« previous next »
Pages: 1 ... 7 8 [9] 10   Go Down

Author Topic: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install  (Read 45608 times)

0 Members and 1 Guest are viewing this topic.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #120 on: February 08, 2014, 12:39:59 PM »
OK lets see if this can kill the reg key

1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
 
3. Open notepad and copy/paste the text in the quotebox below into it:
 
Quote

File::
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Desktop Manager.lnk
C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Desktop Manager.lnk]

 
Save this as CFScript.txt, in the same location as ComboFix.exe
 
 
 
 
Refering to the picture above, drag CFScript into ComboFix.exe
 
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Logged

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #121 on: February 08, 2014, 08:29:51 PM »
Here Captain  ;D ;D ;D ;D
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #122 on: February 09, 2014, 12:44:44 PM »
OK that killed the link which has now revealed the culprit netsvc

1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
 
3. Open notepad and copy/paste the text in the quotebox below into it:
 
Quote

NetSvc::
vvdsvc

Driver::
vvdsvc
 

 
Save this as CFScript.txt, in the same location as ComboFix.exe
 
 
 
 
Refering to the picture above, drag CFScript into ComboFix.exe
 
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Logged

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #123 on: February 09, 2014, 05:13:03 PM »
Here Captain  ;D ;D ;D ;D
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #124 on: February 09, 2014, 05:40:15 PM »
This is being a right pain in the posterior

1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
 
3. Open notepad and copy/paste the text in the quotebox below into it:
 
Quote

Registry::
 [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost\vvdsvc]


 
Save this as CFScript.txt, in the same location as ComboFix.exe
 
 
 
 
Refering to the picture above, drag CFScript into ComboFix.exe
 
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Logged

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #125 on: February 09, 2014, 09:28:10 PM »
Here Captain  ;D ;D ;D ;D
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #126 on: February 09, 2014, 10:17:15 PM »
That did not want to take either, do you still have that small ad ?

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.


  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost  /RS
CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Attach  both logs
Logged

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #127 on: February 10, 2014, 02:45:03 PM »
So far after windows update no see..but pc a bit lag
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #128 on: February 10, 2014, 03:42:29 PM »
OK so all ads are now history ?

Run the OTL scan and I will see if we can speed you up a bit
Logged

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #129 on: February 11, 2014, 10:54:47 AM »
So far no big and small and...the dos promp also no..and no new install from that adware...already run OTL but 3 times keep hang at same place already disable antivirus also same...any idea Captain??

i use this thing you said put at OTL and run scan not quick scan
Quote
netsvcs
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost  /RS
CREATERESTOREPOINT
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #130 on: February 11, 2014, 03:51:09 PM »
As the ads have gone then stop OTL as I no longer have need to search that area of the registry

If the computer is still a bit slow then run an OTL quick scan so that I can have a look
Logged

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #131 on: February 11, 2014, 05:44:09 PM »
So no need put that Quote or put?
Logged

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #132 on: February 11, 2014, 06:17:28 PM »
This OTL log Quick Scan tick on "Scan All Users" "LOP Check" "Purity Check"
Logged

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #133 on: February 11, 2014, 07:28:06 PM »
OK run the MSConfig utility and remove the tick from the following startup options and reboot

Quote
Acrobat Assistant 8.0
Adobe Acrobat Speed Launcher
AdobeAAMUpdater-1.0
AdobeCS5ServiceManager
Apoint
APSDaemon
DivXUpdate
Getting started with MacDrive 8
HTC Sync Loader
KernelFaultCheck
KiesTrayAgent
MacDrive 8 application
NBKeyScan
RIMBBLaunchAgent.exe
snpstd3
StartCCC
StartTSL
SwitchBoard
TkBellExe

Let me know if that improves the speed
Logged

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #134 on: February 11, 2014, 08:39:34 PM »
Some me found some not in there

Found

Apoint
RIMBBLaunchAgent.exe
snpstd3
SwitchBoard
NBKeyScan
KiesTrayAgent
Getting started with MacDrive 8
MacDrive 8 application
HTC Sync Loader
APSDaemon
DivXUpdate
Adobe Acrobat Speed Launcher
AdobeCS5ServiceManager

Not Found

Acrobat Assistant 8.0
AdobeAAMUpdater-1.0
KernelFaultCheck
StartCCC
StartTSL
TkBellExe
Logged
Pages: 1 ... 7 8 [9] 10   Go Up
« previous next »