Well thanks to eXeem Lite iv got shitloads of files and folders i cannot delete now and they look fucky. I ran hijack this and here are the results.

The folders are called:
Temp
AdStatus Service
BullsEye Network

And a few others. Anything wierd in this:


Logfile of HijackThis v1.99.0
Scan saved at 17:58:43, on 23/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\System32\vmnat.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\Program Files\Common Files\stardock\TrayServer.exe
C:\WINDOWS\System32\vmnetdhcp.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\AdStatus Service\AdStatServ.exe
C:\temp\salm.exe
C:\Program Files\AdStatus Service\AdStatKeep.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MemTurbo30\MemTurbo.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SiX-Steam\Steam\Steam.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\James\LOCALS~1\Temp\Rar$EX00.797\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://conditions.netfirms.com/mob/lan
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [pqf] C:\WINDOWS\pqf.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\James\LOCALS~1\Temp\bundle.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadsUnlimited/ie/bridge-c2.cab
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VMware Authorization Service - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe

run ad aware. if its not possible to delete those files. check your startup files. disable the onces that look strange, reboot and delete the folders. run ad aware again

Run a good spyware program . AdStatus Service is malware , bargain buddy I think ,and BullsEye Network is a p2p network ? But malware can be called any name . ;) I see you have Spybot running , its not picking it up?





Edit: Spelling :D

While I can't give you any real answers to your HijackThis log, I've got to say that eXeem(et al) is a waste of time.

What I mean is, while they are bittorrent clients you aren't very anonymous. Relatively speaking that is.

As I understand it so far, eXeem is not fully decentralized which to me sounds like it's set up with the ability to monitor traffic(and possibly other things to).

That's the inherent asset of the bittorrent method of P2P file sharing.
No centralized servers.

Anyways, sorry if I can't answer your question but the facts about eXeem that
I've read about kinda keeps me from even trying it. I'm happy using The ABC bittorrent client and IRC when needed.

good luck.

I was just testing eXeem.


@IKE - Ad Aware crashes and my whole pc freezes (meaning i have to reboot) when i gets to the Bargin.exe file.

There's some info on Symantecs site .

http://securityresponse.symantec.com/avcenter/venc/data/adware.bargainbuddy.html

I was just testing eXeem.


@IKE - Ad Aware crashes and my whole pc freezes (meaning i have to reboot) when i gets to the Bargin.exe file.

is that file still running in the background? what if you disable it?

is that file still running in the background? what if you disable it?


Can you unistall in add/remove ? Or disable it thru windows task manager? Then run adaware .

http://filesharingtalk.com/vb3/t89552-.html

:lol:

http://filesharingtalk.com/vb3/t89552-.html

:lol:


:lol: You had to get that in . Shows even us senior members, don't read the guides . A very good one at that. :01:

There's some info on Symantecs site .

http://securityresponse.symantec.com/avcenter/venc/data/adware.bargainbuddy.html


Its NOT Bargain Buddy, its just called Bargain.

Adaware crashes while scanning, Spybot shows clean and so does AVG. They are in my task Manager and when i click to close them nothing happens.

Its NOT Bargain Buddy, its just called Bargain.

Adaware crashes while scanning, Spybot shows clean and so does AVG. They are in my task Manager and when i click to close them nothing happens.


As I said it comes in many names . Found this :


You need to go into task manager (ctrl alt del) and have the services tab open. Open up your my computer, c:\, program files and you will see the bullseye network folder there. Have it close to your task manager so you can delete it fast! Go into your task manager and stop any bargains.exe services and IMMEDIATELY click over and delete the bullseye network folder. Then scan your pc for these files in your winnt folder: exdl.exe, exdl0.exe, exdl1.exe, exul.exe,exul1.exe and delete them all. Run ad-aware (www.ad-aware.com) and spybot search and destroy (search google..forget the site to download this from) and also run Hijack this (awesome program). This should remove all your spyware. Helps to boot into safe mode after installing these programs (plain safe mode without networking) and run all 3 programs to get rid of everything. Bullseye is the most reoccuring pos I've ever seen. Wish they could hang these people for the time I've spent cleaning them off my pc. :(

Link: http://ask-leo.com/whats_bullseye_network.html

Man I love this quote : These stupid files propogate like a virus and the arsewipes who make these intrusive spyware should be taking in the back alley with no vaseline! :lol:
This is better ! Those *uckers should be shot and thrown off a cliff. My family computer is slower than a crippled 95 year old trying to shit.

i installed exeem yesterday and found it to be shite then uninstalled.

i just scanned with microsoft antispyware and it found cydoor/adcache. :dry:

i installed exeem yesterday and found it to be shite then uninstalled.

i just scanned with microsoft antispyware and it found cydoor/adcache. :dry:


Anouther vote for Giant . I tell you, that Spybot has to go .

http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

Peerzy don't let the Beta tag scare you !

I tell you, that Spybot has to go .

grrrrrr........been tryin to tell ppl that......
hell, maybe they'll listen to you peat :P

peerzy...i'm not too sure, but...
two instances of rundll.exe dont look good, check into that

C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\RunDll32.exe
(the first one looks legit, but i could be wrong)
and that exe file runnin from your temp folder

C:\temp\salm.exe
matter of fact, heres a search result on salm.exe:
http://www.pestpatrol.com/pestinfo/other/180solutions.asp
http://www.iamnotageek.com/a/salm.exe.php

fuck it....time for safe mode :01:

Thing is I installed it also for a test but on my VM, wtf is wrong with you guys...

Oh yeah and it sux so far as I could tell and couldnt connect although it may grow.

Anyway I think your due for safe mode although Ide suggest perhaps disabling all startup items before you reboot perhaps.

Thing is I installed it also for a test but on my VM, wtf is wrong with you guys...
I don't have enough space for a seperate windows/other OS install. :(

Thing is I installed it also for a test but on my VM, wtf is wrong with you guys...

Oh yeah and it sux so far as I could tell and couldnt connect although it may grow.

Anyway I think your due for safe mode although Ide suggest perhaps disabling all startup items before you reboot perhaps.
yeah, they only have one server for bootstrapping nodes off, it goes down alot. i don't see why people complain about this either, imesh has a central server for nodes :blink:

i've quit making the install for exlite, didn't realize who that fuck wad was making it, mr. torrentp2p / kceasy rippoff, thanx to lite on informing me of this. but, i found there isn't really a reson to install exlite. if you go through the install script, i decompiled it, i found that it creates a registry key that tells it to redownload cydoor

HKCU\Software\Exeem\looksmart - simply delete that registry key and exeem will no longer run anything cydoor. if you chose not to install the toolbar your cool, but if you installed it once, you screwed. because the uninstall doesn't delete the value. meaning, if you uninstall, reinstall, don't install toolbar, exeem will redownload it because the dword value is still in the registry ;)

i'm making a clean exeem for those who give a shit :P

Just a quick update as iv got to go, Ran Spybot again got rid of 104 things and managed to get Ad-Aware running and picked up 164 things. All gone but still a few files there.

If I were you...and you were running windows XP...i'd go to the registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run and Runonce and sometimes Runoncex and remove anything that looks suspicious. Then do the same under HKey_current user. That will delete things from the startup...you can also check under start/run msconfig and then the startup tab. After that I would run adaware SE 1.05 and Spybot 1.3. That should clean it up...if nothing else boot into safemode and blow away those files that were created. Hope that helps. Sorry if it didn't...its my first post.

If I were you...and you were running windows XP...i'd go to the registry HKLM\Software\Microsoft\Windows\CurrentVersion\Run and Runonce and sometimes Runoncex and remove anything that looks suspicious. Then do the same under HKey_current user. That will delete things from the startup...you can also check under start/run msconfig and then the startup tab. After that I would run adaware SE 1.05 and Spybot 1.3. That should clean it up...if nothing else boot into safemode and blow away those files that were created. Hope that helps. Sorry if it didn't...its my first post.



Hey not bad for your first post ! :01: Welcome ,saintv90