Suspected Various Malware Infections

**64 Impala** · 2013-08-08, 08:56

OCD; Hi...

I have run both the XP and Auslogic defraggers multiple times. I appears the Auslogic program picks away 2-8 files at a time, while the Windows program colour bar is gradually turning blue, albeit very slowly.

I have run out of time tonight so here is the checkup file for you.

Btw, in one website I was on today I had the double underlined words that when hovered over produced a popup...

Regards

64 Impala

Checkup...

Results of screen317's Security Check version 0.99.71
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Spybot - Search & Destroy
Secunia PSI (3.0.0.3001)
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

**OCD** · 2013-08-08, 17:03

Hi 64 Impala,

There doesn't appear to be any malware issues, just the large amount of fragmented files.

Btw, in one website I was on today I had the double underlined words that when hovered over produced a popup...

Which browser does this happen while using?

=========================

If you haven't already done so, reboot your computer.

=========================

1. ATF Cleaner by Atribune

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Download - ATF Cleaner

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

=========================

Re-run the Auslogic defragger and post a fresh Security Check log

**64 Impala** · 2013-08-08, 18:22

Hello OCD

**64 Impala** · 2013-08-08, 18:32

Hello OCD

The browser with the most recent popups was IE. I have both Firefox and IE on board, with IE now the default after these troubles started as it seemed less affected than Firefox.
When I ran ATF Cleaner, it cleaned stuff from Main, which I assume was IE. When I ran it for Firefox the message was similar to: "no files deleted"

After running ATF Cleaner the Auslogic program was able to fix a large number of files but the drive is still fragmented.
The checkup info is below...

Regards

64 Impala

Results of screen317's Security Check version 0.99.71
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Spybot - Search & Destroy
Secunia PSI (3.0.0.3001)
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

**OCD** · 2013-08-08, 19:15

Hi 64 Impala,

OK, let's try a different approach.

=========================

1. Disk Management

Go to Start then to Run
Type in compmgmt.msc and click Enter
On left side click on Disk Management
On right side you will see you hard drive.
Now I need you to take a screenshot and attach it to your next reply.
Do the following to take a screenshot while the above is open and showing on your desktop.

=========================

2. Take a Screenshot

Click on your Print Screen on your keyboard. It is normally the key above your number pad between the F12 key and the Scroll Lock key
Now go to Start and then to All Programs
Scroll to Accessories and then click on Paint
In the Empty White Area click and hold the CTRL key and then click the V
Go to the File option at the top and click on Save as
Save as file type JPEG and save it to your Desktop

=========================

In your next post please provide the following:

Disk Management screenshot

**64 Impala** · 2013-08-09, 02:28

OCD

Here's the screenshot...Screen Shot.jpg

Regards

64 Impala

**OCD** · 2013-08-09, 04:02

Hi 64 Impala,

Thanks. Your hard drive has about 16% free space. Generally speaking you want to keep your hard drive at a minimum of 20% free space so the system isn't over taxed.

You might try removing or moving (to an external drive) programs you no longer use to free up some space.

=========================

1. chkdsk scan

Click Start and My Computer.
Right-click the hard drive you want to check, and click Properties.
Select the Tools tab in the Error Checking section click Check Now. Check both boxes. Click Start.
- You'll get a message that the computer must be rebooted to run a complete check.
Click Yes and reboot. Chkdsk will take a while, so run it when you don't need to use the computer for something else.

2. To view results log:

Go to Start - Run and type in eventvwr.msc, and hit enter.
When Event Viewer opens, click on "Application", then scroll down to "Winlogon" and double-click on it to open it up.
This is the log created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.

=========================

In your next post please provide the following:

chkdsk log

**64 Impala** · 2013-08-09, 06:23

OCD

Herewith the chkdsk log...

Regards

64 Impala

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date: 31/07/2013
Time: 08:36:06
User: N/A
Computer: OLDGUY1
Description:
Checking file system on C:
The type of the file system is NTFS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
The multi-sector header signature for VCN 0x5 of index $I30
in file 0x89 is incorrect.
2e 00 64 00 6c 00 6c 00 0f e6 01 00 00 00 15 00 ..d.l.l.........
68 00 58 00 00 00 00 00 28 00 00 00 00 00 01 00 h.X.....(.......
Correcting error in index $I30 for file 137.
The index bitmap $I30 in file 0x89 is incorrect.
Correcting error in index $I30 for file 137.
The down pointer of current index entry with length 0xe8 is invalid.
a0 db 02 00 00 00 02 00 e8 00 ca 00 01 00 00 00 ................
89 00 00 00 00 00 01 00 a4 b2 27 8f cc 20 cc 01 ..........'.. ..
5c 14 09 a1 eb 2b cc 01 6a 91 61 32 1a 7e cc 01 \....+..j.a2.~..
6a 0b f6 28 e2 8b ce 01 00 00 00 00 00 00 00 00 j..(............
00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 ................
44 01 78 00 38 00 36 00 5f 00 4d 00 69 00 63 00 D.x.8.6._.M.i.c.
72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 56 00 r.o.s.o.f.t...V.
43 00 38 00 30 00 2e 00 43 00 52 00 54 00 5f 00 C.8.0...C.R.T._.
31 00 66 00 63 00 38 00 62 00 33 00 62 00 39 00 1.f.c.8.b.3.b.9.
61 00 31 00 65 00 31 00 38 00 65 00 33 00 62 00 a.1.e.1.8.e.3.b.
5f 00 38 00 2e 00 30 00 2e 00 35 00 30 00 37 00 _.8...0...5.0.7.
32 00 37 00 2e 00 35 00 35 00 39 00 32 00 5f 00 2.7...5.5.9.2._.
78 00 2d 00 77 00 77 00 5f 00 31 00 37 00 39 00 x.-.w.w._.1.7.9.
37 00 39 00 38 00 63 00 38 00 00 00 00 00 01 00 7.9.8.c.8.......
ff ff ff ff ff ff ff ff a2 44 00 00 00 00 01 00 .........D......
e8 00 ca 00 01 00 00 00 89 00 00 00 00 00 01 00 ................
Sorting index $I30 in file 137.
The multi-sector header signature for VCN 0x19 of index $I30
in file 0xff5 is incorrect.
67 00 32 00 64 00 61 00 74 00 61 00 2e 00 61 00 g.2.d.a.t.a...a.
78 00 00 00 00 00 03 00 25 8d 00 00 00 00 02 00 x.......%.......
The multi-sector header signature for VCN 0x16 of index $I30
in file 0xff5 is incorrect.
4c 00 00 00 00 00 02 00 93 b2 00 00 00 00 01 00 L...............
70 00 5a 00 00 00 00 00 28 00 00 00 00 00 01 00 p.Z.....(.......
The multi-sector header signature for VCN 0x17 of index $I30
in file 0xff5 is incorrect.
2e 00 65 00 78 00 65 00 59 68 01 00 00 00 19 00 ..e.x.e.Yh......
70 00 5a 00 00 00 00 00 28 00 00 00 00 00 01 00 p.Z.....(.......
Correcting error in index $I30 for file 4085.
The index bitmap $I30 in file 0xff5 is incorrect.
Correcting error in index $I30 for file 4085.
The down pointer of current index entry with length 0x70 is invalid.
23 0f 01 00 00 00 04 00 70 00 58 00 01 00 00 00 #.......p.X.....
f5 0f 00 00 00 00 01 00 00 51 4e c7 3d 89 cb 01 .........QN.=...
00 51 4e c7 3d 89 cb 01 3c 68 95 2f d2 ff cc 01 .QN.=...<h./....
1c 6d 52 57 f8 77 ce 01 00 b0 0d 00 00 00 00 00 .mRW.w..........
00 48 12 00 00 00 00 00 21 08 00 00 00 00 00 00 .H......!.......
0b 03 33 00 35 00 61 00 36 00 65 00 64 00 35 00 ..3.5.a.6.e.d.5.
2e 00 6d 00 73 00 70 00 ff ff ff ff ff ff ff ff ..m.s.p.........
7b 8b 02 00 00 00 06 00 70 00 58 00 01 00 00 00 {.......p.X.....
Sorting index $I30 in file 4085.
Cleaning up minor inconsistencies on the drive.
CHKDSK is recovering lost files.
Recovering orphaned file 33d847.msp (2300) into directory file 4085.
Recovering orphaned file 3535383.msp (2509) into directory file 4085.
Recovering orphaned file 3871d96.msp (2794) into directory file 4085.
Recovering orphaned file 6f783a.msp (2951) into directory file 4085.
Recovering orphaned file 348b27.msi (4836) into directory file 4085.
Recovering orphaned file 7136fc.msi (8327) into directory file 4085.
Recovering orphaned file x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474 (17236) into directory file 137.
Recovering orphaned file 35a6ee0.msp (29304) into directory file 4085.
Recovering orphaned file x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a (36581) into directory file 137.
Recovering orphaned file x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd (37896) into directory file 137.
Recovering orphaned file 3535367.msp (39793) into directory file 4085.
Recovering orphaned file 353537c.msp (40009) into directory file 4085.
Recovering orphaned file 353538b.msp (40348) into directory file 4085.
Recovering orphaned file x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca (42287) into directory file 137.
Recovering orphaned file 35c8ace.msp (43741) into directory file 4085.
Recovering orphaned file 3901191.msp (44044) into directory file 4085.
Recovering orphaned file 36a22e3.msi (45614) into directory file 4085.
Recovering orphaned file 386c715.msp (46924) into directory file 4085.
Recovering orphaned file x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989 (49321) into directory file 137.
Recovering orphaned file 6df84b.msp (51522) into directory file 4085.
Recovering orphaned file 35ca968.msp (53482) into directory file 4085.
Recovering orphaned file 364f8.msp (56216) into directory file 4085.
Recovering orphaned file 36c8fb8.msp (57668) into directory file 4085.
Recovering orphaned file x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd (61354) into directory file 137.
Recovering orphaned file 35a6eb0.msp (67895) into directory file 4085.
Recovering orphaned file 6c3437.msi (69205) into directory file 4085.
Recovering orphaned file 35a6ec5.msp (69295) into directory file 4085.
Recovering orphaned file 35a6ecd.msp (69379) into directory file 4085.
Recovering orphaned file 6f9c453.msi (71611) into directory file 4085.
Recovering orphaned file 717b2b9.msp (72542) into directory file 4085.
Recovering orphaned file 38f1ffc.msp (73820) into directory file 4085.
Recovering orphaned file 81c456.msp (74776) into directory file 4085.
Recovering orphaned file 3535c1e.msp (76078) into directory file 4085.
Recovering orphaned file 6cffb1b.msp (76548) into directory file 4085.
Recovering orphaned file 765aa5.msp (77466) into directory file 4085.
Recovering orphaned file 7df9b1.msp (78822) into directory file 4085.
Recovering orphaned file 7ab80.msp (79472) into directory file 4085.
Recovering orphaned file 34d6989.msp (82939) into directory file 4085.
Recovering orphaned file x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b (84575) into directory file 137.
Recovering orphaned file 7c76a.msi (84614) into directory file 4085.
Recovering orphaned file 3661a56.msp (84832) into directory file 4085.
Recovering orphaned file 33c38d7.msp (85909) into directory file 4085.
Recovering orphaned file 34a1bd5.msp (87352) into directory file 4085.
Recovering orphaned file 709ff8.msp (90633) into directory file 4085.
Recovering orphaned file 388f187.msp (90641) into directory file 4085.
Recovering orphaned file 35a6ef5.msp (90973) into directory file 4085.
Recovering orphaned file 35a6f0a.msp (91697) into directory file 4085.
Recovering orphaned file 6b7d39.msp (91700) into directory file 4085.
Recovering orphaned file 35d84d4.msp (93396) into directory file 4085.
Recovering orphaned file 3540407.msp (94293) into directory file 4085.
Recovering orphaned file 347275d.msp (94687) into directory file 4085.
Recovering orphaned file 6b33e8.msp (99155) into directory file 4085.
Recovering orphaned file 3484e2a.msp (101693) into directory file 4085.
Recovering orphaned file 7353ed.msp (106994) into directory file 4085.
Recovering orphaned file 37f3f98.msp (107486) into directory file 4085.
Recovering orphaned file 6e4d4e.msp (108701) into directory file 4085.
Recovering orphaned file 36671ec.msp (109825) into directory file 4085.
Recovering orphaned file 7bb7e.msp (113611) into directory file 4085.
Recovering orphaned file 37b7c94.msp (115041) into directory file 4085.
Recovering orphaned file 362821c.msp (115432) into directory file 4085.
Recovering orphaned file 384ab78.msp (121414) into directory file 4085.
Recovering orphaned file 35a6f1f.msp (163534) into directory file 4085.
Recovering orphaned file 3901199.msp (166417) into directory file 4085.
Recovering orphaned file 39011ae.msp (166609) into directory file 4085.
Recovering orphaned file 39011c3.msp (166716) into directory file 4085.
Recovering orphaned file 352c282.msp (167704) into directory file 4085.
Recovering orphaned file 34268c3.msp (173261) into directory file 4085.
Recovering orphaned file 345aa42.msp (180963) into directory file 4085.
Recovering orphaned file x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa (182090) into directory file 137.
Recovering orphaned file 35c8ac7.msp (184148) into directory file 4085.
Recovering orphaned file 359b29e.msp (186510) into directory file 4085.
Recovering orphaned file x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c (187292) into directory file 137.
Recovering orphaned file 390118b.msi (194250) into directory file 4085.
Recovering orphaned file 3871d85.msp (205409) into directory file 4085.
Recovering orphaned file 3871d90.msp (208582) into directory file 4085.
Cleaning up 1763 unused index entries from index $SII of file 0x9.
Cleaning up 1763 unused index entries from index $SDH of file 0x9.
Cleaning up 1763 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

