Xlime help

Discussion in 'adware, spyware & hijack cleaning' started by ashevilleTS, Jun 9, 2004.

Thread Status:
Not open for further replies.
  1. ashevilleTS

    ashevilleTS Registered Member

    Joined:
    Jun 9, 2004
    Posts:
    1
    I'm having trouble with xlime optimizer on my work terminal, (I guess that's what happens when you let other people use your desk while on vacation). I have run AdAware 6.0 and then ran HihackThis

    Logfile of HijackThis v1.97.7
    Scan saved at 4:44:46 PM, on 6/9/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\Explorer.EXE
    C:\WINNT\System32\hkcmd.exe
    C:\winnt\temp\msbb.exe
    C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
    C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
    C:\WINNT\system32\mshta.exe
    C:\WINNT\system32\mshta.exe
    C:\Program Files\Support.com\bin\healtop.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Temporary Internet Files\Content.IE5\O9QFCHIV\HijackThis[1].exe
    C:\Program Files\Trillian\trillian.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://biis01/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=runonce&pver=5.5&plcid=0x0409
    O1 - Hosts: 169.1.20.88 proxycluster
    O1 - Hosts: 137.66.253.3 srv0509 #netaspX Lawson server
    O1 - Hosts: 137.66.253.6 srv0003 #netaspX Lawson server
    O1 - Hosts: 137.66.253.12 srv0004 #netaspX Lawson server
    O1 - Hosts: 137.66.253.8 srv0001 #netaspX Lawson server
    O1 - Hosts: 207.179.155.142 app03su-e1
    O1 - Hosts: 172.30.4.240 r3sscmn lccms01s
    O1 - Hosts: 172.30.26.240 r3scnmn starkcms01s
    O1 - Hosts: 172.30.38.240 r3scmmn bogcms01s
    O1 - Hosts: 172.30.18.240 r3nammn pacms01s
    O1 - Hosts: 172.30.11.240 hamcms01s
    O1 - Hosts: 172.30.35.240 r3sznok wincms01s
    O1 - Hosts: 172.30.47.240 r3sdcmn andcms01s
    O1 - Hosts: 101.113.0.16 r3vovie mancms01s
    O1 - Hosts: 32.78.206.163 amc_prod
    O1 - Hosts: 192.212.94.129 TN_SCE
    O1 - Hosts: 204.194.127.3 aws.aws.neteps.com
    O1 - Hosts: 169.1.140.10 tscluster02
    O1 - Hosts: 169.1.150.1 l001nprimus1drac
    O1 - Hosts: 169.1.150.2 l001nprimus2drac
    O1 - Hosts: 169.1.150.3 l001nprimus3drac
    O1 - Hosts: 169.1.150.4 biisapp3
    O1 - Hosts: 169.1.150.5 biisapp4
    O1 - Hosts: 169.1.150.6 biisappmid2
    O1 - Hosts: 169.1.150.7 l001nmid01
    O1 - Hosts: 169.1.150.8 intralogicdev_drac
    O1 - Hosts: 169.1.150.9 S10DYSZN # Security PC
    O1 - Hosts: 169.1.150.10 L001N10 # PDC REPL$
    O1 - Hosts: 169.1.150.12 L001N12 # MEMBER FILE
    O1 - Hosts: 169.1.150.17 L001N17 # BDC WINS DNS PRINT
    O1 - Hosts: 169.1.150.18 L001N18 # BDC DHCP PROFILES RAS
    O1 - Hosts: 169.1.150.20 L001N16 # Converse digital call recording
    O1 - Hosts: 169.1.150.21 digicall01 # Converse digital call recording
    O1 - Hosts: 169.1.150.22 # Converse digital call recording
    O1 - Hosts: 169.1.150.23 # Converse digital call recording
    O1 - Hosts: 169.1.150.24 # Converse digital call recording
    O1 - Hosts: 169.1.150.28 L001N18drac # Dell Remote Assistant Card for '18
    O1 - Hosts: 169.1.160.110 bvan07
    O1 - Hosts: 169.1.160.112 vanweb01
    O1 - Hosts: 169.1.150.40 L001N40 RightFAX
    O1 - Hosts: 172.17.0.18 orhp
    O1 - Hosts: 172.17.0.18 training
    O1 - Hosts: 172.17.0.15 orhp2
    O1 - Hosts: 172.17.0.15 training2
    O1 - Hosts: 169.2.163.50 buffalo-wzu8gab buffalo0wzu8gab.
    O1 - Hosts: 169.2.140.1 infxtst
    O1 - Hosts: 169.2.163.95 ibm-dnr1nr1nripo1g ibm-dnr1nr1nripo1g.corp
