Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

avast grimefighter problems


  • This topic is locked This topic is locked
12 replies to this topic

#1 thirdchild

thirdchild

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 27 March 2014 - 08:18 AM

HI

I tried todownload the free tool from  Avast Grimefighter.

 

it has taken over my pc and locks  it up after loading i have to manually choose windows onstartup to override it HELP



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:38 PM

Posted 27 March 2014 - 02:57 PM

Good evening. :)

 

Did you purchase a licence and have it fix anything or simply run an initial scan?
 


So long, and thanks for all the fish.

 

 


#3 thirdchild

thirdchild
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 27 March 2014 - 04:09 PM

HI

Thanks for the quick response

 

I was trying to download the free scan as  pc was running slow.

 

However after downloading and running avast grimefighter loaded and then hung.

 

When reloaded the pc it went back to avast grimefighter and hung again

 

The only way to circumvent this was on reload to choose option windows.



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:38 PM

Posted 27 March 2014 - 04:15 PM

OK, can you go here, follow step six, and then post accordingly into this thread. Also, do you have access to a flashdrive of any description?


So long, and thanks for all the fish.

 

 


#5 thirdchild

thirdchild
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 27 March 2014 - 04:43 PM

Hi Noviciate.

 

Have run DDS as requested and attached the logs.

 

Sorry have no acess to flashdrive

Attached Files



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:38 PM

Posted 27 March 2014 - 05:11 PM

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.


So long, and thanks for all the fish.

 

 


#7 thirdchild

thirdchild
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 28 March 2014 - 03:55 PM

Hi Noviciate

 

OTL file attached

 

OTL logfile created on: 28/03/2014 20:27:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\shaun\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
447.48 Mb Total Physical Memory | 40.52 Mb Available Physical Memory | 9.05% Memory free
641.64 Mb Paging File | 286.87 Mb Available in Paging File | 44.71% Paging File free
Paging file location(s): C:\pagefile.sys 256 999 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.03 Gb Total Space | 22.93 Gb Free Space | 30.98% Space Free | Partition Type: FAT32
 
Computer Name: YOUR-3GC6GK9TQJ | User Name: shaun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/28 20:26:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shaun\Desktop\OTL.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 01:12:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2003/07/29 14:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL
 
 
========== Services (SafeList) ==========
 
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\shaun\LOCALS~1\Temp\1153a1864.tmp -- (SirefefRemover)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - [2011/03/23 15:15:48 | 000,235,392 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2011/03/23 15:15:48 | 000,193,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/03/23 15:15:48 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2011/03/23 15:15:48 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011/03/23 15:15:48 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2007/12/21 08:21:54 | 000,053,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2007/12/21 08:21:46 | 000,071,176 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2007/12/21 08:19:54 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2006/03/14 19:03:32 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2005/11/25 14:39:06 | 000,203,776 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio)
DRV - [2003/08/21 08:31:52 | 000,462,940 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2003/08/14 15:16:38 | 000,404,736 | R--- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/04/10 12:12:44 | 000,187,392 | ---- | M] (VOB Computersysteme GmbH) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw)
DRV - [2003/01/10 10:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH)
DRV - [2002/12/27 04:41:00 | 000,026,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/12/13 18:33:52 | 000,064,000 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv)
DRV - [2002/04/17 20:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2001/10/04 11:53:16 | 000,009,728 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vobcom.sys -- (vobcom)
DRV - [2001/08/17 13:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 13:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 13:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 13:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 13:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 13:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 13:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 13:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 13:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 70 89 D2 A8 D7 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {F10732EF-2F32-42DD-A208-0A8BC6D291A9}
IE - HKCU\..\SearchScopes\{F10732EF-2F32-42DD-A208-0A8BC6D291A9}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2009/03/06 12:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\shaun\Application Data\Mozilla\Extensions
[2009/03/06 12:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\shaun\Application Data\Mozilla\Extensions\mozswing@mozswing.org
 
