Solved Win64/Patched.A infecting Widows\System32\services.exe

[Holden75]

AS far as I can tell I'm not having any major issues other than the fact that I can't seem to install Microsoft Money (any version) because I get an error saying "AUTORUN.INF is corrupt or missing"
Oh and if I open c:\FRST\Quarantine I get a AVG Threat detected pop-up alert saying the file Desktop.ini is infected with Trojan horse Generic29.ANPX
Apart from those two things, my systems seems to be running fine.

 

[Jay Pfoutz]

Go ahead and delete the whole FRST folder in the C:\ directory.

See if this clears up some problems...we'll finish up here...

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
• Select Performance Information and Tools
• On the left select Open Disk Cleanup
• Select Files from all users and accept the warning if you get one
• In the drop down box select your main drive I.e. C
• For a few moments the system will make some calculations:
  
  
• Select the More Options tab
  
  
• In the System Restore and Shadow Backups select Clean up
  
  
• Select Delete on the pop up
• Select OK
• Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
• Double click OTC.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

NOTE: If you already have this installed, you don't have to reinstall it.

Please download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

• Double-click the CCleaner shortcut on the desktop to start the program.
• A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
• On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
• Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).
  
  Caution: Only use the Registry feature if you are very familiar with the registry.
  Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.
  
  Security Check
  
  Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[Holden75]

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Holden75]

I still seem to be having a problem installing Microsoft Money Sunset. AUTORUN.INF file is missing or corrupt. I honestly don't know if this is a completely unrelated issue or not.

 

[Jay Pfoutz]

Do the following, and also let me know if you can install the program...

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note for Vista: Right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose Copy):
  
  

  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
  
  :Commands
  [emptytemp]
  [purity]
  [Reboot]

  
  
• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

[Holden75]

I'm getting trojan horse detections from the OTM link you provided from AVG. The actual OTM.exe file is also being detected as infected with a trojan horse.

 

[Holden75]

Here is what AVG detected as far as the OTM executable goes:
Virus name: IDP.Trojan.5BD43515
Path to file: C:\Users\Sean\Desktop\OTM.exe

 

[Jay Pfoutz]

Go into AVG, disable the Resident Shield, and try again, please.

 

[Holden75]

Ran OTM as you specified. Program said a reboot was necessary. Upon Windows starting up I was asked if I wanted to allow OTM to run. I clicked yes. Now my computer seems to be hanging with a black screen. I can do CTRL ALT DEL and get to task manager and the options available when pressing that key combo, but it is still hanging. I'm not seeing much HDD activity either.

 

[Holden75]

When I did CTRL ALT DEL I hit logoff and logged back on. Desktop came up. I now have two grey desktop.ini files on my desktop, one of which has a padlock on it. I also tried installing Money Sunset and still got the AUTORUN.INF file missing or corrupt. Will post OTM log file in next reply.

 

[Holden75]

All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sean
->Temp folder emptied: 16477934 bytes
->Temporary Internet Files folder emptied: 14947589 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 989388180 bytes
->Google Chrome cache emptied: 198441689 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 6365 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95503 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 176792757 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,331.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 11042012_132653

 

[Jay Pfoutz]

Okay, so after running OTM, it still is appearing with the error?

 

[Holden75]

Yes

 

[Jay Pfoutz]

Please download this tool > System Repair Engineer

1. Extract it to it's own folder & double click SREng.exe to run it
2. Select 'Smart Scan' & tick "Verify Digital Signatures"
3. Click on the [Scan] button
4. When finished, click on the [Save Reports] button & save the log to Desktop
5. Attach the log in your next reply. Please don't copy and paste it

Note: You may have to rename SREngLog.log to SREngLog.txt before attaching

 

[Holden75]

Here ya go.

 

[Jay Pfoutz]

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Click on box next to the Restart System when Finished. Then click on Start.

Then, let me know if problems resolve.

 

[Holden75]

Still getting "The AUTORUN.INF file is missing or corrupt": error

 

[Jay Pfoutz]

• Please download VEW by Vino Rosso from here and save it to your desktop
• Double click it to start it Note: If running Windows Vista or Windows 7 you will need to right click the file and select Run as administrator and click Continue or Allow at the User Account Control Prompt.
• Click the check boxes next to Application and System located under Select log to query on the upper left
• Under Select type to list on the right click the boxes next to Error and Warning Note: If running Windows Vista or Windows 7 also click the box next to Critical (not XP).
• Under Number or date of events select Number of events and type 20 in the box next to 1 to 20 and click Run
• Once it finishes it will display a log file in notepad
• Please copy and paste its entire contents into your next reply

 

[Holden75]

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/11/2012 6:46:28 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 02/11/2012 2:06:37 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: nvtray.exe, version: 7.17.13.142, time stamp: 0x4fb20fcd Faulting module name: nvtray.exe, version: 7.17.13.142, time stamp: 0x4fb20fcd Exception code: 0x40000015 Fault offset: 0x0000000000153481 Faulting process id: 0xa84 Faulting application start time: 0x01cdb83ef777c06e Faulting application path: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Faulting module path: C:\Program Files\NVIDIA Corporation\Display\nvtray.exe Report Id: eec64879-2491-11e2-88ae-002354a0c393

Log: 'Application' Date/Time: 01/11/2012 7:27:32 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: msmoney.exe, version: 17.0.0.724, time stamp: 0x46a6d80b Faulting module name: mnyob99.dll, version: 17.0.0.724, time stamp: 0x46a6d7c2 Exception code: 0xc0000005 Fault offset: 0x00115c88 Faulting process id: 0x1068 Faulting application start time: 0x01cdb80256d2573b Faulting application path: C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\msmoney.exe Faulting module path: C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\mnyob99.dll Report Id: 9915c928-23f5-11e2-8928-002354a0c393

Log: 'Application' Date/Time: 01/11/2012 7:25:41 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: msmoney.exe, version: 17.0.0.724, time stamp: 0x46a6d80b Faulting module name: mnyob99.dll, version: 17.0.0.724, time stamp: 0x46a6d7c2 Exception code: 0xc0000005 Fault offset: 0x00115c88 Faulting process id: 0xef4 Faulting application start time: 0x01cdb80216b114b8 Faulting application path: C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\msmoney.exe Faulting module path: C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\mnyob99.dll Report Id: 56c62cc8-23f5-11e2-8928-002354a0c393

Log: 'Application' Date/Time: 01/11/2012 7:23:36 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: msmoney.exe, version: 17.0.0.724, time stamp: 0x46a6d80b Faulting module name: mnyob99.dll, version: 17.0.0.724, time stamp: 0x46a6d7c2 Exception code: 0xc0000005 Fault offset: 0x00115c88 Faulting process id: 0x8c4 Faulting application start time: 0x01cdb801cd3fcddc Faulting application path: C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\msmoney.exe Faulting module path: C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\mnyob99.dll Report Id: 0c895591-23f5-11e2-8928-002354a0c393

Log: 'Application' Date/Time: 01/11/2012 7:23:08 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: msmoney.exe, version: 17.0.0.724, time stamp: 0x46a6d80b Faulting module name: mnyob99.dll, version: 17.0.0.724, time stamp: 0x46a6d7c2 Exception code: 0xc0000005 Fault offset: 0x00115c88 Faulting process id: 0x1138 Faulting application start time: 0x01cdb801bc3e38fd Faulting application path: C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\msmoney.exe Faulting module path: C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\mnyob99.dll Report Id: fb6c490b-23f4-11e2-8928-002354a0c393

Log: 'Application' Date/Time: 01/11/2012 7:21:42 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: msmoney.exe, version: 17.0.0.724, time stamp: 0x46a6d80b Faulting module name: mnyob99.dll, version: 17.0.0.724, time stamp: 0x46a6d7c2 Exception code: 0xc0000005 Fault offset: 0x00115c88 Faulting process id: 0xd18 Faulting application start time: 0x01cdb80188a8d101 Faulting application path: C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\msmoney.exe Faulting module path: C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\mnyob99.dll Report Id: c8507fa7-23f4-11e2-8928-002354a0c393

Log: 'Application' Date/Time: 01/11/2012 7:21:31 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: msmoney.exe, version: 17.0.0.724, time stamp: 0x46a6d80b Faulting module name: mnyob99.dll, version: 17.0.0.724, time stamp: 0x46a6d7c2 Exception code: 0xc0000005 Fault offset: 0x00115c88 Faulting process id: 0x138c Faulting application start time: 0x01cdb801721f7187 Faulting application path: C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\msmoney.exe Faulting module path: C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\mnyob99.dll Report Id: c202f127-23f4-11e2-8928-002354a0c393

Log: 'Application' Date/Time: 31/10/2012 7:40:38 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: firefox.exe, version: 16.0.2.4680, time stamp: 0x50882871 Faulting module name: xul.dll, version: 16.0.2.4680, time stamp: 0x508827d6 Exception code: 0xc0000005 Fault offset: 0x00130ef7 Faulting process id: 0xb4c Faulting application start time: 0x01cdb72ad1a22004 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll Report Id: 42ae070e-232e-11e2-852f-002354a0c393

Log: 'Application' Date/Time: 31/10/2012 2:27:13 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: firefox.exe, version: 16.0.2.4680, time stamp: 0x50882871 Faulting module name: xul.dll, version: 16.0.2.4680, time stamp: 0x508827d6 Exception code: 0xc0000005 Fault offset: 0x00130ef7 Faulting process id: 0xd5c Faulting application start time: 0x01cdb70ee41c6e56 Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program Files (x86)\Mozilla Firefox\xul.dll Report Id: 7a86e1de-2302-11e2-852f-002354a0c393

Log: 'Application' Date/Time: 30/10/2012 12:06:57 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program iexplore.exe version 9.0.8112.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1750 Start Time: 01cdb6325d791a2f Termination Time: 9 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id:

Log: 'Application' Date/Time: 30/10/2012 12:06:07 AM
Type: Error Category: 0
Event: 10005 Source: MsiInstaller
Product: AVG PC TuneUp -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2203. The arguments are: C:\Windows\Installer\57e8c0.ipi, -2147287035,

Log: 'Application' Date/Time: 30/10/2012 12:04:53 AM
Type: Error Category: 0
Event: 10006 Source: Microsoft-Windows-RestartManager
Application or service 'Windows Explorer' could not be shut down.

Log: 'Application' Date/Time: 28/10/2012 5:12:18 PM
Type: Error Category: 0
Event: 10005 Source: MsiInstaller
Product: Windows Defender -- You do not need to install this software because Windows Defender is included in Windows Vista. You can access Windows Defender from the Security section of the Windows Control Panel.

Log: 'Application' Date/Time: 27/10/2012 11:03:48 PM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d1d54e9e-ea2d-4284-ae68-bcae3f9aa7c5}

Log: 'Application' Date/Time: 27/10/2012 9:41:36 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: mshtml.dll, version: 9.0.8112.16450, time stamp: 0x50372c8a Exception code: 0xc0000005 Fault offset: 0x001d9ad6 Faulting process id: 0x1150 Faulting application start time: 0x01cdb48b42fa11f5 Faulting application path: C:\Windows\SysWOW64\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll Report Id: 148e7909-207f-11e2-a233-002354a0c393

Log: 'Application' Date/Time: 27/10/2012 9:16:24 PM
Type: Error Category: 0
Event: 11303 Source: MsiInstaller
Product: Microsoft Money Shared Libraries -- Error 1303.Microsoft Money Shared Libraries cannot be installed to the selected drive. Type or select another drive, such as drive C or drive D.

Log: 'Application' Date/Time: 27/10/2012 9:16:19 PM
Type: Error Category: 0
Event: 11303 Source: MsiInstaller
Product: Microsoft Money Shared Libraries -- Error 1303.Microsoft Money Shared Libraries cannot be installed to the selected drive. Type or select another drive, such as drive C or drive D.

