Over 1 million tech questions and answers.

Help w/IE window pop-ups after AVG run/Webbuying deleted (see HijackThis! file)

Q: Help w/IE window pop-ups after AVG run/Webbuying deleted (see HijackThis! file)

Your help with this is *tremendously* appreciated, as I'm dead in the water (stuck on the other side of the world) w/an essentially non-functional laptop trying to work done for a client....

Have run AVG several times with a clean run, as well as Avast!, VundoFix and ATF Cleaner. However, whenever I go to open up a Firefox browser, go to a new url, click on a link, IE launches a pop-up window. Occasionally, it will keep spawning windows.

All I can do is try to kill the process as soon as I see it start up. Strange thing is, however, just a split second before the ie process starts up, I will get the Avast! script blocker (like it's going to kill something) and then it disappears. That's when the IE pop-up window (urging me to buy something). It may be noted that I had "Webbuyer.exe" in my Programs file earlier which was cleared out by AVG, but I keep getting the IE pop-ups anyway.

Below is my HijackThis! log:

Logfile of HijackThis v1.99.1
Scan saved at 11:30:17 AM, on 10/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Toshiba\TapButton\TapButt.exe
C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Symbol Commander\Sensiva.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Boingo\GoBoingo\GoBoingo.exe
C:\Program Files\WiTopia.Net\bin\openvpn-gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\microsoft shared\ink\TPA.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\WINDOWS\System32\taskmgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Megaupload\Mega Manager\MegaManager.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\BitZipper\BITZIPPER.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com" target="_blank" class="wLink">http://www.toshiba.com" target="_blank" class="wLink">http://www.toshiba.com/search" target="_blank" class="wLink">http://www.toshiba.com/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshiba.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: (no name) - {b105d600-39b9-492d-853f-a90a4dc1a8e6} - C:\WINDOWS\System32\udahigw.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {BF19628F-F18E-48C7-AB66-67E89BB1AF48} - C:\WINDOWS\System32\vtspn.dll (file missing)
O2 - BHO: (no name) - {C92B957B-4767-4E53-A63C-1E547C35F0C6} - C:\WINDOWS\System32\vtuvsrp.dll (file missing)
O2 - BHO: (no name) - {E84FD25F-3547-4B2E-923C-DE3DB427F663} - C:\Program Files\Windows Journal\honevafa83122.dll (file missing)
O2 - BHO: IKatzu Class - {EA5159DF-E413-4878-8AE2-D921D41BB942} - C:\WINDOWS\System32\bkinrmrv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect /keeploaded
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [CrossMenu] C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
O4 - HKLM\..\Run: [TapButt] C:\Program Files\Toshiba\TapButton\TapButt.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [TAcelMgr] C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
O4 - HKLM\..\Run: [TSkrMain] C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
O4 - HKLM\..\Run: [TosRotation] "C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe"
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [Sensiva] "C:\Symbol Commander\Sensiva.exe"
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\WiTopia.Net\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ArtChk] C:\WINDOWS\System32\artchker.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: loginkey - C:\WINDOWS\System32\loginkey.dll
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: TabBtnWL - C:\WINDOWS\SYSTEM32\TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:\WINDOWS\SYSTEM32\tpgwlnot.dll
O20 - Winlogon Notify: vtuvsrp - vtuvsrp.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\WiTopia.Net\bin\openvpnserv.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Tmesrv3 (Tmesrv) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe" /Service (file missing)

Thanks again!!!!!!

RELEVANCY SCORE 200
Preferred Solution: Help w/IE window pop-ups after AVG run/Webbuying deleted (see HijackThis! file)

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Help w/IE window pop-ups after AVG run/Webbuying deleted (see HijackThis! file)

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log

Note:
Do not mouseclick combofix's window while its running. That may cause it to stall

=====================
Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others as they were.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me regardless of what it finds with a new HijackThis log.

This will take some time!!!!!!!!

Read other 3 answers
RELEVANCY SCORE 60.8

First timer here, found this site after doing a google search on this pop-up virus or malware. So, I read the sticky post and ran hijackthis and will past the saved log below.

A semi-brief history which may be relevant, I don't know.

First I got these frequent pop-ups, most with a banner at the bottom saying, "This ad brought to you by Webbuying" or something close to that.

Second, I ran adaware which didn't catch it, then I ran spybot which caught like 8 things, one of which was some Command Center problem which it couldn't fix, and said it might be stored in memory, so restart and blah blah, it never got rid of it.

Then, I did the start menu>run>msconfig and unchecked a bunch of stuff under the start tab, one of which was labeled webbuying, but still get pop-ups after restarting. I also unchecked "command service" under the services stab cuz it seemed like spybot said that was a problem. By now, I'm realizing I should have touched nothing and asked for help immediately cuz I don't know what the hell I'm doing.

Lastly, I have no antivirus program running, but used to have NAV and Internet Security, I'm behind a router and firewall, and have never had problems with viruses on this computer...6yrs+.

OK, HERE'S THE HIJACKTHIS LOG and thanks very much for any help:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:56 PM, on 1/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explo... Read more

A:Webbuying Pop-up malware-hijackthis log posted

Maybe by adding a poll my post got missed? I read the sticky, I know not to bump and to wait 2 full days, so not sure if weekends and holidays count.

Any help is much appreciated, and since it's been some time, let me know if I should do another HJT log.

Thanks.
 

Read other 3 answers
RELEVANCY SCORE 60

By mistake i have deleted some of my Windows XP System files.

Now when I start my computer after booting Windows XP when it comes on desktop and after 1 minute i restarts again

what should i do. i am in a great trouble.

i have also tried {repaire} function from the original cd of XP booting system but not able to solve the problem

please resolve my problem. thanks in advance.

A:Some of Window XP System File deleted what should i do?

if that was the problem running a repair or sfc /scannow would have fixed it

run
chkdsk /r

d/load and run the hard drive makers diagnostic utility on the h/drive

Read other 2 answers
RELEVANCY SCORE 60

I recently deleted the contents of C:\Window\winsxs\pending.xml (don't ask)and now find that not only can I not access the internet but access to control panel and so many other links like Network, Computer, etc are no longer possible. I keep getting 'This application has failed to start because urlmon.dll was not found....problem'.
My search online lists a number of remedies but the main recommendation involves downloading urlmon but this requires internet.
At the moment I can only access word and excel documents.
Please help

A:Deleted window file- now nothing works

Download it on another machine and then transfer it to your troubled one. Another idea is run sfc /scannow from safemode. 

Read other 7 answers
RELEVANCY SCORE 47.2

Hello All,
I've never seen this happen before.
I have a main directory with 80 files in it. I created 8 sub-directories under the main directory and put 10 files in each one. I then went back to the main directory and deleted the 80 files that are there. The files I deleted from the main directory were also deleted from the sub-directories! I had to restore everything from the recycle bin! Why did this happen?
Thanks,
Carthusian

Read other answers
RELEVANCY SCORE 45.2

Whenever I add an attachment to my emails, and even here on your website when I uploaded the attached pics, the 'Choose to Upload' pop-up window containing (in this case) my pics ALWAYS (but never used to) opens in the Details mode instead of Thumbnails where I can actually view the pics to be attached prior to attaching them.
I would like the default setting for this occurrence to obviously be in the Thumbnails mode.

In a related issue I would also like to be able to load more than one pic at a time when attaching pics to emails, etc...
Is there such a setting?

Thanks for the assistance
 

A:Default Settings for 'Choose File To Upload' Window, Window displays 'Details' vs 'Th

Read other 15 answers
RELEVANCY SCORE 44.8

my riginal window 10 has been deleted unfortuntelt from my hp notebook 15ac116tx can i get back my original window please hellllllppppppp me.....

Read other answers
RELEVANCY SCORE 44.8

Today i installed window 7 on one of hard drives so i had window xp sp2 on C and window 7 on D. I also wanted to reformat my computer with window xp on C. So i used an usb with window xp in it to install. When i got to the part where you choose which drive to install window xp in i was going to choose C but then it said this partition is not compatible so i deleted the partition and tried to install it from it didn't work. So i gave up on reformating window xp sp2. So i restart my computer and when i try to boot it gets suck on the part where it says boot on CD and it gets stuck there forever and never goes on any further, then i try using window recovery console it all sets up fine but when it gets up to the part where it starts window i instantly get a blue screen of death saying window has shut down to prevent damage. I have been stuck trying to fix this for hours. I am writing this on my other computer and idk 2 do

A:Need help deleted my window xp partition

I can not reformat with my disc because every hard drive i try to install in gives me incompatibility

Read other 17 answers
RELEVANCY SCORE 44.8

i had my geniun window 8 in my  HP Pavilion 15-e019tx Notebook PC and it had a revory in drive D but by7 mistake my recovery has been deleted and i m not able to run that window again .  How i get the copy of that recory from hp centre. plz help

Read other answers
RELEVANCY SCORE 44.4

 I have a file server on windows server 2008 R2.I have more than 500 clients.My every clients can access my file server through IE.But windows 8/ windows 8.1 client can not access my file server through any browser ..Please help me by giving yours
view ....Thanks in advance..

