WiredWX Hobby Weather ToolsLog in

 


Windows Repair

2 posters

descriptionWindows Repair EmptyWindows Repair9th April 2011, 5:45 am

more_horiz
Hi my uncle's comp seems to be infected with a program called "windows repair." I've tried to remove the program using the tutorial from bleepingcomputer (Link) but to no avail. I was able to run the rkill program to stop the "windows repair" program, but every time I tried to run malwarebytes I got this error:

An error has occured. Please report this code to our support team.
PROGRAM_ERROR_MISSING_FILE (2, 0, mbamcore.dll)
The system cannot find the file specified


As well as

RUN TIME ERROR '53':
FILE NOT FOUND: MBAMCORE

ACCESS DENIED


The LOG I got from the rkill program is:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/08/2011 at 21:16:31.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Alan\Desktop\Rkill stuff\iExplore.exe
C:\WINDOWS\regedit.exe


Rkill completed on 04/08/2011 at 21:16:35.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/08/2011 at 21:28:54.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\All Users\Application Data\JmpyxPEOWqPO.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\WINDOWS\system32\grpconv.exe


Rkill completed on 04/08/2011 at 21:29:00.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/08/2011 at 21:37:55.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\All Users\Application Data\JmpyxPEOWqPO.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\WINDOWS\system32\grpconv.exe


Rkill completed on 04/08/2011 at 21:37:59.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/08/2011 at 21:42:48.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\Documents and Settings\All Users\Application Data\JmpyxPEOWqPO.exe
C:\WINDOWS\system32\attrib.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\WINDOWS\system32\grpconv.exe


Rkill completed on 04/08/2011 at 21:42:52.



I also tried to run combofix, but every time it finishes the screen is blank and the log isn't posted. Which leads me to believe the program never finishes. It always gets to the "Combo fix is finishing and preparing log file" yet when it closes, I just get a black screen with no icons and just the mouse cursor. I can see that it's trying to and or deleting the windows repair file because I can see it do so in the process but I'm afraid the program just doesn't quite finish. When I reboot the computer the windows repair program is still intact.

descriptionWindows Repair EmptyRe: Windows Repair9th April 2011, 9:56 pm

more_horiz
Hi,

ComboFix should not be run without the guidance of a helper!

It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use.

See ComboFix's Disclaimer

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please refer to this thread for more information on why you shouldn't use ComboFix without supervision of a trained expert: http://www.bleepingcomputer.com/forums/topic273628.html
====

Download OTL.exe by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionWindows Repair EmptyRe: Windows Repair10th April 2011, 9:22 pm

more_horiz
Here is the OTL log:

OTL logfile created on: 4/10/2011 2:16:27 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 415.00 Mb Available Physical Memory | 81.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 218.58 Gb Free Space | 93.86% Space Free | Partition Type: NTFS
Drive J: | 14.91 Gb Total Space | 13.13 Gb Free Space | 88.07% Space Free | Partition Type: NTFS

Computer Name: HP_DOWNSTAIRS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/10 14:14:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 21:42:20 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/10 14:14:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (SCardSvr)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/03/19 08:10:07 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/04 06:14:16 | 000,135,336 | -H-- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/01/15 05:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/19 08:10:09 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/20 18:09:00 | 000,038,224 | -H-- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/11/23 15:59:09 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 15:05:40 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/11/24 22:19:00 | 000,872,960 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/06 16:59:44 | 002,185,408 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/06/29 10:07:18 | 001,268,204 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKLM\software\mozilla\Firefox\extensions\\offerboxffx@offerbox.com: C:\Program Files\OfferBox\offerboxffx@offerbox.com
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 19:25:58 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 19:25:58 | 000,000,000 | -H-D | M]