O1 HOSTS File: ([2005/12/29 10:41:12 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352990843484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349966640484 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll (PCPitstop Exam)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7201C501-F289-4DE1-9A3D-0739B8960F9B}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\shaun\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\shaun\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/04/02 16:29:16 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/28 20:26:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\shaun\Desktop\OTL.exe
[2014/03/27 21:31:34 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\shaun\Desktop\dds.com
[2014/03/27 14:01:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\shaun\Recent
[2014/03/27 11:57:27 | 000,519,488 | ---- | C] (AVAST Software) -- C:\Documents and Settings\shaun\My Documents\avastclear.exe
[2014/03/26 22:03:12 | 000,000,000 | -HSD | C] -- C:\Jumpshot
[2014/03/26 22:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\shaun\Application Data\gnupg
[2014/03/26 21:47:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\jumpshot.com
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/28 20:31:44 | 000,000,390 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2014/03/28 20:29:08 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/03/28 20:26:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shaun\Desktop\OTL.exe
[2014/03/28 20:15:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/03/28 20:15:44 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/28 20:15:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/27 22:01:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/27 21:57:02 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2014/03/27 21:31:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\shaun\Desktop\dds.com
[2014/03/27 12:01:16 | 000,000,183 | -HS- | M] () -- C:\boot.ini
[2014/03/27 11:57:36 | 000,519,488 | ---- | M] (AVAST Software) -- C:\Documents and Settings\shaun\My Documents\avastclear.exe
[2014/03/26 22:03:44 | 000,000,401 | -HS- | M] () -- C:\grub2.cfg
[2014/03/26 22:03:42 | 000,256,233 | -HS- | M] () -- C:\stage1
[2014/03/26 22:03:42 | 000,009,216 | -HS- | M] () -- C:\stage0
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/03/26 22:03:48 | 000,009,216 | -HS- | C] () -- C:\stage0
[2014/03/26 22:03:41 | 000,256,233 | -HS- | C] () -- C:\stage1
[2014/03/26 22:03:41 | 000,000,401 | -HS- | C] () -- C:\grub2.cfg
[2012/12/01 20:54:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/11/14 16:16:47 | 000,067,156 | ---- | C] () -- C:\WINDOWS\Huawei ModemsUninstall.exe
[2012/10/13 18:11:58 | 000,187,995 | ---- | C] () -- C:\Documents and Settings\shaun\Local Settings\Application Data\census.cache
[2012/10/13 18:11:21 | 000,184,137 | ---- | C] () -- C:\Documents and Settings\shaun\Local Settings\Application Data\ars.cache
[2012/10/13 17:58:09 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\shaun\Local Settings\Application Data\housecall.guid.cache
[2011/09/06 12:08:36 | 000,005,196 | ---- | C] () -- C:\Documents and Settings\shaun\Application Data\Cabos.plist
[2005/12/26 17:56:00 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
 
========== ZeroAccess Check ==========
 
[2010/09/14 14:44:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 01:12:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2005/06/26 20:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/03/21 17:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2006/05/15 19:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/06/21 16:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/03/06 16:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/09/09 20:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2667
[2010/09/14 12:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/02/26 20:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oLpDbFm06300
[2011/03/14 17:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/03/19 20:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/03/19 21:24:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/02 17:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/04/04 10:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/04/16 11:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/16 11:10:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/17 19:15:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Soulseek
[2012/11/14 16:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
[2008/11/24 13:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\Shareaza
[2010/02/03 15:29:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\Uniblue
[2010/09/01 20:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\com.w3i.musicoasis
[2010/09/13 18:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\uTorrent
[2010/09/14 11:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\TuneUp Software
[2010/09/14 12:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\ESET
[2011/03/04 19:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\ErrorExpert
[2011/03/18 09:46:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\Sammsoft
[2011/03/19 20:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\PCFix
[2011/03/21 09:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\ConsumerSoft
[2011/03/21 09:57:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\Auslogics
[2011/03/21 10:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\PC Unleashed Online
[2011/03/21 10:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\DriverCure
[2011/03/25 13:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\Simple Adblock
[2011/04/16 11:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\AVG10
[2011/04/22 15:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\Immunet
[2008/10/28 08:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\Buefi
[2008/09/05 03:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\Yvoqbo
[2011/08/17 21:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\MP3Rocket
[2011/09/06 12:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\Cabos
[2014/03/26 22:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\shaun\Application Data\gnupg
 
========== Purity Check ==========
 
 

< End of report >
 

Attached Files

  • Attached File  OTL.Txt   47.37KB   1 downloads

Edited by Noviciate, 28 March 2014 - 05:41 PM.
Log added from attachment.


#8 thirdchild

thirdchild
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 28 March 2014 - 03:56 PM

extras file attached

Attached Files



#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:38 PM

Posted 29 March 2014 - 02:17 PM

Good evening. :)


it has taken over my pc and locks  it up after loading i have to manually choose windows onstartup to override it

Can you give me some more information about this - how are you choosing Windows?


So long, and thanks for all the fish.

 

 


#10 thirdchild

thirdchild
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:38 PM

Posted 01 April 2014 - 02:41 PM

Hi

 

When I boot up the pc get options  default grimefighter/safeboot:minimal or use dwon arrow to select windows

 

Hope this helps



#11 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:38 PM

Posted 02 April 2014 - 04:03 AM

Good morning. :)

 

That helps a lot. I'll need to do some research on this as I haven't played with the application in question but it seems to have written something extra to the boot options and i'll need to remove that to sort things out.


So long, and thanks for all the fish.

 

 


#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:38 PM

Posted 02 April 2014 - 04:11 AM

There is a file in the root of your hard drive called C:\boot.ini. I would like you to COPY this file to your Desktop - please do not mess with the original as it makes bad things happen!!! You may need to make it visible, in which case you can follow the instructions here.

 

Once done, rename the file to "boot.txt"  Using quotation marks stops XP from altering the file extension to what it thinks it should be, so don't forget them - they will disappear once the rename is completed. Then simply open the file and copy and paste the contents into your next reply.


Edited by Noviciate, 02 April 2014 - 04:12 AM.

So long, and thanks for all the fish.

 

 


#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:38 PM

Posted 07 April 2014 - 06:22 AM

As there has been no response for five days this thread is now closed.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users