Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Google redirects & spybot,hijack this problems


  • Please log in to reply
133 replies to this topic

#16 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 18 October 2009 - 04:40 PM

And what about this?

Do you have the ability to burn a cd, and a blank cd?


Dave

    Advertisements

Register to Remove


#17 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 18 October 2009 - 04:42 PM

yes i do

#18 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 18 October 2009 - 04:54 PM

Great! Please download the Hiren's BootCD v10.0 + Keyboard Patch iso image from the following link, then extract the contents to a folder of it's own.

http://www.hirensbootcd.net/

Next download and install the ISO Recorder version for your operating system (the operating system used to burn the cd).

Once ISO Recorder is installed, insert a blank cd then right click the Hiren'sBootCD.iso file in the Hiren's folder.
Select Copy Image to CD from the right click context menu.
Leave all settings to default in the CD Recording Wizard that opens and burn the disc.
When complete, insert the cd into your computer and restart.
You should be presented with a boot menu.
Select Start Mini Windows XP

Let me know if successful.

*Please do not restart the computer, nor do any other browsing or run any other programs, until I've responded with further instructions. Running from the bootable cd is like God mode, and anything you do could be irreversible.
Dave

#19 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 18 October 2009 - 06:15 PM

not sure if im doing things correctly ive downloaded both programes on to a vista pc (so downloaded 32bit vista version) my damaged pc is xp. when i right click on the hirensbootCD.iso file theres no option to burn to cd i tried copy and paste then inserted the burnt cd to my damaged pc but came up with 'searching for boot record from cd' then goes into normal boot seqence.

#20 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 18 October 2009 - 06:21 PM

It will not work just copying the Hiren's iso to the disk. It must be burnt using an app specifically desgned for creating bootable cd's from iso files. You did install ISO Recorder? Try rebooting and see if you have the proper right click menu item.
Dave

#21 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 19 October 2009 - 05:56 PM

hi I managed to burn the file by right clicking as you instructed the only option that wasnt there in the iso recording wizard was the set to default, so i tried the cd in my pc but it couldent find it on boot up so am unsure what to do next.

#22 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 19 October 2009 - 07:47 PM

Just for the record, I instructed you to leave the CD Recording wizard setting to default, which means 'don't change anything' rather than 'look for a Default setting'. ;) You may need to change the boot order in the system BIOS. To do so, you will need to press a key after the initial beep upon starting the computer (as soon as you see something on the sceen). The key to press varies from system to system, but is generally either, Enter, Delete, or an F* function key. Often on the boot screen you will see 'Press * to enter setup". That's the key to press if you see it. There are many different BIOS configurations, so I cannot give you specific instructions for proceeding without knowing exactly what you have. What you will be looking for is commonly shown as Boot Order or Boot Options. There will be choices of Hard Drive, CD-ROM and Floppy disk, at least. The first boot device should be CD-ROM - change it if necessary. Second should be Hard Drive. Once verifying the CD-ROM is set as the first boot device, exit setup, saving the changes. The computer will restart and if the Hiren's disc is in the drive, and properly burned, it should boot to the cd where you will see the option to boot Mini XP *You should also be able to look up the manual for your computer online for specific instructions to enter setup and adjust the boot order, should the above not be helpful.
Dave

#23 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 22 October 2009 - 05:14 PM

Hello Succes ive managed to get the hirens boot cd to get me int the mini windows xp .ill shut down and wait for futher instructions

#24 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 22 October 2009 - 05:30 PM

Great!
Insert the Hiren's BootCD and restart the computer.
From the Hiren's BootCD menu select Start Mini Windows XP.
Once Mini XP has loaded, double click the Network icon on the desktop.
Your network adapter should be detected, drivers installed and configured for a connection.
Once the network connection has been established, a connection icon should be located near the clock in the notification area.
There should be a minimized program on the taskbar named Hiren's BootCD WinTools - click it to bring up the interface (or click Start>Programs>BootCD WinTools or double click the Hiren's BootCD Wintools icon on the desktop).
Click Menu on the interface, then select Browsers>Opera Web Browser.
Navigate here to the forum and click this link.
Download the program and save it to the desktop.
Once saved, close all other windows then double click the program to run it.
When completed, a log will open.
Save the log to the desktop using File>Save as, then post the log in a reply.

*Please do not restart the computer, nor do any other browsing or run any other programs, until I've responded with further instructions. Running from the bootable cd is like God mode, and anything you do could be irreversible.
Dave

#25 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 23 October 2009 - 02:06 PM

hello. I managed to run the programe and create a log DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86 Run at 21:00:31.10 on Fri 10/23/2009 Internet Explorer: 8.0.6001.18702 ============== Pseudo HJT Report =============== S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: H - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} - TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll S-1-5-21-1935681133-1597978318-240782882-1007_Run: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe S-1-5-21-1935681133-1597978318-240782882-1007_Run: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" S-1-5-21-1935681133-1597978318-240782882-1007_Run: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe S-1-5-21-1935681133-1597978318-240782882-1007_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [RemoteControl] c:\windows\system32\rmctrl.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k S-1-5-21-1935681133-1597978318-240782882-1007_Policies-explorer: NoWindowsUpdate = 0 (0x0) S-1-5-21-1935681133-1597978318-240782882-1007_Policies-system: EnableProfileQuota = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: rqRHxusp - rqRHxusp.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== APCPBEAgent; c:\progra~1\apc\powerc~1\agent\pbeagent.exe AVG; [x] avg8wd; c:\progra~1\avg\avg8\avgwdsvc.exe AvgLdx86; \SystemRoot\System32\Drivers\avgldx86.sys AvgTdiX; \SystemRoot\System32\Drivers\avgtdix.sys fssfltr; system32\DRIVERS\fssfltr_tdi.sys fsssvc; "c:\program files\windows live\family safety\fsssvc.exe" gupdate1c9b63b8cc7536e; "c:\program files\google\update\GoogleUpdate.exe" /svc Lavasoft Ad-Aware Service; [x] PAC207; system32\DRIVERS\pfc027.sys PCTCore; system32\drivers\PCTCore.sys rpvnprpipoufniww; \systemroot\system32\drivers\rpvnprpipoufniww.sys sdAuxService; c:\program files\spyware doctor\pctsAuxs.exe SeaPort; "c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe" Winsock - Google Desktop Search Backup Before First Install; [x] Winsock - Google Desktop Search Backup Before Last Install; [x] Winsock2 - Google Desktop Search Backup Before First Install; [x] Winsock2 - Google Desktop Search Backup Before Last Install; [x] {017945CB-B466-4F10-96F8-EE9956E84EEE}; [x] {04D8EFFB-0568-4B5D-ABF5-862962188B58}; [x] {AACB5D92-5FF1-4F32-BA0D-D1825E165C1F}; [x] =============== Created Last 30 ================ 2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll 2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll 2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-10-06 16:51 <DIR> --d----- c:\documents and settings\all users\application data\AVG Security Toolbar 2009-10-06 16:51 <DIR> --d----- c:\program files\AVG 2009-10-01 20:26 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-10-01 20:26 <DIR> --d----- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2009-09-28 23:44 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys 2009-09-28 23:44 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys 2009-09-28 23:43 <DIR> --d----- c:\windows\system32\IOSUBSYS 2009-09-27 17:11 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys 2009-09-27 17:11 130,936 a------- c:\windows\system32\drivers\PCTCore.sys 2009-09-27 17:11 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys 2009-09-27 17:11 64,392 a------- c:\windows\system32\drivers\pctplsg.sys 2009-09-27 17:11 <DIR> --d----- c:\program files\common files\PC Tools 2009-09-27 17:10 <DIR> --d----- c:\program files\Spyware Doctor 2009-09-27 17:10 <DIR> --d----- c:\documents and settings\arfon jones\application data\PC Tools 2009-09-27 17:10 <DIR> --d----- c:\documents and settings\all users\application data\PC Tools 2009-09-27 15:53 18,176 a------- c:\documents and settings\all users\application data\ywij.com 2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com 2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat 2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif 2009-09-27 15:53 18,333 a------- c:\documents and settings\all users\application data\etujibyh.sys 2009-09-27 15:53 15,410 a------- c:\windows\system32\ezobucix._sy 2009-09-27 15:53 15,197 a------- c:\windows\system32\areludul.db 2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg 2009-09-27 15:53 11,890 a------- c:\documents and settings\all users\application data\qaha.com 2009-09-27 15:53 10,590 a------- c:\documents and settings\arfon jones\application data\aqynacehu.vbs 2009-09-27 15:53 11,891 a------- c:\windows\ihyve.ban 2009-09-27 15:53 14,561 a------- c:\program files\common files\bogawi.dat 2009-09-26 12:51 