Home > Hijackthis Log > Hijackthis Log - Bargain Buddy

Hijackthis Log - Bargain Buddy

I've tried running all of these in Safe mode, too, but that doesn't do it. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. as for all of the windows updates just make sure you get all of the critical ones. I had an older version of HijackThis, so had to download the newer one and run it again. have a peek here

It does find it, but doesn't delete the files and it just re-installs itself. I've rebooted and scanned with AdAware and Giant antispyware several times now over the past few hours and every time it comes back clean. To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. install both of the Internet Explorer updates.

A case like this could easily cost hundreds of thousands of dollars. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you Save this log. Yippee!

SEO by vBSEO 3.5.2 www.cybertechhelp.com | home Cyber Tech Help Support Forums > Software > Malware Removal Forum Bargain Buddy...won't leave User Name Remember Me? Hijack This Found Bargain Buddy Started by Soultemptress , Apr 30 2004 01:35 AM This topic is locked 6 replies to this topic #1 Soultemptress Soultemptress Authentic Member Authentic Member 20 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dllO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [hppwrsav] C:\SCANJET\PrecisionScanLT\hppwrsav.exeO4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exeO4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"O4 - HKLM\..\Run: [CAVRID] "C:\Program It's 100% free.

Yeah, in a moment of weakness, I did spend money on XoftSpy. Edited by Efwis, 30 April 2004 - 12:35 PM. Free Computer Help. I have done SB 1.3, ADaware se, CWS and housecall scans and still the bargaib buddy malware remain.

Please Download CWShredder from http://www.spywarein.../cwshredder.zip and run the Program twice. My HijackThis log is posted here: Logfile of HijackThis v1.98.2 Scan saved at 11:07:00 PM, on 11/26/2004 Platform: Windows 2000 SP3 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: Forum Archive Cyber Tech Help Forums RSS Help Forums | Tutorials | Downloads | News | Other Resources Home | Site Help | About Us | Subscriptions | Services | Contact Help Home Top RSS Terms and Rules All content Copyright ©2000 - 2015 MajorGeeks.comForum software by XenForo™ ©2010-2016 XenForo Ltd.

The time now is 06:03 PM. OK, I ran AdAware again (clean), Spybot Search and Destroy again (received the same 'DSO Exploit' results and fixed) and ran the two programs that are listed above per your instructions. Click here to Register a free account now! Thanks a lot. 11-27-200410:41 AM #2 Buster Guest Additional Info on eXact By the way, here's a link that provides more information on the eXact.Downloader spyware: http://spynet.com/spyware/spyware-eXact.Downloader.aspx Thanks 11-27-200412:03 PM #3

Register now! http://softsystechnologies.com/hijackthis-log/hijackthis-log-help-me-out.html NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\System32\bridge.dll O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} Close before running Hijack This!

And also see So how did I get infected in the first place? Stay logged in MajorGeeks.Com Support Forums Home Forums > ----------= PC, Desktop and Laptop Support =------ > Malware Help - MG (A Specialist Will Reply) > MajorGeeks.Com Menu MajorGeeks.Com \ All and make sure you download all critical updates. Check This Out Han mathon ne nen.

Han mathon ne chae. Besides following your instructions, I also deleted a folder in my Program Files directory for Windows TaskAd that I didn't notice before. Cheers « Previous Thread | Next Thread » Menu - Home - Help!

What I've done so far: -I accessed the main article on spyware removal in this forum and followed all of the steps that are listed. -I ran a Pandaware scan (identified/removed

As far as I understand, the eXact.Downloader Trojan is the trojan used by 'Bargain Buddy' and 'Cash Back' to infect a user's computer. It goats people with false positives to get you to buy it. It seems like I take care of everything, but then after rebooting, the virus (or worm?) appears again. Any bad links or emails that are not from the original poster will be deleted without response.

Topic Tools #1 December 14th, 2004, 03:34 PM IAMH4 Senior Member Join Date: Nov 2003 Location: st louis Posts: 197 Bargain Buddy...won't leave I have run all the Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: Sidesearch (HKLM) O9 - Extra 'Tools' menuitem: Sun Java Console Yes, my password is: Forgot your password? this contact form Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

We invite you to ask questions, share experiences, and learn. Username Password I've forgotten my password Remember me This is not recommended for shared computers Sign in anonymously Don't add me to the active users list Privacy Policy Hope this helps. All running programs should be closed, including your web browser, e-mail.

Sorry if spent good money for a useless program. I am being flooded with Junk Mail and it is driving me nuts.Could someone please help me with removing this pest?Looking forward to hearing from you,raphekeLogfile of Trend Micro HijackThis v2.0.2Scan Site Changelog Community Forum Software by IP.Board Sign In Use Facebook Use Twitter Need an account? The more details you can provide the better.

I thought I'd be able to clean up my mess, but that's not the case. you also want to disable system restore This can be done by following the Instructions for Your OS at http://www.vet.com.a...em_resoter.htm. Pool 2 - http://download.game...ts/y/potc_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaud...d/ccpm_0237.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...s/yinst0309.cab O16 Newer Than: Search this thread only Search this forum only Display results as threads Useful Searches Recent Posts More...

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime After this, Reboot and Delete the following files: C:\WINDOWS\twaintec.dll C:\WINDOWS\System32\bridge.dll C:\Program Files\Bargain Buddy C:\WINDOWS\alchem.exe C:\WINDOWS\System32\qtqgzscv.exe helpful links Hijack This! Just start with the "read me first post" and then reply back when you are done or if you have any problems. Please look over the Following Entries I have listed, run Hijack This again and check them and then, making sure you have No Internet Explorer Windows open, including this one, Press

Try What the Tech -- It's free! Messenger (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: MoneySide (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM) O12 - Plugin Disconnect from the internet, close all browser windows including this one. Along with SpywareInfo, it was one of the first places to offer online malware removal training in its Classroom.

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll O4 - HKLM\..\Run: [msbb] c:\docume~1\deb\locals~1\temp\msbb.exe After this, Reboot and Delete the following files: C:\WINDOWS\2_0_1browserhelper2.dll c:\docume~1\deb\locals~1\temp\msbb.exe you really need to update your windows Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Messenger