MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: xlime help
September 19, 2019, 03:55:09 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
September 19, 2019, 03:55:09 PM

Login with username, password and session length
 
News
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: xlime help  (Read 1018 times)
radhi49
Newbie
*

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 1


Bookmark and Share

View Profile
« on: October 21, 2004, 03:39:52 PM »

please help me !! to get rid of this xlime offeroptimizer. here is my
HijackThis log file

Logfile of HijackThis v1.98.2
Scan saved at 10:59:55 AM, on 10/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\SYSTEM32\?ttrib.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Temp\hijackthis_198\HijackThis.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.princeton.edu/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.princeton.edu/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
N1 - Netscape 4: user_pref("browser.startup.homepage", "www.princeton.edu"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Temp\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {64AD6B0C-9114-7BB2-8B20-62557EF72A1A} - C:\WINDOWS\System32\yieshvrx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c Network -p \\ntprintserver\hp_hoyt_218 -pn "" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PowerWord - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL (file missing)
O9 - Extra button: Joyo - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\KINGSOFT\XDICT\ieplugin.DLL (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://i.a.cnn.net/cnn/resources/cult3d/cult.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp.com/awebui/jsp/answerweb/applets/HPISWebManager.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093354590299
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pu.win.princeton.edu
O17 - HKLM\Software\..\Telephony: DomainName = pu.win.princeton.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pu.win.princeton.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pu.win.princeton.edu

Logged

 
mpfeif101
Jr. Member
**

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 29


Bookmark and Share

View Profile
« Reply #1 on: October 22, 2004, 12:33:50 AM »

Hi radhi49,

Your log isn't that bad.  We'll get it cleaned up for ya in no time.

1) You are running HJT in a temporary folder. This makes it difficult to store backups.

Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

2) Run HJT and place a check next to the following items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

O2 - BHO: MultimppObj Class - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - C:\WINDOWS\multimpp.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {64AD6B0C-9114-7BB2-8B20-62557EF72A1A} - C:\WINDOWS\System32\yieshvrx.dll

3) Close any open windows and browsers and click "Fix Checked".

4) Restart your computer and post a new log.


EDIT::

Because of the length of time since I posted, this post has been taken off my live log list.  If you wish to continue with it, post a new log and PM me alertine me.
« Last Edit: October 25, 2004, 02:48:28 AM by mpfeif101 » Logged

AntiSpyware Net



Please do not PM me asking for HJT help.  Everyone benefits when it is done on the open forum.
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page April 19, 2017, 06:50:22 AM