Ad:

Windows NT / 2000 / XP Discussion Thread
Unsolved
Views: 1366

Feb 3rd, 2006

Bullseye Network!! Helppp!

Expand Post »

Hi, My computer has been infected with a bullseye network, cashback, and navisearch program and it recently had this nasty coulomb dialer on the computer. I tried every method to get rid of these junk, but it keeps on coming back. Does anybody know how to remove them?

Thanks in advance.

Thiis is my hijack log below:

Logfile of HijackThis v1.99.0
Scan saved at 8:14:17 PM, on 2/2/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ucla.bak\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.exactsearch.net/sidesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .asp: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted IP range: (HKLM)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{96EBAFD0-06C9-4250-AC32-7FAC61B2D435}: Domain = sbcglobal.net
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

Similar Threads

Help needed for hijacker with homepage address location of C:\WINDOWS\secure.html in Viruses, Spyware and other Nasties
annoying coolsearch.biz startup page in Viruses, Spyware and other Nasties
Possible virus in Viruses, Spyware and other Nasties
Internet access problems linked to norton? in Viruses, Spyware and other Nasties

mimiii

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

6 posts
since Sep 2005

Permalink

Feb 3rd, 2006

Re: Bullseye Network!! Helppp!

Hi, first off this should go in the spyware forums. Second i belive this line

Quote ...

C:\Documents and Settings\ucla.bak\Desktop\HijackThis.exe

Means you are running it from your desktop. It needs to be in its own folder. Also the log looks a bit short...or is that just my imagination. Make sure you posted the whole thing.

-T

tayspen

Team Colleague

Reputation Points: 84

Solved Threads: 99

Offline

1,542 posts
since Jul 2005

Permalink

Feb 3rd, 2006

Re: Bullseye Network!! Helppp!

Quote originally posted by tayspen ...

Means you are running it from your desktop. It needs to be in its own folder.

what wrong with running it from your desktop? your desktop is a folder! it just means all the back up files will appear on your desktop... if you dont want them... just delete them... there is no problem with hijackthis running from the desktop. it wil fucntion just fine...

as for the problem... here is a list of stuff you need to do to remove it.

first... close all open windows
then you need to unregister cfgmgr52.dllso you can remove everthing.

start -> run -> cmd.exe
enter in: regsvr32 /u cfgmgr52.dll

then check the following boxes and let HJT do its thing.

O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe

O15 - Trusted IP range: (HKLM)

O17 - HKLM\System\CCS\Services\Tcpip\..\{96EBAFD0-06C9-4250-AC32-7FAC61B2D435}: Domain = sbcglobal.net
O18 - Filter hijack: text/webviewhtml - (no CLSID) - (no file)

edit: make sure you delete cashback.exe, nls, bargains and cfgmgr52.dll

BinaryMayhem

Reputation Points: 15

Solved Threads: 10

Unverified User

Offline

173 posts
since Jun 2004

Permalink

Feb 3rd, 2006

Re: Bullseye Network!! Helppp!

Oh, I stand corrected

tayspen

Team Colleague

Reputation Points: 84

Solved Threads: 99

Offline

1,542 posts
since Jul 2005

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Windows NT / 2000 / XP Forum Timeline: I need to do a clean sweep of HD. Can someone help.

Next Thread in Windows NT / 2000 / XP Forum Timeline: blue screen on boot

DaniWeb Message

Cancel Changes

User Name
Password