o.k., I deleted all the above files in safe mode. after I rebooted and here are the logs.
Junior Member
o.k., I deleted all the above files in safe mode. after I rebooted and here are the logs.
Administrator
One entry in the HJT log at least has me confused/concerned.....one time it shows, the next time it doesn't;
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
Run HJT again and place checkmarks next to the following;
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {44CDB015-C0FC-4268-A704-926B3E02405F} - \
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\gfprhhne.dll (file missing)
O4 - HKLM\..\Run: [trioService] "C:\PROGRA~1\Freeze.com\3D Falling Leaves\\trioService.exe (I have read some bad things about this website, remove this item entirely from the computer)
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O20 - Winlogon Notify: rqrstrr - C:\WINDOWS\SYSTEM32\rqrstrr.dll
After you have placed the checkmarks then click the Fix Checked button
Exit HJT. Reboot the computer.
Show Hidden Files:
1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.
Reboot in Safe Mode.
Navigate here and delete the file noted in RED;
C:\WINDOWS\winshow.exe
Reboot to normal modeRun a new ComboFix scan and new HJT scan, save the logs and post them here.
Junior Member
New logs
Administrator
Give me an online Kaspersky log. Ok?
Administrator
Again reboot your computer in SAFE MODE.
Then go to
C:\WINDOWS\SYSTEM32\
Look for each of the following files and delete each below if found;
mfc71.dll
GB9
DL1
vMW10a
rqrstrr.dll
Then go to;
C:\WINDOWS\
Look for this and delete if found;
SmFtaWUgRmxhbm5lcg
Then go here;
C:\Program Files\
Look for and delete this;
Temporary
Then here C:\Temp delete that one.
Then reboot in normal mode.
Run one more ComboFix and one more HJT.
Almost done.
Junior Member
I ran the kaspersky scan first.
I was able to find and remove all the files except the ones below:
C:\Windows\SYSTEM32\
GB9
DL1
vMW10a
C:\Windows\
SmFtaWUgRmxhbm5lcg
new combo and HJT scans below.
Administrator
It all looks good to me;
You have some backup files from the various programs run that you can delete;
Do this in SAFE MODE please;
C:\VundoFix Backups....you can actually remove this entire program now.
C:\qoobox\Quarantine....these are the quarantined files removed by the ComboFix program.
C:\Program Files\Temporary\wininstall.exe....I am not certain if this one is still there since you said you removed this all ready.
Reboot the computer in Normal Mode. Set a new Restore point this way;
Right Click My Computer. Choose Properties, Then choose the System Restore Tab. Place a checkmark in Turn Off System Restore. It will then warn you that you are turning it off. Click ok. System Restore will shut down. Way a minute and then do the reverse and turn it back on. Then do another Kaspersky Online Scan and post the log here.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote