email virus I suspect

[riverrat]

Hi OCD, here are the 2 logs you requested. I've got to leave town for a couple of days, so if I don't get back right away that's the reason. Thanks again for all your help! I'll check back in as soon as I get home.

riverrat



Results of screen317's Security Check version 0.99.83
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
`````````Anti-malware/Other Utilities Check:`````````
Windows Defender
CCleaner
Java 7 Update 60
Java version out of Date!
Adobe Reader XI
Google Chrome 35.0.1916.114
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUi.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


OTL logfile created on: 6/2/2014 11:16:27 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Charles Morse\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.01 Mb Total Physical Memory | 489.16 Mb Available Physical Memory | 63.77% Memory free
1.83 Gb Paging File | 1.38 Gb Available in Paging File | 75.06% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 6.05 Gb Free Space | 16.24% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 240.18 Gb Free Space | 80.57% Space Free | Partition Type: NTFS

Computer Name: DADSOFFICE2 | User Name: Charles Morse | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Documents and Settings\Charles Morse\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Charles Morse\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\Common Files\Motive\McciServiceHost.exe (Alcatel-Lucent)
PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVAST Software\Avast\defs\14060200\algo.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - c:\Documents and Settings\Charles Morse\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyjvzkp.dll ()
MOD - C:\Documents and Settings\Charles Morse\Application Data\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Documents and Settings\Charles Morse\Application Data\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (McciServiceHost) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe (Alcatel-Lucent)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (rt2870) -- system32\DRIVERS\rt2870.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\system32\drivers\aswsnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswsp.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswrdr.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswHwid) -- C:\WINDOWS\system32\drivers\aswHwid.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMPR5) -- C:\Program Files\Common Files\Motive\MREMPR5.sys (Motive, Inc.)
DRV - (MRENDIS5) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys (Motive, Inc.)
DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (ati2mtaa) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys (ATI Technologies Inc.)
DRV - (MSW_USB) -- C:\WINDOWS\system32\drivers\MN510-51.sys (Microsoft, Inc.)
DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 04 26 EB 4B 7C CF 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/09/12 20:23:34 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2013/10/31 15:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charles Morse\Application Data\Mozilla\Extensions
[2013/10/31 15:47:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charles Morse\Application Data\Mozilla\Extensions\home2@tomtom.com

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2008/08/06 20:56:06 | 000,258,655 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8989 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AAutoDECS_Trader (2).lnk = File not found
O4 - Startup: C:\Documents and Settings\Charles Morse\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Charles Morse\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Charles Morse\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} https://lms.aa.com/sumtotal/nas/wbt/m/m2/cab/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/63.26/uploader2.cab (UploadListView Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {413D6754-BFD4-47FE-9346-319559290BFA} http://www.webpcfos.com/webpcfos/websabre/HTEweb_new.cab (HTECtrl Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1222438013484 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1281874649968 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.gunbroker.com/WebResourc...ksu6ajL4Qvm6a-2VX8ROm8K0&t=634256320593603408 (Image Uploader Control)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B0D3A3E-73A0-471C-9BC4-21D11104F649}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{695FC897-2EB8-422E-843E-15FC30580E55}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/01/23 19:47:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/10/31 10:34:14 | 000,000,000 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{043fd3e7-965f-11df-9c66-0013f7d1246b}\Shell - "" = AutoRun
O33 - MountPoints2\{043fd3e7-965f-11df-9c66-0013f7d1246b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{043fd3e7-965f-11df-9c66-0013f7d1246b}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\WindowsEasyTransfer\x86\.\MigSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/02 06:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles Morse\Application Data\AVAST Software
[2014/06/02 06:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avast
[2014/06/02 06:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2014/06/02 06:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2014/06/02 06:14:11 | 000,057,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/06/02 06:14:10 | 000,777,488 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
[2014/06/02 06:14:10 | 000,776,976 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys.1401708152453
[2014/06/02 06:14:09 | 000,411,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/06/02 06:14:09 | 000,411,552 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys.1401708152453
[2014/06/02 06:14:08 | 000,067,824 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/06/02 06:14:07 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswrdr.sys.1401708152453
[2014/06/02 06:14:07 | 000,054,832 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswrdr.sys
[2014/06/02 06:14:04 | 000,271,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/06/02 06:13:55 | 000,043,152 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/06/02 06:12:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/06/02 06:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2014/06/01 16:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Adobe
[2014/06/01 11:06:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/05/31 10:44:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2014/05/31 09:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/05/31 09:45:35 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/05/31 09:45:35 | 000,145,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/05/31 09:45:05 | 000,096,680 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/05/31 09:45:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014/05/31 09:45:04 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/05/31 09:45:04 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/05/30 17:55:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/05/30 17:55:01 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\Charles Morse\Desktop\JRT.exe
[2014/05/27 08:32:14 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/27 08:05:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2014/05/27 08:04:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/26 21:41:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Charles Morse\Desktop\OTL.exe
[2014/05/26 16:06:44 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Charles Morse\Desktop\aswMBR.exe
[2014/05/22 09:25:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Charles Morse\Start Menu\Programs\Administrative Tools
[2014/05/22 09:23:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2014/05/22 09:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/05/22 09:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/05/21 21:40:27 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
[2011/04/14 11:18:14 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wintrader_v2.8_setup.exe
[2008/07/01 09:23:07 | 019,564,288 | ---- | C] (COMODO) -- C:\Program Files\CFP_Setup_3.0.25.378_XP_Vista_x32.exe
[10 C:\Documents and Settings\Charles Morse\My Documents\*.tmp files -> C:\Documents and Settings\Charles Morse\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/02 11:23:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/06/02 10:37:01 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2014/06/02 10:31:38 | 000,000,854 | ---- | M] () -- C:\Documents and Settings\Charles Morse\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/06/02 10:27:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/02 06:38:30 | 000,000,378 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/06/02 06:27:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/02 06:26:52 | 000,001,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/06/02 06:24:58 | 000,001,870 | ---- | M] () -- C:\Documents and Settings\Charles Morse\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/02 06:22:36 | 000,777,488 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys
[2014/06/02 06:22:35 | 000,411,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys
[2014/06/02 06:22:35 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswrdr.sys
[2014/06/02 06:20:20 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/06/02 06:13:59 | 000,776,976 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsnx.sys.1401708152453
[2014/06/02 06:13:59 | 000,180,632 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/06/02 06:13:59 | 000,057,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2014/06/02 06:13:58 | 000,411,552 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswsp.sys.1401708152453
[2014/06/02 06:13:58 | 000,067,824 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2014/06/02 06:13:58 | 000,054,832 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswrdr.sys.1401708152453
[2014/06/02 06:13:58 | 000,049,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/06/02 06:13:58 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/06/02 06:13:55 | 000,271,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2014/06/02 06:13:55 | 000,043,152 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2014/06/02 02:11:00 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/06/01 22:19:50 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/06/01 22:19:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/01 11:27:01 | 000,000,820 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2014/06/01 08:18:01 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/05/31 12:07:31 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/05/31 12:07:31 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/05/31 10:47:41 | 000,001,773 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2014/05/31 09:44:19 | 000,096,680 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2014/05/31 09:44:17 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2014/05/31 09:44:17 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2014/05/31 09:44:17 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2014/05/31 09:44:17 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2014/05/30 17:55:19 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\Charles Morse\Desktop\JRT.exe
[2014/05/30 16:04:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/05/27 08:31:25 | 001,327,971 | ---- | M] () -- C:\Documents and Settings\Charles Morse\Desktop\AdwCleaner.exe
[2014/05/27 08:30:41 | 000,001,091 | ---- | M] () -- C:\Documents and Settings\Charles Morse\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/27 08:29:07 | 000,001,091 | ---- | M] () -- C:\Documents and Settings\Charles Morse\Desktop\Dropbox.lnk
[2014/05/26 21:41:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charles Morse\Desktop\OTL.exe
[2014/05/26 16:06:47 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Charles Morse\Desktop\aswMBR.exe
[2014/05/26 15:42:27 | 000,854,367 | ---- | M] () -- C:\Documents and Settings\Charles Morse\Desktop\SecurityCheck.exe
[2014/05/22 09:20:51 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\Charles Morse\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/05/22 09:20:32 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Charles Morse\Desktop\NTREGOPT.lnk
