Good job on getting a full log posted. You have something that is relatively new and pretty hard to get rid of. I'm going to have to consult with some more experienced experts. In the meantime your have some unrelated malware that we can get off your system and I would like for you to run another diagnostic tool.
Since you will be performing much of the procedure in safe mode, please print our or copy these instructions to Notepad or your text editor of choice.
Please do the following:
and unzip the contents to the C:\
folder.Reboot back into safe mode.
1. Please UNINSTALL
the following programs through the ADD/REMOVE
feature of your Control Panel if found:BargainBuddy
2. Now, using Windows Explorer
, I need you to DELETE
the following folder:
C:\Program Files\BullsEye Network
Right click and empty area of your Task Bar and choose Task Manager
(or press Ctrl+Alt+Delete) and click on the processes tab.
Look for all processes with d317ba0649d
in the name. If any are found, write down the full names you see as it appears in the Image name
column and post them in your next reply. An example may look like this:d317ba0649ddrv.sys
Scan again with HijackThis 1.99.1. Put a checkmark by the following entries, double-checking to be sure that only these entries are checked if present:
O4 - HKLM\..\Run: [d317ba0649d] C:\WINDOWS\System32\d317ba0649d.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKCU\..\Run: [d317ba0649d] C:\WINDOWS\System32\d317ba0649d.exe
O23 - Service: WindowInstallSystem (d317ba0649dsvr) - Unknown owner - C:\WINDOWS\d317ba0649d.exe
Close all other windows--you should only see HijackThis on your Desktop--and then click the "Fix checked" button.
Reboot back into safe mode.
Locate the c:\winpfind\winpfind.exe
file and double-click it to run it. Now click the Start Scan
button to begin the scan.
When the scan is complete reboot normally and post the WinPFind.txt
file (located in the WinPFind folder) back here along with a new HijackThis log (run in normal mode if possible) and I will review the information when it comes in.