Log: 'Application' Date/Time: 21/10/2012 6:21:18 PM
Type: Error Category: 0
Event: 10005 Source: MsiInstaller
Product: Java Auto Updater -- Internal Error 2203. C:\Windows\Installer\9f88c.ipi, -2147287035

Log: 'Application' Date/Time: 18/10/2012 6:25:58 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: wmplayer.exe, version: 12.0.7601.17514, time stamp: 0x4ce7a485 Faulting module name: splitter.ax, version: 1.10.262.12, time stamp: 0x4c66576a Exception code: 0xc0000005 Fault offset: 0x0000816c Faulting process id: 0x1538 Faulting application start time: 0x01cdad5d9ae42c24 Faulting application path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Faulting module path: C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\splitter.ax Report Id: 42247b59-1951-11e2-b33e-002354a0c393

Log: 'Application' Date/Time: 18/10/2012 7:46:10 AM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program wmplayer.exe version 12.0.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: c90 Start Time: 01cdad03b2ce5291 Termination Time: 93 Application Path: C:\Program Files (x86)\Windows Media Player\wmplayer.exe Report Id: dd3a7cfc-18f7-11e2-8028-002354a0c393

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/11/2012 1:47:44 AM
Type: Warning Category: 1
Event: 1008 Source: Microsoft-Windows-Search
The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.


Log: 'Application' Date/Time: 07/11/2012 1:41:45 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:45 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, WpcClamperProv, has been registered in the Windows Management Instrumentation namespace ROOT\CIMV2\Applications\WindowsParentalControls to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:31 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:31 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, MS_NT_EVENTLOG_EVENT_PROVIDER, has been registered in the Windows Management Instrumentation namespace Root\CIMV2 to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:09 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:09 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, HiPerfCooker_v1, has been registered in the Windows Management Instrumentation namespace Root\WMI to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:08 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:08 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:08 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:08 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:08 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:08 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\default to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:07 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:07 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, ActiveScriptEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:07 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:07 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, CommandLineEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:07 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 1:41:07 AM
Type: Warning Category: 0
Event: 63 Source: Microsoft-Windows-WMI
A provider, LogFileEventConsumer, has been registered in the Windows Management Instrumentation namespace root\subscription to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Log: 'Application' Date/Time: 07/11/2012 12:51:07 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-793335173-2078993848-683706515-1001:
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001\Software\Microsoft\SystemCertificates\trust
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001\Software\Microsoft\SystemCertificates\My
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001\Software\Microsoft\SystemCertificates\CA
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001\Software\Microsoft\SystemCertificates\Root
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001\Software\Policies\Microsoft\SystemCertificates
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001\Software\Policies\Microsoft\SystemCertificates
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001\Software\Policies\Microsoft\SystemCertificates
Process 2688 (\Device\HarddiskVolume4\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-793335173-2078993848-683706515-1001\Software\Policies\Microsoft\SystemCertificates


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/07/2012 3:48:55 AM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device K:\ (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 09/07/2012 3:48:55 AM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 08/07/2012 11:12:52 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SEAN'S IPOD (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 08/07/2012 11:12:52 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 08/07/2012 11:01:10 PM
Type: Critical Category: 64
Event: 10111 Source: Microsoft-Windows-DriverFrameworks-UserMode
The device SEAN'S IPOD (location (unknown)) is offline due to a user-mode driver crash. Windows will attempt to restart the device 5 more times. Please contact the device manufacturer for more information about this problem.

Log: 'System' Date/Time: 08/07/2012 11:01:10 PM
Type: Critical Category: 64
Event: 10110 Source: Microsoft-Windows-DriverFrameworks-UserMode
A problem has occurred with one or more user-mode drivers and the hosting process has been terminated. This may temporarily interrupt your ability to access the devices.

Log: 'System' Date/Time: 07/07/2012 8:13:35 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/11/2012 4:18:36 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {ED1D0FDF-4414-470A-A56D-CFB68623FC58} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 07/11/2012 1:50:02 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 07/11/2012 1:50:02 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 07/11/2012 1:48:01 AM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Log: 'System' Date/Time: 07/11/2012 1:02:29 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 07/11/2012 1:02:29 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 04/11/2012 10:04:38 PM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk5\DR5.

Log: 'System' Date/Time: 04/11/2012 9:35:28 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 04/11/2012 9:35:28 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 04/11/2012 9:26:54 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 03/11/2012 6:55:50 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 03/11/2012 6:55:50 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 03/11/2012 12:17:03 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 03/11/2012 12:17:03 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 03/11/2012 12:01:14 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 02/11/2012 2:06:35 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 02/11/2012 2:06:35 AM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 01/11/2012 2:43:55 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

Log: 'System' Date/Time: 01/11/2012 2:43:55 PM
Type: Error Category: 0
Event: 7038 Source: Service Control Manager
The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Log: 'System' Date/Time: 01/11/2012 7:49:36 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/11/2012 10:58:09 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.lucysgirlsnextdoor.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 28/10/2012 8:11:00 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 28/10/2012 8:10:59 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 28/10/2012 8:10:59 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 28/10/2012 8:10:59 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 28/10/2012 8:10:59 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 28/10/2012 8:10:59 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 28/10/2012 8:10:58 PM
Type: Warning Category: 0
Event: 1116 Source: Microsoft Antimalware
The event description cannot be found.

Log: 'System' Date/Time: 28/10/2012 7:10:01 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.twine.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/10/2012 5:41:11 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name insider.msg.yahoo.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/10/2012 5:40:17 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 24/10/2012 5:39:21 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 21/10/2012 5:58:33 AM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\RON-HP on the network \Device\NetBT_Tcpip_{CA45B2FF-91A3-4326-B67E-E2B5DC938D04}. Browser master: \\RON-HP Network: \Device\NetBT_Tcpip_{CA45B2FF-91A3-4326-B67E-E2B5DC938D04} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 14/10/2012 1:14:16 AM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.gamersbrain.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 10/10/2012 2:00:01 PM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\RON-HP on the network \Device\NetBT_Tcpip_{CA45B2FF-91A3-4326-B67E-E2B5DC938D04}. Browser master: \\RON-HP Network: \Device\NetBT_Tcpip_{CA45B2FF-91A3-4326-B67E-E2B5DC938D04} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 09/10/2012 1:42:22 PM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\RON-HP on the network \Device\NetBT_Tcpip_{CA45B2FF-91A3-4326-B67E-E2B5DC938D04}. Browser master: \\RON-HP Network: \Device\NetBT_Tcpip_{CA45B2FF-91A3-4326-B67E-E2B5DC938D04} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 08/10/2012 11:04:39 PM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\RON-HP on the network \Device\NetBT_Tcpip_{CA45B2FF-91A3-4326-B67E-E2B5DC938D04}. Browser master: \\RON-HP Network: \Device\NetBT_Tcpip_{CA45B2FF-91A3-4326-B67E-E2B5DC938D04} This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Log: 'System' Date/Time: 02/10/2012 8:21:26 AM
Type: Warning Category: 0
Event: 1073 Source: USER32
The attempt by user Sean-PC\Sean to restart/shutdown computer SEAN-PC failed

Log: 'System' Date/Time: 29/09/2012 11:45:46 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name xchat14.myfreecams.com timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 29/09/2012 11:45:43 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name xchat14.myfreecams.com timed out after none of the configured DNS servers responded.

 

[Jay Pfoutz]

Did you have an old version of MS Money prior to trying to install Sunset?

 

[Holden75]

Yes. Upgrading Money requires an uninstall of earlier versions, but now I cannot install previous versions anymore because I get the AUTORUN.INF error message.

 

[Jay Pfoutz]

One more question, did the install file have a file extension .msi?

 

[Holden75]

It is a setup.exe file. The downloaded money file is a self-extracting executable file. When it finishes extracting it run the setup.exe file and that is when I get the AUTORUN.INF error message.

 

[Jay Pfoutz]

Okie dokie, just what I needed to know.

Please open OTM

• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose Copy):
  
  

  :reg
  [+HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]
  
  :Commands
  [emptytemp]
  [purity]
  [Reboot]

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFilesfolder, and
open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

[Holden75]

I started OTM and did what you said to do last night when I went to bed and when I woke up it had done nothing. I was Not Responding.