Read other answers
RELEVANCY SCORE 44.4

Don't know much about anything computerwise.Did get a DSS scan with Hijack emulator.Kaspersky Online scan didn't load because a Java update needed and somehow that all got aborted so we proceed to DSS scan. Main.txt and extra.txt pasted below. Would also be interested in finding out how to delete unneeded services and to remove names from the start up menu....I don't mean "uncheck" from startup menu, I mean have it so so many things are listed.Thanks in advance. stDeckard's System Scanner v20071014.68Run by Smooth Talk on 2008-06-18 11:46:14Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --17: 2008-06-18 18:46:20 UTC - RP60 - Deckard's System Scanner Restore Point16: 2008-06-17 22:51:13 UTC - RP59 - System Checkpoint15: 2008-06-14 15:31:57 UTC - RP58 - Software Distribution Service 3.014: 2008-06-13 02:50:16 UTC - RP57 - System Checkpoint13: 2008-06-12 02:04:58 UTC - RP56 - Unsigned driver install-- First Restore Point -- 1: 2008-05-27 19:19:42 UTC - RP44 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-06-18 11:48:39Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Intern... Read more

A:Webbuying And Who Knows What Else

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. You are running an older version of Java. This can be a security risk so let's get you the latest version.Upgrading Java:Download the latest version of Java Runtime Environment (JRE) 6 Update 6.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".Click on Continue.Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..Close any programs you may have running - especially your web browser.Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.Check any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java version.Reboot your computer once all Java components are removed.Then from your desktop double-click on the download to install the newest version.Please download ComboFix and save it to your desktop.Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.Double click combofix.exe and follow the prompts.When it's done running it will produce a log for you. Pl... Read more

Read other 21 answers
RELEVANCY SCORE 44.4

Hey I have something called webbuying in my computer and I can't get it out. It keeps popping up web pages that I don't want and slows my internet way down. Here is my hijackthis log but I don't see webbuying anywhere in it. Please someone help me. Logfile of HijackThis v1.99.1Scan saved at 7:14:55 PM, on 8/9/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16473)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYSC:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exeC:\WINDOWS\system32\wdfmgr.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\Progra... Read more

A:Help Webbuying!

Hello cmm_lrm, I see one item that we need to remove. Download CCleaner and install it. (default location is best). Do not download the Beta version 2.0. Do not run it yet! CCleaner Tutorial*******************************************Select the following with HijackThis. With all windows (including this one!) closed (close browser/explorer windows), please select "fix." O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\qqmhmott.dll",forkonce*******************************************Please download the OTMoveIt by OldTimer. Save it to your desktop. Please double-click OTMoveIt.exe to run it. Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\qqmhmott.dll

Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste. Click the red Moveit! button. Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply. Close OTMoveItIf a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.********************************************NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders and does not make backups. Let's empty the temp files: Run CCleaner. CAUTI... Read more

Read other 2 answers
RELEVANCY SCORE 44.4

Hi all, I have a friend that installed playstation repair and now he is infected with webbuying. We tried to perform a scan with superspyware and after detecting more than 8 entities, and deleting them the PC doesn't boot. We managed it to boot it up in safe mode and did a system restore. Pc can boot now, but it is giving lots of pop-ups when running IE. Ill post a HijackThis! log. I really don't understand it fully, I wish I could. I'm asking for help to clean this PC.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:15:10 AM, on 11/29/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\V0330Mon.... Read more

A:Webbuying.exe

Hi MavericK, C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX18.153\HijackThis.exeYou need to put HijackThis into its own folder, but not a temp folder. It won't save the backups if it is run from a temporary folder, and we will be deleting the temp folder. Here is how to make a Hijackthis folder:Click My Computer, then C:\In the menu bar, File->New->Folder.That will create a folder named New Folder, which you can rename to "HJT". Now you have C:\HJT\ folder. Put your hijackthis.exe there.Please post a new log so I can see if anything has changed.

Read other 3 answers
RELEVANCY SCORE 44

So I opened an Office Writer attachment (.odt) from an email and made edits to that document. I hit save but not save as.Tried to open the file the next day but it got deleted. I did some research and realized that was stupid and looked everywhere for advice. So I've gone into temporary internet files folder and I cant find it there. I had deleteted my internet browser history yesterday. Following some random advice on the internet I tried to restore my browsing history by downloading som index.dat reader. Needless to say I am so completely lost. I just need to know if its even possible to recover it. Im willing to goto any computer shop and pay whatever it cost at this point. Oh and the exact message I'm getting is:

C:\Users\Paul\AppData\Local\Microsoft\Window\Temporary Internet Files\Low\Content\poli352a[1].odt does not exist
 

A:Need a file from temp internet file but I accidently deleted browsing history

First, download the free Process Explorer.

Run Process Explorer.

Open your e-mail program (mine is Outlook Express).

Open your e-mail message.

Open your attachment (Office Writer attachment (.odt)).

Inside Process Explorer, right-click the new process (from the application used to open that attachment).

Select Properties...

Select the Image tab.

Look inside the Command line bar.

You'll see the exact path to the temporary folder created for the attachment.

Make sure to check "Show hidden files and folders" and uncheck "Hide protected system files" in Folder Options.

Only copy the part from C:\Users to Content.IE5.

Note: a new folder number is created each time you open an attachment (e.g. IGSDF94V)

Example:

"C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE" "C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGSDF94V\Example.docx"

Paste that path inside the My Computer address bar and click OK.

You'll have to look inside each folder manually for the name of your document. The folder number will be different from the one you're seeing inside the Command line bar in Process Explorer.

Do not run a Search. Look very carefully inside each folder. It should be there!
 

Read other 2 answers
RELEVANCY SCORE 44

hi all, recently i have reinstalled my os i,e windows 7 home premium 64 bit. while doing so i have formatted all drives inentionally for virus suspect. i wanted clean installation so. but after formatting for my craziness i have deleted those partitions also. my hard disk was 320 gb with 3 partitions. now i am left with only one c partition that too of just 219gb. its really annoying. please help.
thanks

A:Unable to see deleted partions in my computer window

Can you post a screen shot of Disk management?

Screenshots and Files - Upload and Post in Seven Forums
Disk Management - Post a Screen Capture Image

& how would you like the drive be partitioned.

Read other 1 answers
RELEVANCY SCORE 44

My computer has been hijacked by webbuying. No idea how I got that virus. I tried rebooting my computer, bu now when i restart my computer I immediately start getting meaages that internet explorer has generated erros and will need to be restarted. It just keeps happening over and over agian. I can't do anything. prior to me rebooting my computer I noticed that my task manager was disabled. Is there anything I can do.
 

A:please help. - hijacked by webbuying

Read other 6 answers
RELEVANCY SCORE 44

computer is infected w/ the webbuying adaware that has slowed things to a crawl. Spybot won't install on this winxp machine. Here is the Hi-Jack this log:
Logfile of HijackThis v1.99.1
Scan saved at 4:25:06 PM, on 10/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Fil... Read more

A:Solved: webbuying

Read other 11 answers
RELEVANCY SCORE 44

I have been dealing with this issue and may not be finished yet, but here's one thing I discovered: It's really important to go to your "trusted sites" and clear them all out. I hope this helps somebody.
 

A:Fixing webbuying

Read other 6 answers
RELEVANCY SCORE 44

Can someone please help me. I've tried everything and this web buying assistant keeps coming up. It's so frustrating. Here's my log from hijack this: Any help would be GREATLY appreciated. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:39 AM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\bgsvcgen.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fisher-Price\FP3 Player\sspnotifier.exe
C:\Program ... Read more

A:Can't get rid of webbuying assistant!!

Sorry - HiJackThis is runing from a temp directory and must be moved to run correctly

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
========================

download http://www.mvps.org/winhelp2002/DelDomains.inf with I.E.

Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute.

Note, if you use SpywareBlaster and/or IE/Spyads, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE/Spyads, run the batch file and reinstall the protection.
==================

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://downloa... Read more

Read other 3 answers
RELEVANCY SCORE 44

I have been getting a ton of popups for about a week now. I am running norton, spybot, and ad-aware but none have been able to get rid of the problem. All help would be greatly appreciated. Here is my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:13 AM, on 8/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\... Read more

A:webbuying popups

Read other 9 answers
RELEVANCY SCORE 44

Somehow I got this stupid thing on my computer. It keeps generating a million pop ups and I can't get rid of it. I tried going to the control panel and removing the program with no luck. I have run Spy Bot Search and Destroy as well as the QuickScan with no progress either. I tried to look at some of the threads and have downloaded the SUPERAntiSpyware and it is scanning now. Is there anything else I need to do to prepare you to help me?
 

A:WebBuying Adware

Read other 15 answers
RELEVANCY SCORE 43.6

Hi Tech Guys,

I needed support for corrupted and excel files, do you know any best word and excel corrupted recovery software? i recovered a deleted word and excel file, but when i opened it some are okay and some are corrupted.

Please i really need help.. thanks in advance

Read other answers
RELEVANCY SCORE 43.6

At the first after I upgraded my notebook from windows 8 to windows 10,
I just realize that 1 of my 3 user account is not exist anymore (the Guest account is not there just after I upgrade it into windows 10). As I tried to make the new Guest account and still didnt work (I dont want to follow such a complex email registration required by windows 10 to make a new user account), I thought to delete my secondary user account. However, I just realize that there is a file that I saved in the Desktop under my secondary user account. Is there a way to restore this desktop file that is saved in my deleted user account?

I have opened C:\Users\ but I cant find the folder with the name of my deleted user account.
Can anyone help me?

It's very important yet big file (around 2 GB). Thankss

A:How to restore file in deleted user account (Desktop File)

Hi Blaume, welcome to the Ten Forums.

I am sorry but when you deleted the user account, it's gone, all its files are gone, forever. The only way to get the file back would be to restore a system image made before the account was deleted.

The built-in guest account no longer works in Windows 10. However, you can create a new Guest account by yourself:




(Video from thread Solved Windows 10 instructional videos by Ten Forums members - Windows 10 Forums.)

Kari

Read other 1 answers
RELEVANCY SCORE 43.6

Hi guys.

I posted this on the 'Software and Hardware' forum, but got told to try here.

This evening I went onto my Windows Vista laptop just to browse the internet when I noticed this message pop up straight after I had booted up:


I saw that it had been deleted and I have no idea why. Now, I'm not an expert at computers but I knew this wasn't good, so I clicked 'restore' and I never saw it again. However I restarted and noticed it again, but I didn't click 'restore' this time, and as I went to download a file it wouldn't download (something along the lines of: .exe couldn't be downloaded... please contact administrator)

I don't think it can be serious because as soon as I 'restore' it everything's back to normal, but it is really annoying that after every statup this pops up. Please can you help me rectify this and allow me to have a stressless time whilst browing on my laptop.

Thanks in advance.

EDIT: Here is a Hijackthis log in case you need it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:53, on 15/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Wi... Read more

Read other answers
RELEVANCY SCORE 43.6

Hi guys.

This evening I went onto my Windows Vista laptop just to browse the internet when I noticed this message pop up straight after I had booted up:


I saw that it had been deleted and I have no idea why. Now, I'm not an expert at computers but I knew this wasn't good, so I clicked 'restore' and I never saw it again. However I restarted and noticed it again, but I didn't click 'restore' this time, and as I went to download a file it wouldn't download (something along the lines of: .exe couldn't be downloaded... please contact administrator)

I don't think it can be serious because as soon as I 'restore' it everything's back to normal, but it is really annoying that after every statup this pops up. Please can you help me rectify this and allow me to have a stressless time whilst browing on my laptop.

Thanks in advance.
 

A:'Windows32 Properties' window pops up after startup (deleted!?)

Windows32 might be malware related. You might want to post your thread in the Malware Removal section.
 

Read other 3 answers
RELEVANCY SCORE 43.2

Hello

I am in real big trouble....
I'm a producer and was about to master a production when the hole town I'm living in got out of electricity ......(!!!!!) very good timing. I had saved the file I was working with a couple of times and just before the electricity disapeared BUT the file cant be found it is deleted (?)

Is there a way to get old files back (maybe a previous state)....I really need this file but I dont want my hole system take a previous state just get/find files. (I'm using Windows XP proffesional)

I hope you understand what I mean.

Best Regards //D_S
 

A:File deleted when getting out of electricity, file had earlier been saved

Hi,

What program were you using to do this work.

What is the file name and suffix. filename.abc

Have you searched your hard disk for files of the correct suffix

*.abc.

Ceri
 

Read other 3 answers
RELEVANCY SCORE 43.2

Could any one tell me how to retrieve my deleted file please?  Can you reply to me on [email protected]?

Read other answers
RELEVANCY SCORE 43.2

Well, sort of strange thing happening with my pc.

I'll give an example: two files, names 1st_file.avi, 2nd_file.avi, nearly same size, at different locations. Now I deleted 1st_file.avi and 2-3 weeks after deletion, I open 2nd_file.avi (which wasn't deleted) and find that instead of the original 2nd_file.avi, the contents of 1st_file.avi are being played.

How can the contents of 1st_file.avi mapped onto the the contents of 2nd_file.avi? And where did my 2nd_file.avi go??

thanks for being patient and reading it through

A:Deleted file mapped onto existing file...how is this happening??

bump

Read other 9 answers
RELEVANCY SCORE 43.2

Hello I've caught something on my laptop. I saw a process called webbuying.exe in my processes menu. Sorry for my lack of details as I have no idea what I'm looking for.

Heres a copy of my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:06:05 PM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\GEARSec.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program F... Read more

A:Solved: webbuying.exe and 17PHolmes572.exe Please Help!

Read other 12 answers
RELEVANCY SCORE 43.2

I'm running Windows XP Professional and earlier today I started getting all kind of Pop Ups (they are so bad that I can hardely see anything on my desktop) I see that it installed 'Web Buying" folder in my program folder and all kind of add keep coming up.

I am also getting this in the middle of my screen:
"javaw.exe -Bad Image:
"......G:\WINDOWS\system32\wowfx.dll is not a valid windows image..."

No matter how many times I close that erroe message it keeps poping up.

I was trying to search the forms for this and I see everyone running a "Hijak This" log. I am also not to familar with this.
Any help would be apprciated.
*** I also have thiis message on my descktop:
-----------------------------
Windows Security ALert:
Warning! Potential Spyware Operation
Your computer is making unauthorized copies of you system and internet files.
Run full scan now to prevent any unauthorized access to your files.
Click here to download spyware remover...
[YES] [NO]
-----------------------------------

I have not clicked either one....
Thanks,
 

A:Solved: Infected with 'webbuying.exe' and maybe more

Read other 16 answers
RELEVANCY SCORE 43.2

Hello all,


About 2 weeks ago I clicked a banner ad on accident. After this, I was taken to many pop-ups for WinAntiVirus. Through the Control Panel I got rid of that, but I am still slammed with pop-ups that are really bogging my system down. Sometimes they say 'Sponsored by Zedo' on top of the window, sometimes they say 'This ad brought to you by WebBuying' on the bottom of the window, and sometimes they say both.


I'm running with the following specs:

Dell Dimension 4600C
Windows XP Home Edition 5.1 build 2600
Intel Pentium 4 2.80GHZ
510MB Ram
DirectX 9.0c


I've posted a Hijack This log below, hopefully someone here can be kind enough to help me.


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:18:16 AM, on 7/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Linksys\Wireless-B USB Network Adapter\NICServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel ... Read more

A:Help with ZEDO/Webbuying, HJT Log inside

1. Download & Save this file to Desktop -> http://download.bleepingcomputer.com...a/ComboFix.exe

2. Double click on combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Read other 8 answers
RELEVANCY SCORE 43.2

Picked up "web buying" (and possibly a few others) the other day and can't get rid of it. Ran ad-aware and spybot S&D to no avail. Log from last night, any help is greatly appreciated
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1137849806\ee\AOLSoftware.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HistoryKill\histkill.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\BigFix\BigFix.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Fil... Read more

A:WebBuying Malware - HJT log included

Read other 8 answers
RELEVANCY SCORE 43.2

I just wanted to say thank you so much for the preparation guide. After doing everything in the preparation guide...to the letter...it appears that I have no more problems.Here is my newest Hijack This log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:07:30 PM, on 12/16/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16574)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\smc.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exeC:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exeC:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exeC:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exeC:\Program Files\Dynex Wireless G Adapter\... Read more

A:Infected With Webbuying & Vundo

Hello cliffenstein,

Welcome to Bleeping Computer

Looks like you did an excellent job here! Everything running all right??

Regards,
tea

Read other 5 answers
RELEVANCY SCORE 43.2

Hi, my mothers computer is infected and she is freaking out without her internet. I have:1. run spybotSD and AdAware in both regular and safe mode (updated and immunized).2. run AvastAV in regular and at boot time.3. run SuperAntiSpyware.HJT LOGLogfile of Trend Micro HijackThis v2.0.2Scan saved at 1:51:44 PM, on 10/18/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\QuickTime\qttask.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\winshow.exeC:\Program Files\WordPerfect Office 11\Programs\CorUpd.exeC:\Program Files\DellSupport\DSAgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAn... Read more

A:Winshow And Webbuying Problem

Also, I'm flopping the logs with a memory stick to my laptop as I do not want to hook mom's PC up to my network and compromise my own security.
All scanners are updated as of 2 days ago, with the exception of SAS, which I downloaded last night but have not updated.

I have also enabled hidden files and extensions as well as disabling system restore.

I have not run any online scans, but Avast has been pretty good to me in the past.

I've posted to other forums and thought that I had done all the prelimanary things... didn't notice that you folks wanted me to install firewall and mcafee stinger.
I will do this if necessary, but this PC isn't all that infected as far as I can see it just has a couple real nasties on it.

I had intended on putting zonealarm on mom's PC as soon as it is clean, ZA runs on all my computers even though people tell me I don't need it with a router.

Read other 10 answers
RELEVANCY SCORE 43.2

i dont know what else to do here. ive removed retadpu.exe retadpu77.exe and so on several times and they keep coming back. the popups keep getting worse. i had trouble with winantispyware2007 a few days ago but removed that. i have a ton of .dll files in system32 folder. help me out here!
 

A:worm - retadpu.exe, pop-ups, webbuying.exe, etc

Hi, Welcome to TSG!!
Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

Read other 3 answers
RELEVANCY SCORE 43.2

I have tried Ad-Aware, Symantec AV & AVG 7.5 Internet Security to remove the viruses & they keep coming back. Below is a copy of my Hijack log - HELP!!!

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 2:34:43 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG7\avgwa.dat
C:\Documents and Settings\sean.BC_LUCAS\Desktop\HiJackThis_v2.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0A9B47B8-04F9-4D68-A87D-7107D2A0DDD9} - (no file)
O2 - BHO: (no name) - {271D9733-7B9F-4B73-B95B-95D262F7759E} - (no file)
O2 - BHO: 0 - {6A59FD13-3C1D-4528-7D98-99DA7B837F41} - (no file)
O2 - BHO: (no name) - {8749F6A2-140F-4CDF-B438-2543BB73AB36} - (no file)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\gfxiplfn.dll
O2 - BHO: (no name) - {A95B2816-1... Read more

Read other answers
RELEVANCY SCORE 42.8

having some serious problems here. pop ups, slow processing overall, IE pretty much does not work. I know I have outerinfo and webbuying that have somehow been installed, and I cannot remove them via traditional routes. Also, command.exe was on here but I do not see it in any obvious place anymore for some reason. Below is my HijackThis log. Please help! Thank you.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:35:36 AM, on 2/22/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\SigmaTel\C-Major Audio ... Read more

A:Malware Infection: Outerinfo, Webbuying, And Maybe More

Hello msr41,Before we start, you need to realize that you are missing one important program on that computer: An antivirus. This is somewhat suicidal in today's digital world.You need to install an antivirus program as soon as you can and run a complete scan of the computer. I recommend you download the free Avast or AntiVir orAVG antivirus Products from all three vendors received the Virus Bulletin's VB100% award and certification for virus detection from ICSA Labs.Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously! After you have run the antivirus program, post the antivirus scan log and a fresh Hijackthis log.

Read other 2 answers
RELEVANCY SCORE 42.8

Background: Tried Ad-Aware and Spybot S&D first....no help. I followed the advice in a previous thread by running VUNDOFIX (log attached) for multiple passes until it kept finding the same file (rqoml.dll) over and over again.

I ran SUPERAntiSpyware after VUNDOFIX (log attached).

Popups/unders still occuring. Advice?

HIJACKTHIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 7:00:24 PM, on 8/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\i... Read more

A:Webbuying / Vundo Popups overtaking PC...please help

Read other 8 answers
RELEVANCY SCORE 42.8

HiJackThis Log ~Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:39:28 PM, on 2/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16608)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Nexon\Mabinogi\npkcmsvc.exeC:\WINDOWS\system32\Tablet.exeC:\WINDOWS\system32\WTablet\TabUserW.exeC:\WINDOWS\system32\Tablet.exeC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC... Read more

A:Vundo.trojan, Webbuying (adware)

Hello shichiiiya,

Welcome to Bleeping Computer

Sorry about the delay. If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea

Read other 6 answers
RELEVANCY SCORE 42.8

having some serious problems here. pop ups, slow processing overall, IE pretty much does not work. I know I have outerinfo and webbuying that have somehow been installed, and I cannot remove them via traditional routes. Also, command.exe was on here but I do not see it in any obvious place anymore for some reason. Below is my HijackThis log. Please help! Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:36 AM, on 2/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WIND... Read more

A:Malware Infection: OuterInfo, WebBuying, and maybe more

hello?
 

Read other 1 answers
RELEVANCY SCORE 42.8

Nearly a week ago, my Windows XP Home computer was apparently infected with some malware. AVG and Defender each found problems during their respective scans, and each claimed that it had fixed the problem. Since then, there have been persistent symptoms. The most obvious is pop-ups of Internet Explorer instances with ads or their own malware (a secondary infection by Outerinfo was apparently introuced this way.) Minor items were that Windows Update stopped running (apparently the "Genuine Advantage" tool was corrupted or removed), Internet Explorer gets re-created despite being renamed, and odd processes often show up in the process table ("xtiraqib.exe" was one such process).

