 - Hosts: 169.1.150.2 l001nprimus2drac
    O1 - Hosts: 169.1.150.3 l001nprimus3drac
    O1 - Hosts: 169.1.150.4 biisapp3
    O1 - Hosts: 169.1.150.5 biisapp4
    O1 - Hosts: 169.1.150.6 biisappmid2
    O1 - Hosts: 169.1.150.7 l001nmid01
    O1 - Hosts: 169.1.150.8 intralogicdev_drac
    O1 - Hosts: 169.1.150.9 S10DYSZN # Security PC
    O1 - Hosts: 169.1.150.10 L001N10 # PDC REPL$
    O1 - Hosts: 169.1.150.12 L001N12 # MEMBER FILE
    O1 - Hosts: 169.1.150.17 L001N17 # BDC WINS DNS PRINT
    O1 - Hosts: 169.1.150.18 L001N18 # BDC DHCP PROFILES RAS
    O1 - Hosts: 169.1.150.20 L001N16 # Converse digital call recording
    O1 - Hosts: 169.1.150.21 digicall01 # Converse digital call recording
    O1 - Hosts: 169.1.150.22 # Converse digital call recording
    O1 - Hosts: 169.1.150.23 # Converse digital call recording
    O1 - Hosts: 169.1.150.24 # Converse digital call recording
    O1 - Hosts: 169.1.150.28 L001N18drac # Dell Remote Assistant Card for '18
    O1 - Hosts: 169.1.160.110 bvan07
    O1 - Hosts: 169.1.160.112 vanweb01
    O1 - Hosts: 169.1.150.40 L001N40 RightFAX
    O1 - Hosts: 172.17.0.18 orhp
    O1 - Hosts: 172.17.0.18 training
    O1 - Hosts: 172.17.0.15 orhp2
    O1 - Hosts: 172.17.0.15 training2
    O1 - Hosts: 169.2.163.50 buffalo-wzu8gab buffalo0wzu8gab.
    O1 - Hosts: 169.2.140.1 infxtst
    O1 - Hosts: 169.2.163.95 ibm-dnr1nr1nripo1g ibm-dnr1nr1nripo1g.corp
    O1 - Hosts: 169.2.164.86 S00200100 S00200100.corp
    O1 - Hosts: 169.2.150.17 L002N17 # BDC WINS DNS PRINT
    O1 - Hosts: 169.2.150.18 L002N18 # BDC DHCP PROFILES RAS
    O1 - Hosts: 169.2.150.20 netlink_box
    O1 - Hosts: 169.2.150.21 l002n19a
    O1 - Hosts: 169.2.150.23 speechrec
    O1 - Hosts: 169.2.150.39 bcstest1
    O1 - Hosts: 169.2.150.40 L002N40 # MEMBER FILE EXCHANGE BACKUP
    O1 - Hosts: 169.2.150.41 # AVOCENT DS 1800
    O1 - Hosts: 169.2.150.49 L016N17 # Server for Exchange restore
    O1 - Hosts: 169.2.150.50 desktopdev
    O1 - Hosts: 169.2.150.51 biisappqa01 biisapp1qa biisapp2qa biisapp3qa biisapp4qa vanweb01qa
    O1 - Hosts: 169.2.150.60 L002N60 # SECURITY WAREHOUSE
    O1 - Hosts: 169.2.150.69 L002NTREND # Corporate Anti-virus Server
    O1 - Hosts: 169.2.150.75 vantest01
    O1 - Hosts: 169.2.150.76 l002ntsls
    O1 - Hosts: 169.2.150.78 kronotest01
    O1 - Hosts: 169.2.150.80 tsclifton
    O1 - Hosts: 169.2.150.88 l002nlinkup
    O1 - Hosts: 169.10.160.13 testclock2
    O1 - Hosts: 169.2.163.26 buf087lw #ops data conv. machine
    O1 - Hosts: 169.2.161.210 s0023xfam #Admin PC MichePer
    O1 - Hosts: 169.2.161.104 w3jen #Admin PC david
    O1 - Hosts: 169.2.162.157 tskronos01
    O1 - Hosts: 147.178.82.101 CITRIXFARM1
    O1 - Hosts: 147.178.82.102 CITRIXFARM2
    O1 - Hosts: 163.244.79.79 delltecheuro-bray-ie-dell-com
    O1 - Hosts: 163.244.81.38 k2-bray-ie-dell-com
    O1 - Hosts: 163.244.81.39 wicklowiis.bray.ie.dell.com
    O1 - Hosts: 143.166.12.30 vendor-esmart.us.dell.com
    O1 - Hosts: 206.191.183.65 internalsupport.tivo.safeharbor.com
    O1 - Hosts: 222.37.67.198 clifton_conversant
    O1 - Hosts: 222.37.67.13 lcs-ns
    O1 - Hosts: 222.37.67.116 lcs-ns2
    O1 - Hosts: 208.46.216.162 wfportalapp01
    O1 - Hosts: 129.0.0.44 exeter01
    O1 - Hosts: 129.0.0.61 excms01s r3463cbg
    O1 - Hosts: 192.251.79.7 cri-ftp
    O1 - Hosts: 192.251.79.5 cri-storage
    O1 - Hosts: 192.251.79.11 cri-trax
    O1 - Hosts: 192.251.79.8 cri-file
    O1 - Hosts: 169.2.180.75 university17
    O1 - Hosts: 64.142.243.36 testpmg.prcnet.com
    O1 - Hosts: 198.135.64.11 gfciso gfciso.
    O1 - Hosts: 192.85.223.190
    O1 - Hosts: 192.85.223.188 #GF Terminal Server
    O1 - Hosts: 192.85.223.178 gev_hp4si gev_hp4si. #GF Printer F169
    O1 - Hosts: 192.85.223.179 gev_hp4050 gev_hp4050. #GF Printer F129
    O1 - Hosts: 192.85.223.184 gev_hp184 gev_hp184. #GF Printer F126
    O1 - Hosts: 192.85.223.185 gev_hp5si1 gev_hp5si1. #GF Printer F127