[2011/03/27 16:46:50 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/25 17:04:38 | 000,000,000 | -H-D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/07/12 09:33:56 | 000,012,800 | -H-- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2011/03/11 17:53:34 | 000,001,919 | -H-- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/04/08 22:12:42 | 000,000,027 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\piudd.exe (OptSystems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/17 00:51:29 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/10 14:16:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/08 22:12:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\temp
[2011/04/08 22:10:17 | 000,000,000 | -H-D | C] -- C:\ComboFix
[2011/04/08 22:08:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Desktop\anti spyware stuff
[2011/04/08 22:02:36 | 007,734,240 | -H-- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2011/04/08 22:02:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Desktop\Rkill stuff
[2011/04/08 21:43:41 | 000,020,952 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/27 17:52:40 | 000,546,816 | -H-- | C] (TFTC) -- C:\Documents and Settings\All Users\Application Data\JmpyxPEOWqPO.exe
[2011/03/22 22:39:20 | 000,212,480 | -H-- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/22 22:39:20 | 000,161,792 | -H-- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/22 22:39:20 | 000,136,704 | -H-- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/22 22:39:20 | 000,031,232 | -H-- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/20 14:47:04 | 000,000,000 | -H-D | C] -- C:\spoolerlogs
[2011/03/12 02:29:03 | 000,000,000 | -H-D | C] -- C:\2858b8489f10d4c43e
[2011/03/11 18:41:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/03/11 18:41:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/03/11 17:57:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/10 14:14:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/10 14:12:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/08 22:12:42 | 000,000,027 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/08 21:57:57 | 000,467,968 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\18407220.exe
[2011/04/08 21:03:11 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/08 20:21:57 | 007,734,240 | -H-- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2011/04/03 00:27:04 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2011/04/03 00:01:42 | 004,312,600 | RH-- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/03/27 17:55:07 | 000,000,136 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~21618484r
[2011/03/27 17:55:07 | 000,000,096 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~21618484
[2011/03/27 17:54:49 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\21618484
[2011/03/27 17:52:38 | 000,546,816 | -H-- | M] (TFTC) -- C:\Documents and Settings\All Users\Application Data\JmpyxPEOWqPO.exe
[2011/03/25 15:52:48 | 000,002,265 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/03/22 22:38:00 | 000,000,437 | RHS- | M] () -- C:\boot.ini
[2011/03/22 22:33:57 | 000,009,608 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\riw8d1h877d2h634h6t1cs3o1648508sq73ldg5h36y1yi8
[2011/03/19 08:11:49 | 000,012,200 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3050008006
[2011/03/19 08:10:09 | 000,137,656 | -H-- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/03/14 15:19:49 | 000,311,604 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/14 15:19:49 | 000,039,992 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/12 14:07:22 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/11 17:44:04 | 000,000,321 | -H-- | M] () -- C:\Boot.bak
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/08 22:08:49 | 004,312,600 | RH-- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/04/08 21:57:57 | 000,467,968 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18407220.exe
[2011/04/03 00:27:04 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2011/03/27 17:55:07 | 000,000,136 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~21618484r
[2011/03/27 17:55:06 | 000,000,096 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~21618484
[2011/03/27 17:54:49 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\21618484
[2011/03/22 22:39:20 | 000,256,512 | -H-- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/22 22:39:20 | 000,098,816 | -H-- | C] () -- C:\WINDOWS\sed.exe
[2011/03/22 22:39:20 | 000,089,088 | -H-- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/22 22:39:20 | 000,080,412 | -H-- | C] () -- C:\WINDOWS\grep.exe
[2011/03/22 22:39:20 | 000,068,096 | -H-- | C] () -- C:\WINDOWS\zip.exe
[2011/03/19 13:17:50 | 000,009,608 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\riw8d1h877d2h634h6t1cs3o1648508sq73ldg5h36y1yi8
[2011/03/19 08:11:49 | 000,012,200 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\3050008006
[2011/03/11 17:57:33 | 000,000,321 | -H-- | C] () -- C:\Boot.bak
[2011/03/11 17:57:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/10 02:46:15 | 000,001,084 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\2683899908
[2011/03/10 02:46:15 | 000,001,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2683899908
[2011/03/08 16:43:38 | 000,012,262 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\3050008006
[2011/03/08 16:43:38 | 000,012,200 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3050008006
[2011/03/06 22:40:07 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\brsztuz2.default.dat
[2011/03/06 01:28:15 | 000,011,036 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\1380560618
[2011/03/06 01:28:15 | 000,011,036 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1380560618
[2011/02/25 17:05:58 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/19 15:24:48 | 000,011,168 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\84yq2p62bw5271eo5x505745y7565180202o5sil
[2011/02/18 17:19:32 | 000,000,173 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/01/19 19:12:00 | 000,000,120 | -H-- | C] () -- C:\WINDOWS\Rqabe.dat
[2011/01/19 19:12:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\Amexefozujecazu.bin
[2010/08/17 16:52:56 | 000,103,535 | -H-- | C] () -- C:\WINDOWS\hpoins04.dat
[2010/08/17 16:52:56 | 000,017,176 | -H-- | C] () -- C:\WINDOWS\hpomdl04.dat
[2010/08/17 08:40:28 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/17 08:39:18 | 000,110,192 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/17 01:29:33 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/17 01:15:54 | 000,516,096 | -H-- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/08/17 01:03:14 | 000,156,160 | -H-- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/08/17 01:00:21 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/17 00:57:55 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/17 00:53:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 00:48:41 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/13 21:55:28 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/30 23:57:08 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 04:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 04:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 04:00:00 | 000,311,604 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 04:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 04:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 04:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 04:00:00 | 000,039,992 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 04:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 04:00:00 | 000,004,463 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 04:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >


descriptionWindows Repair EmptyRe: Windows Repair10th April 2011, 9:22 pm

more_horiz
Here is the extras log:

OTL Extras logfile created on: 4/10/2011 2:16:27 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 415.00 Mb Available Physical Memory | 81.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 218.58 Gb Free Space | 93.86% Space Free | Partition Type: NTFS
Drive J: | 14.91 Gb Total Space | 13.13 Gb Free Space | 88.07% Space Free | Partition Type: NTFS

Computer Name: HP_DOWNSTAIRS | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skypeâ„¢ 5.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSNINST" = MSN
"Savings Bond Wizard" = Savings Bond Wizard
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/11/2011 2:28:50 PM | Computer Name = HP_DOWNSTAIRS | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: The connection with the server was terminated abnormally

Error - 3/11/2011 2:28:50 PM | Computer Name = HP_DOWNSTAIRS | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: This network connection does not exist.

Error - 3/11/2011 2:41:05 PM | Computer Name = HP_DOWNSTAIRS | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: The connection with the server was terminated abnormally

Error - 3/11/2011 2:41:05 PM | Computer Name = HP_DOWNSTAIRS | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: This network connection does not exist.

Error - 3/11/2011 2:42:33 PM | Computer Name = HP_DOWNSTAIRS | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: The connection with the server was terminated abnormally

Error - 3/11/2011 2:42:33 PM | Computer Name = HP_DOWNSTAIRS | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: This network connection does not exist.

Error - 3/11/2011 9:03:53 PM | Computer Name = HP_DOWNSTAIRS | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 3/23/2011 1:34:07 AM | Computer Name = HP_DOWNSTAIRS | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 0.0.0.0, faulting module
iexplore.exe, version 0.0.0.0, fault address 0x0008d560.

Error - 3/26/2011 3:58:40 AM | Computer Name = HP_DOWNSTAIRS | Source = Winlogon | ID = 1015
Description = A critical system process, C:\WINDOWS\system32\lsass.exe, failed with
status code c0000005. The machine must now be restarted.

Error - 3/28/2011 3:13:18 PM | Computer Name = HP_DOWNSTAIRS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/3/2011 3:33:42 AM | Computer Name = HP_DOWNSTAIRS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 4/3/2011 3:33:42 AM | Computer Name = HP_DOWNSTAIRS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip

Error - 4/3/2011 3:33:42 AM | Computer Name = HP_DOWNSTAIRS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 4/3/2011 3:44:46 AM | Computer Name = HP_DOWNSTAIRS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/3/2011 3:45:40 AM | Computer Name = HP_DOWNSTAIRS | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 4/3/2011 3:45:40 AM | Computer Name = HP_DOWNSTAIRS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 4/7/2011 9:45:24 PM | Computer Name = HP_DOWNSTAIRS | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 4/7/2011 9:45:28 PM | Computer Name = HP_DOWNSTAIRS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5