78148156 KB total disk space.
75877564 KB in 154481 files.
67368 KB in 14827 indexes.
0 KB in bad sectors.
542244 KB in use by the system.
65536 KB occupied by the log file.
1660980 KB available on disk.

4096 bytes in each allocation unit.
19537039 total allocation units on disk.
415245 allocation units available on disk.

Internal Info:
50 db 04 00 67 95 02 00 46 1f 04 00 00 00 00 00 P...g...F.......
8f 39 00 00 02 00 00 00 9c 0b 00 00 00 00 00 00 .9..............
00 c2 eb 0b 00 00 00 00 58 4e 22 aa 00 00 00 00 ........XN".....
e4 5f 3e 2d 00 00 00 00 00 00 00 00 00 00 00 00 ._>-............
00 00 00 00 00 00 00 00 1c fd 0c f2 00 00 00 00 ................
99 9e 36 00 00 00 00 00 78 35 07 00 71 5b 02 00 ..6.....x5..q[..
00 00 00 00 00 f0 32 17 12 00 00 00 eb 39 00 00 ......2......9..

Windows has finished checking your disk.
Please wait while your computer restarts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

**OCD** · 2013-08-09, 07:09

Hi 64 Impala,

Go ahead and defrag the computer again. Post a fresh Security Check log.

**64 Impala** · 2013-08-09, 16:35

Morning OCD

I curious as to the status of my computer. Do you think I am now clear of any malware?

While I understand the importance of a defragmented hard drive, as I said in my initial post, I am in the process of upgrading to a Win 7 computer and wish to transfer my files over to it. Once I have done that I was going to wipe this hard drive and completely re-do it for another user in the family.

I was concerned that if there was any malware or virus embedded it would follow over to the new computer.

What are your thoughts?

The last Auslogic defrag sorted some 357 files...

Below the security check log...

Regards

64 Impala.

Results of screen317's Security Check version 0.99.71
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Spybot - Search & Destroy
Secunia PSI (3.0.0.3001)
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 25
Adobe Flash Player 11.7.700.224
Mozilla Firefox (22.0)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Thread: Suspected Various Malware Infections

Thread Tools

Display

Posting Permissions