[2014/05/22 09:20:32 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\Charles Morse\Desktop\ERUNT.lnk
[2014/05/21 21:40:27 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\48230029.sys
[2014/05/13 20:07:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/05/08 16:06:23 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
[10 C:\Documents and Settings\Charles Morse\My Documents\*.tmp files -> C:\Documents and Settings\Charles Morse\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/02 06:26:52 | 000,001,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2014/06/02 06:22:13 | 000,000,378 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/06/02 06:20:21 | 000,001,870 | ---- | C] () -- C:\Documents and Settings\Charles Morse\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/06/02 06:20:20 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/06/02 06:14:11 | 000,180,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2014/06/02 06:14:08 | 000,049,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2014/06/02 06:14:07 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswHwid.sys
[2014/05/31 10:47:40 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
[2014/05/31 10:47:39 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2014/05/27 08:31:05 | 001,327,971 | ---- | C] () -- C:\Documents and Settings\Charles Morse\Desktop\AdwCleaner.exe
[2014/05/27 08:30:41 | 000,001,091 | ---- | C] () -- C:\Documents and Settings\Charles Morse\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/26 15:42:15 | 000,854,367 | ---- | C] () -- C:\Documents and Settings\Charles Morse\Desktop\SecurityCheck.exe
[2014/05/22 09:20:51 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Charles Morse\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/05/22 09:20:32 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Charles Morse\Desktop\NTREGOPT.lnk
[2014/05/22 09:20:32 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\Charles Morse\Desktop\ERUNT.lnk
[2010/10/03 11:16:22 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Charles Morse\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 22:25:04 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Charles Morse\Local Settings\Application Data\PUTTY.RND
[2009/06/14 14:39:22 | 000,000,175 | ---- | C] () -- C:\Documents and Settings\Charles Morse\atrader.properties
[2008/07/01 09:09:39 | 033,877,248 | ---- | C] () -- C:\Program Files\CFP_Setup_3.0.25.378_XP_Vista_x64.exe
[2008/02/27 08:51:45 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html
[2007/02/14 23:20:30 | 004,322,304 | ---- | C] () -- C:\Program Files\aawsepersonal.exe
[2007/01/23 23:56:38 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Charles Morse\Local Settings\Application Data\FASTWiz.html

========== ZeroAccess Check ==========

[2010/09/12 20:20:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2013/09/24 07:19:36 | 097,531,747 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\碟䖟嘬6
[2013/09/24 07:19:36 | 097,531,747 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\碟䖟嘬6
[2013/09/20 16:48:27 | 098,498,750 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䑹ቯ嘬6
[2013/09/20 16:48:27 | 098,498,750 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\䑹ቯ嘬6
[2013/09/16 18:36:48 | 097,872,530 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㒊캥嘬6
[2013/09/16 18:36:48 | 097,872,530 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\㒊캥嘬6
[2013/09/13 15:02:37 | 097,503,480 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�Ự嘬6
[2013/09/13 15:02:37 | 097,503,480 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\�Ự嘬6
[2013/09/06 13:02:35 | 096,462,459 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\潱梈嘬6
[2013/09/06 13:02:35 | 096,462,459 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\潱梈嘬6

< End of report >

 

[OCD]

Hi riverrat,

:bigthumb: I'm going to post my next set of instructions, just reply when you return home.

The Security Check scan still shows Java as being "out of date". But it shows you have the latest version so I would disregard that item.

Next, your disk is still showing quite a bit of fragmentation. You are running Windows XP, and with XP being quite a few years old it is understandable that there will be some fragmentation.Try this third party defrag tool and see if it improves the issue. I'm not 100% sure if Auslogic will tell you what percent is still fragmented after running the tool, so just re-run Security Check after defragging to get an update on percent of fragmentation. It is quite possible with the age of the machine you may need to defrag multiple times to get the percent down to a managable number.

Auslogics Disk Defrag Free

• Download here
• Install and run
• Post back after you have completed

=========================

Your OTL log looks good. If you're not having any other issues we should be able to wrap this up rather quickly.

=========================

In your next post please provide the following:

• Defrag results
• checkup.txt, if needed
• How is the computer performing?

 

[riverrat]

Hi OCD,

Finally back in town! Thanks for your patience. Here are the 2 reports. As always, thank you for all your help and sticking with me. My oldy but goodie seems to be purring right along.

riverrat



Disk: Local Disk (C, NTFS
Disk Defragmentation Summary



Disk Size 37.26 GB
Free Space Size 5.90 GB
Clusters 9767512
Sectors per cluster 8
Bytes per sector 512
Defragmentation started 6/5/2014 4:02:39 PM
Defragmentation completed 6/5/2014 4:04:39 PM
Elapsed time 00:01:59
Total Files 62645
Total Directories 8366
Fragmented Files 405
Defragmented Files 397
Skipped Files 8
Fragmentation Before 16.06% |||||||||
Fragmentation After 14.87% ||||||||



Results of screen317's Security Check version 0.99.83
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
`````````Anti-malware/Other Utilities Check:`````````
Windows Defender
CCleaner
Java 7 Update 60
Java version out of Date!
Adobe Reader XI
Google Chrome 35.0.1916.114
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````

 

[OCD]

Hi riverrat,

As you can see we have made some progress, but I would really like to get that % a bit lower.

First log : Total Fragmentation on Drive C:: 14%
Second log : Total Fragmentation on Drive C:: 11%
Third log : Total Fragmentation on Drive C:: 10%

Go ahead and run both the Windows built in defrag tool, reboot then follow that up with the Auslogic defrag tool.
Then reboot once again and run Security Check and let's see if that helps. We may just have to resign ourselves to the fact that with the age of the computer we just might not be able to get it any lower.

 

[riverrat]

Goor Morning OCD,

I'll get on that this morning and post the results. Thanks!

riverrat

 

[riverrat]

OCD,

Here we go. Another round of defragging. Does this look any better?

riverrat




Volume (C
Volume size = 37.26 GB
Cluster size = 4 KB
Used space = 31.30 GB
Free space = 5.96 GB
Percent free space = 15 %

Volume fragmentation
Total fragmentation = 10 %
File fragmentation = 21 %
Free space fragmentation = 0 %

File fragmentation
Total files = 62,904
Average file size = 621 KB
Total fragmented files = 11
Total excess fragments = 6,863
Average fragments per file = 1.10

Pagefile fragmentation
Pagefile size = 1.13 GB
Total fragments = 15

Folder fragmentation
Total folders = 8,368
Fragmented folders = 1
Excess folder fragments = 0

Master File Table (MFT) fragmentation
Total MFT size = 111 MB
MFT record count = 71,599
Percent MFT in use = 63 %
Total MFT fragments = 3

--------------------------------------------------------------------------------
Fragments File Size Files that cannot be defragmented
2 143 MB \Program Files\Google\Chrome\Application\35.0.1916.114\Installer\chrome.7z
29 151 MB \Documents and Settings\Charles Morse\Local Settings\Application Data\Identities\{17A58885-16C5-45A2-8755-9CABD2FCCD42}\Microsoft\Outlook Express\save mail.dbx
3 187 MB \Documents and Settings\Charles Morse\Local Settings\Application Data\Identities\{17A58885-16C5-45A2-8755-9CABD2FCCD42}\Microsoft\Outlook Express\smartgrowth.dbx
2,533 405 MB \Documents and Settings\Charles Morse\Local Settings\Application Data\Identities\{17A58885-16C5-45A2-8755-9CABD2FCCD42}\Microsoft\Outlook Express\Deleted Items.dbx
977 893 MB \Documents and Settings\Charles Morse\Local Settings\Application Data\Identities\{17A58885-16C5-45A2-8755-9CABD2FCCD42}\Microsoft\Outlook Express\Sent Items.dbx
3,226 1.49 GB \Documents and Settings\Charles Morse\My Documents\TomTom\HOME\Download\complete\map\USA__Canada___Mexico\USA_Canada_and_Mexico_P.zip






