 |  |  |  |  |  |  |  |
Bullseye Network!! Helppp!
 |
Hi, My computer has been infected with a bullseye network, cashback, and navisearch program and it recently had this nasty coulomb dialer on the computer. I tried every method to get rid of these junk, but it keeps on coming back. Does anybody know how to remove them?
Thanks in advance.
Thiis is my hijack log below:
Logfile of HijackThis v1.99.0
Scan saved at 8:14:17 PM, on 2/2/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ucla.bak\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .asp: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted IP range: (HKLM)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96EBAFD0-06C9-4250-AC32-7FAC61B2D435}: Domain = sbcglobal.net
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
Thanks in advance.
Thiis is my hijack log below:
Logfile of HijackThis v1.99.0
Scan saved at 8:14:17 PM, on 2/2/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ucla.bak\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .asp: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted IP range: (HKLM)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96EBAFD0-06C9-4250-AC32-7FAC61B2D435}: Domain = sbcglobal.net
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation: 
Solved Threads: 98
Hi, first off this should go in the spyware forums. Second i belive this line
Means you are running it from your desktop. It needs to be in its own folder. Also the log looks a bit short...or is that just my imagination. Make sure you posted the whole thing.
-T
•
•
•
•
C:\Documents and Settings\ucla.bak\Desktop\HijackThis.exe
-T
Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
•
•
Join Date: Jun 2004
Posts: 173
Reputation:
Solved Threads: 9
Unverified User
•
•
•
•
Originally Posted by tayspen
Means you are running it from your desktop. It needs to be in its own folder.
as for the problem... here is a list of stuff you need to do to remove it.
first... close all open windows
then you need to unregister cfgmgr52.dllso you can remove everthing.
start -> run -> cmd.exe
enter in: regsvr32 /u cfgmgr52.dll
then check the following boxes and let HJT do its thing.
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O15 - Trusted IP range: (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{96EBAFD0-06C9-4250-AC32-7FAC61B2D435}: Domain = sbcglobal.net
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)
edit: make sure you delete cashback.exe, nls, bargains and cfgmgr52.dll
•
•
Join Date: Jul 2005
Posts: 1,542
Reputation:
Solved Threads: 98
Oh, I stand corrected 
.
. Firefox
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
Ewido
Tune up windows
Get detailed system information
My Fixes
Member - Alliance of Security Analysis Professionals - Since 2006
|
Similar Threads
- Help needed for hijacker with homepage address location of C:\WINDOWS\secure.html (Viruses, Spyware and other Nasties)
- annoying coolsearch.biz startup page (Viruses, Spyware and other Nasties)
- Possible virus (Viruses, Spyware and other Nasties)
- Internet access problems linked to norton? (Viruses, Spyware and other Nasties)
Other Threads in the Windows NT / 2000 / XP Forum
- Previous Thread: I need to do a clean sweep of HD. Can someone help.
- Next Thread: blue screen on boot
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Windows NT / 2000 / XP Posts
- Today's Posts
- Unanswered Threads
Related Forum Features
.net 3.5 3daccelertion 64bit 2010 a.exe activedirectory address alaris android application appstore audio black blue bsod bulletin canonical chinese chkdsk codeplex combofix cursor deployment deployments desktop domain drive dual eartlink error explorer fax fonts format framework freeze gadgets hardware home internet interoperability laptop laptops latitude lcd linux mac markshuttleworth memory microsoft minimalizes mobile monitor motionle1600 netbooks open opensource operatingsystems options oracle osinstallationproblem outlook palm partition printer program proxy raid rds reformat remotedesktop replacingraiddrive retail retrieve screen security server. sharepoint simplifiedchinese sitetositevpn slowperformance sp3 spyware studios technology ubuntu uninstall update upgrade videodrivers virtual virus vpn window windows windows7 windowsxp xp xpde