    O1 - Hosts: 169.2.164.86 S00200100 S00200100.corp
    O1 - Hosts: 169.2.150.17 L002N17 # BDC WINS DNS PRINT
    O1 - Hosts: 169.2.150.18 L002N18 # BDC DHCP PROFILES RAS
    O1 - Hosts: 169.2.150.20 netlink_box
    O1 - Hosts: 169.2.150.21 l002n19a
    O1 - Hosts: 169.2.150.23 speechrec
    O1 - Hosts: 169.2.150.39 bcstest1
    O1 - Hosts: 169.2.150.40 L002N40 # MEMBER FILE EXCHANGE BACKUP
    O1 - Hosts: 169.2.150.41 # AVOCENT DS 1800
    O1 - Hosts: 169.2.150.49 L016N17 # Server for Exchange restore
    O1 - Hosts: 169.2.150.50 desktopdev
    O1 - Hosts: 169.2.150.51 biisappqa01 biisapp1qa biisapp2qa biisapp3qa biisapp4qa vanweb01qa
    O1 - Hosts: 169.2.150.60 L002N60 # SECURITY WAREHOUSE
    O1 - Hosts: 169.2.150.69 L002NTREND # Corporate Anti-virus Server
    O1 - Hosts: 169.2.150.75 vantest01
    O1 - Hosts: 169.2.150.76 l002ntsls
    O1 - Hosts: 169.2.150.78 kronotest01
    O1 - Hosts: 169.2.150.80 tsclifton
    O1 - Hosts: 169.2.150.88 l002nlinkup
    O1 - Hosts: 169.10.160.13 testclock2
    O1 - Hosts: 169.2.163.26 buf087lw #ops data conv. machine
    O1 - Hosts: 169.2.161.210 s0023xfam #Admin PC MichePer
    O1 - Hosts: 169.2.161.104 w3jen #Admin PC david
    O1 - Hosts: 169.2.162.157 tskronos01
    O1 - Hosts: 147.178.82.101 CITRIXFARM1
    O1 - Hosts: 147.178.82.102 CITRIXFARM2
    O1 - Hosts: 163.244.79.79 delltecheuro-bray-ie-dell-com
    O1 - Hosts: 163.244.81.38 k2-bray-ie-dell-com
    O1 - Hosts: 163.244.81.39 wicklowiis.bray.ie.dell.com
    O1 - Hosts: 143.166.12.30 vendor-esmart.us.dell.com
    O1 - Hosts: 206.191.183.65 internalsupport.tivo.safeharbor.com
    O1 - Hosts: 222.37.67.198 clifton_conversant
    O1 - Hosts: 222.37.67.13 lcs-ns
    O1 - Hosts: 222.37.67.116 lcs-ns2
    O1 - Hosts: 208.46.216.162 wfportalapp01
    O1 - Hosts: 129.0.0.44 exeter01
    O1 - Hosts: 129.0.0.61 excms01s r3463cbg
    O1 - Hosts: 192.251.79.7 cri-ftp
    O1 - Hosts: 192.251.79.5 cri-storage
    O1 - Hosts: 192.251.79.11 cri-trax
    O1 - Hosts: 192.251.79.8 cri-file
    O1 - Hosts: 169.2.180.75 university17
    O1 - Hosts: 64.142.243.36 testpmg.prcnet.com
    O1 - Hosts: 198.135.64.11 gfciso gfciso.
    O1 - Hosts: 192.85.223.190
    O1 - Hosts: 192.85.223.188 #GF Terminal Server
    O1 - Hosts: 192.85.223.178 gev_hp4si gev_hp4si. #GF Printer F169
    O1 - Hosts: 192.85.223.179 gev_hp4050 gev_hp4050. #GF Printer F129
    O1 - Hosts: 192.85.223.184 gev_hp184 gev_hp184. #GF Printer F126
    O1 - Hosts: 192.85.223.185 gev_hp5si1 gev_hp5si1. #GF Printer F127
    O1 - Hosts: 192.85.223.186 gev_hp5si2 gev_hp5si2. #GF Printer F128
    O1 - Hosts: 192.85.223.187 gev_hp3si gev_hp3si. #GF Printer
    O1 - Hosts: 199.33.174.31 gev_kf1 gev_kf1. #GF Printer Konica Force 75 F170
    O1 - Hosts: 199.33.174.33 gev_kf2 gev_kf2. #GF Printer Konica Force 75 F171
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\bridge.dll
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem217.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [maint.cmd] \\l025n19\apps\win2k\maint.cmd
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [vfwtnhobzpjaj] C:\WINNT\system32\qnwhpeqo.exe
    O4 - HKLM\..\Run: [msbb] c:\winnt\temp\msbb.exe
    O4 - HKLM\..\Run: [mzqb] C:\WINNT\mzqb.exe
    O4 - HKLM\..\Run: [idopwlet] C:\WINNT\idopwlet.exe
    O4 - HKLM\..\Run: [wlovulgt] C:\WINNT\wlovulgt.exe
    O4 - HKLM\..\Run: [ofod] C:\WINNT\ofod.exe
    O4 - HKLM\..\Run: [ahwdsfor] C:\WINNT\ahwdsfor.exe
    O4 - HKLM\..\Run: [ylydsn] C:\WINNT\ylydsn.exe