Auslogics Disk Defrag

6/6/2014 7:40:30 AM
Report for user "Charles Morse"
Disk: Local Disk (C, NTFS
Disk Defragmentation Summary



Disk Size 37.26 GB
Free Space Size 5.91 GB
Clusters 9767512
Sectors per cluster 8
Bytes per sector 512
Defragmentation started 6/6/2014 7:38:43 AM
Defragmentation completed 6/6/2014 7:40:30 AM
Elapsed time 00:01:46
Total Files 62952
Total Directories 8372
Fragmented Files 30
Defragmented Files 25
Skipped Files 5
Fragmentation Before 14.88% ||||||||
Fragmentation After 13.38% |||||||
Disk Defragmentation Details
Fragments Clusters Size Result File Name
29 6755786 / 6794367 150.71 MB OK C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Identities\{17A58885-16C5-45A2-8755-9CABD2FCCD42}\Microsoft\Outlook Express\save mail.dbx
6 11241 / 11251 1.00 KB OK C:\Documents and Settings\NetworkService\ntuser.dat.LOG
2 14876 / 14888 1.00 KB OK C:\WINDOWS\system32\config\DEFAULT.LOG
977 17057 / 245663 892.99 MB free space not found C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Identities\{17A58885-16C5-45A2-8755-9CABD2FCCD42}\Microsoft\Outlook Express\Sent Items.dbx
3226 239317 / 629990 1.49 GB free space not found C:\Documents and Settings\Charles Morse\My Documents\TomTom\HOME\Download\complete\map\USA__Canada___Mexico\USA_Canada_and_Mexico_P.zip
2 71 / 73 5.03 KB OK C:\Documents and Settings\Charles Morse\Desktop\VolumeC.txt
3 1035 / 1038 12.00 KB OK C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{751C7072-ED76-11E3-9DB0-00065B909D96}.dat
4 22577 / 22593 60.65 KB OK C:\Documents and Settings\Charles Morse\Local Settings\Temporary Internet Files\Content.IE5\NETUVQYT\google_com[2].htm
2 1038 / 1041 9.53 KB OK C:\Documents and Settings\Charles Morse\Local Settings\Temporary Internet Files\Content.IE5\8OG1Q26L\b_8d5afc09[1].png
5 351972 / 352032 239.85 KB OK C:\Documents and Settings\Charles Morse\Local Settings\Temporary Internet Files\Content.IE5\3XZ3KKYT\showthread[4].htm
2 9279 / 9285 21.72 KB OK C:\Documents and Settings\Charles Morse\Application Data\Dropbox\logs\1\5390fb09
4 56251 / 56275 94.99 KB OK C:\Documents and Settings\Charles Morse\Local Settings\Temporary Internet Files\Content.IE5\SYOIS9FK\showthread[1].htm
2 53651 / 53665 52.45 KB OK C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\db1cf7e53e202bf90-fca21047.dat
2 2157 / 2159 6.00 KB OK C:\Documents and Settings\Charles Morse\Application Data\Dropbox\PENDING_dvu3_9
2 2696 / 2698 6.00 KB OK C:\Documents and Settings\Charles Morse\Application Data\Dropbox\UPDATED_u3kzjg
2 4163 / 4167 5.00 KB OK C:\Documents and Settings\Charles Morse\Application Data\Dropbox\TO_HASH_brmpmg
2 69558 / 69574 64.00 KB OK C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
2 14888 / 14894 21.32 KB OK C:\Documents and Settings\All Users\Application Data\Motive\HomeView\ATT-SST_HNData.xml
5 75161 / 75182 80.66 KB OK C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\lsdb.info
2 56275 / 56286 42.00 KB OK C:\Documents and Settings\Charles Morse\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3b9gic.dll
3 6794367 / 6842164 186.70 MB OK C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Identities\{17A58885-16C5-45A2-8755-9CABD2FCCD42}\Microsoft\Outlook Express\smartgrowth.dbx
2 6259774 / 6437641 694.79 MB free space not found C:\Documents and Settings\Charles Morse\My Documents\TomTom\HOME\Backup\ONE XL\Backup01\InternalMemory\USA_Canada_and_Mexico_P\cline.dat
2533 6696080 / 6799674 404.66 MB free space not found C:\Documents and Settings\Charles Morse\Local Settings\Application Data\Identities\{17A58885-16C5-45A2-8755-9CABD2FCCD42}\Microsoft\Outlook Express\Deleted Items.dbx
4 21113 / 21120 25.16 KB OK C:\WINDOWS\system32\wbem\Logs\wbemess.log
4 352032 / 352068 122.96 KB OK C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\log\softwarehealth.log
4 566736 / 566910 694.05 KB OK C:\Documents and Settings\All Users\Application Data\AVAST Software\Persistent Data\Avast\Logs\Update.log
2 69574 / 69586 1.53 MB OK C:\Documents and Settings\Charles Morse\Local Settings\History\History.IE5\index.dat
2 2566200 / 2566653 1.77 MB OK C:\WINDOWS\WindowsUpdate.log
2 8172240 / 8208773 142.70 MB OK C:\Program Files\Google\Chrome\Application\35.0.1916.114\Installer\chrome.7z
55 9733013 / 9931665 775.98 MB free space not found C:\Documents and Settings\Charles Morse\My Documents\Dropbox\Camera Uploads\2013-02-28 14.40.12.mov

