First, go to
add/remove programs and uninstall
Web Buying.
Open HijackThis and place a check mark next to:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKCU\..\Run: [WebBuying] C:\Program Files\Web Buying\v1.8.6\webbuying.exe <--If still thereClose all windows and click Fix checkedUn-hide protected system files.
To enable the viewing of Hidden files follow these steps:
1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and close My Computer.
Now go to
C:\Program Files\Web Buying\v1.8.6\webbuying.exe <--Delete this whole folderAlso delete C:\
vundofix.txtRe-hide the protected files.
Download
SDFix.exe and save it to your Desktop.
Double click
SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in
Safe Mode by doing the following:
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, the Advanced Options Menu should appear;
* Select the first option, to run Windows in Safe Mode, then press
Enter.
* Choose your usual account.
* Open the extracted SDFix folder and double click
RunThis.bat to start the script.
* Type
Y to begin the cleanup process.
* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* When the PC restarts the Fixtool will run again and complete the removal process then display
Finished, press any key to end the script and load your desktop icons.
*] Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as
Report.txt(Report.txt will also be copied to Clipboard).
* Finally add the contents of the
Report.txt in your next post as an
Attachment with a new
HijackThis logItems needed in next postReport.txt
New HijackThis logAlso, why is the computer running SP1 and not SP2