Unable to Update

[Helpmeh]

This is my first time posting a new topic here  I really hoped I wouldn't need to, but I know I'm in good hands.

For some reason, my computer (Windows XP Home) will not update, more specifically, it will say that it has updated, but on restart, it prompts me to select computer updates again. Secondly, I get an "Access is Denied" error message 5 out of 5 times trying to update to SP3 (I have SP2).

I have CA Antivirus Security Suit, which was updated somewhat recently (more recently than February).

Attached is a Hijackthis log. I ran it under the recomendation of Broni (incase anyone needs to know).

If there is anything else I should include, more system info, etc., or I should download, tell me please.

Also, it doesn't seem to affect my AV software, just windows update. And I checked, I am NOT infected with conficker.

Edit: I saw nothing suspicious in Add/Remove Programs...

[attachment deleted by admin]

[harry 48]

2 bho with no files no names , and facebook , but wait for help i'm no expert , harry

[Helpmeh]

2 bho with no files no names , and facebook , but wait for help i'm no expert , harry

2 what??? And sorry I havent posted MBAM or SAS, I just got them, and running a scan on MBAM as I type...

It picked up Vundo (I thought I got rid of that last year! ) and some other stuff, a screenie of the results is attached, along with the log. I need to restart, so I will be back in a minute.

Final EDIT (for now?): I just finished scanning with SAS (took over 1h)...it's removing problems. Log attached.

[attachment deleted by admin]

[Helpmeh]

2 what??? And sorry I havent posted MBAM or SAS, I just got them, and running a scan on MBAM as I type...

It picked up Vundo (I thought I got rid of that last year! ) and some other stuff, a screenie of the results is attached, along with the log. I need to restart, so I will be back in a minute.

Final EDIT (for now?): I just finished scanning with SAS (took over 1h)...it's removing problems. Log attached.

New update on my situation:
When I turned on my computer today, I get an error saying that SSUpdate.exe (or something similar) is corrupted, then it tells me to run chkdsk. I run it (without any switches) and it deleted some entry, then closed...I ran it again with the /f switch, and it says that it can't lock onto a drive. So now it will run on restart...I will be back soon after it is completed.

[Karnac]

Here's the KB article........http://support.microsoft.com/kb/949377   for the update  issue

[kpac]

BHOs and other entries in HJT with (no file) or (no name) don't really mean anything.

I don't think this is malware related anyway, but we'll wait and see.

[Helpmeh]

Here's the KB article........http://support.microsoft.com/kb/949377   for the update  issue

The link here is to download an installer for SP3, but I am neither an IT Pro or a Developer, and the updater on update.microsoft.com doesn't help either (tries 3-5). Do I need to be an IT Pro or a developer to do it (required knowlage which I lack)?
http://www.microsoft.com/downloads/details.aspx?FamilyId=5B33B5A8-5E76-401F-BE08-1E1555D4F3D4&displaylang=en

[Karnac]

Just a thought..... I just saw an update for SP2 ....... is your SP2 up to date?, or would it make sense to reinstall SP2 and then try to install SP3.

[Helpmeh]

Just a thought..... I just saw an update for SP2 ....... is your SP2 up to date?, or would it make sense to reinstall SP2 and then try to install SP3.

I have SP2 (Winver confirms it) so I don't think I need to reinstall it...

[Karnac]

Unless it's missing something (file,dll) that SP3 needs to load.

[Helpmeh]

Unless it's missing something (file,dll) that SP3 needs to load.

It said the problem is something is partially locking the registry...and I got 2 out of 3 of the error messages it shows.

[evilfantasy]

Download Rooter.exe to your desktop

* Double click Rooter.exe to start the tool.
* A DOS window will appear and show the scan progress.
* Once complete a notepad file containing the report will open.
* Copy & paste the results in your next reply.
* Close notepad and Rooter will close.

A log will also save at %systemdrive%\Rooter.txt (Where %systemdrive% is usually C: or the drive that you have Windows installed).

