Your Ad Here Your Ad Here
Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Not so lite?

  1. #1
    Well thanks to eXeem Lite iv got shitloads of files and folders i cannot delete now and they look fucky. I ran hijack this and here are the results.

    The folders are called:
    Temp
    AdStatus Service
    BullsEye Network

    And a few others. Anything wierd in this:

    Logfile of HijackThis v1.99.0
    Scan saved at 17:58:43, on 23/01/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\WINDOWS\System32\vmnat.exe
    C:\Program Files\Common Files\stardock\TrayServer.exe
    C:\Program Files\Common Files\stardock\TrayServer.exe
    C:\WINDOWS\System32\vmnetdhcp.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\WINDOWS\System32\RunDll32.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\DU Meter\DUMeter.exe
    C:\Program Files\NetLimiter\NetLimiter.exe
    C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    C:\Program Files\AdStatus Service\AdStatServ.exe
    C:\temp\salm.exe
    C:\Program Files\AdStatus Service\AdStatKeep.exe
    C:\Program Files\BullsEye Network\bin\bargains.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MemTurbo30\MemTurbo.exe
    C:\Program Files\BitComet\BitComet.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\SiX-Steam\Steam\Steam.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\James\LOCALS~1\Temp\Rar$EX00.797\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://conditions.netfirms.com/mob/lan
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\stardock\TrayServer.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
    O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
    O4 - HKLM\..\Run: [AdStatus Service] C:\Program Files\AdStatus Service\AdStatServ.exe
    O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
    O4 - HKLM\..\Run: [pqf] C:\WINDOWS\pqf.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [SAHBundle] C:\DOCUME~1\James\LOCALS~1\Temp\bundle.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Do.../bridge-c2.cab
    O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: VMware Authorization Service - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    O23 - Service: VMware DHCP Service - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
    O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe
    O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe


  2. Software & Hardware   -   #2
    Retired
    Join Date
    Feb 2003
    Posts
    14,058
    run ad aware. if its not possible to delete those files. check your startup files. disable the onces that look strange, reboot and delete the folders. run ad aware again

  3. Software & Hardware   -   #3
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,816
    Run a good spyware program . AdStatus Service is malware , bargain buddy I think ,and BullsEye Network is a p2p network ? But malware can be called any name . I see you have Spybot running , its not picking it up?





    Edit: Spelling
    Last edited by peat moss; 01-23-2005 at 06:40 PM.

  4. Software & Hardware   -   #4
    harrycary's Avatar Poster
    Join Date
    Feb 2003
    Location
    Omaha, Ne USA
    Posts
    1,078
    While I can't give you any real answers to your HijackThis log, I've got to say that eXeem(et al) is a waste of time.

    What I mean is, while they are bittorrent clients you aren't very anonymous. Relatively speaking that is.

    As I understand it so far, eXeem is not fully decentralized which to me sounds like it's set up with the ability to monitor traffic(and possibly other things to).

    That's the inherent asset of the bittorrent method of P2P file sharing.
    No centralized servers.

    Anyways, sorry if I can't answer your question but the facts about eXeem that
    I've read about kinda keeps me from even trying it. I'm happy using The ABC bittorrent client and IRC when needed.

    good luck.
    Last edited by harrycary; 01-23-2005 at 06:16 PM.

  5. Software & Hardware   -   #5
    I was just testing eXeem.


    @IKE - Ad Aware crashes and my whole pc freezes (meaning i have to reboot) when i gets to the Bargin.exe file.


  6. Software & Hardware   -   #6
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,816
    There's some info on Symantecs site .

    http://securityresponse.symantec.com...gainbuddy.html

  7. Software & Hardware   -   #7
    Retired
    Join Date
    Feb 2003
    Posts
    14,058
    Quote Originally Posted by Peerzy
    I was just testing eXeem.


    @IKE - Ad Aware crashes and my whole pc freezes (meaning i have to reboot) when i gets to the Bargin.exe file.
    is that file still running in the background? what if you disable it?

  8. Software & Hardware   -   #8
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,816
    Quote Originally Posted by {I}{K}{E}
    is that file still running in the background? what if you disable it?

    Can you unistall in add/remove ? Or disable it thru windows task manager? Then run adaware .

  9. Software & Hardware   -   #9

  10. Software & Hardware   -   #10
    peat moss's Avatar Software Farmer BT Rep: +15BT Rep +15BT Rep +15
    Join Date
    May 2003
    Location
    Delta B.C. Canada
    Posts
    10,816
    Quote Originally Posted by muchspl2

    You had to get that in . Shows even us senior members, don't read the guides . A very good one at that.

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •