TechSpot

8-Steps, logs included

By fluffykitten
Sep 9, 2010
  1. I have this laptop here, trying to fix it and I ran all the programs as said and to keep it simple, I will post the logs.

    The problem that is weird is that, I cannot connect to the internet on the infected profile. I can open cmd console in the infected profile, and ping a site, www.google.com and get replies but cannot connect to the browswer, cannot connect to any cloud applications.

    I can connect to the internet through safemode w/networking so should I just do windows restore and try to fix the problem. When safe mode comes up, say's clilck no to do windows restore and I have been thinking about doing this now.

    so please take a look and advise me on what I should do?
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    GMER log is missing.
     
  3. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    gmer log

    gmer log

    gmer.log:
    Your file of 642.5 KB bytes exceeds the forum's limit of 200.0 KB for this filetype.
     
  4. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    gmer files

    in order, 4 parts.
     

    Attached Files:

  5. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    Thinking about just logging into safe mode and instead of clicking yes, click no and do system restore with windows xp cd...

    I went through all this trouble, ill wait it out for bit.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Under no circumstances use system restore!

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    This was done in safe mode w/networking under Admin

     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Do not wrap logs in quotes, please.
    Go on...
     
  9. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    ComboFix

    While running, had several errors and infections showing up, at one point I didn't think it would finish but here is the log attached.

    Noted
     

    Attached Files:

    • log.txt
      File size:
      12.9 KB
      Views:
      2
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    It looks good now :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    I didn't understand, if you wanted me to past these in here when you said copy. I uploaded the two files.

    I don't know how the system is running, I see errors popping up a lot, saying to use chkdsk and I will try to log into the profile not using safe mode, currently been using safe mode w/networking logged in with admin. I will see if I can use the internet too, which I could not before.
     

    Attached Files:

  12. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    I am still unable to connect to the internet on the normal profile, even in safe mode, I can only use the internet while using the admin account in safe mode.
     
  13. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    Ok so no system restore, but clean install is my next move. I don't even know if the internet problem is connected to this anymore, I can ping sites through console cmd, and yet, I cannot connect to any sites, cloud apps.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    By not being able to connect, do you mean, your browser won't display any pages?
    Which browser is it?
    Did you try another browser?

    I need to know, if you want to continue, or you want to reinstall.
    I don't want to waste your, or my time for no reason.
     
  15. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    IE,

    I were to install firefox, I would have to log into safe mode under admin with networking to download another browser.

    Aside from the browser not working, apps are not working either. Google Earth.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    ...and?...
     
  17. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    I installed Firefox on the profile which was infected, setup through installation as normal install and default browser, when launched.

    url showed: www.ask.com/?=20011&l=dls

    The proxy server is refusing connections


    I didn't click on ask.com since all other installations on my machines never loaded Firefox with ask.com, always Firefox Google.
     
  18. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    Could you also tell me why, I believe I understand being that system restore tries to fix the machine while still infected and a clean install would wipe everything. I never used system restore before and don't plan on using it but just wanted to understand the reason a bit better.

    Thanks for all the help, btw and I hope the issue can be resolved without doing a clean install, this is new to me doing it this way... I always have gone the clean install route but it would be nice to clean a system back to clean install status without doing a clean install and that is what I am trying to learn.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Here we go...
    Your computer was (maybe still is) infected and we cleaned a lot already.
    However some restore points may be infected as well, so if we use system restore, most likely, we'll bring some infection back.

    We'll fix this in a moment.

    Check - Reset Proxy settings

    Internet Explorer Proxy settings:

    • Open Internet Explorer > click Tools > Internet Options > Connections tab.
    • Click the LAN Settings... button and UN-check Use a proxy server for your LAN or change the settings to the proxy you normally use if you previously reconfigured it.
    • Remove any unknown addresses from the Address box. 80 is the default Port so it does not have to be changed.
    • Click OK... then click OK again.
    • Close Internet Explorer and restart the computer.
    • An example of how to do this with screenshots can be found HERE

    Firefox Proxy settings:

    • Open Firefox, click Tools > Options > Advanced and click the Network Tab.
    • Under the Connection section click on the Settings... button.
    • Under Configure Proxies to Access the Internet, check No proxy. This is the default option if you don't use a proxy.
    • Click OK... then click OK again.
    • Close Firefox and restart the computer.
    • An example of how to do this with screenshots can be found HERE

    For other browsers, please refer to How to configure browser proxy settings.


    Finally...
    Re-run OTL with a very same script like in my reply #10 and post the log. It'll produce only 1 log.
     
  20. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    File size 242, I had to break it up into 2 files.

    Internet is now working
    As OTL was running, errors were showing up saying to use Chkdsk.

    Nevermind, I deleted browsing history. Ran OTL and the file size was much smaller. here it is.
     

    Attached Files:

    • OTL.Txt
      File size:
      122.7 KB
      Views:
      1
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good news :)

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
      IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
      FF - prefs.js..browser.search.defaultenginename: "Ask"
      FF - prefs.js..browser.search.order.1: "Ask"
      FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
      FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?o=20011&l=dis"
      FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm375YYUS&fl=0&ptb=O6qeqVpGNilWvNCi7i8zAw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&si=112164&searchfor="
      [2010/02/12 16:36:58 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\18cvcyeo.default\searchplugins\ask.xml
      [2010/02/12 16:37:04 | 000,009,949 | ---- | M] () -- C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\18cvcyeo.default\searchplugins\mywebsearch.xml
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
      O33 - MountPoints2\{99e6b578-f8c8-11de-829a-001c23a8efcf}\Shell\Auto\command - "" = E:\launcher.exe -- File not found
      O33 - MountPoints2\{99e6b578-f8c8-11de-829a-001c23a8efcf}\Shell\AutoRun - "" = Auto&Play
      [2010/09/03 07:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Local Settings\Application Data\qqpfpfhhe
      [2010/09/03 07:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Local Settings\Application Data\fpsgpegga
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\weight_loss_musical_daytime_rock.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\smoking_musical_daytime_rock.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\sadness_musical_daytime_easy.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\Quantum_Triliminal_August_2009_1a_Prosperity.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\love_magnet_musical_daytime_rock.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hypnosis:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hs_sub_positive_attitude.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hs_sub_perf_job.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hs_sub_love_magnet.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hs_sub_depression.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hs_sub_charisma.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hs_sub_binge_eat.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hs_sub_abundance.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\forget_musical_daytime_rock.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\Downloads:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\dia_selfesteem_hypnosis.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_weight_loss.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_unlimited_wealth.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_unlimited_confidence.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_sugar_addict.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_stress_relief.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_stop_smoking.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_rejection.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_radiant_health.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_ne_tween.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_love_magnet.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_increase_metabolism.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_increase_energy.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_improve_eyesight.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_food_fuel.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_exercise.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_discover_passion.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_body_image.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_abundance.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_12strand_dna.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\westramoney.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\unlim_wealth_musical_daytime_rock.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\unlim_conf_musical_daytime_rock.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\total_love_immersion (1).mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\Invocation_Intention_Angel_of_Manifestation_122208.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\day_weight_loss (1).mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\Blue-Room-Meditation.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\BadHabitBreaker.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\As a Man Thinketh.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\abundance_musical_daytime_rock.mp3:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\a_new_positive_you_hypnosis.mp3:Roxio EMC Stream
      @Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A6EA835
      @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5F222E3
      @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A164F1A9
      @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9D9AD33
      @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DCCD617
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  22. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    After reboot - OTL log

    next to the clock, shows errors otl.exe/run chkdsk - this happens about everytime I run chkdsk
     

    Attached Files:

  23. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    OTL quick scan log
     

    Attached Files:

    • OTL.Txt
      File size:
      85.4 KB
      Views:
      1
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I'm not sure, if I understand. Can you tell me more?
     
  25. fluffykitten

    fluffykitten TS Rookie Topic Starter Posts: 99

    sorry, I worded it wrong, happens every time I run OTL and says to run chkdsk, I had it backwards and it shows it next to the clock, bottom right.,
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...