xlime offeroptimizer and webrebates

G

Guest

I have read many posts on how to remove and have tried many approaches to rid
myself of xlime offeroptimizer. Here is my Hijack This log if anyone can
help me? Thanks in advance!!

Logfile of HijackThis v1.98.2
Scan saved at 6:12:51 AM, on 12/7/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB
Adapter\AIRPLUS.EXE
C:\WINDOWS\System32\svchost.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://pralerts.zonelabs.com/praler...NG=1033&CL=en&LICFLAG=1&OEM=1012&SKU=0&Mode=1 (obfuscated)
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
C:\WINDOWS\localNRD.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {61A0332C-BF15-74BE-D702-165505852849} -
C:\WINDOWS\System32\wdamimgd.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update
Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO
Recovery\PartSeal.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
/checktask
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program
Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: D-Link AirPlus USB.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) -
http://ciscdb.sel.sony.com/support/pops/mdldetect/VaioInfo.CAB
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4409/mcfscan.cab
 
D

David H. Lipman

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt285.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point


* * * Please report your results ! * * *

Dave



| I have read many posts on how to remove and have tried many approaches to rid
| myself of xlime offeroptimizer. Here is my Hijack This log if anyone can
| help me? Thanks in advance!!
|
| Logfile of HijackThis v1.98.2
| Scan saved at 6:12:51 AM, on 12/7/2004
| Platform: Windows XP SP2 (WinNT 5.01.2600)
| MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
|
| Running processes:
| C:\WINDOWS\System32\smss.exe
| C:\WINDOWS\system32\winlogon.exe
| C:\WINDOWS\system32\services.exe
| C:\WINDOWS\system32\lsass.exe
| C:\WINDOWS\system32\svchost.exe
| C:\WINDOWS\System32\svchost.exe
| C:\WINDOWS\system32\spoolsv.exe
| c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
| C:\WINDOWS\System32\svchost.exe
| C:\WINDOWS\system32\ZoneLabs\vsmon.exe
| C:\WINDOWS\system32\svchost.exe
| c:\PROGRA~1\mcafee.com\vso\mcshield.exe
| C:\WINDOWS\Explorer.EXE
| C:\WINDOWS\System32\hkcmd.exe
| C:\WINDOWS\System32\ezSP_Px.exe
| C:\WINDOWS\AGRSMMSG.exe
| C:\PROGRA~1\mcafee.com\agent\mcagent.exe
| C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
| c:\progra~1\mcafee.com\vso\mcvsescn.exe
| C:\Program Files\BroadJump\Client Foundation\CFD.exe
| C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
| C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
| C:\Program Files\Netscape\Netscape\Netscp.exe
| C:\Program Files\AIRPLUS\D-Link AirPlus DWL-120+ Wireless USB
| Adapter\AIRPLUS.EXE
| C:\WINDOWS\System32\svchost.exe
| C:\HijackThis\HijackThis.exe
|
| R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
| http://www.sony.com/vaiopeople
| R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
| R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
| R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
|
http://pralerts.zonelabs.com/praler...NG=1033&CL=en&LICFLAG=1&OEM=1012&SKU=0&Mode=1
(obfuscated)
| O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} -
| C:\WINDOWS\localNRD.dll
| O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
| C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
| O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program
| Files\Microsoft Money\System\mnyside.dll
| O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
| C:\PROGRA~1\SPYBOT~1\SDHelper.dll
| O2 - BHO: (no name) - {61A0332C-BF15-74BE-D702-165505852849} -
| C:\WINDOWS\System32\wdamimgd.dll
| O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
| O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -
| c:\progra~1\mcafee.com\vso\mcvsshl.dll
| O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
| O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
| C:\WINDOWS\System32\NvCpl.dll,NvStartup
| O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
| O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
| O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
| Panel\atiptaxx.exe
| O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
| O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
| O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
| O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
| O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
| O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
| O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
| O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update
| Manager\sgtray.exe" /r
| O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO
| Recovery\PartSeal.exe
| O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
| O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe"
| /checktask
| O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr]
| C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
| O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
| O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
| Labs\ZoneAlarm\zlclient.exe"
| O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program
| Files\Netscape\Netscape\Netscp.exe" -turbo
| O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
| O4 - Global Startup: D-Link AirPlus USB.lnk = ?
| O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
| Office\Office10\OSA.EXE
| O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program
| Files\Quicken\bagent.exe
| O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
| O8 - Extra context menu item: E&xport to Microsoft Excel -
| res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
| O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} -
| C:\Program Files\Microsoft Money\System\mnyside.dll
| O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
| C:\Program Files\Messenger\msmsgs.exe
| O9 - Extra 'Tools' menuitem: Windows Messenger -
| {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
| O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
| O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) -
| http://ciscdb.sel.sony.com/support/pops/mdldetect/VaioInfo.CAB
| O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
| System Class) -
| http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
| O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
| http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
| O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
| http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4409/mcfscan.cab
|
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

netsh.exe popup on startup and task manager is disabled even though im the administrator 2
computer sending emails 17
Hijacker 2
Can't reboot-Plz analyze HJT Log 1
Hijack This Log File, Can Anyone help? 1
I need Serious Help! 4
Windows XP Windows XP Malware, Please Help. 2
Hijack this, take a looks see mucks? 6

Top