Author Topic: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install  (Read 45868 times)

0 Members and 1 Guest are viewing this topic.

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #90 on: February 02, 2014, 09:28:31 PM »
Thank you sir..this you want from my C:\Documents and Settings\(user)\Start Menu\Programs\Startup ... got 1 and 1 hidden like picture and i already open with notepad to show what write inside

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #91 on: February 03, 2014, 04:34:31 PM »
As you can see that thing install back...arghhh where it coming from ...so sad  :'( :'( :'( :'( :'(

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #92 on: February 03, 2014, 07:09:58 PM »
Could you give me the file location of weather.exe please

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #93 on: February 03, 2014, 08:06:54 PM »
Here sir

TokeiLampin

  • Guest

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #95 on: February 03, 2014, 08:49:23 PM »
OK I wonder why that temp folder is not being emptied. After this fix could you post the log that appears on the desktop and then run an OTL scan selecting all users

 Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:Files
C:\Documents and Settings\Seven By Four\local settings\temp\*.*
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #96 on: February 03, 2014, 10:11:18 PM »
Ok done like the log attachment below...the weird thing the log not save in desktop it just pull out and me need to save it to desktop..but weird thing suddenly happen my pc suddenly blank but not restart then the desktop show back...i hope there are no file in windows are running to download that file without my notice...and the picture attachment show my setting for all user quick scan..and the log attach also.

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #97 on: February 03, 2014, 10:17:19 PM »
And for your information after i post that log the popup advertise show and i cannot right click to get properties and get info about that popup

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #98 on: February 03, 2014, 10:26:04 PM »
This is a bit of a nightmare trying to locate the miscreant

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (Í㶹¼Ô apk °²×°Æ÷) - {000DA090-57AA-424B-A8F0-621B7C08B8F4} - C:\Program Files\WandouLabs\wandoujia_bho.dll File not found
[2014/02/03 23:49:05 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download and run shortcut cleaner from here http://www.bleepingcomputer.com/download/shortcut-cleaner/

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #99 on: February 04, 2014, 02:32:46 PM »
Ya it also nightmare to me..thought already gone suddenly coming back  :-[ :-[ :-[ :-[

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #100 on: February 04, 2014, 03:49:53 PM »
After this run you will need to reset your desktop wallpaper, let me know if this stops it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Commands
[CREATERESTOREPOINT]

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O24 - Desktop WallPaper: C:\Documents and Settings\Seven By Four\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Seven By Four\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #101 on: February 04, 2014, 07:21:45 PM »
Just waiting if got any popup or install...now desktop all black wallpaper...and explorer.exe easy crash

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #102 on: February 04, 2014, 08:12:37 PM »
Set yourself a new wallpaper by right clicking the desktop and selecting personalise.  How is explorer crashing ?

TokeiLampin

  • Guest
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #103 on: February 04, 2014, 09:10:41 PM »
Yeah already set back...explorer crash when i open some folder and google chroome also take low to open when click...and sometime crach and ask to kill or wait...but just let it for 10 second it normal back...so far 04:11 +8 Malaysia time no popup yet...no dos yet or anything being install

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install
« Reply #104 on: February 04, 2014, 09:38:06 PM »
OK run it for a bit longer and let me know the result if the popup still remains gone :)