Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Review: System Restore... A0004132.exe?


  • Please log in to reply
28 replies to this topic

#1 cornybread

cornybread

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 26 March 2012 - 12:31 PM

Hi. I ran Eset online scanner and it found this: C:\System Volume Information\_restore{534E65DA-57A5-4238-8DC6-9A56A1550AEA}\RP20\A0004132.exe - a variant of Win32/Adware.OpenInstall application - and cleaned by deleting. Afterwards, I turned off system restore and rebooted. I haven't turned it back on yet and wonder if someone can please advise if I should or should do something else?

WIN XP
SP 3

Thank you!

ALSO: I just attempted to run MBAM and received and error message that the database is missing or corrupt. PROGRAM_LOAD_ERROR_DATABASE (0, 2, SDKCreate)

OKAY. Got MBAM uninstalled and reinstalled a fresh copy. Updated and scanned. Here are the results:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.26.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ItsNunYerBiz :: NUNYERBIZ [administrator]

3/26/2012 1:47:51 PM
mbam-log-2012-03-26 (13-47-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 208926
Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by cornybread, 26 March 2012 - 01:11 PM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:49 AM

Posted 26 March 2012 - 04:47 PM

Hello,

I will be helping you with your problems
Please do the following:

Step 1

Turn on System Restore, and create a restore point.
- Having it off means that there isn't a place to restore to if your computer has a problem (e.g. booting up) which going back to a restore point may solve.
I understand why you turned system restore off, however the malware only affects the computer it it was restored to that restore point ESET found.
Once the computer is clean I'll give you instructions for removing all relevant restore points.

Step 2

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------------

Step 3

Please download Farbar Service Scanner to your Desktop and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

----------------

Step 4

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

----------------

Step 5

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes'
    Anti-Malware
    and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 cornybread

cornybread
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 26 March 2012 - 05:35 PM

Hi. Thanks for your help. I have no idea what these results mean but I did want to say also that I was just browsing around while I was waiting for help today. I have 'What's Running' installed and noticed something called Primomonnt.dll in the system32 folder. It just sort of stuck out to me - I don't know if it's anything - but when I did a search it came up in one result to say it was a virus? Anyway, the results of the scan:

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
AVG 2012
ESET Online Scanner v3
Sygate Personal Firewall
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
Java™ 6 Update 12
Java™ 6 Update 31
Java version out of date!
Mozilla Firefox (3.5.1) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
``````````End of Log````````````


-----

Farbar Service Scanner Version: 01-03-2012
Ran by ItsNunYerBiz (administrator) on 26-03-2012 at 18:05:52
Running from "C:\Documents and Settings\ItsNunYerBiz\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) wpsdrvnt(12)
0x0D00000005000000010000000200000003000000040000000C0000000800000006000000070000000A0000000B000000090000000D000000
IpSec Tag value is correct.

**** End of log ****

-----

MiniToolBox by Farbar Version: 18-01-2012
Ran by ItsNunYerBiz (administrator) on 26-03-2012 at 18:07:12
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
77.67.86.43 Adobe Update
::1 localhost


127.0.0.1 localhost
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com
127.0.0.1 activate.wip2.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com

There are 15237 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : nunyerbiz

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-72-D6-E6-AB

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.94.156.1

68.94.157.1

Lease Obtained. . . . . . . . . . : Monday, March 26, 2012 1:45:01 PM

Lease Expires . . . . . . . . . . : Tuesday, March 27, 2012 1:45:01 PM

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 68.94.156.1

Name: google.com
Addresses: 74.125.225.137, 74.125.225.142, 74.125.225.128, 74.125.225.129
74.125.225.130, 74.125.225.131, 74.125.225.132, 74.125.225.133, 74.125.225.134
74.125.225.135, 74.125.225.136



Pinging google.com [74.125.225.71] with 32 bytes of data:



Reply from 74.125.225.71: bytes=32 time=78ms TTL=56

Reply from 74.125.225.71: bytes=32 time=56ms TTL=56



Ping statistics for 74.125.225.71:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 78ms, Average = 67ms

Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: yahoo.com
Addresses: 72.30.38.140, 98.139.183.24, 209.191.122.70



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=357ms TTL=48

Reply from 98.139.183.24: bytes=32 time=338ms TTL=48



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 338ms, Maximum = 357ms, Average = 347ms

Server: dnsr1.sbcglobal.net
Address: 68.94.156.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 72 d6 e6 ab ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 20
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 20
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 20
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/25/2012 09:28:46 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/25/2012 09:27:56 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/22/2012 03:57:56 PM) (Source: Application Hang) (User: )
Description: Hanging application swishMax4.exe, version 2011.6.20.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/21/2012 00:25:30 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/18/2012 04:17:09 PM) (Source: Application Hang) (User: )
Description: Hanging application PDR9.exe, version 9.0.0.2316, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/18/2012 04:15:22 PM) (Source: Application Hang) (User: )
Description: Hanging application PDR9.exe, version 9.0.0.2316, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/18/2012 03:59:06 PM) (Source: Application Hang) (User: )
Description: Hanging application FreeVideoToJPGConverter.exe, version 1.8.7.1227, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/18/2012 03:58:32 PM) (Source: Application Hang) (User: )
Description: Hanging application FreeVideoToJPGConverter.exe, version 1.8.7.1227, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/17/2012 02:33:07 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x715ba067.
Processing media-specific event for [explorer.exe!ws!]

Error: (03/15/2012 02:46:32 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (03/26/2012 06:00:07 PM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library UltraNet USB 2.0 USB Device.

Error: (03/26/2012 06:00:07 PM) (Source: Removable Storage Service) (User: )
Description: RSM could not load media in drive Drive 0 of library UltraNet USB 2.0 USB Device.

Error: (03/26/2012 02:36:36 PM) (Source: Service Control Manager) (User: )
Description: The EaseUS Agent service terminated unexpectedly. It has done this 6 time(s).

Error: (03/26/2012 02:28:04 PM) (Source: Service Control Manager) (User: )
Description: The EaseUS Agent service terminated unexpectedly. It has done this 5 time(s).

Error: (03/26/2012 02:27:09 PM) (Source: Service Control Manager) (User: )
Description: The EaseUS Agent service terminated unexpectedly. It has done this 4 time(s).

Error: (03/26/2012 02:24:27 PM) (Source: Service Control Manager) (User: )
Description: The EaseUS Agent service terminated unexpectedly. It has done this 3 time(s).

Error: (03/26/2012 02:23:26 PM) (Source: Service Control Manager) (User: )
Description: The EaseUS Agent service terminated unexpectedly. It has done this 2 time(s).

Error: (03/26/2012 02:21:28 PM) (Source: Service Control Manager) (User: )
Description: The EaseUS Agent service terminated unexpectedly. It has done this 1 time(s).

Error: (03/26/2012 01:45:25 PM) (Source: Service Control Manager) (User: )
Description: The TLRecAgent service failed to start due to the following error:
%%2

Error: (03/26/2012 01:45:10 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.


Microsoft Office Sessions:
=========================
Error: (05/19/2011 11:17:53 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 176 seconds with 60 seconds of active time. This session ended with a crash.

Error: (05/17/2011 11:22:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 8, Application Name: Microsoft Office Publisher, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1829 seconds with 480 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Acoustica MP3 To Wave Converter PLUS (Version: 2.6 b25)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0)
Adobe After Effects CS4 Third Party Content (Version: 9)
Adobe AIR (Version: 1.5.3.9120)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Bridge CS4 (Version: 3)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Recommended Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Extra Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Creative Suite 4 Master Collection (Version: 4.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Dreamweaver CS5 (Version: 11.0)
Adobe Dreamweaver CS5 Official English Language Pack (Version: 1.0)
Adobe Dynamiclink Support (Version: 1)
Adobe Encore CS4 Codecs (Version: 4)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Fireworks CS4 (Version: 10.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.63)
Adobe Fonts All (Version: 2.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Encoder CS4 Exporter (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 1.8)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Premiere Pro CS4 Third Party Content (Version: 4)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Shockwave Player 11.6 (Version: 11.6.4.634)
Adobe Soundbooth CS4 Codecs (Version: 2)
Adobe SVG Viewer 3.0 (Version: 3.0)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Advanced DHTML Popup Pro (Version: 2.43.0150)
Aleo 3D Flash Slideshow Creator 1.8
AnalogX Keyword Extractor
Animated Screensaver Maker (Version: 2.4.3)
Any Video Converter 3.3.4
Apple Software Update (Version: 2.1.1.116)
Articulate Studio '09 Pro (Version: 3.05)
Artisteer 3 (Version: 3.0)
Ashampoo Burning Studio 6 FREE v.6.80 (Version: 6.8.0)
ATI - Software Uninstall Utility (Version: 6.14.10.1014)
ATI Control Panel (Version: 6.14.10.5183)
ATI Display Driver (Version: 8.23-060209a1-030546C-Dell)
Audacity 1.2.6
Avanquest update (Version: 1.10)
AVG 2012 (Version: 12.0.1913)
AVG 2012 (Version: 12.0.2114)
AVG 2012 (Version: 2012.0.1913)
calibre (Version: 0.8.36)
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
CDBurnerXP (Version: 4.4.0.2905)
CoffeeCup Free DHTML Menu Builder
CoffeeCup Photo Gallery - Registered
CoffeeCup RSS News Flash - Registered
CoffeeCup Web Form Builder
CoffeeCup Web JukeBox
CoffeeCup Web Video Player
ColorImpact version 2.8.7
Conexant D850 56K V.9x DFVc Modem
Connect (Version: 1.0.0.1)
CrazyTalk v6.21 PRO (Version: 6.21.1921.1)
CSS3 Menu
CyberLink PowerDirector (Version: 9.0.0.2316)
CyberLink WaveEditor (Version: 1.0.1.2228b)
Dell Resource CD (Version: 1.00.0000)
EaseUS Todo Backup Free 3.5 (Version: 3.5.0.1)
EfficientPIM 2.97
Encrypt Web Pro (Version: 2003.3.5)
ESET Online Scanner v3
Flip Boom All-Star 1.0 (Version: 1.0)
FlippingBook PDF Publisher (Version: 0.5.8)
Free Video to Flash Converter version 5.0.4.1228
Free Video to JPG Converter version 1.8.7
Freeware PDF Unlocker (Version: 1.0.4)
GetRight
GnuCash 2.4.10
Good Keywords v2.01.100107 (Version: 2.0)
GoodSearch Toolbar (Version: 1.0.33)
Google Chrome (Version: 11.0.696.77)
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
HiJackThis (Version: 1.0.0)
HourGuard Time Sheet
Intel® PRO Network Connections Drivers
Internet Explorer (Enable DEP)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 12 (Version: 6.0.120)
Java™ 6 Update 31 (Version: 6.0.310)
K-Lite Codec Pack 6.0.4 (Basic) (Version: 6.0.4)
Keywords Grabber (Version: 1.0.0)
kuler (Version: 2.0)
LameACM
LightScribe System Software (Version: 1.18.5.1)
Likno Web Accordion Builder 2.0.208 (Version: 2.0.208)
Likno Web Modal Windows Builder 2.0.210 (Version: 2.0.210)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 1.00.0000)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Mobile Studio (Version: 3.00.000)
Mozilla Firefox (3.5.1) (Version: 3.5.1 (en-US))
MP3 CD Converter 4.00
MP3 player (Version: )
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OJOsoft Total Video Converter (Version: 2.6.8.0616)
Opera 11.11 (Version: 11.11.2109)
Opera 11.52 (Version: 11.52.1100)
Otto
Outlook Express Backup V6.5
PAP project files
PDF Settings CS4 (Version: 9.0)
Photo Clip Art 150,000 (Version: 3.12.0000)
Photoshop Camera Raw (Version: 5.0)
Pixel Bender Toolkit (Version: 1.0)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
QuickTime (Version: 7.55.90.70)
Ringtone Media Studio (Version: 3.00)
Riot - Radical Image Optimization Tool
RoboGen Standard Edition (Version: 1.5.2)
Safari (Version: 5.33.21.1)
Search Engine Builder Professional (Version: 2003.3.5)
Segoe UI (Version: 14.0.4327.805)
Send To Toys v2.61
SigmaTel Audio (Version: 5.10.4700.0)
Skype™ 5.5 (Version: 5.5.124)
SmartSound Quicktracks 5 (Version: 5.1.7)
Sonic Encoders (Version: 1.00)
Sothink DHTML Menu 9 (Version: 9.20)
Sothink JWScroller (Version: 2.10)
Sothink SWF to Video Converter (Version: 2.4)
Spell Checker For OE 2.1
Spybot - Search & Destroy (Version: 1.6.2)
Suite Shared Configuration CS4 (Version: 1.0)
SureThing CD Labeler Deluxe 5
SWF & FLV Toolbox 3.5 (build 3.5.25.503) (Version: 3.5.25.503)
SWiSH Max4 (Version: 10.10.29.100)
swMSM (Version: 12.0.0.1)
Sygate Personal Firewall (Version: 5.6.2808)
Table2CSS 3.10.4
Text-To-Speech-Runtime (Version: 1.0.0.0)
The Big Box of Art 1 Million (Version: 3.21.0000)
The Big Box of Art 350,000 (Version: 3.08.0000)
the TAB Kids 3.1 (Version: 3.1)
Toon Boom Studio 5.0 (Version: 5.0)
Total Recorder 8.1
Ulead GIF Animator 5 ESD
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update Rollup 2 for Windows XP Media Center Edition 2005
USB PC Camera (SN9C103) (Version: 4.15.0.000)
WebFldrs XP (Version: 9.50.7523)
What's Running 2.2 (Version: 2.2)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows Resource Kit Tools - SubInAcl.exe (Version: 5.2.3790.1164)
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
Wondershare DVD Slideshow Builder Deluxe(Build 6.1.6.52) (Version: 6.1.6.52)
WonderWebWare CSS Menu Generator 4.1
XMind (Version: 3.2.1)
Youtube 2 MP3 Downloader 2.11
Youtube Downloader HD v. 2.6
YouTube Song Downloader (Version: 7.92)

========================= Devices: ================================

Name: RADEON X300 SE 128MB HyperMemory Secondary
Description: RADEON X300 SE 128MB HyperMemory Secondary
Class Guid: TI Technologies Inc.
Manufacturer: ATI Technologies Inc.
Service: ati2mtag
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


========================= Memory info: ===================================

Percentage of memory in use: 26%
Total physical RAM: 2558.07 MB
Available physical RAM: 1886.38 MB
Total Pagefile: 4446.54 MB
Available Pagefile: 3899.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.88 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:148.99 GB) (Free:101.19 GB) NTFS
3 Drive e: () (Removable) (Total:0.98 GB) (Free:0.31 GB) FAT
4 Drive f: (External) (Fixed) (Total:111.79 GB) (Free:79.7 GB) NTFS

========================= Users: ========================================

User accounts for \\NUNYERBIZ

Administrator ASPNET Guest
HelpAssistant ItsNunYerBiz SUPPORT_388945a0

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\Mini021812-01.dmp
C:\WINDOWS\Minidump\Mini061611-01.dmp
C:\WINDOWS\Minidump\Mini080111-01.dmp
C:\WINDOWS\Minidump\Mini081011-01.dmp
C:\WINDOWS\Minidump\Mini082311-01.dmp
C:\WINDOWS\Minidump\Mini082411-01.dmp

**** End of log ****

-----

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.26.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ItsNunYerBiz :: NUNYERBIZ [administrator]

3/26/2012 6:38:42 PM
mbam-log-2012-03-26 (18-38-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 209624
Time elapsed: 6 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by cornybread, 26 March 2012 - 05:54 PM.


#4 cornybread

cornybread
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 26 March 2012 - 11:16 PM

Are you there? Anyone?

#5 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:49 AM

Posted 27 March 2012 - 07:15 AM

Hi Cornybread,

It will take some time to review your logs, and there are other people I'm helping also. I aim to respond to people within 48 hours of their last post. Please be patient in the meantime.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#6 cornybread

cornybread
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 27 March 2012 - 12:32 PM

Okay. Not a problem. I just wanted to make sure you were still with me. I understand - I see others with non-working computers and things so I totally understand. Thanks for letting me know, though. I appreciate it. ;)

Oh, and also, what is Primomonnt.dll?

Edited by cornybread, 27 March 2012 - 12:37 PM.


#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:49 AM

Posted 29 March 2012 - 01:57 PM

Hi,

Step 1

We need to disable Spybot S&D's "TeaTimer"
TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  • Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  • If prompted with a legal dialog, accept the warning.
  • Click Mode > Advanced Mode.
    Posted Image
  • You may be presented with a warning dialog. If so, click Yes
  • Click on Tools and then Resident
    Posted Image
  • Uncheck this checkbox: "Resident TeaTimer {protection of over-all system settings) active"
  • Close/Exit Spybot Search and Destroy

Step 2

Please rerun ESET scanner via the below instructions:

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Step 3

Uninstall Programs
  • Click the "windows Orb" Start button on your destktop
  • Type "control" in the search box and press enter
  • Double click "Programs and Features" (Vista / Win7) or "Add / Remove Programs" (Win XP)
  • Please uninstall the following programs:
    Java™ 6 Update 12
  • After the programs have been uninstalled, make sure you restart the computer.
Step 4

Mozilla Firefox is outdated
  • Please download the latest version of Firefox from http://www.mozilla.org/en-US/firefox/fx/ to your Desktop
  • Double click the file to start the installation process
  • When it is installed restart the computer
Step 5

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main text field:

    :filefind 
    *primomonnt.dll
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Edited by dev00790, 29 March 2012 - 01:57 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 cornybread

cornybread
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 29 March 2012 - 03:22 PM

Hi.

Thanks for having a look at the logs. I will complete the new instructions - ESET will take a little while to run. The only thing I don't want to do is update FireFox. I have Internet access blocked via the firewall and use it locally because Dust-Me Selectors (checks my local style sheets) only works in this old version. I design websites and this program is the only one I could find to do exactly what I need.

Will that be okay to leave it (pleeeease)?


Tea Timer wasn't running and I did uninstal the Java update 12. Here's the results of the scans (Eset was clean)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-24 05:00:39
# local_time=2011-10-24 01:00:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 10252097 10252097 0 0
# compatibility_mode=1024 16777175 100 0 1098578 1098578 0 0
# compatibility_mode=8192 67108863 100 0 5158466 5158466 0 0
# scanned=162139
# found=0
# cleaned=0
# scan_time=4123
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-03 06:26:22
# local_time=2011-11-03 02:26:22 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 11076914 11076914 0 0
# compatibility_mode=1024 16777175 100 0 1923395 1923395 0 0
# compatibility_mode=8192 67108863 100 0 5983283 5983283 0 0
# scanned=166233
# found=1
# cleaned=1
# scan_time=5249
C:\System Volume Information\_restore{534E65DA-57A5-4238-8DC6-9A56A1550AEA}\RP3\A0001168.exe probably a variant of Win32/Agent.FGEDAUG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-13 07:03:51
# local_time=2011-11-13 02:03:51 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 11986843 11986843 0 0
# compatibility_mode=1024 16777175 100 0 2833324 2833324 0 0
# compatibility_mode=8192 67108863 100 0 6893212 6893212 0 0
# scanned=165577
# found=2
# cleaned=2
# scan_time=4769
C:\Documents and Settings\ItsNunYerBiz\Application Data\Sun\Java\Deployment\cache\6.0\51\1bcc96b3-24899f8a Win32/TrojanDownloader.Small.PHM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\ItsNunYerBiz\Local Settings\temp\0.2718247275686074.exe Win32/TrojanDownloader.Small.PHM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-15 07:06:57
# local_time=2011-11-15 02:06:57 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 12116422 12116422 0 0
# compatibility_mode=1024 16777175 100 0 2962903 2962903 0 0
# compatibility_mode=8192 67108863 100 0 7022791 7022791 0 0
# scanned=166183
# found=0
# cleaned=0
# scan_time=4977
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-26 06:53:31
# local_time=2011-11-26 01:53:31 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 13066048 13066048 0 0
# compatibility_mode=1024 16777175 100 0 3912529 3912529 0 0
# compatibility_mode=8192 67108863 100 0 7972417 7972417 0 0
# scanned=172277
# found=0
# cleaned=0
# scan_time=4945
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-11 07:34:32
# local_time=2011-12-11 02:34:32 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 14364558 14364558 0 0
# compatibility_mode=1024 16777175 100 0 5211039 5211039 0 0
# compatibility_mode=8192 67108863 100 0 9270927 9270927 0 0
# scanned=174777
# found=0
# cleaned=0
# scan_time=4895
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-03 07:19:50
# local_time=2012-01-03 02:19:50 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 16349916 16349916 0 0
# compatibility_mode=1024 16777175 100 0 7196397 7196397 0 0
# compatibility_mode=8192 67108863 100 0 11256285 11256285 0 0
# scanned=192070
# found=0
# cleaned=0
# scan_time=5855
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-12 07:40:41
# local_time=2012-01-12 02:40:41 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 17128249 17128249 0 0
# compatibility_mode=1024 16777175 100 0 7974730 7974730 0 0
# compatibility_mode=8192 67108863 100 0 12034618 12034618 0 0
# scanned=199553
# found=3
# cleaned=3
# scan_time=6373
C:\Documents and Settings\ItsNunYerBiz\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00281c JS/Agent.NDV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\ItsNunYerBiz\Local Settings\Temporary Internet Files\Content.IE5\D8YVM08D\likno-web-accordion-builder-1-0-128-free-download[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{534E65DA-57A5-4238-8DC6-9A56A1550AEA}\RP50\A0008895.exe a variant of Win32/Adware.OpenInstall application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-12 05:26:20
# local_time=2012-01-12 12:26:20 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 17165307 17165307 0 0
# compatibility_mode=1024 16777175 100 0 8011788 8011788 0 0
# compatibility_mode=8192 67108863 100 0 12071676 12071676 0 0
# scanned=189090
# found=0
# cleaned=0
# scan_time=4454
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-22 07:08:55
# local_time=2012-01-22 02:08:55 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 18036281 18036281 0 0
# compatibility_mode=1024 16777175 100 0 8882762 8882762 0 0
# compatibility_mode=8192 67108863 100 0 12942650 12942650 0 0
# scanned=137437
# found=0
# cleaned=0
# scan_time=3635
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-27 09:13:41
# local_time=2012-01-27 04:13:41 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 18430706 18430706 0 0
# compatibility_mode=1024 16777175 100 0 9277187 9277187 0 0
# compatibility_mode=8192 67108863 100 0 13337075 13337075 0 0
# scanned=197711
# found=0
# cleaned=0
# scan_time=5496
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-09 07:58:03
# local_time=2012-02-09 02:58:03 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 19548878 19548878 0 0
# compatibility_mode=1024 16777175 100 0 10395359 10395359 0 0
# compatibility_mode=8192 67108863 100 0 14455247 14455247 0 0
# scanned=192394
# found=2
# cleaned=2
# scan_time=5985
C:\Documents and Settings\ItsNunYerBiz\Local Settings\TempDIR\BetterInstaller.exe Win32/Adware.Somoto.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{534E65DA-57A5-4238-8DC6-9A56A1550AEA}\RP21\A0002652.exe Win32/Adware.Somoto.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-09 05:57:13
# local_time=2012-02-09 12:57:13 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 19585751 19585751 0 0
# compatibility_mode=1024 16777175 100 0 10432232 10432232 0 0
# compatibility_mode=8192 67108863 100 0 14492120 14492120 0 0
# scanned=192715
# found=0
# cleaned=0
# scan_time=5063
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-12 09:20:02
# local_time=2012-02-12 04:20:02 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 19813381 19813381 0 0
# compatibility_mode=1024 16777175 100 0 10659862 10659862 0 0
# compatibility_mode=8192 67108863 100 0 14719750 14719750 0 0
# scanned=191907
# found=2
# cleaned=2
# scan_time=5602
C:\RECYCLER\S-1-5-21-1844237615-1677128483-725345543-1003\Dc82.exe a variant of Win32/Adware.OpenInstall application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\RECYCLER\S-1-5-21-1844237615-1677128483-725345543-1003\Dc83.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-24 08:30:28
# local_time=2012-02-24 03:30:28 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 20846791 20846791 0 0
# compatibility_mode=1024 16777175 100 0 11693272 11693272 0 0
# compatibility_mode=8192 67108863 100 0 15753160 15753160 0 0
# scanned=192480
# found=0
# cleaned=0
# scan_time=6017
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-17 09:06:26
# local_time=2012-03-17 05:06:26 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 22750781 22750781 0 0
# compatibility_mode=1024 16777175 100 0 13597262 13597262 0 0
# compatibility_mode=8192 67108863 100 0 17657150 17657150 0 0
# scanned=202982
# found=0
# cleaned=0
# scan_time=4986
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-26 05:51:40
# local_time=2012-03-26 01:51:40 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 23515532 23515532 0 0
# compatibility_mode=1024 16777175 100 0 14362013 14362013 0 0
# compatibility_mode=8192 67108863 100 0 18421901 18421901 0 0
# scanned=199657
# found=1
# cleaned=1
# scan_time=6151
C:\System Volume Information\_restore{534E65DA-57A5-4238-8DC6-9A56A1550AEA}\RP20\A0004132.exe a variant of Win32/Adware.OpenInstall application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-29 09:31:26
# local_time=2012-03-29 05:31:26 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 23835401 23835401 0 0
# compatibility_mode=1024 16777175 100 0 14681882 14681882 0 0
# compatibility_mode=8192 67108863 100 0 18741770 18741770 0 0
# scanned=56818
# found=0
# cleaned=0
# scan_time=1868
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3ba0c4e0537fda4b86abbb8bd769aaa3
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-29 10:53:42
# local_time=2012-03-29 06:53:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 23837357 23837357 0 0
# compatibility_mode=1024 16777191 100 0 14683838 14683838 0 0
# compatibility_mode=8192 67108863 100 0 18743726 18743726 0 0
# scanned=198903
# found=0
# cleaned=0
# scan_time=4848


-----



SystemLook 30.07.11 by jpshortstuff
Log created at 19:27 on 29/03/2012 by ItsNunYerBiz
Administrator - Elevation successful

========== filefind ==========

Searching for "*primomonnt.dll"
C:\Program Files\Nitro PDF\PrimoPDF\PrimoMon\primomonnt.dll --a---- 180624 bytes [22:37 28/02/2011] [22:37 28/02/2011] 2C6786656869093C521337D6AC813BC6
C:\WINDOWS\system32\Primomonnt.dll --a---- 180624 bytes [01:14 16/05/2011] [22:37 28/02/2011] 2C6786656869093C521337D6AC813BC6

-= EOF =-

Edited by cornybread, 29 March 2012 - 06:49 PM.


#9 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:49 AM

Posted 30 March 2012 - 06:08 AM

Hi cornybread,

It appears that you have run ESET scan multiple times. One of the scans found malicious files and they were quarantined.

I have 'What's Running' installed and noticed something called Primomonnt.dll in the system32 folder. It just sort of stuck out to me - I don't know if it's anything - but when I did a search it came up in one result to say it was a virus?

Primomonnt.dll is fine - it's part of Nitro pdf software.
I notice though that you don't have Nitro pdf listed as being installed on you PC - did you have it installed some point in the past?

Will that be okay to leave it (pleeeease)?

Firefox v3.5 is very old now (released June 30th, 2009), is no longer supported by mozilla, and has has numerous vulnerablities which can allow malicious applications and methods into your computer.
- I recommend that you update firefox to the latest version if you wish to continue using it. There are probably many software applications / firefox add-ons or extensions that would offer similar or better functionality for designing websites.

Hanging application iexplore.exe

I see this in the logs also. Try running internet explorer without addons. Does this result in no application hangs? Link for further info

How is your computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#10 cornybread

cornybread
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 30 March 2012 - 11:14 AM

Thanks for all your help! Answers to your questions and a few comments:

Primomonnt.dll is fine - it's part of Nitro pdf software.