File Defragmentation Summary
Result Description
OK file successfully defragmented
unmovable file file in use, access denied
cancelled file defragmentation cancelled
free space not found unable to find free contiguous disk space
unable to defragment unable to defragment, defragmentation error

Auslogics



Results of screen317's Security Check version 0.99.83
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
`````````Anti-malware/Other Utilities Check:`````````
Windows Defender
CCleaner
Java 7 Update 60
Java version out of Date!
Adobe Reader XI
Google Chrome 35.0.1916.114
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Windows Defender MsMpEng.exe
Windows Defender MSASCui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````

 

[OCD]

Hi riverrat,

Does this look any better?

Slightly. At this point we are just trying to "tweak" your system to get the most out of it.

As you can see by these two reference lines in the logs your available free space is about:

Free space = 5.96 GB
Percent free space = 15 %

========================

Free Space Size 5.91 GB

Fragmentation Before 14.88% ||||||||
Fragmentation After 13.38% |||||||

========================

And your total fragmentation sits at about :

Fragmentation After 13.38%
Total Fragmentation on Drive C:: 9%

Depending on which results you read. So it's safe to say you are sitting about 10% fragmentation. You should always try and keep at least 20% or more free space on your hard drive for best performance.

You have this one file which is rather large and cannot be defragmented.

3,226 1.49 GB \Documents and Settings\Charles Morse\My Documents\TomTom\HOME\Download\complete\map\USA__Canada___Mexico\USA_Canada_and_Mexico_P.zip

If you can move it to an external hard drive or usb drive that will assist in removing some of the fragmentation. Or if that is not an option, maybe you can delete it and download a new copy that might prove less fragmented. When you download large files they inevitably get some degree of fragmentation.

Don't try and move any of the other files as they are part of your email's program files & folders.

Reply back with your thoughts and any questions.

 

[riverrat]

Good Morning OCD,

OK, I sent that file to my external HD. Your right, a big file, took awhile. So is it OK to delete it from my documents now? This is a little beyond my scope of understanding, whether or not the file will still be accessable to the program if it's on my external HD but not my C drive.

Have to leave town again! I work on the road. I'll keep cheking back though, and as always, THANK YOU!!!!!

riverrat

 

[OCD]

Hi riverrat,

OK, I sent that file to my external HD. Your right, a big file, took awhile. So is it OK to delete it from my documents now? This is a little beyond my scope of understanding, whether or not the file will still be accessable to the program if it's on my external HD but not my C drive.

The file you moved is related to your GPS unit. When you installed the program/unit you downloaded the map to go with it. By moving it to your external drive I don't think your GPS software will know where to look for it now when it attempts to update.

I would try and delete the copy on your C: drive and see if there are any adverse consequences. If you find that the GPS unit doesn't function as it should you will probably need to move it back, or download a new copy of the map if that is an option. Just be sure if you move the original file back you locate it in the same directory as it was before or it will not function properly.

If you have any questions about this feel free to ask before you make any changes.

 

[riverrat]

Hi OCD,

Checking back in with you. I've been out of town away from this computer for about a week. Things are working well. I haven't done anything with the GPS file because I am scared it will be an issue when I update the unit. Hope that is OK. Should we do anything else? Thanks you very much OCD!

riverrat

 

[OCD]

Hi riverrat,

Things are working well.

:bigthumb:

I haven't done anything with the GPS file because I am scared it will be an issue when I update the unit. Hope that is OK.

That's fine I was just trying to help you free up some space. But if you'd feel better not messing with it than that is fine also.

Should we do anything else?

Unless you have encountered any new issues, we can begin to wrap this up.

Just reply back if you have any new issues, if not we will do a little housekeeping and send you on your way.

 

[riverrat]

OCD,

Things seem to be working well. One item that is missing is something to do with my works calender. When my computer starts up I get a msg that a file is missing and a suggestion that re-installing the software may fix that. I'm not 100% sure I can lay my hands on the software, but maybe I should look?

Otherwise all is great!

Thanks,

riverrat

 

[OCD]

Hi riverrat,

Your log appears to be clean. :bigthumb:
We have a few items to take care of before we get to the All Clean Speech.

=========================

Clean up with OTL:

• Right-click OTL.exe select "Run as Administrator" to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

=========================

Removing/Uninstalling AdwCleaner:

• • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
• Click on the Uninstall button.
• Click Yes when asked are you sure you want to uninstall.
• Both AdwCleaner.exe, its folder and all logs will be removed.

=========================

You can now delete any tools and/or logs remaining on your desktop.

=========================

Delete All But the Most Recent Restore Point

1. Open Disk Cleanup by clicking the Start button
   
   . In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
2. If prompted, select the drive that you want to clean up, and then click OK.
3. In the Disk Cleanup for (drive letter) dialog box, click Clean up system files.
   
   Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
4. If prompted, select the drive that you want to clean up, and then click OK.
5. Click the More Options tab, under System Restore and Shadow Copies, click Clean up.
6. In the Disk Cleanup dialog box, click Delete.
7. Click Delete Files, and then click OK.

=========================

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

• NoScript
• AdBlockPlus

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

• Avast Free Antivirus
• Avira Free Antivirus 2013
• PC Tools AntiVirus Free
• Ad-Aware Free Antivirus +

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

• Online Armor Free
• Agnitum Outpost Firewall Free
• Comodo Firewall

Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

 

[riverrat]

Hi OCD,

I'm working on this list! Didn't want you to think I went on vacation! I'll report in when I get it all done. Thanks!

riverrat

 

[OCD]

:bigthumb:

 

[riverrat]

Hi OCD,

I believe I've crossed the finish line here! I can't thank you enough for your support.

Only 1 confusing part of the instructions. The ADWcleaner was a bit confusing to uninstall. When I right clicked on the icon I didn't see an uninstall prompt. I went to control panel but didn't see the program there either. Went back to the desktop and the icon was gone. Something must have worked.

I just don't know what to do with Security Check, JRT, and ERUNT. Should I just leave these programs on the desktop and hope I never need them? Thanks again SP MUCH!

riverrat

 

[OCD]

Hi riverrat,

You're welcome.

I just don't know what to do with Security Check, JRT, and ERUNT. Should I just leave these programs on the desktop and hope I never need them?

You can just drag them into the Recycle Bin, or right click on the icon and choose delete. ERUNT may be able to be uninstalled via the Control Panel.

Do you have any other questions?

 

[riverrat]

Hi OCD,

No more question!

Thanks!

riverrat

 

[OCD]

Hi riverrat,

You're very welcome. Glad I was able to help. :bigthumb: Have a great day.

Since this issue appears to be resolved ... this Topic will be closed.