o.k., I deleted all the above files in safe mode. after I rebooted and here are the logs.
Junior Member
o.k., I deleted all the above files in safe mode. after I rebooted and here are the logs.
Administrator
One entry in the HJT log at least has me confused/concerned.....one time it shows, the next time it doesn't;
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
Run HJT again and place checkmarks next to the following;
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {44CDB015-C0FC-4268-A704-926B3E02405F} - \
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\gfprhhne.dll (file missing)
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\3D Falling Leaves\\trioService.exe (I have read some bad things about this website, remove this item entirely from the computer)
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O20 - Winlogon Notify: rqrstrr - C:\WINDOWS\SYSTEM32\rqrstrr.dll
After you have placed the checkmarks then click the Fix Checked button
Exit HJT. Reboot the computer.
Show Hidden Files:
1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.
Reboot in Safe Mode.
Navigate here and delete the file noted in RED;
C:\WINDOWS\winshow.exe
Reboot to normal modeRun a new ComboFix scan and new HJT scan, save the logs and post them here.
Junior Member
New logs
Junior Member
Judy,
I followed your instructions, and the check box for "hide protected operating system files" was already unchecked. I still could not find either of those files under C:\windows\system32.
I did go to recycler and emptied it our under windows explorer and it said it removed two files. (sorry I dont know what they where.)
Do you want me to go ahead and run kaspersky?
Administrator
Yes, run Kaspersky once more.
Junior Member
Judy,
I ran kaspersky this morning and after it finished I looked at the report and saw where I had made a mistake in trying to remove the two files. I saw that it was a directory folder GB9 and VMW10a, so I went into safe mode and removed these folders and emptied the recycle bin. I am in the process of rebooting and re running kaspersky. I hope I did the right thing
below is the first kaspersky log I ran this morning.
Administrator
Great! Will anxiously await the new Kaspersky!
Junior Member
o.k. here is new kaspersky.
Administrator
Ok, looks like it worked this time.
But you will have to reset your Sytem Restore again to hopefully, finally, and for the last time get rid of these pests!
The logs do look clean now, with the exception of this most recent restore point.
You have some unnecessary starts like
Adobe Reader Speed Launcher
Adobe Photo Downloader
TkBellExe...Real Player auto update
MSMSGS...this is Windows Messenger NOT MSN Messenger, which also is starting unnecessarily
DellSupport
Yahoo! Pager
MySpaceIM
Yahoo! Desktop Search System Tray
Microsoft Office
ALL of the above can be run manually to keep the drain off of system resources.
these should be controlled with Mike Lin's StartUP Control Panel
rather than msconfig. Also some good tips HERE on controlling XP Services.
Also you DO need to install SpywareBlaster
Install, update and enable everything including restricted sites portion.
I would also recommend using Immunize feature on SpyBot too.
Junior Member
Judy,
Thank you so much for yours and everyone else that help me on this time spent. I have learned alot and hope to better protect the computers in my office from becoming corrupt. Any other suggestions that i might follow to prevent this from happening again? I really think the way you volunteer your time to help people is a very uncommon trait of kindness and I deeply appreciate it. I wish I could show you my gratitude by sending you a gift.
Thanks again.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote