Search:

Thank you so very, very much..I know this will be one very happy young man. None of us can afford the cost of going to a so call pro, they dont always complete the job anyway. I have be coming here...

Yahoo! Toolbar:
There's nothing in either Program Files or Program Files (x86) folders.
When I checked Programs and Features it said an error occurred trying to uninstall Yahoo! Toolbar. It may...

Ok. I allowed Akamai NetSession Client.

I went to reinstall the Yahoo! Toolbar but it was blocked. It said the one that was installed was the updated version. Should I just leave it alone or will...

I just restarted the infected machine. When the desktop came it there is a "Windows Security Alert" box in the middle of the screen.
It says "Windows Firewall has blocked some features of this...

Computer seems be be running fine.
Yahoo! Toolbar is back in Programs and Features, but it seems to be ok. Is that ok?


OTL:
All processes killed
========== COMMANDS ==========
Restore point...

When I open Google Chrome, on the infected machine, 2 tabs open. One says "search" with www.searchnu.com/406. I dont know if this is needed. I thought it would just be a regular Chrome home page...

Checked programs and files and there was a file "BearShare" in "My Music" but the folder was empty. Is there a way to deleted the folder?. Thanks.

My machine seems to be slowing down now. :sick:

Ok. I clicked yes for the FreePriceAlerts 2.3.5.

I rebooted for the Yahoo! Toolbar and it is still there.

Reset Google Chrome:
I can't reset it. There's not a little wrench to click on next...

I am having a few problems uninstalling a couple of the programs.

I don't see Bearshare on the uninstall list.

FreePriceAlerts 2.3.5:
An error occured while trying to uninstall FreePriceAlerts...

Yes I did the download from Firefox.

Going to run these items now.

Thanks for the headsup on Java. I will remove them from my personal machine as well. I noticed that there are updates for...

OTL Extras logfile created on: 4/9/2013 12:08:20 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shermqn Cooper\Desktop
64bit- Home Premium Edition Service Pack 1 (Version =...

OTL logfile created on: 4/9/2013 12:08:20 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shermqn Cooper\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601)...

Below is the log that you requested. One option in the selection box was checked but it was greyed out. It was called "RpcSs and PlugPlay"

Farbar Service Scanner Version: 03-03-2013
Ran by...

09:58:55.0952 3560 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:58:55.0999 3560 MRxDAV - ok
09:58:56.0045 3560 [...

09:57:24.0082 4844 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:57:24.0440 4844 ============================================================
09:57:24.0440 4844 Current date /...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Shermqn Cooper on Tue...

I downloaded the "flag_disinfector and ran it and I will keep it on my computer, thank you.

The computer seems to startup just fine. I have not done anything more than just come to this web site...

I forgot to tell you every time I go to shut the infected machine down it wants to download a lot of updates. It seems that maybe it had been awhile since he was able to use the laptop. I have not...

Thanks so much for all your help and concern. I don't want this to happen to my machine. I am using Windows XP Service Pack 3 Media Center Edition. My machine is an old HP but it works fine for me. I...

OTL Extras logfile created on: 4/8/2013 9:23:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shermqn Cooper\Desktop
64bit- Home Premium Edition Service Pack 1 (Version =...

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Shermqn...

OTL logfile created on: 4/8/2013 9:23:00 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shermqn Cooper\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) -...

The computer seems to be running very good although I dont know much about this laptop because it is not mine:laugh:. I just cant seen to log into the Spybot forums on it, says I am using the wrong...

Yes I am using Firefox. I will try IE now...Thank you.

Each time I try the download, Malwarebytes, I get this message:
Download error
C:\Users\Shermqm Cooper\Downloads\yl74m858lo.exe.part could not be saved, because the source file could not be read.

\Image File Execution Options\mbamgui.exe Key deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows nt\currentversion\Image File Execution Options\mbamservice.exe Key deleted...

Ok!:thanks: The fix worked, and the computer booted up properly.
Here is the log from the flash drive. I will have to do it in 2 posts because it is too long.

Fix result of Farbar Recovery Tool...

Hi... I am just now closing everything and rebooting the infected machine..On closing one screen it said "No fixlist.txt found. The fixlist.txt should be made and saved in the same directory the tool...

It happened after running the Custom FRST. I am not sure it even ran. I did as you said, ran the FRST64, the flash drive was in the infected computer, then pressed the Fix button and nothing...

Hi...I did as you instructed but nothing is happening..It has been over an hour and the computer just sits. Should there be something to show that it is working?

I am running the tool now ans I also see in the command prompt that it says X:windows\system32...If that helps at all..
The scan is complete now:
Scan result of Farbar Recovery Scan Tool (FRST)...

I have no idea. Can you tell me how to find out?...It just says Windows 7 Home Premium.

Yes, thank you, I am still in need of help.....the operating system is Windows 7....Yes I do have a flash drive that I can use..

Hello. I have a laptop that belongs to a friend's son. The laptop will not display anything other than this page that says FBI, please send $500 using a green-dot card to unlock it. I have never seen...

You have been the best and I can't thank you enough..The computer is running great now...Keep up the awesome work..We need you...

Ok..I ran F-Secure Health and it said only my RealPlayer need to be updated....I ran the Secunia and it told me that my Adobe FlashPlayer needed updating and it gave a link for the update...I clicked...

You are awesome!!!!!
Thought I would have have to run another log for you....
Ok I deleted the SecurityCheck...I did not download the RootRepeal because I finally was able to get GMER to run in...

Hello and once again thank you.. :)
I ran the HJT and checked the items you said to...
Here is the Security Check log...

Results of screen317's Security Check version 0.99.4
Windows XP...

I have not had the Just-In-Time to pop-up lately..Hope it is gone for good........Here is the HJT log you asked for...Thank you so much...Have you been able to tell what the cause of my problem...

.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[648] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003B1950 C:\WINDOWS\system32\guard32.dll (COMODO...

.text C:\WINDOWS\system32\lsass.exe[320] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO...

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-04 07:41:47
Windows 5.1.2600 Service Pack 3
Running: xlu8m5ox.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kxldapob.sys


----...

I have been trying to run this program all day..It always shuts down and sends an error report to MS.....Going to try again..thanks..

I could not find a folder titled Debugger in options, I may need to do it IE as I use Firefox...
Here is the long you asked for...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:33...

Hi...and thanks so much...This scan took over 4 hrs..lol..lol..here are the results..I did not have what it found removed because you did not tell me to..

ESETSmartInstaller@High as CAB hook log:...

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

5/1/2010 3:41:41 PM
mbam-log-2010-05-01 (15-41-41).txt

I already have it on my desk top..I will update and follow the rest of your instructions and post the log back here..

I did as u said for the Just-In-Time but it still popped up...here's the ComboFix log...

ComboFix 10-04-30.03 - HP_Administrator 05/01/2010 12:06:34.9.1 - x86
Microsoft Windows XP Professional ...

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2010-05-01 10:23:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 122...

Thanks so very much for helping me..This has been driving me crazy..I can't do much of anything without the Just-In-Time Debugging popping up...(I have no idea what it is).....Then I received a...