    O4 - HKLM\..\Run: [mvsdgb] C:\WINNT\mvsdgb.exe
    O4 - Global Startup: verifier.bat
    O9 - Extra button: Sidesearch (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.43.153.0.54
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {332bd5a0-8000-11d7-b657-00c04faedb18} (Oracle JInitiator 1.1.8.22) -
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.4349768519
    O16 - DPF: {aa44da02-7f61-11d4-a3e1-00c04fa32518} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O1 - Hosts: 169.1.20.88 proxycluster
    O1 - Hosts: 137.66.253.3 srv0509 #netaspX Lawson server
    O1 - Hosts: 137.66.253.6 srv0003 #netaspX Lawson server
    O1 - Hosts: 137.66.253.12 srv0004 #netaspX Lawson server
    O1 - Hosts: 137.66.253.8 srv0001 #netaspX Lawson server
    O1 - Hosts: 207.179.155.142 app03su-e1
    O1 - Hosts: 172.30.4.240 r3sscmn lccms01s
    O1 - Hosts: 172.30.26.240 r3scnmn starkcms01s
    O1 - Hosts: 172.30.38.240 r3scmmn bogcms01s
    O1 - Hosts: 172.30.18.240 r3nammn pacms01s
    O1 - Hosts: 172.30.11.240 hamcms01s
    O1 - Hosts: 172.30.35.240 r3sznok wincms01s
    O1 - Hosts: 172.30.47.240 r3sdcmn andcms01s
    O1 - Hosts: 101.113.0.16 r3vovie mancms01s
    O1 - Hosts: 32.78.206.163 amc_prod
    O1 - Hosts: 192.212.94.129 TN_SCE
    O1 - Hosts: 204.194.127.3 aws.aws.neteps.com
    O1 - Hosts: 169.1.140.10 tscluster02
    O1 - Hosts: 169.1.150.1 l001nprimus1drac
    O1 - Hosts: 169.1.150.2 l001nprimus2drac
    O1 - Hosts: 169.1.150.3 l001nprimus3drac
    O1 - Hosts: 169.1.150.4 biisapp3
    O1 - Hosts: 169.1.150.5 biisapp4
    O1 - Hosts: 169.1.150.6 biisappmid2
    O1 - Hosts: 169.1.150.7 l001nmid01
    O1 - Hosts: 169.1.150.8 intralogicdev_drac
    O1 - Hosts: 169.1.150.9 S10DYSZN # Security PC
    O1 - Hosts: 169.1.150.10 L001N10 # PDC REPL$
    O1 - Hosts: 169.1.150.12 L001N12 # MEMBER FILE
    O1 - Hosts: 169.1.150.17 L001N17 # BDC WINS DNS PRINT
    O1 - Hosts: 169.1.150.18 L001N18 # BDC DHCP PROFILES RAS
    O1 - Hosts: 169.1.150.20 L001N16 # Converse digital call recording
    O1 - Hosts: 169.1.150.21 digicall01 # Converse digital call recording
    O1 - Hosts: 169.1.150.22 # Converse digital call recording
    O1 - Hosts: 169.1.150.23 # Converse digital call recording
    O1 - Hosts: 169.1.150.24 # Converse digital call recording
    O1 - Hosts: 169.1.150.28 L001N18drac # Dell Remote Assistant Card for '18
    O1 - Hosts: 169.1.160.110 bvan07
    O1 - Hosts: 169.1.160.112 vanweb01
    O1 - Hosts: 169.1.150.40 L001N40 RightFAX
    O1 - Hosts: 172.17.0.18 orhp
    O1 - Hosts: 172.17.0.18 training
    O1 - Hosts: 172.17.0.15 orhp2
    O1 - Hosts: 172.17.0.15 training2
    O1 - Hosts: 169.2.163.50 buffalo-wzu8gab buffalo0wzu8gab.
    O1 - Hosts: 169.2.140.1 infxtst
    O1 - Hosts: 169.2.163.95 ibm-dnr1nr1nripo1g ibm-dnr1nr1nripo1g.corp
    O1 - Hosts: 169.2.164.86 S00200100 S00200100.corp
    O1 - Hosts: 169.2.150.17 L002N17 # BDC WINS DNS PRINT
    O1 - Hosts: 169.2.150.18 L002N18 # BDC DHCP PROFILES RAS
    O1 - Hosts: 169.2.150.20 netlink_box
    O1 - Hosts: 169.2.150.21 l002n19a
    O1 - Hosts: 169.2.150.23 speechrec
    O1 - Hosts: 169.2.150.39 bcstest1
    O1 - Hosts: 169.2.150.40 L002N40 # MEMBER FILE EXCHANGE BACKUP
    O1 - Hosts: 169.2.150.41 # AVOCENT DS 1800
    O1 - Hosts: 169.2.150.49 L016N17 # Server for Exchange restore
    O1 - Hosts: 169.2.150.50 desktopdev
    O1 - Hosts: 169.2.150.51 biisappqa01 biisapp1qa biisapp2qa biisapp3qa biisapp4qa vanweb01qa
    O1 - Hosts: 169.2.150.60 L002N60 # SECURITY WAREHOUSE
    O1 - Hosts: 169.2.150.69 L002NTREND # Corporate Anti-virus Server
    O1 - Hosts: 169.2.150.75 vantest01
    O1 - Hosts: 169.2.150.76 l002ntsls
    O1 - Hosts: 169.2.150.78 kronotest01
    O1 - Hosts: 169.2.150.80 tsclifton
    O1 - Hosts: 169.2.150.88 l002nlinkup
    O1 - Hosts: 169.10.160.13 testclock2
    O1 - Hosts: 169.2.163.26 buf087lw #ops data conv. machine
    O1 - Hosts: 169.2.161.210 s0023xfam #Admin PC MichePer
    O1 - Hosts: 169.2.161.104 w3jen #Admin PC david
    O1 - Hosts: 169.2.162.157 tskronos01
    O1 - Hosts: 147.178.82.101 CITRIXFARM1
    O1 - Hosts: 147.178.82.102 CITRIXFARM2
    O1 - Hosts: 163.244.79.79 delltecheuro-bray-ie-dell-com
    O1 - Hosts: 163.244.81.38 k2-bray-ie-dell-com
    O1 - Hosts: 163.244.81.39 wicklowiis.bray.ie.dell.com
    O1 - Hosts: 143.166.12.30 vendor-esmart.us.dell.com
    O1 - Hosts: 206.191.183.65 internalsupport.tivo.safeharbor.com
    O1 - Hosts: 222.37.67.198 clifton_conversant
    O1 - Hosts: 222.37.67.13 lcs-ns
    O1 - Hosts: 222.37.67.116 lcs-ns2
    O1 - Hosts: 208.46.216.162 wfportalapp01
    O1 - Hosts: 129.0.0.44 exeter01
    O1 - Hosts: 129.0.0.61 excms01s r3463cbg
    O1 - Hosts: 192.251.79.7 cri-ftp
    O1 - Hosts: 192.251.79.5 cri-storage
    O1 - Hosts: 192.251.79.11 cri-trax
    O1 - Hosts: 192.251.79.8 cri-file
    O1 - Hosts: 169.2.180.75 university17
    O1 - Hosts: 64.142.243.36 testpmg.prcnet.com
    O1 - Hosts: 198.135.64.11 gfciso gfciso.
    O1 - Hosts: 192.85.223.190
    O1 - Hosts: 192.85.223.188 #GF Terminal Server
    O1 - Hosts: 192.85.223.178 gev_hp4si gev_hp4si. #GF Printer F169
    O1 - Hosts: 192.85.223.179 gev_hp4050 gev_hp4050. #GF Printer F129
    O1 - Hosts: 192.85.223.184 gev_hp184 gev_hp184. #GF Printer F126
    O1 - Hosts: 192.85.223.185 gev_hp5si1 gev_hp5si1. #GF Printer F127
    O1 - Hosts: 192.85.223.186 gev_hp5si2 gev_hp5si2. #GF Printer F128
    O1 - Hosts: 192.85.223.187 gev_hp3si gev_hp3si. #GF Printer
    O1 - Hosts: 199.33.174.31 gev_kf1 gev_kf1. #GF Printer Konica Force 75 F170
    O1 - Hosts: 199.33.174.33 gev_kf2 gev_kf2. #GF Printer Konica Force 75 F171
    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\bridge.dll
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem217.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [NGClient] C:\Program Files\SYMANTEC\Ghost\ngctw32.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
    O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [maint.cmd] \\l025n19\apps\win2k\maint.cmd
    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [vfwtnhobzpjaj] C:\WINNT\system32\qnwhpeqo.exe
    O4 - HKLM\..\Run: [msbb] c:\winnt\temp\msbb.exe
    O4 - HKLM\..\Run: [mzqb] C:\WINNT\mzqb.exe
    O4 - HKLM\..\Run: [idopwlet] C:\WINNT\idopwlet.exe
    O4 - HKLM\..\Run: [wlovulgt] C:\WINNT\wlovulgt.exe
    O4 - HKLM\..\Run: [ofod] C:\WINNT\ofod.exe
    O4 - HKLM\..\Run: [ahwdsfor] C:\WINNT\ahwdsfor.exe
    O4 - HKLM\..\Run: [ylydsn] C:\WINNT\ylydsn.exe
    O4 - HKLM\..\Run: [mvsdgb] C:\WINNT\mvsdgb.exe
    O4 - Global Startup: verifier.bat
    O9 - Extra button: Sidesearch (HKLM)
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.43.153.0.54
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
    O16 - DPF: {332bd5a0-8000-11d7-b657-00c04faedb18} (Oracle JInitiator 1.1.8.22) -
    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37867.4349768519
    O16 - DPF: {aa44da02-7f61-11d4-a3e1-00c04fa32518} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


