Solved 8-Steps, logs included

[fluffykitten]

I have this laptop here, trying to fix it and I ran all the programs as said and to keep it simple, I will post the logs.

The problem that is weird is that, I cannot connect to the internet on the infected profile. I can open cmd console in the infected profile, and ping a site, www.google.com and get replies but cannot connect to the browswer, cannot connect to any cloud applications.

I can connect to the internet through safemode w/networking so should I just do windows restore and try to fix the problem. When safe mode comes up, say's clilck no to do windows restore and I have been thinking about doing this now.

so please take a look and advise me on what I should do?

 

[Broni]

GMER log is missing.

 

[fluffykitten]

gmer log

gmer log

gmer.log:
Your file of 642.5 KB bytes exceeds the forum's limit of 200.0 KB for this filetype.

 

[fluffykitten]

gmer files

in order, 4 parts.

 

[fluffykitten]

Thinking about just logging into safe mode and instead of clicking yes, click no and do system restore with windows xp cd...

I went through all this trouble, ill wait it out for bit.

 

[Broni]

Under no circumstances use system restore!

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[fluffykitten]

This was done in safe mode w/networking under Admin

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 105):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F31000 atapi.sys
0xB9E73000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E53000 fltmgr.sys
0xB9E41000 sr.sys
0xB9E2B000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9E14000 KSecDD.sys
0xB9E01000 WudfPf.sys
0xB9D74000 Ntfs.sys
0xB9D47000 NDIS.sys
0xBA108000 ohci1394.sys
0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9D2D000 Mup.sys
0xBA368000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9CB0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA370000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9C88000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9A6C000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xBA138000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xBA148000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB9A58000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB9A07000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xBA158000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB99D5000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5B2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA380000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA388000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA168000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5B4000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA178000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA188000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB99B2000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA564000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA198000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB999B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9962000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5BA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9904000 \SystemRoot\system32\DRIVERS\update.sys
0xBA580000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA1F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA540000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5CA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA77E000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5CE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA400000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0xBA408000 \SystemRoot\System32\drivers\vga.sys
0xB9800000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xBA5D2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA418000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA428000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA560000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB97CD000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB9774000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB974E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB9714000 \SystemRoot\System32\Drivers\avgtdix.sys
0xBA440000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB96EC000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB96CA000 \SystemRoot\System32\drivers\afd.sys
0xBA248000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB969F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB962F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB985C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA268000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA458000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB9840000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA288000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB95EF000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5DC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9CD4000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA480000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA72A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB90DB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB8E00000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 19):
0 System Idle Process
4 System
464 C:\WINDOWS\system32\smss.exe
744 csrss.exe
768 C:\WINDOWS\system32\winlogon.exe
812 C:\WINDOWS\system32\services.exe
824 C:\WINDOWS\system32\lsass.exe
980 C:\WINDOWS\system32\svchost.exe
1052 svchost.exe
1272 C:\WINDOWS\system32\svchost.exe
1320 svchost.exe
1432 C:\Program Files\AVG\AVG9\avgchsvx.exe
1492 svchost.exe
1564 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1600 C:\Program Files\AVG\AVG9\avgcsrvx.exe
740 C:\WINDOWS\explorer.exe
1152 C:\Program Files\Internet Explorer\iexplore.exe
1180 C:\WINDOWS\system32\ctfmon.exe
1980 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`04e71400 (NTFS)

PhysicalDrive0 Model Number: ST9160821AS, Rev: 3.CDE

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

[Broni]

Do not wrap logs in quotes, please.
Go on...

 

[fluffykitten]

ComboFix

While running, had several errors and infections showing up, at one point I didn't think it would finish but here is the log attached.

Do not wrap logs in quotes, please.
Go on...

Noted

 

[Broni]

It looks good now

How is computer doing?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[fluffykitten]

I didn't understand, if you wanted me to past these in here when you said copy. I uploaded the two files.

I don't know how the system is running, I see errors popping up a lot, saying to use chkdsk and I will try to log into the profile not using safe mode, currently been using safe mode w/networking logged in with admin. I will see if I can use the internet too, which I could not before.

 

[fluffykitten]

I am still unable to connect to the internet on the normal profile, even in safe mode, I can only use the internet while using the admin account in safe mode.

 

[fluffykitten]

Ok so no system restore, but clean install is my next move. I don't even know if the internet problem is connected to this anymore, I can ping sites through console cmd, and yet, I cannot connect to any sites, cloud apps.

 

[Broni]

By not being able to connect, do you mean, your browser won't display any pages?
Which browser is it?
Did you try another browser?

I need to know, if you want to continue, or you want to reinstall.
I don't want to waste your, or my time for no reason.

 

[fluffykitten]

IE,

I were to install firefox, I would have to log into safe mode under admin with networking to download another browser.

Aside from the browser not working, apps are not working either. Google Earth.

 

[Broni]

...and?...

 

[fluffykitten]

I installed Firefox on the profile which was infected, setup through installation as normal install and default browser, when launched.

url showed: www.ask.com/?=20011&l=dls

The proxy server is refusing connections


I didn't click on ask.com since all other installations on my machines never loaded Firefox with ask.com, always Firefox Google.

 

[fluffykitten]

Under no circumstances use system restore!

Could you also tell me why, I believe I understand being that system restore tries to fix the machine while still infected and a clean install would wipe everything. I never used system restore before and don't plan on using it but just wanted to understand the reason a bit better.

Thanks for all the help, btw and I hope the issue can be resolved without doing a clean install, this is new to me doing it this way... I always have gone the clean install route but it would be nice to clean a system back to clean install status without doing a clean install and that is what I am trying to learn.

 

[Broni]

Here we go...
Your computer was (maybe still is) infected and we cleaned a lot already.
However some restore points may be infected as well, so if we use system restore, most likely, we'll bring some infection back.

url showed: www.ask.com/?=20011&l=dls

We'll fix this in a moment.

The proxy server is refusing connections

Check - Reset Proxy settings

Internet Explorer Proxy settings:

• Open Internet Explorer > click Tools > Internet Options > Connections tab.
• Click the LAN Settings... button and UN-check Use a proxy server for your LAN or change the settings to the proxy you normally use if you previously reconfigured it.
• Remove any unknown addresses from the Address box. 80 is the default Port so it does not have to be changed.
• Click OK... then click OK again.
• Close Internet Explorer and restart the computer.
• An example of how to do this with screenshots can be found HERE

Firefox Proxy settings:

• Open Firefox, click Tools > Options > Advanced and click the Network Tab.
• Under the Connection section click on the Settings... button.
• Under Configure Proxies to Access the Internet, check No proxy. This is the default option if you don't use a proxy.
• Click OK... then click OK again.
• Close Firefox and restart the computer.
• An example of how to do this with screenshots can be found HERE

For other browsers, please refer to How to configure browser proxy settings.


Finally...
Re-run OTL with a very same script like in my reply #10 and post the log. It'll produce only 1 log.

 

[fluffykitten]

File size 242, I had to break it up into 2 files.

Internet is now working
As OTL was running, errors were showing up saying to use Chkdsk.

Nevermind, I deleted browsing history. Ran OTL and the file size was much smaller. here it is.

 

[Broni]

Good news

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

========================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
  IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
  FF - prefs.js..browser.search.defaultenginename: "Ask"
  FF - prefs.js..browser.search.order.1: "Ask"
  FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
  FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?o=20011&l=dis"
  FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm375YYUS&fl=0&ptb=O6qeqVpGNilWvNCi7i8zAw&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&si=112164&searchfor="
  [2010/02/12 16:36:58 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\18cvcyeo.default\searchplugins\ask.xml
  [2010/02/12 16:37:04 | 000,009,949 | ---- | M] () -- C:\Documents and Settings\Susan\Application Data\Mozilla\Firefox\Profiles\18cvcyeo.default\searchplugins\mywebsearch.xml
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
  O33 - MountPoints2\{99e6b578-f8c8-11de-829a-001c23a8efcf}\Shell\Auto\command - "" = E:\launcher.exe -- File not found
  O33 - MountPoints2\{99e6b578-f8c8-11de-829a-001c23a8efcf}\Shell\AutoRun - "" = Auto&Play
  [2010/09/03 07:10:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Local Settings\Application Data\qqpfpfhhe
  [2010/09/03 07:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Susan\Local Settings\Application Data\fpsgpegga
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\weight_loss_musical_daytime_rock.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\smoking_musical_daytime_rock.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\sadness_musical_daytime_easy.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\Quantum_Triliminal_August_2009_1a_Prosperity.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\love_magnet_musical_daytime_rock.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hypnosis:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hs_sub_positive_attitude.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hs_sub_perf_job.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hs_sub_love_magnet.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hs_sub_depression.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hs_sub_charisma.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hs_sub_binge_eat.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\hs_sub_abundance.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\forget_musical_daytime_rock.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\Downloads:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\dia_selfesteem_hypnosis.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_weight_loss.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_unlimited_wealth.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_unlimited_confidence.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_sugar_addict.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_stress_relief.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_stop_smoking.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_rejection.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_radiant_health.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_ne_tween.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_love_magnet.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_increase_metabolism.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_increase_energy.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_improve_eyesight.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_food_fuel.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_exercise.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_discover_passion.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_body_image.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_abundance.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\My Documents\back_12strand_dna.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\westramoney.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\unlim_wealth_musical_daytime_rock.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\unlim_conf_musical_daytime_rock.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\total_love_immersion (1).mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\Invocation_Intention_Angel_of_Manifestation_122208.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\day_weight_loss (1).mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\Blue-Room-Meditation.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\BadHabitBreaker.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\As a Man Thinketh.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\abundance_musical_daytime_rock.mp3:Roxio EMC Stream
  @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Susan\Desktop\a_new_positive_you_hypnosis.mp3:Roxio EMC Stream
  @Alternate Data Stream - 171 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A6EA835
  @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A5F222E3
  @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A164F1A9
  @Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C9D9AD33
  @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DCCD617
  
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

[fluffykitten]

After reboot - OTL log

next to the clock, shows errors otl.exe/run chkdsk - this happens about everytime I run chkdsk

 

[fluffykitten]

OTL quick scan log

 

[Broni]

shows errors otl.exe/run chkdsk - this happens about everytime I run chkdsk

I'm not sure, if I understand. Can you tell me more?

 

[fluffykitten]

sorry, I worded it wrong, happens every time I run OTL and says to run chkdsk, I had it backwards and it shows it next to the clock, bottom right.,