Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The new BargainBuddy is killing me!


  • Please log in to reply
2 replies to this topic

#1 toog

toog

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 28 November 2004 - 10:16 AM

Hi everyone!

No matter what I try I cannot seem to remove BargainBuddy! This website is helpful: http://home.comcast.net/~george.roberts4/bargainbuddy.htm , though perhaps I'm too much of a noob to figure it out. At one point it leads me to run Hijack this but I can't figure out how to get to it with explorer disabled. Anyway, here's my Hijack log:

Logfile of HijackThis v1.98.2
Scan saved at 1:09:54 AM, on 11/28/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\TFNF5.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\documents and settings\jeff immer\local settings\temp\B.exe
C:\documents and settings\jeff immer\local settings\temp\B.exe
C:\WINDOWS\System32\advpack1.exe
C:\Documents and Settings\Jeff Immer\Application Data\ures.exe
C:\WINDOWS\System32\w?nspool.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\Udno3ID1.exe
C:\WINDOWS\System32\Rswn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office 2000\OFFICE11\WINWORD.EXE
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.begin2search.com/sidesearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.wwwfind.biz/?4961
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wwwfind.biz/?4961
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wwwfind.biz/?4961
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.begin2search.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.begin2search.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredi...bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wwwfind.biz/?4961
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.wwwfind.biz/?4961
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wwwfind.biz/?4961
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.wwwfind.biz/?4961
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wwwfind.biz/?4961
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.wwwfind.biz/?4961
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.begin2search.com/sidesearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.wwwfind.biz/?4961
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4CA16726-9311-21C3-8005-61557CF4793B} - C:\WINDOWS\System32\imdibmj.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\System32\dsktrf.dll
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Search Bar - {0A8CE102-FA03-4612-9BEE-7FE5452F4CB1} - C:\WINDOWS\system32\srchbar.dll
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ldzmvmwjpkb] C:\WINDOWS\System32\wdvgiktv.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [fylarap] C:\WINDOWS\fylarap.exe
O4 - HKLM\..\Run: [emrwbh] C:\WINDOWS\System32\wdvgiktv.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [B] C:\documents and settings\jeff immer\local settings\temp\B.exe
O4 - HKLM\..\Run: [08a5f9d19d27] C:\WINDOWS\System32\advpack1.exe
O4 - HKLM\..\Run: [36DBBAC4T#FBLL] C:\WINDOWS\System32\KxinoD.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\tgtsoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Opos] C:\Documents and Settings\Jeff Immer\Application Data\ures.exe
O4 - HKCU\..\Run: [Gmgfuh] C:\WINDOWS\System32\w?nspool.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200...taller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{160CFA7D-64D4-48C5-A16E-91E0D197F689}: NameServer = 192.168.1.1,192.168.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{160CFA7D-64D4-48C5-A16E-91E0D197F689}: NameServer = 192.168.1.1,192.168.1.2

Anyone, please? I'm so worried! :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 Brigh

Brigh

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 28 November 2004 - 03:51 PM

I'm stuck with BargainBuddy too - I can't figure out how to remove it from my registry.

The instructions on that website are pretty easy to follow - though I just tried them myself, and can't find any of the "Bargain Buddy" componants that it says to find.

Have you tried following the steps on the site?

Edited by Brigh, 28 November 2004 - 05:54 PM.


#3 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,388 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:14 AM

Posted 29 November 2004 - 11:28 PM

The first thing I need you to do is download the file from here:

ServiceFilter.zip - Get list of XP/2000/NT Services

Extract the zip file to your C: drive. Once it is extracted there will be a directory on your C: drive called ServiceFilter. Inside the C:\ServiceFilter directory will be a file called ServiceFilter.vbs. Simply double-click on the ServiceFilter.vbs. When the script finishes a wordpad document should open with the unknown services listed in it.

If the script could not access wordpad then you will see a message box telling you so. In that case you need to open POST_THIS.TXT by double-clicking it and pasting the contents as a reply to this topic. Please provide a brand new hijackthis log as well in this reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users