    O1 - Hosts: 192.85.223.186 gev_hp5si2 gev_hp5si2. #GF Printer F128
    O1 - Hosts: 192.85.223.187 gev_hp3si gev_hp3si. #GF Printer
    O1 - Hosts: 199.33.174.31 gev_kf1 gev_kf1. #GF Printer Konica Force 75 F170
    O1 - Hosts: 199.33.174.33 gev_kf2 gev_kf2. #GF Printer Konica Force 75 F171
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\bridge.dll
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem217.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [maint.cmd] \\l025n19\apps\win2k\maint.cmd
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [vfwtnhobzpjaj] C:\WINNT\system32\qnwhpeqo.exe
    O4 - HKLM\..\Run: [msbb] c:\winnt\temp\msbb.exe
    O4 - HKLM\..\Run: [mzqb] C:\WINNT\mzqb.exe
    O4 - HKLM\..\Run: [idopwlet] C:\WINNT\idopwlet.exe
    O4 - HKLM\..\Run: [wlovulgt] C:\WINNT\wlovulgt.exe
    O4 - HKLM\..\Run: [ofod] C:\WINNT\ofod.exe
    O4 - HKLM\..\Run: [ahwdsfor] C:\WINNT\ahwdsfor.exe
    O4 - HKLM\..\Run: [ylydsn] C:\WINNT\ylydsn.exe
    O4 - HKLM\..\Run: [mvsdgb] C:\WINNT\mvsdgb.exe
    O4 - Global Startup: verifier.bat
    O9 - Extra button: Sidesearch (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.43.153.0.54
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {332bd5a0-8000-11d7-b657-00c04faedb18} (Oracle JInitiator 1.1.8.22) -
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.4349768519
    O16 - DPF: {aa44da02-7f61-11d4-a3e1-00c04fa32518} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O1 - Hosts: 169.1.20.88 proxycluster
    O1 - Hosts: 137.66.253.3 srv0509 #netaspX Lawson server
    O1 - Hosts: 137.66.253.6 srv0003 #netaspX Lawson server
    O1 - Hosts: 137.66.253.12 srv0004 #netaspX Lawson server
    O1 - Hosts: 137.66.253.8 srv0001 #netaspX Lawson server
    O1 - Hosts: 207.179.155.142 app03su-e1
    O1 - Hosts: 172.30.4.240 r3sscmn lccms01s
    O1 - Hosts: 172.30.26.240 r3scnmn starkcms01s
    O1 - Hosts: 172.30.38.240 r3scmmn bogcms01s
    O1 - Hosts: 172.30.18.240 r3nammn pacms01s
    O1 - Hosts: 172.30.11.240 hamcms01s
    O1 - Hosts: 172.30.35.240 r3sznok wincms01s
    O1 - Hosts: 172.30.47.240 r3sdcmn andcms01s
    O1 - Hosts: 101.113.0.16 r3vovie mancms01s
    O1 - Hosts: 32.78.206.163 amc_prod
    O1 - Hosts: 192.212.94.129 TN_SCE
    O1 - Hosts: 204.194.127.3 aws.aws.neteps.com
    O1 - Hosts: 169.1.140.10 tscluster02
    O1 - Hosts: 169.1.150.1 l001nprimus1drac
    O1 - Hosts: 169.1.150.2 l001nprimus2drac
    O1 - Hosts: 169.1.150.3 l001nprimus3drac
    O1 - Hosts: 169.1.150.4 biisapp3
    O1 - Hosts: 169.1.150.5 biisapp4
    O1 - Hosts: 169.1.150.6 biisappmid2
    O1 - Hosts: 169.1.150.7 l001nmid01
    O1 - Hosts: 169.1.150.8 intralogicdev_drac
    O1 - Hosts: 169.1.150.9 S10DYSZN # Security PC
    O1 - Hosts: 169.1.150.10 L001N10 # PDC REPL$
    O1 - Hosts: 169.1.150.12 L001N12 # MEMBER FILE
    O1 - Hosts: 169.1.150.17 L001N17 # BDC WINS DNS PRINT
    O1 - Hosts: 169.1.150.18 L001N18 # BDC DHCP PROFILES RAS
    O1 - Hosts: 169.1.150.20 L001N16 # Converse digital call recording
    O1 - Hosts: 169.1.150.21 digicall01 # Converse digital call recording
    O1 - Hosts: 169.1.150.22 # Converse digital call recording
    O1 - Hosts: 169.1.150.23 # Converse digital call recording
    O1 - Hosts: 169.1.150.24 # Converse digital call recording
    O1 - Hosts: 169.1.150.28 L001N18drac # Dell Remote Assistant Card for '18
    O1 - Hosts: 169.1.160.110 bvan07
    O1 - Hosts: 169.1.160.112 vanweb01
    O1 - Hosts: 169.1.150.40 L001N40 RightFAX
    O1 - Hosts: 172.17.0.18 orhp
    O1 - Hosts: 172.17.0.18 training
    O1 - Hosts: 172.17.0.15 orhp2
    O1 - Hosts: 172.17.0.15 training2
    O1 - Hosts: 169.2.163.50 buffalo-wzu8gab buffalo0wzu8gab.
    O1 - Hosts: 169.2.140.1 infxtst
    O1 - Hosts: 169.2.163.95 ibm-dnr1nr1nripo1g ibm-dnr1nr1nripo1g.corp
    O1 - Hosts: 169.2.164.86 S00200100 S00200100.corp
    O1 - Hosts: 169.2.150.17 L002N17 # BDC WINS DNS PRINT
    O1 - Hosts: 169.2.150.18 L002N18 # BDC DHCP PROFILES RAS
    O1 - Hosts: 169.2.150.20 netlink_box
    O1 - Hosts: 169.2.150.21 l002n19a
    O1 - Hosts: 169.2.150.23 speechrec
    O1 - Hosts: 169.2.150.39 bcstest1
    O1 - Hosts: 169.2.150.40 L002N40 # MEMBER FILE EXCHANGE BACKUP
    O1 - Hosts: 169.2.150.41 # AVOCENT DS 1800
    O1 - Hosts: 169.2.150.49 L016N17 # Server for Exchange restore
    O1 - Hosts: 169.2.150.50 desktopdev
    O1 - Hosts: 169.2.150.51 biisappqa01 biisapp1qa biisapp2qa biisapp3qa biisapp4qa vanweb01qa
    O1 - Hosts: 169.2.150.60 L002N60 # SECURITY WAREHOUSE
    O1 - Hosts: 169.2.150.69 L002NTREND # Corporate Anti-virus Server
    O1 - Hosts: 169.2.150.75 vantest01
    O1 - Hosts: 169.2.150.76 l002ntsls
    O1 - Hosts: 169.2.150.78 kronotest01
    O1 - Hosts: 169.2.150.80 tsclifton
    O1 - Hosts: 169.2.150.88 l002nlinkup
    O1 - Hosts: 169.10.160.13 testclock2
    O1 - Hosts: 169.2.163.26 buf087lw #ops data conv. machine
    O1 - Hosts: 169.2.161.210 s0023xfam #Admin PC MichePer
    O1 - Hosts: 169.2.161.104 w3jen #Admin PC david
    O1 - Hosts: 169.2.162.157 tskronos01
    O1 - Hosts: 147.178.82.101 CITRIXFARM1
    O1 - Hosts: 147.178.82.102 CITRIXFARM2
    O1 - Hosts: 163.244.79.79 delltecheuro-bray-ie-dell-com
    O1 - Hosts: 163.244.81.38 k2-bray-ie-dell-com
    O1 - Hosts: 163.244.81.39 wicklowiis.bray.ie.dell.com
    O1 - Hosts: 143.166.12.30 vendor-esmart.us.dell.com
    O1 - Hosts: 206.191.183.65 internalsupport.tivo.safeharbor.com
    O1 - Hosts: 222.37.67.198 clifton_conversant
    O1 - Hosts: 222.37.67.13 lcs-ns
    O1 - Hosts: 222.37.67.116 lcs-ns2
    O1 - Hosts: 208.46.216.162 wfportalapp01
    O1 - Hosts: 129.0.0.44 exeter01
    O1 - Hosts: 129.0.0.61 excms01s r3463cbg
    O1 - Hosts: 192.251.79.7 cri-ftp
    O1 - Hosts: 192.251.79.5 cri-storage
    O1 - Hosts: 192.251.79.11 cri-trax
    O1 - Hosts: 192.251.79.8 cri-file
    O1 - Hosts: 169.2.180.75 university17
    O1 - Hosts: 64.142.243.36 testpmg.prcnet.com
    O1 - Hosts: 198.135.64.11 gfciso gfciso.
    O1 - Hosts: 192.85.223.190
    O1 - Hosts: 192.85.223.188 #GF Terminal Server
    O1 - Hosts: 192.85.223.178 gev_hp4si gev_hp4si. #GF Printer F169
    O1 - Hosts: 192.85.223.179 gev_hp4050 gev_hp4050. #GF Printer F129
    O1 - Hosts: 192.85.223.184 gev_hp184 gev_hp184. #GF Printer F126
    O1 - Hosts: 192.85.223.185 gev_hp5si1 gev_hp5si1. #GF Printer F127
    O1 - Hosts: 192.85.223.186 gev_hp5si2 gev_hp5si2. #GF Printer F128
    O1 - Hosts: 192.85.223.187 gev_hp3si gev_hp3si. #GF Printer
    O1 - Hosts: 199.33.174.31 gev_kf1 gev_kf1. #GF Printer Konica Force 75 F170
    O1 - Hosts: 199.33.174.33 gev_kf2 gev_kf2. #GF Printer Konica Force 75 F171
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\bridge.dll
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem217.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [maint.cmd] \\l025n19\apps\win2k\maint.cmd
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [vfwtnhobzpjaj] C:\WINNT\system32\qnwhpeqo.exe
    O4 - HKLM\..\Run: [msbb] c:\winnt\temp\msbb.exe
    O4 - HKLM\..\Run: [mzqb] C:\WINNT\mzqb.exe
    O4 - HKLM\..\Run: [idopwlet] C:\WINNT\idopwlet.exe
    O4 - HKLM\..\Run: [wlovulgt] C:\WINNT\wlovulgt.exe
    O4 - HKLM\..\Run: [ofod] C:\WINNT\ofod.exe
    O4 - HKLM\..\Run: [ahwdsfor] C:\WINNT\ahwdsfor.exe
    O4 - HKLM\..\Run: [ylydsn] C:\WINNT\ylydsn.exe
    O4 - HKLM\..\Run: [mvsdgb] C:\WINNT\mvsdgb.exe
    O4 - Global Startup: verifier.bat
    O9 - Extra button: Sidesearch (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.43.153.0.54
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {332bd5a0-8000-11d7-b657-00c04faedb18} (Oracle JInitiator 1.1.8.22) -
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.4349768519
    O16 - DPF: {aa44da02-7f61-11d4-a3e1-00c04fa32518} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


    I know this is quite large but I use the termial for doing technical support calls and having that damn xlime pop up is really getting in the way. Any help is much appreciated.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,429
    Location:
    Netherlands
    Hi ashevilleTS,

    Your log is a bit garbled. I'll see what I can do.

    Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These easily get lost in a Temp folder.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll

    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\bridge.dll
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem217.dll

    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [vfwtnhobzpjaj] C:\WINNT\system32\qnwhpeqo.exe
    O4 - HKLM\..\Run: [msbb] c:\winnt\temp\msbb.exe
    O4 - HKLM\..\Run: [mzqb] C:\WINNT\mzqb.exe
    O4 - HKLM\..\Run: [idopwlet] C:\WINNT\idopwlet.exe
    O4 - HKLM\..\Run: [wlovulgt] C:\WINNT\wlovulgt.exe
    O4 - HKLM\..\Run: [ofod] C:\WINNT\ofod.exe
    O4 - HKLM\..\Run: [ahwdsfor] C:\WINNT\ahwdsfor.exe
    O4 - HKLM\..\Run: [ylydsn] C:\WINNT\ylydsn.exe
    O4 - HKLM\..\Run: [mvsdgb] C:\WINNT\mvsdgb.exe

    O9 - Extra button: Sidesearch (HKLM)

    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab

    Then reboot into safe mode and delete:
    C:\Program Files\Lycos\Sidesearch <= entire folder
    C:\WINNT\Downloaded Program Files\bridge.dll
    C:\Program Files\Bargain Buddy <= entire folder
    C:\Program Files\Internet Optimizer <= entire folder

    I have been very carefull not to damage any company files or settings, so I hop no malware escaped.

    I guessed I had to stay away from:
    O4 - HKLM\..\Run: [maint.cmd] \\l025n19\apps\win2k\maint.cmd
    O4 - Global Startup: verifier.bat

    If you still have problems I will need to know what they are for.

    Post a new log when you are done, so we can see if everything worked out as planned.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.