[soda500]

When ever I open internet explorer I have several windows pop up on the bar which read xlime.offer.optimizer (like 10 to 20) but there are no actual windows on the screen, How do I stop this from happening?

[Flrman1]

Hi soda500

Welcome to TSG!

Please do this. Click here to download Hijack This. Click on the Hijackthis.exe.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.

*Note: When you download Hijack This Do Not download it to a temp folder or to the desktop. Create a permanent folder somewhere like in My Documents and name it Hijack This and put it in that folder.

[soda500]

Logfile of HijackThis v1.97.7
Scan saved at 8:06:26 AM, on 5/15/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Iomega\AutoDisk\ADUserMon.exe
E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
E:\Program Files\Microsoft Hardware\Keyboard\type32.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\WINDOWS\CIP.exe
E:\program files\internet optimizer\sim\msbb.exe
E:\Program Files\TGTSoft\StyleXP\StyleXP.exe
E:\Program Files\NetZero\exec.exe
E:\Documents and Settings\Paige\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/mynetzero
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netzero.net/s/mynetzero
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://my.netzero.net/s/mynetzero
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by NetZero, Inc.
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://play.hoylegames.com/
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - E:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {52706EF7-D7A2-49AD-A615-E903858CF284} - E:\Program Files\NetZero\qsacc\x1IEBHO.dll
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - E:\WINDOWS\nem214.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - E:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ADUserMon] E:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] E:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "E:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "E:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [CIP] E:\WINDOWS\CIP.exe
O4 - HKLM\..\Run: [Belt] E:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [msbb] e:\program files\internet optimizer\sim\msbb.exe
O4 - HKCU\..\Run: [STYLEXP] E:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Weather] E:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [uoltray] E:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [msbb] e:\program files\internet optimizer\sim\msbb.exe
O4 - Global Startup: CreataCard Gold 2 Forget Me Not Reminders.lnk = E:\Program Files\CreataCard\Gold\fmrmd32.exe
O4 - Global Startup: Kodak EasyShare software.lnk = E:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://my.netzero.net/s/mynetzero
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

[Flrman1]

Go to Add/Remove programs and uninstall Internet Optimizer.

Run Hijack This again and put a check by these. Close all windows except HijackThis and click "Fix checked"

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - E:\WINDOWS\twaintec.dll

O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - E:\WINDOWS\nem214.dll

O4 - HKLM\..\Run: [Belt] E:\WINDOWS\Belt.exe

O4 - HKLM\..\Run: [msbb] e:\program files\internet optimizer\sim\msbb.exe

O4 - HKCU\..\Run: [msbb] e:\program files\internet optimizer\sim\msbb.exe

Restart to safe mode.

How to start your computer in safe mode

First in safe mode click on My Computer. Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and "Hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Now find and delete:

The e:\program files\internet optimizer folder
The E:\WINDOWS\Belt.exe file


Go here and download Adaware 6 Build 181

Install the program and launch it.

First in the main window look in the bottom right corner and click on Check for updates now and download the latest referencefiles.

Make sure the following settings are made and on -------ON=GREEN

From main window :Click Start then Activate in-depth scan (recommended)

Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot

Click proceed to save your settings.

Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

Restart your computer.


Then go here and download Spybot Search & Destroy.

Install the program and launch it.

Before scanning press Online and Search for Updates .

Put a check mark at and install all updates.

Click Check for Problems and when the scan is finished let Spybot fix/remove all it finds marked in RED.

Restart your computer.

[soda500]

Thank you that worked out great!

[Flrman1]

You're Welcome!

Is everything OK now?