Search:

:angel: Dakeyras :angel:,

We cannot express how grateful we are for your generosity in sharing your expertise! Thank you so much. :thanks:

Orrin

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Documents and Settings\Mommy\Application Data\Sun\Java\Deployment\cache\6.0\21\30263fd5-135b0bb7 moved...

Just a note. The "big buck" files towards the end of the list are an old back up from an old machine.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
#...

No unusal behavior.

ESET log:

C:\Documents and Settings\Mommy\Application Data\Sun\Java\Deployment\cache\6.0\21\30263fd5-135b0bb7 multiple threats
C:\System Volume...

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mommy at 2010-02-15 16:10:53
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (17%)...

System continues to show no problems.

I can live without Adobe.

ComboFix 10-02-12.01 - Mommy 02/15/2010 13:12:11.5.1 - x86
Microsoft Windows XP Professional ...

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 4:39:54 PM, on 2/14/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal...

Computer still seems OK.

ComboFix 10-02-12.01 - Mommy 02/14/2010 15:53:11.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.509 [GMT -5:00]
Running from: c:\documents...

Logfile of random's system information tool 1.06 (written by random/random)
Run by Mommy at 2010-02-14 07:42:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (16%)...

info.txt logfile of random's system information tool 1.06 2010-02-14 07:42:52

======Uninstall list======

"Doras Carnival Adventure (remove only)" -->"C:\Program Files\Doras Carnival...

System seems to be operating normally.

Malwarebytes' Anti-Malware 1.44
Database version: 3734
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/13/2010 3:19:55 PM...

Yes.

Just to let you know...

1) When the popup appeared after running Firefox I did rerun the Malwarebytes scan and it showed about a dozen entries for "Trojan.Vundo.H." I did NOT click...

Thanks. I hope I didn't overstep but I was initially still unable to run rkill.exe or the malware program. I ran dakeyras.com again and was then able to execute the programs.

Overall things are...

exeHelper by Raktor
Build 20091220
Run at 11:30:08 on 02/11/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking...

Dakeyras,

I was able to run Temp File Cleaner. Upon reboot, rkill.exe does not appear to be operational. Seems to try to load, but I never get a window showing its progress. Attempted to run...

Thank you.

Rkill log followed by RSIT logs:



This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log...

Windows XP.

Thanks.

Getting lots of popups. There is a program running in my system tray call "Your PC Protector". Unable to post a HJT log as execution of the file seems to be suppressed.

Any suggestions?
...

Things are looking very good. No unusual behavior. I have updated Java and Windows.

Thank you so much Ken545!!!! You are very generous to share your expertise.

Blessings....

Orrin Ahola

HJT log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 9:56:34 PM, on 1/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot...

Good evening.

krl32mainweq.dll is deleted.
Glary Utilities uninstalled.

Malwarebytes log:

Malwarebytes' Anti-Malware 1.43
Database version: 3484
Windows 5.1.2600 Service Pack 3

New Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 2:37:05 PM, on 1/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00...

ComboFix.txt:

ComboFix 10-01-01.05 - Mommy 01/02/2010 13:58:50.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.560 [GMT -5:00]
Running from: c:\documents and...

Thanks. I saw no prompt for drive selection.

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/02 10:12
Program Version: Version...

Thank you.

I have downloaded mbam-setup.exe. Unfortunately when I double click the file, the installation does not proceed. It seems like something is suppressing execution of the file (?). ...

Whilst my son was playing World of Warcraft, started getting various popups, messages of memory errors, general nonsense. I've tried Ad-Aware which didn't seem to help. Tried to install Spybot S&D...

I can't thank Shaba enough for helping me clean up my system. I really appreciate you giving your time.

Thanks!

Orrin

Message from Windows re:cool.exe.vir is now gone. No other symptoms noted.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:03 PM, on 11/29/2007
Platform: Windows XP SP2 (WinNT...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:26 AM, on 11/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
...

Ahh...just logged on as a particular user and got this message:

"Windows cannot open this file:
File: cool.exe.vir"

......seems like a good thing ;-) !!!

Again, your help is greatly appreciated. The system has been very running smoothly. No symptoms of infection. Nothing found by the Kaspersky scan.

Here is the HJT log:
Logfile of Trend Micro...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:00 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:10:32 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
...

ComboFix 07-11-19.4 - Mommy 2007-11-27 12:58:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.568 [GMT -5:00]
Running from: C:\Documents and...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:17 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
...

Much thanks, Finlander!

Combofix log:

ComboFix 07-11-19.4 - Mommy 2007-11-27 11:38:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.573 [GMT -5:00]
Running from:...

Thanks in advance. My machine is sluggish. Virus scan software started to alert me to the presence of trojans. (It found ldcore.dll but couldn't remove.) Now experiencing frequent popups of Internet...