I notice though that you don't have Nitro pdf listed as being installed on you PC - did you have it installed some point in the past?

Yes, I still do... it's called PrimoPDF.

I recommend that you update firefox to the latest version if you wish to continue using it. There are probably many software applications/ firefox add-ons or extensions that would offer similar or better functionality for designing websites.

I understand, but I don't use it for browsing and have it blocked with the firewall. I've searched quite a while and couldn't find another option.

I see this in the logs also. Try running internet explorer without addons.

I really didn't think I had any add-ons as I know that's now a good idea. Actually, here's a shot of what I have. Everything else (accelerators, filters, etc.) is disabled and my search provider is Google.

Posted Image

How is your computer running now?

I guess it's okay. But yeah, IE hangs more than I think it should. The computer is probably 10 years old (DELL Dimension E510) and it's been a while since I reformated it. Also, I wonder if my EaseUS Backup might be bloated. I have an external drive that I backup a few folders to a couple of times a day and that slows everything a little.

I'm not sure there's anything more that can be done. I may consider a reformat in the coming weeks and see if that helps, unless you have any other ideas?

Edited by cornybread, 30 March 2012 - 11:15 AM.


#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:49 AM

Posted 30 March 2012 - 05:00 PM

Hi cornybread,

Actually, here's a shot of what I have. Everything else (accelerators, filters, etc.) is disabled

Ok thanks

I'm not sure there's anything more that can be done. I may consider a reformat in the coming weeks and see if that helps, unless you have any other ideas?

Reformatting is usually a last resort. Other things can be tried first

Step 1

Disable all addons in IE
Restart the computer.
Does IE hang now?

Step 2

Run Windows defragmenter: link
The volume to derag is the C: drive

Step 3
Please follow the below to run Disk Cleanup tool to clean up temporary files

You can start Disk Cleanup, by doing any of the following:

  • Click Start, and then click Run. In the Open box, type cleanmgr, and then click OK.

    -or-
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Disk Cleanup.

    -or-
  • In Windows Explorer or My Computer, right-click the disk in which you want to free up space, click Properties, click the General tab, and then click Disk Cleanup.


Step 4

Restart the computer

Step 5

How is your computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 cornybread

cornybread
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 01 April 2012 - 11:33 AM

Hi. I just wanted to post real quick - I've been sick and will try these other steps by tomorrow (Monday) afternoon. Thanks.

#13 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:49 AM

Posted 01 April 2012 - 01:28 PM

Thanks for letting me know

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#14 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:49 AM

Posted 05 April 2012 - 06:52 PM

Hi Cornybread,

Are you still with me?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#15 cornybread

cornybread
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 14 April 2012 - 10:00 AM

Hi. So sorry for being so long. I have been pretty sick and just now feeling better. :)

I did everything you suggested and it seemed okay - like it really made little difference. Then, IE was hanging again so, I ran another scan last night - it appears I was infected again:

ESTET Online Scanner Results:

C:\System Volume Information\_restore{534E65DA-57A5-4238-8DC6-9A56A1550AEA}\RP13\A0002667.exe a variant of Win32/Kryptik.AEBY trojan cleaned by deleting - quarantined
C:\System Volume Information\_restore{534E65DA-57A5-4238-8DC6-9A56A1550AEA}\RP7\A0001813.exe probably a variant of Win32/Adware.BHO.LRUODUW application deleted - quarantined
C:\System Volume Information\_restore{534E65DA-57A5-4238-8DC6-9A56A1550AEA}\RP7\A0001827.exe probably a variant of Win32/Adware.BHO.LRUODUW application deleted - quarantined
C:\System Volume Information\_restore{534E65DA-57A5-4238-8DC6-9A56A1550AEA}\RP8\A0001932.exe probably a variant of Win32/Adware.BHO.LRUODUW application deleted - quarantined
C:\System Volume Information\_restore{534E65DA-57A5-4238-8DC6-9A56A1550AEA}\RP8\A0001934.exe probably a variant of Win32/Adware.BHO.LRUODUW application deleted - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users