Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dell Windows XP; Computer 000Slow, neither MWBAW nor SBSND work proper


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This should finish it off... AVG is about two years out of date so will either need to be removed and replaced, or updated

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Run: [qoqavedsucue] => C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\jlmjvkexubwmndts.dll"
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Ask.com
HKU\S-1-5-21-500823600-1963862842-10735164-1005\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm173PAUS&fl=0&ptb=DabTlgNPJrCle4adZZyvCA&ind=2008120821&url=hxxp://www.ask.com/web&q={searchTerms}&l=zk&o=sb
SearchScopes: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> {8EDDD76F-CE75-460B-B846-9A685E3EF34B} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm173PAUS&fl=0&ptb=DabTlgNPJrCle4adZZyvCA&ind=2008120821&url=hxxp://www.ask.com/web&q={searchTerms}&l=zk&o=sb
SearchScopes: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> {C133A094-347B-41CB-9BA5-3D8A80DD8583} URL = hxxp://www15.yoog.com/search.php?q={searchTerms}
SearchScopes: HKU\S-1-5-21-500823600-1963862842-10735164-1005 -> {C52F4C55-CD31-4C2D-BB8A-8C35F79B983A} URL = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZKxdm173PAUS&fl=0&ptb=DabTlgNPJrCle4adZZyvCA&ind=2008120821&url=hxxp://www.ask.com/web&q={searchTerms}&l=zk&o=sb
BHO: snappyads browser enhancer -> {81CFA2BF-8FE8-2409-8FA6-A6B19037CBF7} -> C:\WINDOWS\system32\jlmjvkexubwmndts.dll [2009-10-01] ()
FF DefaultSearchEngine: Yoog Search
FF DefaultSearchUrl: hxxp://www15.yoog.com/search.php?q=
FF SelectedSearchEngine: Yoog Search
FF Keyword.URL: hxxp://www15.yoog.com/search.php?q=
FF user.js: detected! => C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default\user.js [2016-04-10]
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPMyWebS.dll [2008-12-08] (MyWebSearch.com)
FF SearchPlugin: C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\mq3tdcno.default\searchplugins\Yoog Search.xml [2009-10-01]
FF Extension: XUL Cache - C:\Documents and Settings\User\Local Settings\Application Data\{56C43988-1EA4-4EDF-85F0-E561F583EFEA} [2009-03-04] [not signed]
2016-04-10 16:51 - 2016-04-10 16:51 - 00000000 _____ C:\WINDOWS\system32\F7C.tmp
2016-04-10 16:51 - 2016-04-10 16:51 - 00000000 _____ C:\WINDOWS\system32\F79.tmp
2016-04-08 09:25 - 2016-04-08 09:25 - 00000000 _____ C:\WINDOWS\system32\1DD.tmp
C:\WINDOWS\system32\jlmjvkexubwmndts.dll
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

Advertisements


#17
Aerostalgia

Aerostalgia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

FRST crashed during the fix on C:\Windows\Temp\TMP000*1
Do i rerun it?


  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It should be OK could you post the fixlog please and then run AdwCleaner
  • 0

#19
Aerostalgia

Aerostalgia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Here you go;
Edit: Adwcleaner isn't running

Attached Files


Edited by Aerostalgia, 11 April 2016 - 01:43 PM.

  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets use the backup tool :)

How is the computer now ?

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#21
Aerostalgia

Aerostalgia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Better than it was before, I still can't delete the original FRST files when we first started though because of the access denied error.

Attached Files

  • Attached File  JRT.txt   4.58KB   72 downloads

  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK then now to clear you up and try to prevent this happening again 
First priority will be to install SP3.  As MS no longer supports XP we will get it from Filehippo, a site I trust http://filehippo.com...service_pack_3/
Download and install this, there is also an unofficial SP4 if he wishes to install that http://www.ryanvm.ne...pic.php?t=10321

If the FRST folder is still present after this let me know and we will use a separate tool to remove the folder

Also an updated antivirus needs to be installed

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove Combofix

Click Start then Run.
On Windows7 or Vista you may use Start Search field if Run is not available.
In the box copy/paste the following command:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

Then click OK (or press Enter ).
Wait for the uninstall process to complete.

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#23
Aerostalgia

Aerostalgia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

On the service pack 3 setup i get a error saying
"Service pack 3 setuip cannot update a checked(debug) system with a free(retail) version of service pack 3, or vice versa."
Does that mean i already have it?


  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm it appears to however FRST is only reporting SP2

Platform: Microsoft Windows XP Professional Service Pack 2 (X86) Language: English (United States)


If you feel confident you could follow the steps here http://www.askvg.com...service-pack-3/
  • 0

#25
Aerostalgia

Aerostalgia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Ok that link helped me fix it, but now im getting another error during install

"The file C:\Windows\system32\drivers\atapi.sys is open or is in use by another app"
Tried using unlocker as other people suggested but unlocker sees it as not locked.

 

Then tried Diagnostic setup, and that didn't work either, any thoughts?


  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Although I have seen no sign of TDSS that is possibly one cause..

Lets check it out

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    tdss%20start.JPG
  • Then click on Change parameters.

    tdss%20Change%20param.JPG
  • Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
  • Click the Start Scan button.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdss%20threat.JPG
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    tdss%20report.JPG
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
  • 0

#27
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP