Solved

Xlime.optimizer help required.

Posted on 2004-04-24
4
4,223 Views
Last Modified: 2010-04-11
Hi there,

i am recently getting annoyed of frequent pop up adds whenever i open any website on internet explorer.
i have zone alarm pro 4 installed on my system.
With the help of zone alarm i found out it to be something called as "XLIME.OPTIMIZER.COM"

Can anybody tell me what is this **** and how to get rid of it ??
BTW i am able to block it with the help of zone alarm privacy controller. but iam worried about it sould not damage my PC any more.

Can anyone help me in this ??

Thanks,
Valgobo.
0
Comment
Question by:valgobo
  • 3
4 Comments
 
LVL 12

Accepted Solution

by:
rossfingal earned 50 total points
ID: 10913224
Hi!
Download Hijack This and run it from it's own folder, not from your Desktop, a temp folder, or directly from the Zip file.
Don't fix anything yet.
Post a log file and we can take a look at it.

Good luck!
0
 

Author Comment

by:valgobo
ID: 10954627
hi,

sorry for the delayed reply.
Following is my hijack this log file.

Logfile of HijackThis v1.97.7
Scan saved at 6:10:27 PM, on 04/29/04
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\MSSQL7\Binn\sqlmangr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\WOLFCH~1\LOCALS~1\Temp\Rar$EX00.364\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINNT\twaintec.dll
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SmartPops - {D5C778F1-CF13-4E70-ADF0-45A953E7CB8B} - C:\Program Files\Network Essentials\v11\NE.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [alchem] C:\WINNT\alchem.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ebates - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Ebates (HKCU)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.xpres-net.com/wfplayer/tdserver.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/beta/vet_install_popup.pl?3&4&04.00.08.43&http://www.viewpoint.com/pub/products/platform_intro.html
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab
O16 - DPF: {EB6AFDAB-E16D-430B-A5EE-0408A12289DC} - http://download.mediacharger.com/swimsuitnetwork.cab

Awaiting ur reply thx.
regards,
valgobo.
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 10956990
Hi!
You have some problems.
However, before we proceed, it is advisable to move HijackThis to a folder of it's own - it should not be installed on your Desktop or a temporary
folder.
Something like: C:\Documents\HijackThis or C:\HijackThis is preferable.
The reason for this is that HijackThis creates backups and log files and it's much easier to deal with any problems if these files are all in one
place.
Also, although it is possible to remove what you have on your system manually, Adaware from Lavasoft has been configured to do this
automatically - it might not remove all of it but anything it can accomplish by itself, makes dealing with things much easier.
It is a free download, it's useful to have on your system to run occasionally, to clean out adware,spyware,browser hijackers,etc. - all of which
you have on your computer. Don't worry; all of this can be fixed.
You can download Adaware from the following link:

http://www.lavasoft.de/support/download/

Place it in a folder of it's own (for the same reasons as HijackThis).
Before you run it, when it starts in the main window you will see a link "Check for updates now", click on that, click on "Connect" and let it
install the latest update - at this point the update is 01R300 28.04.2004
After you have installed it and updated it, but before you run it, configure it this way -
"Quote"
Step 4- Configuring Ad-Aware 6 for your first scan
[NOTE: Ad-Aware 6 has two scanning options: SmartScan and Custom. As explained more fully below,
SmartScan is faster, but also less comprehensive.
While SmartScan is satisfactory for routine use, it is HIGHLY recommended that your FIRST scan with A-A,
should be a Custom scan. After a thorough cleaning, use the capabilities within SmartScan for everyday use.
Think of SmartScan as your regular oil change, whereas the Custom Scan is the 30,000 mile checkup.]

Ad-Aware 6 comes pre-configured with default options that are already ON (green check-mark)
 ... do not change them. The following are changes that you will need to make to prepare the "Full"
custom scan that is recommended for the first look into your computer
(instead of a red "x", you will make them a green "check-mark")
[NOTE: any options that are greyed out are only available for users of the
paid Plus or Professional versions of A-A]

Launch the program, and click on the Gear at the top of the start screen to access the
preferences/setting window.
Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.
Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.
Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and "Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Automatically try to unregister objects prior to deletion" and
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.

When you are finished, you will be using the Custom Scan with Memory and Both registry scans ON.
Please make sure that you activate IN-DEPTH scanning before you proceed.

NOTE: For the Full Scan setup instructions for users with the paid Plus or Professional versions,
or if you have previously changed your settings in the Personal version, see this thread:
http://www.lavahelp.com/howto/fullscan/index.html

Step 5- Scanning
From the start screen, click on the "Scan now" button.
On the next screen, select "Use custom scanning options". [You would change this to SmartScan in the future]
Click on "Next" to begin the A-A scan.

---------- Note: Important decision -----------

If you are unsure about what to remove, you will need to post your logfile for someone to
evaluate and assist you in the removal

Posting your Logfile
When the scan is complete, click "Show Log", then hi-lite all of the text in the logfile with your mouse.
On your keyboard, press Ctrl + C, which will copy the text to your clipboard.
Right click "Paste" in your thread.

Or, you can navigate to your Ad-aware 6 folder in Windows Explorer: C:\Program Files\Lavasoft\Ad-Aware 6\Logs
Open this folder and find the correct logfile. The logfiles will be named "Ad-Aware-log ##-##-##.txt
(the #'s will be the date of the scan, shown in the European format). Right click, choose "Select all",
then right click and choose "Copy". Right click and select "Paste" in your thread.
-------------------------------------------------------

Step 6- Quarantine and Removal of Detected Objects
Quarantine: Ad-Aware includes a Quarantine feature, which can back up detected objects before they are removed.
This can prove useful in the event a program doesn't work after certain detected objects are removed ...
you can restore the detected objects, much like an anti-virus quarantine.
The program is pre-configured to automatically quarantine the selected objects before removal,
so you do not need to click on the 'Quarantine' button.
Make a Quarantine only if you do not have the Auto-Quarantine option ON.

Removal:
From the "Scan complete" window ...
Click on "Next".
This will take you to the "Results" window ... this is where you will need to mark the objects
that you wish to remove. There are many options available with a right-click.
It is recommended (as stated above) to remove all of the objects unless you wish to ignore some
(see below for instructions on the ignore list).
To remove everything, right click in the Results List and click "Select all objects".
DO NOT click the 'Quarantine' button, this is automatically done as
explained above.
Click "Next" to remove the chosen objects.
Click "OK".
The Quarantine will be made and the objects will then be removed.

[Please Note: After removing a Browser Hijacker, Ad-aware 6 will set your Start Page to "Blank",
so you may need to set the Start and Search pages in your Browser manually back to your preferred one.
The reason for this is that the hijack has changed the page, and since Ad-aware 6 does not know
what it was set to before the hijack, it resets it to a blank page.
If you do not see any differences, then disregard this note.]

Ignore List
Always do the Ignore List items first, before removing anything.
If you wish to ignore some of the detected objects:
From the same "Results" window that lists the detected items, select any items from
the list that you want to "Ignore".
Right click in the scan results window and select "Add selection to ignore-list".
Click "OK".
Then continue with the removal process.

Subsequent Scanning with Ad-Aware 6
While a full custom scan is recommended for your first "cleaning", you can run the SmartScan after that.
SmartScan is a set of preset scanning options.
Ad-Aware comes with pre-defined settings that most users will find sufficient for their scanning needs.
[Of course, should a user require (or want) more or less than defined here, they can always perform a custom scan]
SmartScan uses these scanning options: Scan Memory, Scan Registry, Deep Scan Registry, System Folder, Cookies,
and then the conditional scans based on what's located.

From the start screen, click on the "Scan now" button.
On the next screen, select "Perform smart system-scan".
Click on "Next" to begin the A-A scan.
Follow the same quarantine and removal instructions as above.
The SmartScan option is obviously faster than the full custom scan.

Miscellaneous
If you used any other Anti-Trackware application to remove detected content
immediately prior to running a scan with Ad-aware 6, you will need to perform a Custom Full System scan
to ensure that the objects have all been successfully removed. Do not use the SmartScan option in this case.
Also, it is recommended that you re-boot your computer between running the applications.
"End quote"

At this point, we probably don't need to see the log file from your Adaware scan.
However, after you have scanned with Adaware and let it fix the things it has found - reboot your computer and post a new HijackThis logfile.
Any questions - let us know.

Good luck!
0
 
LVL 12

Expert Comment

by:rossfingal
ID: 11054463
hi!

Thanks, but please post a new HijackThis log - just to see if everything is gone.

If you want!
Thanks and good luck!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now