[Helpmeh]

Download Rooter.exe to your desktop

* Double click Rooter.exe to start the tool.
* A DOS window will appear and show the scan progress.
* Once complete a notepad file containing the report will open.
* Copy & paste the results in your next reply.
* Close notepad and Rooter will close.

A log will also save at %systemdrive%\Rooter.txt (Where %systemdrive% is usually C: or the drive that you have Windows installed).

Do I need to have my windows closed, will they affect the scan?

[evilfantasy]

It should run fine.

[Helpmeh]

It should run fine.

I got a "Windows - No Disk" error after less than 10 seconds, included: Screenshot, message and parameters.
Message: c0000013
Parameters: 75b6bf9c 4 75bsbf9c 75b6bf9c
Screenshot:

Note: error appears twice, then can continues (incase that means anything).

[Helpmeh]

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:39205 Mo/Free:4006 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:0 Mo/Free:0 Mo)

16/04/2009|18:53

----------------------\\  Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
---------- C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
---------- C:\WINDOWS\system32\LEXBCES.EXE
---------- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
---------- C:\WINDOWS\system32\LEXPPS.EXE
---------- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
---------- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
---------- C:\WINDOWS\system32\cisvc.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
---------- C:\WINDOWS\system32\nvsvc32.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
---------- C:\WINDOWS\system32\svcprs32.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
---------- C:\Program Files\Windows Media Player\WMPNetwk.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\QuickTime\qttask.exe
---------- C:\Program Files\SetPoint\LBTWiz.exe
---------- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
---------- C:\WINDOWS\cfgmng32.exe
---------- C:\WINDOWS\system32\rundll32.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Windows Media Player\WMPNSCFG.exe
---------- C:\Program Files\SetPoint\SetPoint.exe
---------- C:\WINDOWS\system32\mdmcls32.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
---------- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
---------- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\mdmcls32.exe
---------- C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cidaemon.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\WINDOWS\system32\mspaint.exe
---------- C:\Rooter$\RK.exe

----------------------\\  Search..

==> VUNDO <==

----------------------\\  ROOTKIT !!


----------------------\\  Cracks & Keygens..

C:\DOCUME~1\Matthew\Local Settings\Temporary Internet Files\Content.IE5\9POMVR14\Christmas_cracker[1].png
C:\DOCUME~1\Matthew\Local Settings\Temporary Internet Files\Content.IE5\Q6FWARS0\crackerhead[1].gif
C:\DOCUME~1\Matthew\Local Settings\Temporary Internet Files\Content.IE5\VODUPJQG\463-a-nutcracking-penguin[1].htm
C:\DOCUME~1\Matthew\Local Settings\Temporary Internet Files\Content.IE5\X4CVNAPD\christmas_cracker[1].png
C:\DOCUME~1\Matthew\Local Settings\Temporary Internet Files\Content.IE5\YFVD35D4\xmascracker[1].gif


1 - "C:\Rooter$\Rooter_1.txt" - 16/04/2009|18:59

----------------------\\  Scan completed at 18:59

[evilfantasy]

Download the MBR Rootkit Detector to your desktop.

• Doubleclick mbr.exe and follow prompts.
  
• A black DOS window will quickly appear then disappear.
• When mbr.exe is finished it will create a log on your desktop.
• Copy and paste contents of that log file to your next reply.

[Helpmeh]

Download the MBR Rootkit Detector to your desktop.

• Doubleclick mbr.exe and follow prompts.
  
• A black DOS window will quickly appear then disappear.
• When mbr.exe is finished it will create a log on your desktop.
• Copy and paste contents of that log file to your next reply.

That was quick lol!

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.1 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[evilfantasy]

Not finding anything...

Download DDS by sUBs and save it to your desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[Helpmeh]

Not finding anything...

Download DDS by sUBs and save it to your desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

It doesn't seem to do anything but display the information at the beginning.

[evilfantasy]

Just give it a few minutes.

[Helpmeh]

Just give it a few minutes.

DDS.txt:

DDS (Ver_09-03-16.01) - NTFSx86 
Run by Matthew at 19:11:05.57 on 16/04/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.511.130 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated)
FW: CA Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\svcprs32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SetPoint\LBTWiz.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\WINDOWS\cfgmng32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\WINDOWS\system32\mdmcls32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Matthew\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://mmoarea.tk/
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {16f92367-5b43-4296-8fb8-4eff0918ef28} -
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} -
BHO: {2d2a29aa-473d-a9c8-faa4-b308f524116c}: {c611425f-803b-4aaf-8c9a-d374aa92a2d2} -
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} -
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\toolbar\CallingIDIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech BT Wizard] LBTWiz.exe -silent
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [dvHighMem] c:\windows\cfgmng32.exe
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mExplorerRun: [fPqOa3qQAy] c:\windows\system32\winver.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: Download All by FlashGet - c:\program files\flashget\jc_all.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download using FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: c:\windows\system32\winsflt.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: forumsvibe.com
Trusted Zone: forumsvibe.com\thefr2army
Trusted Zone: forumsvibe.com\thefreeriderarmy.1
Trusted Zone: freewebs.com\www
Trusted Zone: habbo.ca\www
Trusted Zone: java-scripts.net\www
Trusted Zone: onemorelevel.com\forums
Trusted Zone: onemorelevel.com\www
Trusted Zone: runescape.com\world37
Trusted Zone: runescape.com\www
Trusted Zone: thenewfra.tk
Trusted Zone: web-source.net\www
Trusted Zone: xmop.org\sigchat
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/6/7/5/675d28f5-2a8e-4bac-bd9b-ee147f352714/OGAControl.cab
DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} - hxxp://fulfillment.puretracks.com/onager.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125525394203
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
DPF: {D26A941D-7E89-4098-B583-43291FC14218} - hxxp://image.pullbbang.com/images/Pull0Control.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553536000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D57262F5-9637-4E67-BC59-88C53EA76FC3} - hxxp://pix.futureshop.ca/en/ulcontrolxp.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://trafficcams.cet.unomaha.edu/activex/AMC.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup160.cab
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} - hxxp://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} - hxxp://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\CIDLinkAdvisor.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages =  scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matthew\applic~1\mozilla\firefox\profiles\gjzpr5rp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.computerhope.com/forum/
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\linkadvisor\firefox\components\CallingIDLinkAdvisorGecko.dll
FF - component: c:\program files\ca\ca internet security suite\ca website inspector\toolbar\firefox\components\CIDDomFx3.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-6-24 93712]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 115216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2008-9-26 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2008-9-26 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2008-9-26 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2008-9-26 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2008-9-26 32240]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2008-9-26 108368]
S3 Dua1;Dua1;\??\c:\documents and settings\matthew\my documents\matt\photos\matt's pictures\other pictures\dualengi.sys --> c:\documents and settings\matthew\my documents\matt\photos\matt's pictures\other pictures\DualEngi.sys [?]
S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;\??\c:\documents and settings\matthew\my documents\matt\photos\matt's pictures\other pictures\ve5 1032\nvid999.sys --> c:\documents and settings\matthew\my documents\matt\photos\matt's pictures\other pictures\ve5 1032\nvid999.sys [?]
S3 UsbCmxp;Scientific Atlanta DPX2100 USB Cable Modem;c:\windows\system32\drivers\sacmxp.sys [2005-2-5 14336]

============== File Associations ===============

regfile=*** no open command defined ***

=============== Created Last 30 ================

2009-04-16 18:49   <DIR>   --d-----   C:\Rooter$
2009-04-14 20:50   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-14 20:50   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-04-14 20:50   <DIR>   --d-----   c:\docume~1\matthew\applic~1\SUPERAntiSpyware.com
2009-04-14 18:53   <DIR>   --d-----   c:\docume~1\matthew\applic~1\Malwarebytes
2009-04-14 18:53   15,504   a-------   c:\windows\system32\drivers\mbam.sys
2009-04-14 18:53   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-14 18:53   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-04-14 18:53   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-14 17:57   283,648   -c------   c:\windows\system32\dllcache\pdh.dll
2009-04-14 17:57   60,416   -c------   c:\windows\system32\dllcache\colbact.dll
2009-04-14 17:57   473,088   -c------   c:\windows\system32\dllcache\fastprox.dll
2009-04-14 17:57   399,360   -c------   c:\windows\system32\dllcache\rpcss.dll
2009-04-14 17:57   110,592   -c------   c:\windows\system32\dllcache\services.exe
2009-04-14 17:57   616,960   -c------   c:\windows\system32\dllcache\advapi32.dll
2009-04-14 17:57   453,120   -c------   c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-14 17:57   227,840   -c------   c:\windows\system32\dllcache\wmiprvse.exe
2009-04-14 17:57   714,752   -c------   c:\windows\system32\dllcache\ntdll.dll
2009-04-14 17:55   215,552   -c------   c:\windows\system32\dllcache\wordpad.exe
2009-04-10 19:08   691,819   a-------   c:\windows\system32\xxcopy.chm
2009-04-10 19:08   433,664   a-------   c:\windows\system32\XXCOPYSU.EXE
2009-04-10 19:08   433,664   a-------   c:\windows\system32\XXCOPY.EXE
2009-04-10 19:08   433,664   a-------   c:\windows\system32\XX2973.EXE
2009-04-10 19:08   230,377   a-------   c:\windows\system32\XXCOPY16.EXE
2009-04-10 19:08   230,377   a-------   c:\windows\system32\XX293116.EXE
2009-04-10 19:08   142,840   a-------   c:\windows\system32\xxconsole.exe
2009-04-10 19:08   69,632   a-------   c:\windows\system32\xxpbar.exe
2009-04-10 19:08   9,800   a-------   c:\windows\system32\xcpy_pad.xml
2009-04-10 19:08   2,797   a-------   c:\windows\system32\install.bat
2009-04-10 19:08   2,321   a-------   c:\windows\system32\uixxcopy.bat
2009-04-10 18:29   45   a-------   c:\windows\system32\initdebug.nfo
2009-04-10 15:20   273,920   a-------   c:\windows\system32\dllcache\dmdlgs.dll
2009-04-10 15:19   60,928   a-------   c:\windows\system32\dllcache\ocmanage.dll
2009-04-10 15:18   657,920   a-------   c:\windows\system32\rasdlg.dll
2009-04-10 13:00   104   a-------   c:\windows\system32\test.bat
2009-04-08 22:23   <DIR>   --d-----   c:\program files\FoxArc Screen Capture
2009-04-06 15:25   410,984   a-------   c:\windows\system32\deploytk.dll
2009-04-05 13:37   2,897,920   --------   c:\windows\system32\_004133_.tmp.dll
2009-04-01 16:32   <DIR>   --d-----   c:\windows\system32\scripting
2009-04-01 16:32   <DIR>   --d-----   c:\windows\l2schemas
2009-04-01 16:32   <DIR>   --d-----   c:\windows\system32\en
2009-04-01 16:32   <DIR>   --d-----   c:\windows\system32\bits
2009-04-01 16:18   2,897,920   --------   c:\windows\system32\_004094_.tmp.dll
2009-03-29 19:08   172,032   a-------   c:\windows\system32\SET185.tmp
2009-03-29 19:07   48,128   a-------   c:\windows\system32\SET42D.tmp
2009-03-29 19:06   80,384   a-------   c:\windows\system32\SET511.tmp
2009-03-29 19:05   143,360   a-------   c:\windows\system32\SET5CF.tmp
2009-03-29 19:05   143,360   a-------   c:\windows\system32\SET4ED.tmp
2009-03-29 19:05   143,360   a-------   c:\windows\system32\SET3F3.tmp
2009-03-29 19:05   193,536   a-------   c:\windows\system32\SET5D3.tmp
2009-03-29 19:05   193,536   a-------   c:\windows\system32\SET4F1.tmp
2009-03-29 19:05   193,536   a-------   c:\windows\system32\SET3F7.tmp
2009-03-29 19:05   98,304   a-------   c:\windows\system32\SET5D1.tmp
2009-03-29 19:05   98,304   a-------   c:\windows\system32\SET4EF.tmp
2009-03-29 19:05   98,304   a-------   c:\windows\system32\SET3F5.tmp
2009-03-29 18:11   <DIR>   --d-----   c:\windows\system32\CatRoot_bak

==================== Find3M  ====================

2009-04-16 16:37   186,238   a-------   c:\windows\system32\drivers\kmxcfg.u2k0
2009-04-16 16:37   64   a-------   c:\windows\system32\drivers\kmxcfg.u2k7
2009-04-16 16:37   64   a-------   c:\windows\system32\drivers\kmxcfg.u2k6
2009-04-16 16:37   64   a-------   c:\windows\system32\drivers\kmxcfg.u2k5
2009-04-16 16:37   64   a-------   c:\windows\system32\drivers\kmxcfg.u2k4
2009-04-16 16:37   64   a-------   c:\windows\system32\drivers\kmxcfg.u2k3
2009-04-16 16:37   64   a-------   c:\windows\system32\drivers\kmxcfg.u2k2
2009-04-16 16:37   64   a-------   c:\windows\system32\drivers\kmxcfg.u2k1
2009-04-09 20:03   34   a-------   c:\documents and settings\matthew\jagex_runescape_preferences.dat
2009-03-06 10:44   283,648   a-------   c:\windows\system32\pdh.dll
2009-03-02 20:18   826,368   a-------   c:\windows\system32\wininet.dll
2009-02-20 14:09   78,336   a-------   c:\windows\system32\ieencode.dll
2009-02-09 06:20   723,456   a-------   c:\windows\system32\lsasrv.dll
2009-02-09 06:20   399,360   a-------   c:\windows\system32\rpcss.dll
2009-02-09 06:20   714,752   a-------   c:\windows\system32\ntdll.dll
2009-02-09 06:20   616,960   a-------   c:\windows\system32\advapi32.dll
2009-02-09 06:19   1,846,272   a-------   c:\windows\system32\win32k.sys
2009-02-09 06:19   1,846,272   a-------   c:\windows\system32\dllcache\win32k.sys
2009-02-09 06:19   1,846,272   --------   c:\windows\system32\_006118_.tmp.dll
2009-02-09 06:19   1,846,272   --------   c:\windows\system32\_004056_.tmp.dll
2009-02-09 06:19   1,846,272   --------   c:\windows\system32\_004039_.tmp.dll
2009-02-06 13:22   2,136,064   a-------   c:\windows\system32\ntoskrnl.exe
2009-02-06 13:14   110,592   a-------   c:\windows\system32\services.exe
2009-02-06 12:54   35,328   a-------   c:\windows\system32\sc.exe
2009-02-06 12:49   2,015,744   a-------   c:\windows\system32\ntkrnlpa.exe
2009-02-03 16:08   55,808   a-------   c:\windows\system32\secur32.dll
2007-08-02 08:40   774,144   a-------   c:\program files\RngInterstitial.dll
2007-01-23 17:32   20,360   a---h---   c:\docume~1\matthew\applic~1\GDIPFONTCACHEV1.DAT
2006-12-01 12:13   631,496   a-------   c:\documents and settings\all users\ampx_2_6_1_11_en.exe
2005-12-24 22:23   480   a-------   c:\program files\INSTALL.LOG
2008-09-26 17:18   30,720   a--sh---   c:\windows\rnapxs\Rnapxs.dat
2008-04-28 07:17   303,500   a--sh---   c:\windows\system32\EdcdfMoq.ini2
2008-04-28 07:15   297,095   a--sh---   c:\windows\system32\LUwGPXyb.ini2
2008-04-25 17:42   7,556   a--sh---   c:\windows\system32\VyIQYcfe.ini2

============= FINISH: 19:14:19.64 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 04/10/2004 1:39:26 PM
System Uptime: 16/04/2009 4:54:01 PM (3 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD |  | MS-6540
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2800/200mhz
Processor:               Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2800/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 38 GiB total, 3.907 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
Description: USB Human Interface Device
Device ID: USB\VID_046D&PID_C70E\000761517A85
Manufacturer: (Standard system devices)
Name: USB Human Interface Device
PNP Device ID: USB\VID_046D&PID_C70E\000761517A85
Service: HidUsb

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


ABBYY FineReader 5.0 Sprint
Action Replay Code Manager
Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11
AutoHotkey 1.0.47.06
AXIS Media Control Embedded
Belarc Advisor 7.2
CA Anti-Spyware
CA Anti-Virus
CA Desktop DNA Migrator
CA Internet Security Suite
CA Parental Controls
CA Personal Firewall
CA Pest Patrol Realtime Protection
CA Website Inspector
CamStudio
Cheat Engine 5.3
Conquer 2.0
Critical Update for Windows Media Player 11 (KB959772)
DFX 8 for Windows Media Player
FaxTools
FoxArc Screen Capture V1.2
FrostWire 4.17.0
Google Earth
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Image Resizer Powertoy for Windows XP
Inspiration 8 IE Trial
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 13
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Lexmark 3100 Series
Loco-Commotion
Mall Tycoon
Malwarebytes' Anti-Malware
MD Simple Burner 2.0.03
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Color Control Panel Applet for Windows XP
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft GIF Animator
Microsoft IntelliPoint 5.3
Microsoft IntelliType Pro 2.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Mozilla Firefox (3.0.
MSN Music Assistant
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
MSXML4SP2
Nero - Burning Rom
Norton Spyware Scan
Notepad++
NVIDIA Drivers
OpenMG Limited Patch 3.4-04-17-06-01
OpenMG Secure Module 3.4.01
Palm Desktop
Photo Loader 2.1E
PictureProject In Touch 1.0
QuickTax 2004
QuickTime
Railroad Tycoon II - Platinum
RAR Password Cracker 4.12
RealPlayer
Realtek AC'97 Audio
Registry Patrol v3.0
RKAutominer 2
Rogers Yahoo! Applications
RollerCoaster Tycoon 2
RollerCoaster Tycoon 3
Runescape Prices 1.2
SCAR CDE 2.03
SCAR Divi CDE 3.15b
Scientific Atlanta DPX2100 USB Cable Modem
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
SetPoint
Shockwave
Sid Meier's Civilization 4
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
Soap 3.0 Toolkit
SonicStage 2.0.06
Sothink SWF Catcher for Internet Explorer
Sothink SWF Decompiler
Spybot - Search & Destroy 1.4
SQL Server System CLR Types
SUPERAntiSpyware Free Edition
SwiftSwitch
The Sims Deluxe Edition
UFile 2005
UFile 2006
UFile 2007
UFile Updater 2005
UFile Updater 2006
UFile Updater 2007
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB946501-v2)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
USB Mass Storage Toolbox
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Resource Kit Tools
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

16/04/2009 7:35:09 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
16/04/2009 7:35:09 AM, error: Service Control Manager [7000]  - The LiveUpdate service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
16/04/2009 7:35:06 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
16/04/2009 4:00:41 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
14/04/2009 6:41:03 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
14/04/2009 5:52:31 PM, error: Service Control Manager [7000]  - The Upload Manager service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.
14/04/2009 5:52:31 PM, error: Service Control Manager [7000]  - The npkcrypt service failed to start due to the following error:  The system cannot find the file specified.
14/04/2009 5:44:10 PM, error: DCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {5F36DC27-B076-4D0C-BD8C-7AEE14022193}  to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.
13/04/2009 6:03:53 PM, error: Service Control Manager [7034]  - The MD Simple Burner Service service terminated unexpectedly.  It has done this 1 time(s).
13/04/2009 5:34:29 PM, error: atapi [9]  - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
13/04/2009 5:33:43 PM, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
10/04/2009 5:11:21 PM, error: WMPNetworkSvc [14338]  - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80080005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/04/2009 4:00:54 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070005: Windows XP Service Pack 3 (KB936929).
10/04/2009 3:59:08 PM, error: NtServicePack [4374]  - Windows XP Service Pack 3 installation failed, leaving Windows XP partially updated.
Service Pack 3 installation did not complete.
10/04/2009 3:37:52 PM, error: NtServicePack [4373]  - Windows XP Service Pack 3 installation failed.
Access is denied.

==== End Of File ===========================

[evilfantasy]

Do you know what this is? c:\documents and settings\matthew\my documents\matt\photos\matt's pictures\other pictures\ve5 1032\nvid999.sys

Go to Add or Remove programs and uninstall:

• Ad-Aware 2007 <- Way out of date!
  
• J2SE Runtime Environment 5.0 Update 10
• J2SE Runtime Environment 5.0 Update 11
• J2SE Runtime Environment 5.0 Update 2
• J2SE Runtime Environment 5.0 Update 4
• J2SE Runtime Environment 5.0 Update 6
• J2SE Runtime Environment 5.0 Update 8
• Java 2 Runtime Environment, SE v1.4.2_06
• Java(TM) 6 Update 13 <- Do not uninstall this!
  
• Java(TM) 6 Update 2
• Java(TM) 6 Update 3
• Java(TM) 6 Update 5
• Java(TM) 6 Update 7
• Java(TM) SE Runtime Environment 6 Update 1
• Norton Spyware Scan

.
----------

Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

• Go to your desktop and double click on the removal tool and then click Setup.
  
• Once open Click Next
  
• Accept the license agreement and click Next
  
• Type in the letters/numbers that you see into the text box then click Next.
  
• Then click Next and the tool will start running.
  
• Once finished restart the PC.
• Delete Nortonremoval tool from your Desktop.

.
----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
BHO: {16f92367-5b43-4296-8fb8-4eff0918ef28} -
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} -
BHO: {2d2a29aa-473d-a9c8-faa4-b308f524116c}: {c611425f-803b-4aaf-8c9a-d374aa92a2d2} -
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} -
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mExplorerRun: [fPqOa3qQAy] c:\windows\system32\winver.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Folder::
C:\Program Files\Symantec
C:\Rooter$

File::
c:\windows\system32\_004133_.tmp.dll
c:\windows\system32\_004094_.tmp.dll
c:\windows\system32\SET185.tmp
c:\windows\system32\SET42D.tmp
c:\windows\system32\SET511.tmp
c:\windows\system32\SET5CF.tmp
c:\windows\system32\SET4ED.tmp
c:\windows\system32\SET3F3.tmp
c:\windows\system32\SET5D3.tmp
c:\windows\system32\SET4F1.tmp
c:\windows\system32\SET3F7.tmp
c:\windows\system32\SET5D1.tmp
c:\windows\system32\SET4EF.tmp
c:\windows\system32\SET3F5.tmp

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[Helpmeh]

Do you know what this is? c:\documents and settings\matthew\my documents\matt\photos\matt's pictures\other pictures\ve5 1032\nvid999.sys

Go to Add or Remove programs and uninstall:

• Ad-Aware 2007 <- Way out of date!
  
• J2SE Runtime Environment 5.0 Update 10
• J2SE Runtime Environment 5.0 Update 11
• J2SE Runtime Environment 5.0 Update 2
• J2SE Runtime Environment 5.0 Update 4
• J2SE Runtime Environment 5.0 Update 6
• J2SE Runtime Environment 5.0 Update 8
• Java 2 Runtime Environment, SE v1.4.2_06
• Java(TM) 6 Update 13 <- Do not uninstall this!
  
• Java(TM) 6 Update 2
• Java(TM) 6 Update 3
• Java(TM) 6 Update 5
• Java(TM) 6 Update 7
• Java(TM) SE Runtime Environment 6 Update 1
• Norton Spyware Scan

.
----------

Download the Norton Removal Tool (SymNRT) to your Desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

• Go to your desktop and double click on the removal tool and then click Setup.
  
• Once open Click Next
  
• Accept the license agreement and click Next
  
• Type in the letters/numbers that you see into the text box then click Next.
  
• Then click Next and the tool will start running.
  
• Once finished restart the PC.
• Delete Nortonremoval tool from your Desktop.

.
----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
BHO: {16f92367-5b43-4296-8fb8-4eff0918ef28} -
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} -
BHO: {2d2a29aa-473d-a9c8-faa4-b308f524116c}: {c611425f-803b-4aaf-8c9a-d374aa92a2d2} -
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} -
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mExplorerRun: [fPqOa3qQAy] c:\windows\system32\winver.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Folder::
C:\Program Files\Symantec
C:\Rooter$

File::
c:\windows\system32\_004133_.tmp.dll
c:\windows\system32\_004094_.tmp.dll
c:\windows\system32\SET185.tmp
c:\windows\system32\SET42D.tmp
c:\windows\system32\SET511.tmp
c:\windows\system32\SET5CF.tmp
c:\windows\system32\SET4ED.tmp
c:\windows\system32\SET3F3.tmp
c:\windows\system32\SET5D3.tmp
c:\windows\system32\SET4F1.tmp
c:\windows\system32\SET3F7.tmp
c:\windows\system32\SET5D1.tmp
c:\windows\system32\SET4EF.tmp
c:\windows\system32\SET3F5.tmp

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

nvid is short for nVidia, my graphics card company. And I am uninstalling stuff as I type (I just needed to know what to get rid of).

[evilfantasy]

You shouldn't have a driver running from you documents. Could be part of the problem.

[Helpmeh]

You shouldn't have a driver running from you documents. Could be part of the problem.

I can't remember when I put it there...it was probably the last folder I accessed so it was probably the default location...do you know if it will damage my computer if I move it somewhere better?

[evilfantasy]

Can you just delete it and then install it to it's default location?

I think it should be in c:\windows\system32\drivers\

[Helpmeh]

Can you just delete it and then install it to it's default location?

I think it should be in c:\windows\system32\drivers\

I possibly, but I'm using it right now...so what could happen...also I can't uninstall norton from add/remove programs...I'll just continue with the other stuff.

[evilfantasy]

Yes just continue on for now. There is some malware plus the other stuff to take care of first.

[BC_Programmer]

nvid999 has nothing to do with Nvidia.

the nvidia driver is nv4_disp.dll. Drivers ALWAYS install to system32- never to my documents, since they install for all users.


quick google reveals all.

http://spywaredlls.prevx.com/RRIGDI41788085/NVID999.SYS.html

[evilfantasy]

I saw that BC but then found other conflicting threads.

S3 ¥Õ¥Ø°ê¤¤¥Í1;¥Õ¥Ø°ê¤¤¥Í1;\??\c:\documents and settings\matthew\my documents\matt\photos\matt's pictures\other pictures\ve5 1032\nvid999.sys

But the more I look at it the ¥Õ¥Ø°ê¤¤¥Í1 indeed makes it look malicious.

[BC_Programmer]

that's for sure. I can imagine the calibur of a program that presents that as the default install dir

Basically- it isn't present on my system anywhere, and I'm using a Nvidia card as well, and the name just doesn't make sense. and the install location now makes it look even more seedy.

[evilfantasy]

I foresee it being removed in the next set of instructions.

[BC_Programmer]

Assuming of course Helpmeh doesn't know better. 

[Helpmeh]

I got rid of Norton, and just finished downloading ComboFix, when I got a virus alert, screenshot link:
http://img2.imageshack.us/img2/693/caalert.png
Will run ComboFix codw now.

[Helpmeh]

New update: My anti-virus software says that ComboFix is infected, then deletes it...should I turn it off, download CF, then run CF?

[evilfantasy]

Yes turn it off.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

[Helpmeh]

Yes turn it off.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

I mean I can't run it, I can't even download it properly. But I will disable then re-download.

[evilfantasy]

Disable the antivirus first.

[Helpmeh]

Disable the antivirus first.

Currently running fine. I got something about ERU and backing up registry...

[Helpmeh]

Currently running fine. I got something about ERU and backing up registry...

Sorry I haven't posted in here for a while.

It told me to download Windows Restore  (I can't remember, but it pops up to choose if I want to restore my computer every time I turn it on)...and then it just crashed...

Edit: The program is called Windows Recovery Console.