    I know this is quite large but I use the termial for doing technical support calls and having that damn xlime pop up is really getting in the way. Any help is much appreciated.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi ashevilleTS,

    Your log is a bit garbled. I'll see what I can do.

    Before you start, please unzip hijackthis to a separate folder. The program will make backups in the folder in the folder it's in.
    These easily get lost in a Temp folder.

    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    O2 - BHO: (no name) - {00000762-3965-4A1A-98CE-3D4BF457D4C8} - C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll
    O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll

    O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINNT\2_0_1browserhelper2.dll
    O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINNT\Downloaded Program Files\bridge.dll
    O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINNT\nem217.dll

    O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
    O4 - HKLM\..\Run: [Bargains] C:\Program Files\Bargain Buddy\bin2\bargains.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [vfwtnhobzpjaj] C:\WINNT\system32\qnwhpeqo.exe
    O4 - HKLM\..\Run: [msbb] c:\winnt\temp\msbb.exe
    O4 - HKLM\..\Run: [mzqb] C:\WINNT\mzqb.exe
    O4 - HKLM\..\Run: [idopwlet] C:\WINNT\idopwlet.exe
    O4 - HKLM\..\Run: [wlovulgt] C:\WINNT\wlovulgt.exe
    O4 - HKLM\..\Run: [ofod] C:\WINNT\ofod.exe
    O4 - HKLM\..\Run: [ahwdsfor] C:\WINNT\ahwdsfor.exe
    O4 - HKLM\..\Run: [ylydsn] C:\WINNT\ylydsn.exe
    O4 - HKLM\..\Run: [mvsdgb] C:\WINNT\mvsdgb.exe

    O9 - Extra button: Sidesearch (HKLM)

    O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/CDTInc/bridge.cab

    Then reboot into safe mode and delete:
    C:\Program Files\Lycos\Sidesearch <= entire folder
    C:\WINNT\Downloaded Program Files\bridge.dll
    C:\Program Files\Bargain Buddy <= entire folder
    C:\Program Files\Internet Optimizer <= entire folder

    I have been very carefull not to damage any company files or settings, so I hop no malware escaped.

    I guessed I had to stay away from:
    O4 - HKLM\..\Run: [maint.cmd] \\l025n19\apps\win2k\maint.cmd
    O4 - Global Startup: verifier.bat

    If you still have problems I will need to know what they are for.

    Post a new log when you are done, so we can see if everything worked out as planned.

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.