The original infection was probably a java exploit; I saw a java console process show up about the time this all started. But its persistence seems more likely to be ActiveX-based, going on the fact that all the pop-ups have been IE windows, and that Genuine Advantage, an intentional ActiveX abuse, stopped working.

I don't see anything in the HijackThis log, pasted inline at the bottom of this page, so I've also run a WinPFind3u scan, which I'm attaching.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:32 PM, on 7/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\s... Read more

A:WebBuying malware resistant to removal

Read other 11 answers
RELEVANCY SCORE 42.8

Hi. I've been reading up in this forum (great site ), but finally decided to post because I'm still getting problems despite all that I did.

Recently, my anti-virus software, Sophos, detected a series of trojans/mal/downloading files. My virus program managed to get rid of most of them, but when I run IE6, like go to yahoo.com and click on links, I'd still get pop-up adds. So I ran Spybot, AVG 7.5, Adware, and they found some things and took care of them. I also ran Super AntiSpyware just in case and it found something related to WebBuying and Mirar, which weren't detected by Sophos. SAS took care of it, but after going on IE6 - it seemed okay - and re-scanning with Super AntiSpyware, Webbuying and Mirar related items still showed up, which SAS cleared up again. But I'm still worried that something is still in my hard drive despite things being cleared up by these protection programs, which sometimes they detect and sometimes not after I go on IE.

My HijackThis log is posted below. Hopefully I posted it right.
Oh, I upgraded my IE6 to IE7 after I thought everything was okay, which turned out it wasn't. So that's why IE7 shows in the log.

I'd appreciated any assistance. Thanks.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:28 PM, on 7/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system3... Read more

A:Solved: Webbuying, Mirar, pop-ups issue on IE

Read other 7 answers
RELEVANCY SCORE 42.8

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:00:01 PM, on 11/5/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16544)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXEC:\WINDOWS\system32\LEXBCES.EXEC:\WINDOWS\system32\LEXPPS.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.home.bellsouth.netR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=6915... Read more

A:Virtumonde/zlobtrojan/adware.webbuying/etc.

I need to determine what would be potentially harmful and what should and shouldn't be deleted. Any help is appreciated.

Read other 4 answers
RELEVANCY SCORE 42.4

OK i should admit that this was a slightly dubious file alledgedly proving a certain starlets dislike of underwear..... However the file name is so long that Windows XP will not let me delete it... also the file was corrupted ( no pun intended ) so has a zero file length.. I did virus scan the download and AVG said file was not virus.... anyway i need to get rid of it any ideas....!!!

A big shout out to all replies But the Biggest thanks to Moderator John Will who had the simple idea of shift everything else then delete folder........ Why is it always the simplest ideas that work best... PS I eventually saw evidence of starlets dislike of pants on google images.... Take off safe search and leer away without having to download any suspiscious files.

Thanks Again
 

A:Solved: File cannot be deleted as file name invalid...!!! HELP

Read other 8 answers
RELEVANCY SCORE 42.4

Hello,

I'll get straight to the problem.
I deleted dllhost.exe and dllhst3g.exe from windows/system32/ and also stopped the desktop window manager service.Don't ask me why =)

After a couple of restarts everything was fine.But after the 4th or 5th,i keep getting stuck at my desktop background.No start bar or icons.Can't right click or open the taskmanager.

I got the files i deleted from the same ver. and build from another win7 Ultimate.Replaced them and started the desktop window manager service.All in safe mode.But still i can not start my windows...

If anyone could provide some information other then formatting my pc,which i would like to avoid since i have some important projects on there.

Thank you in advance.

A:[SOLVED] Deleted ddlhost.exe and stopped desktop window manager,fixed it,still cant s

Hi -

Boot into Recovery via the hard drive recovery partition (usually press F10, ALT+F10 or F11 during boot-up) or using your Windows 7 DVD. Once in recovery, select "Windows System Restore" - choose a restore point prior to the deletion of the EXEs.

Regards. . .

jcgriff2

.

Read other 7 answers
RELEVANCY SCORE 42.4

My computer takes forever to load. I know there's alot of unwanted spyware and junk I need to get rid of, but I'm just not exactly sure what to delete. Can anyone here please help me? Here's my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 7:44:38 PM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1175700229\ee\AOLSoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Softwar... Read more

A:Hijackthis log (what needs to be deleted?)

Read other 9 answers