C:\Program Files\gssoft\gswb\2.8.1.0113 Keep Install

Can you help me?..automaticly my pc install C:\Program Files\gssoft\gswb\2.8.1.0113 and me keep uninstall then the application suddenly install without me install …already scan with avast but found nothing

Hi,

Please go here: http://forum.avast.com/index.php?topic=53253.0

We need MBAM/OTL/aswMBR logs. After that I can have someone help you… If you post logs within the next 3-4 hours it may take another 4-5 hours before someone answers since most are in the UK and are asleep.

OTL Done

aswMBR logs

I’ve notified someone to come help you.

Warning: Windows XP Support OS will end by microsoft @ April 8, 2014. After that, most security exploits will be exploited leaving your system more vunerable.

Using hacks and keygens is not conducive to your safety

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
SRV - File not found [Auto | Stopped] -- C:\Program Files\gssoft\gswb\2.8.1.0113\Config.exe StartService -- (GuangSuServer)
IE - HKU\S-1-5-21-1801674531-682003330-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 184.106.170.252:8080
O2 - BHO: (Í㶹¼Ô apk °²×°Æ÷) - {000DA090-57AA-424B-A8F0-621B7C08B8F4} - C:\Program Files\WandouLabs\wandoujia_bho.dll File not found
O2 - BHO: (no name) - {452ADB5B-00BE-469D-A65F-3046146B2ED5} - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1801674531-682003330-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O33 - MountPoints2\{d89f83f3-801a-11de-a1cb-d967a5b45335}\Shell\AutoRun\command - "" = H:\upx.bat
O33 - MountPoints2\{d89f83f3-801a-11de-a1cb-d967a5b45335}\Shell\open\Command - "" = H:\upx.bat
[2014/01/17 06:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Seven By Four\Application Data\gssoft

:Files
C:\Documents and Settings\Seven By Four\Desktop\Fail Kerja\TOOLS FOR DOWNLOAD AND INSTALLATION\HackPack V 1.1
C:\Documents and Settings\Seven By Four\Desktop\Jual\N90.N70.stuff\GAMES\Symbian\maumau_s60_2_35\Keygen.exe 
C:\Program Files\gssoft

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

After finish OTL this are log…hope all the program stop after this

The program still runinng and run popup like this

Does this occur in any specific browser ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Sorry not read properly just download it from google chrome then just click lauch the program until reboot back the i found the file must run from desktop now the problem show like this. and the thing still run without click anything.

OK does combofix not run if it is placed on the desktop

Now combofix at c:/combofix and not at desktop…should i cut that c:/combofix to desktop. where to find log if i just install at c:/combofix coz not found ComboFix.txt at C:\ComboFix.txt

Should i uninstall it back?

using Start->run->combofix /uninstall or Start->run->copy combofix /uninstall

then install back at desktop?

Just download a fresh copy and save it to your desktop, then run from there

Already uninstall and run from desktop the not found any combofix.txt only still got combofix at c: and the adware still runinng…and 1 problem i found is when open google chroome to this forum and want click reply it download index.php …suddenly weird :-[ :-[ :-[

The index.php happens to me aswell. and I am malware free. It’s an issue with the forums not you

Thanks god…make me worry :)…so where that combofix.txt?

Is the log at C:\combofix.txt ?

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please copy and paste log back here.
[*]The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

No see any Combofix.txt at C: only have icon like this picture only

Could you explain exactly when and where these ads appear ? Is it in Chrome, Internet explorer or on the desktop