Error - 4/9/2011 12:03:25 AM | Computer Name = HP_DOWNSTAIRS | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 4/9/2011 12:03:25 AM | Computer Name = HP_DOWNSTAIRS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%5


< End of report >

descriptionWindows Repair EmptyRe: Windows Repair10th April 2011, 9:53 pm

more_horiz
Have you tried reinstalling Malwarebytes Anti-Malware? That usually does the trick for this error

descriptionWindows Repair EmptyRe: Windows Repair10th April 2011, 10:02 pm

more_horiz
Crush wrote:
Have you tried reinstalling Malwarebytes Anti-Malware? That usually does the trick for this error


Yes, when I try to reinstall malwarebytes I get the same error. The machine already has malwarebytes on it because I've used it in the past.

When I try to remove malware bytes in the add/remove program I get this error:


Internal Error: Cannot find utCompiledCode record for thsi version of the uninstaller


When I try to just install using the installer again, I get the same error I get from my first post.

I can't run any programs, when I go to start menu > programs, it shows up as empty. When I try to click on the installer again it says the system needs to be restarted for malwarebytes to finish installing.

descriptionWindows Repair EmptyRe: Windows Repair10th April 2011, 10:53 pm

more_horiz
Hi,

Try uninstalling via Revo Uninstaller like so:

Please download Revo Uninstall from here: Revo Uinstaller

  1. Download and run the setup file for Revo Uninstaller.
  2. Once setup, run Revo Uninstaller.
  3. Select the following item for removal by clicking on it once.

    Malwarebytes Anti Malware

  4. Then hit the "Uninstall" button at the top. Windows Repair 26523917
  5. Close Revo Uninstaller.

===========

This tool will unhide everything that has been hidden


  • Please download and run UnHide.exe by Grinler.
  • Once finished let me know if anything has changed

descriptionWindows Repair EmptyRe: Windows Repair11th April 2011, 1:05 am

more_horiz
Should I reinstall Malwarebytes now?

descriptionWindows Repair EmptyRe: Windows Repair11th April 2011, 1:11 am

more_horiz
Should I reinstall Malwarebytes now?

descriptionWindows Repair EmptyRe: Windows Repair11th April 2011, 3:53 am

more_horiz
Yes please

descriptionWindows Repair EmptyRe: Windows Repair11th April 2011, 4:04 am

more_horiz
Crush wrote:
Yes please


I was able to install malware bytes, ran quick scan and rebooted. I forgot to copy and paste the log though. Where would the actual log be located in?

descriptionWindows Repair EmptyRe: Windows Repair11th April 2011, 4:16 am

more_horiz
Upon restart the "windows repair" program appears to be gone. The initial scan found 3 threats that I removed. I updated malwarebytes and ran the scan again and this time it found 9 threats and I removed those as well.

The 2nd scan appears to have done it. Is there anything else that I need to do? And what kind of programs should I get to prevent this kind of things from happening again.

Thanks.

descriptionWindows Repair EmptyRe: Windows Repair11th April 2011, 7:08 pm

more_horiz
Hi,

The log can be found when opening Malwarebytes. Just click over to the Logs tab and it will be sorted by date. I will need that log for review

descriptionWindows Repair EmptyRe: Windows Repair12th April 2011, 2:32 am

more_horiz
Here is the log file:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6329

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/10/2011 9:13:07 PM
mbam-log-2011-04-10 (21-13-07).txt

Scan type: Quick scan
Objects scanned: 146034
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\whitesmoketoolbar (PUP.Whitesmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\whitesmoketoolbar (PUP.Whitesmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JmpyxPEOWqPO (Trojan.Downloader) -> Value: JmpyxPEOWqPO -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\jmpyxpeowqpo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\18407220.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\null0.7575565405845076.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\start menu\Programs\Startup\piudd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\default user\start menu\Programs\Startup\piudd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


descriptionWindows Repair EmptyRe: Windows Repair12th April 2011, 2:34 am

more_horiz
When I left the computer last night, it seemed fine. I even went on firefox and printed some stuff out. However when I came back this morning the "windows repair" was back again. My aunt said she just left the computer on and tried to use firefox and it came back.

descriptionWindows Repair EmptyRe: Windows Repair

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum