Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

fireberd

9 Legend

 • 

33.3K Posts

2811

June 13th, 2011 08:00

Possible Malware

This is on my Windows 7 64 bit system.

Starting this morning, I get a popup in the notificaton area that  "Operation Failed" .  The contents of the noticification is: "Backup Validation task execution failed.  Description: Stage Description.  See operation log for details"

From what I can find this COULD be related to the Windows backup, however I don't have it turned on since I use Acronis True Image. 

Looking at some system logs I also found refrence to "SASDIFSV" and "SASKUTIL"  which is apparently related to Super Antispyware, which I do not have.  I ran a full Malwarebytes scan (I have a paid version) and it did not find anything.  MSE scan did not find anything either.

I did find, doing a google search, that the SASDIFSV and SASKUTIL can be deleted from the registry.  I did a registry scan and found them in 3 places.  There was a 3rd SAS file but I don't remember what it was.  They were pointing to some garbage characters and then my hard drive\users\my name\appdata\local but I didn't find anything there.  With the garbage characters before the hard drive letter, it looks suspicious.  They are still being referenced in the Windows Event Log, as I've restarted the system after deleting the registry entries. 

I generated a Hijack log with WinPatrol but I didn't see anything, but maybe I don't know what I was really looking for.

Worst case I can reformat and restore from my last Acronis full hard drive backup on 6/4.

 

 

 

Inspiron 16 5630 Laptop and WD22TB4 Docking Station
Self-built desktop for recording studio application

kevinf80_1d0ac6

1.1K Posts

June 15th, 2011 01:00

Since this issue appears to be resolved  the topic has been closed. Glad we could help.:emotion-21: 

Everyone else please begin a New Topic.

The fixes and advice in this thread are for this System only. Do not apply the instructions from this thread to your own System. Please start a new thread describing your issue and someone will be along to assist you.

fireberd

9 Legend

 • 

33.3K Posts

June 13th, 2011 08:00

Kevin, I am one of the forum VIP's... (Jack)  I

kevinf80_1d0ac6

1.1K Posts

June 13th, 2011 08:00

Hi fireberd,

I'm kevinf80 and I will be helping with any issues you may have. Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.
Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.

* If you are using any cracked software, please remove it. In addition to being illegal, when you install cracked software, you are running executable files from dubious, unknown sources. You are giving these sources access to information on your hard disk, and potential control over operation of your computer. Definition of cracked software HERE

** If you are using any P2P (file sharing) programs, please remove them before we clean your computer. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a partial list HERE

Please proceed as follows :-

Download user posted image OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3
Link 4
  • Double click on the icon to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Under the Custom Scan box paste this in




















CODE

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    Kevin



fireberd

9 Legend

 • 

33.3K Posts

June 13th, 2011 08:00

Data Deleted

kevinf80_1d0ac6

1.1K Posts

June 13th, 2011 09:00

Hiya Jack,

I do not see anything related to SuperantiSpyware in your logs. You also mention a reference to a backup failure,I do not see any entries for windows backup, there is a reference to Nero BackItUp Scheduler 4.0. This is currently disabled and stopped. I`m not familiar with Nero as I do not use it, is it possibly scheduled as a windows task and that is the alert because the sheduler is off..

Bit of cleaning up but nothing malicious showing in the logs...

Re-Run user posted image by double left click, Vista and Widows 7 users right click and select Run as Administrator.
  • Under the user posted image box at the bottom, paste in the following
CODE

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E4878B45-E2C0-4307-B6E8-734922F92F5B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[9 E:\Windows\SysNative\*.tmp files -> E:\Windows\SysNative\*.tmp -> ]
[2 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Winter Celebration Book 2.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Winter Celebration Book 1.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Winter Celebration 07 Mike Gross.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Untitled.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\too much country.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Too Much Country.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Too much country book.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Tommy Cash Sings Gospel Book.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Tommy Cash JC Tribute.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Tommy Cash JC Tribute.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\stlouis and memphis pix.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Songs Of Mind.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Songs of mind conbined.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Seymour Priceless.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\serger 2.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\serger 1.tif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Rusty York.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Rusty York.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Reunion Pix.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\RAy Price Originals.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Production 1.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\pillow and floyd show.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\peppers writing these for you.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Peppers to Jones.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\peppers songs.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\peppers songs.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\peppers sings jones.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\peppers country music is still alive.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Peppers and guitar.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Paycheck.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\paycheck lovin you.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Paycheck and McCall2.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Paycheck and McCall1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Ollie Strong.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\nv1000 preamp parts pt1.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\nv1000 preamp 3 resized.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\nortorious cherry bombs.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\mv500.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\mv500.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Mooney 2002 ISGC.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Merle Travis.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Merle Travis.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Martina Timeless.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Lloyd Green Revisited.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Lloyd Green Revisited.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\lee ann noel.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\knit hat.gif:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\John Thomas V1.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\John Thomas CD3.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\John Thomas CD2.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\John Thomas CD2.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\John Anderson Greatest Hits.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\John Adams Obit.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jimmy Peppers Test CD Label.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jimmy Peppers Songs.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jimmy Peppers Songs.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jimmy Peppers Songs of Mind.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jimmy Peppers Demo.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\jernigan.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jean Shepard.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jean Shepard.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\jacks info.nfo.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\jack new cover 3.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\jack new cover 2.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\jack new cover 1.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jack Greene Show.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jack Grande Tour.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jack grande tour thin book.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jack grande tour stomp back.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jack grande tour neato book.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jack grande tour neato back.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jack grande tour generic book.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jack grande tour generic book - Mod.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Jack Grande Tour Book New.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\home inventory.dmsm:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Hit Songs Billy Cook.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\harmosguitarsch.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Gulf Coast Steel Guitar thin book.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Geroge IV Sampler.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\George IV Show.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\George IV Promo.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\gax70 wiring.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Fender Type.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Emmons Mcall Rugg ISGC 2002.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Emmons & Rugg 2002.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Emmons & McCall ISGC.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Dueling Banjos.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Dueling Banjos.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\doug jernigan.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\doug jernigan speed pickin.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Dave wedding.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Daryle Singletary Label.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\CT100EXAMPLES.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\CF Johnny Tuesday Jam Booklet.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\CF Johnny Tuesday Jam Back.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\CCARD35.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Catfish Johnny Jam Disk 2.cl5.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Catfish Johnny Jam Disk 1.cl5.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Catfish Johnny Jam 2002 book CD2.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Catfish Johnny Jam 2002 book CD1.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Catfish Johnny Disk 2.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Catfish Johnny Disk 1.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\bob browning.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\bob browning.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\billy cook original songs.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Billy Cook Hit Songs.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Billy Cook Hit Songs.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\billy cook gospel.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\billy cook gospel tracks.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Billy Cook Gospel Songs.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Billy Cook Gospel Songs.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Billy Cook Country Tracks.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Billy Cook Country Tracks.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Billy Cook Country Songs.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Billy Cook Country Songs.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\billy cook compilation.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\billy cook by request.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\big k records booklet.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\almostintro.mp3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\allen frizzell.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Al Music Only.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Al Calls and music.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\Akers Book.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\A Matter Of Time.rcl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\A Matter of Time.jwl:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> E:\Users\Jack\Documents\12AX7A.tif:Roxio EMC Stream
@Alternate Data Stream - 304 bytes -> E:\Users\Jack\Documents\magicchord.bmp:Updt_SummaryInformation
@Alternate Data Stream - 197 bytes -> E:\ProgramData\TEMP:0D6E9A34
@Alternate Data Stream - 1273 bytes -> E:\ProgramData\Microsoft:TtU7gjF4qZS9oxFxE81vb8h
@Alternate Data Stream - 122 bytes -> E:\ProgramData\TEMP:EFCCC46E
@Alternate Data Stream - 1120 bytes -> E:\Users\Jack\AppData\Local\YyMEMXDNf:SGSNM7ZaPNfXtt0KIthSTURo
@Alternate Data Stream - 1119 bytes -> E:\ProgramData\Microsoft:z2KXfqeajqyY8I8qLlj5vigWW0W
@Alternate Data Stream - 1109 bytes -> E:\ProgramData\Microsoft:T8NJFJ2LND1SaCICwAq0tB

:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]


  • Then click user posted image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

    Next,

    Uninstall Java(TM) 6 Update 3 via Start > Control Panel > Uninstall a program.

    Next,

    You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version.
    For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system.
    The most current version of Sun Java is: Java Runtime Environment Version 6 Update 26.

    • Go to Sun Java
    • Select Windows 7/XP/Vista/2000/2003/2008 If using 64 bit OS Select Information about the 64-bit Java plug-in and follow prompts
    • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
    • Reboot your computer


    Let me see the log from OTL, also tell me how your system is responding, are you still having the original issues?

    Kevin

kevinf80_1d0ac6

1.1K Posts

June 13th, 2011 12:00

Have you carried the instructions as per my last reply? also complete the following:

Please download VEW by Vino Rosso from HERE and save it to your Desktop.
  • Double-click VEW.exe. to start, Vista and Windows 7 users Right Click and select "Run as Administrator"
  • Under 'Select log to query...check the boxes for both Application and System.
  • Under 'Select type to list... select both Error and Critical.
  • Click the radio button for 'Number of events...Type 10 in the 1 to 20 box.
  • Then click the Run button.
  • Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient.


Please post the Output log in your next reply...

If you intend to re-image please let me know.....

Kevin

fireberd

9 Legend

 • 

33.3K Posts

June 13th, 2011 12:00

The Nero has been there, disabled, for a long time.  It was part of the Nero software package, but as I noted I use Acronis True Image so all other backup program is disabled.  I need to uninstall Nero 8 as I'm up to Nero 10 and it must not have uninstalled that when V10 installed.

The backup errir message that I started getting today concerns me.  There was nothing changed yesterday, as far as programs, so it has to be some roque malware that is causing it. I did see a reference to "block level backup engine" in one of the Windows logs and that, according to what I can find belongs to the Windows backup, but as noted in my original post I do not have the Windows backup enabled or configured. 

I do PC repair and when I get a client's PC in with Malware I can run Malwarebytes and it will fix it.  I ran a "full scan" with my Malwarebytes and nothing showed up.  

If I can't find what it is, I'm going to restore using my last full hard Acronis drive back, from last week.  There is nothing since last week, except for some Recording studio work and I've already separately saved that to another internal hard drive.  I can restore and what will be lost, such as some e-mails are not an issue.

Jack

fireberd

9 Legend

 • 

33.3K Posts

June 14th, 2011 05:00

Deleted 

fireberd

9 Legend

 • 

33.3K Posts

June 14th, 2011 05:00

Deleted

kevinf80_1d0ac6

1.1K Posts

June 14th, 2011 06:00

This is not a Malware/infection issue,  re-open OTL and hit the "Clean up" tab, re-boot your system if prompted. Open a new thread here:

http://en.community.dell.com/support-forums/software-os/f/3524.aspx  Let the Technical guys have a look at it, Post a link to this thread so they can see Vino`s Event Viewer log....

Kevin

fireberd

9 Legend

 • 

33.3K Posts

June 14th, 2011 06:00

Ok, Thanks, Kevin.  I am one of the VIP's that regularly responds to problems on the Software section.  Looks like I'm going to have to do this on my own and it looks more and more like a restore from my Acronis backup is in order since it can't be found.

fireberd

9 Legend

 • 

33.3K Posts

June 14th, 2011 07:00

Kevin,

I do not have Acronis set for auto backups.  But, I've "fixed" the problem.  I had been avoiding doing a System Restore as if there were some malware it would still be there after the restore.  Since you reported it did not appear to be any malware I decided as a "last resort" before rebuilding my hard drive from the Acronis backup run System Restore back to 6/10 which is the last restore date before the problem.  However, after it was finished and the system rebooted it reported it could not complete the restore, possibly because of running the OTL cleanup.  BUT, the Operation has failed notification is gone.  I've rebooted twice more and the error notice is gone.  

Thanks for your help.

Jack

kevinf80_1d0ac6

1.1K Posts

June 14th, 2011 07:00

Hiya Jack,

I feel this is a software issue, looking at the event log a possible clash is taking place. I was looking on the Microsoft answers site at causes of issues we see in the log. General opinion was software clash. Is Acronis set up for auto back ups. I`m no expert on Technical issues, I prefer to stay in my comfort zone and just deal with Malware and Infections.

Regards,

Kevin...

kevinf80_1d0ac6

1.1K Posts

June 14th, 2011 12:00

Hiya Jack,

That is an odd one for sure, OTL does not touch the system restore cache unless directed by a specific command in the custom scan box. We did clear out a considerable amount of dross from your system, maybe one of the temp folders we emptied had a part to play.

One positive to take from the exercise, it wasn`t down to malware or infection...

It was a pleasure to work with you,

Take care,

Kevin....

fireberd

9 Legend

 • 

33.3K Posts

June 14th, 2011 13:00

Kevin, the first step was to determine if there was malware of some type.  Since you confirmed there wasn't, I could try other steps, such as the System Restore.

Thanks again.

(I've deleted my system data from the thread).

Jack

View More

View All

No Events found!

Top