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll 2009-09-26 12:51 68 a------- c:\windows\system32\gasfkyqbdqoepx.dat 2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat 2009-09-26 12:49 18,777 a------- c:\windows\system32\ywawexupo.db 2009-09-26 12:49 17,582 a------- c:\documents and settings\all users\application data\vegiz.reg 2009-09-26 12:49 17,549 a------- c:\windows\system32\huwuxos.db 2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr 2009-09-26 12:49 16,572 a------- c:\windows\rybekyc._dl 2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg 2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com 2009-09-26 12:49 10,731 a------- c:\documents and settings\all users\application data\ywah.scr 2009-09-26 12:49 12,103 a------- c:\program files\common files\ycisig.pif 2009-09-26 12:49 167,424 a------- c:\windows\system32\_scui.cpl 2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll 2009-09-26 12:43 46 a------- C:\p2hhr.bat 2009-09-26 12:43 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat 2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll 2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys 2009-09-26 12:42 6,656 a------- C:\hxlqib.exe 2009-09-25 21:41 0 a------- c:\windows\win32k.sys 2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp ==================== Find3M ==================== 2009-09-27 15:53 11,399 a------- c:\program files\common files\niryvizuf.dl 2009-09-26 12:49 17,248 a------- c:\program files\common files\adegyrut.db 2009-09-26 12:49 16,602 a------- c:\program files\common files\ysirunuq._dl 2009-08-24 22:45 5,632 a------- c:\windows\system32\drivers\StarOpen.sys 2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-26 15:44 48,448 a------- c:\windows\system32\sirenacm.dll 2008-09-23 21:28 31,320 a------- c:\documents and settings\arfon jones\application data\GDIPFONTCACHEV1.DAT 2008-09-17 21:59 87,608 a------- c:\documents and settings\arfon jones\application data\inst.exe 2008-09-17 21:59 47,360 a------- c:\documents and settings\arfon jones\application data\pcouffin.sys 2006-10-10 21:19 278,528 a------- c:\program files\common files\FDEUnInstaller.exe 2004-11-25 20:59 262,144 a------- c:\documents and settings\all users\NTUSER.DAT ==== Installed Programs ====================== 2600 2600_Help 2600Trb 4oD Adobe Flash Player 10 ActiveX Adobe Photoshop 7.0.1 Adobe Reader 7.0.9 Adobe® Photoshop® Album Starter Edition 3.0 AiO_Scan AiOSoftware APC PowerChute Business Edition Agent APC PowerChute Business Edition Console AVG Free 8.5 BufferChm Copy CreativeProjects CreativeProjectsTemplates Critical Update for Windows Media Player 11 (KB959772) CueTour Destinations DiMAGE Viewer Director DocProc DocumentViewer Driveway and Patio Designer V9.5.22 Easy Price Pro NHE Cal Easy Price Pro NHE Estimator ERUNT 1.1j Fax Google Earth Google SketchUp 6 Google Toolbar for Internet Explorer Google Update Helper HighMAT Extension to Microsoft Windows XP CD Writing Wizard HMRC Employer CD-ROM 2009 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) hp deskjet 5550 series (Remove only) HP Diagnostic Assistant HP Discover Digital Photography HP Image Zone 4.2 hp print screen utility HP PSC & OfficeJet 4.2 HP Software Update HP Unload DLL Patch HPSystemDiagnostics InstantShare InterActual Player IrfanView (remove only) J2SE Runtime Environment 5.0 Update 6 Java™ 6 Update 11 Java™ 6 Update 3 Junk Mail filter update Macromedia Extension Manager Macromedia Flash 8 Macromedia Flash 8 Video Encoder Macromedia Flash Player 8 Plugin Macromedia Shockwave Player Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft IntelliPoint 6.1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Live Add-in 1.3 Microsoft Office XP Professional with FrontPage Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Windows Journal Viewer MSN MSN Music Assistant MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Nero - Burning Rom (Web installer) Network Play System (Patching) NHEEstimator Orange Search Toolbar OTiCardReader Overland PC Camer@ Personal License Update Wizard for Windows Media Player PhotoGallery Picasa 3 PowerDVD PrintScreen ProductContext QFolder QuickProjects QuickTime Readme RealPlayer RegCure 1.6.0.0 SAMSUNG CDMA Modem Driver Set SAMSUNG Mobile Composite Device Software Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio 3 Scan Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Segoe UI SkinsHP1 Spybot - Search & Destroy Spyware Doctor 6.0 The Sims House Party TrayApp Unload upapp Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971180) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB953356) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) VIA Rhine-Family Fast Ethernet Adapter Viewpoint Media Player Virtual Earth 3D (Beta) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 ============= FINISH: 21:00:38.14 ===============

    Advertisements

Register to Remove


#26 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 23 October 2009 - 02:41 PM

We're going to try doing a minimal amount of work from the bootcd, hopefully enough to allow a normal bootup.

Using the Opera browser in MiniXP, highlight then right click>copy to text the contents of the code box below.

@echo off
ren c:\windows\system32\drivers\gasfkybbgiujrw.sys gasfkybbgiujrw.sys.old
ren c:\windows\system32\drivers\rpvnprpipoufniww.sys rpvnprpipoufniww.sys.old
cls
exit

Click Start>Run and type notepad then hit Enter.
Right click in the blank metapad that opens and select Paste.
Click File>Save As
Make sure Desktop is selected, then name it fix.bat
Make sure the Save as type is set to All Files Types
Now click Save
Close fix.bat then double click it to allow it to run.
It should run pretty quickly and close on it's own.

Now restart the computer and allow it to boot the hard drive.
If successful, download ComboFix by sUBs from here, saving the file to your desktop.

Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

  • Close all open programs and windows
  • Double click ComboFix.exe and follow the prompts.
  • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.


I will probably not have access to a computer again till Sunday evening. Hang in there!
Dave

#27 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 23 October 2009 - 03:28 PM

Hi again I copied and ran the code as described, It seemed to execute correctly by opening a small widow and closing quite quickly. I then tried booting to hard drive but it still only goes to a black screen with mouse cursor.

#28 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 23 October 2009 - 04:00 PM

Load MiniXP again and open the Hiren's BootCD WinTools and click Menu>Other>Registry Editor PE
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs inwhich you need only click Open.
Next you will be asked if you want to open a User hive - click Yes.
Browse to C:\Documents and Settings and open your user name folder.
You should see a file named ntuser.dat and it should be preselected in the Filename area below.
Click Open.
Click No at the next dialog to open another user hive.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Please make note of the HKEY_USERS path and tell me that exact path, eg; HKEY_USERS\_REMOTE_DAVE
Click OK then minimize the Registry Editor to the taskbar when it opens.

Connect the network, then using the Opera browser, come back to this post and copy the following bolded command to text.

reg query HKLM\_REMOTE_SYSTEM\Select>"%userprofile%\desktop\log.txt"

Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the log.txt file on the desktop.
Post it's contents in a reply here along with the exact path to the user hive as previously noted.
Close the Registry Editor and wait for a 'All Finished' message.

Run the dds-bootcd.exe tool again and post the contents of it's log as well.

May be Sunday before I respond again ;)

Edited by noahdfear, 23 October 2009 - 04:07 PM.

Dave

#29 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 25 October 2009 - 01:52 PM

Hello I tried to do everything you instructed the only H key that came up was H_KEY_LOCAL_MACHINE\REMOTE_SAM \REMOTE_SECURITY \REMOTE_SOFTWARE \REMOTE_SYSTEM Had to re download the dds-bootcd as it and the log file had vanished off the desktop so i ran one log prior to the reg query and one after posting it into the comand window DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86 Run at 19:17:26.18 on Sun 10/25/2009 ============== Pseudo HJT Report =============== ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll 2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll 2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-09-28 23:44 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys 2009-09-28 23:44 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys 2009-09-28 23:43 <DIR> --d----- c:\windows\system32\IOSUBSYS 2009-09-27 17:11 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys 2009-09-27 17:11 130,936 a------- c:\windows\system32\drivers\PCTCore.sys 2009-09-27 17:11 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys 2009-09-27 17:11 64,392 a------- c:\windows\system32\drivers\pctplsg.sys 2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com 2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat 2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif 2009-09-27 15:53 15,410 a------- c:\windows\system32\ezobucix._sy 2009-09-27 15:53 15,197 a------- c:\windows\system32\areludul.db 2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg 2009-09-27 15:53 11,891 a------- c:\windows\ihyve.ban 2009-09-26 12:51 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll 2009-09-26 12:51 68 a------- c:\windows\system32\gasfkyqbdqoepx.dat 2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat 2009-09-26 12:49 18,777 a------- c:\windows\system32\ywawexupo.db 2009-09-26 12:49 17,549 a------- c:\windows\system32\huwuxos.db 2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr 2009-09-26 12:49 16,572 a------- c:\windows\rybekyc._dl 2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg 2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com 2009-09-26 12:49 167,424 a------- c:\windows\system32\_scui.cpl 2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll 2009-09-26 12:43 46 a------- C:\p2hhr.bat 2009-09-26 12:43 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat 2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll 2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old 2009-09-26 12:42 6,656 a------- C:\hxlqib.exe 2009-09-25 21:41 0 a------- c:\windows\win32k.sys 2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp ==================== Find3M ==================== 2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll ==== Installed Programs ====================== ============= FINISH: 19:17:31.87 =============== DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86 Run at 19:37:46.51 on Sun 10/25/2009 ============== Pseudo HJT Report =============== ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll 2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll 2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-09-28 23:44 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys 2009-09-28 23:44 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys 2009-09-28 23:43 <DIR> --d----- c:\windows\system32\IOSUBSYS 2009-09-27 17:11 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys 2009-09-27 17:11 130,936 a------- c:\windows\system32\drivers\PCTCore.sys 2009-09-27 17:11 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys 2009-09-27 17:11 64,392 a------- c:\windows\system32\drivers\pctplsg.sys 2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com 2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat 2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif 2009-09-27 15:53 15,410 a------- c:\windows\system32\ezobucix._sy 2009-09-27 15:53 15,197 a------- c:\windows\system32\areludul.db 2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg 2009-09-27 15:53 11,891 a------- c:\windows\ihyve.ban 2009-09-26 12:51 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll 2009-09-26 12:51 68 a------- c:\windows\system32\gasfkyqbdqoepx.dat 2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat 2009-09-26 12:49 18,777 a------- c:\windows\system32\ywawexupo.db 2009-09-26 12:49 17,549 a------- c:\windows\system32\huwuxos.db 2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr 2009-09-26 12:49 16,572 a------- c:\windows\rybekyc._dl 2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg 2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com 2009-09-26 12:49 167,424 a------- c:\windows\system32\_scui.cpl 2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll 2009-09-26 12:43 46 a------- C:\p2hhr.bat 2009-09-26 12:43 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat 2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll 2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old 2009-09-26 12:42 6,656 a------- C:\hxlqib.exe 2009-09-25 21:41 0 a------- c:\windows\win32k.sys 2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp ==================== Find3M ==================== 2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll ==== Installed Programs ====================== ============= FINISH: 19:37:50.23 ===============

#30 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 25 October 2009 - 08:57 PM

Something wrong here. H_KEY_LOCAL_MACHINE\REMOTE_SAM should be HKEY_LOCAL_MACHINE\REMOTE_SAM It cannot be otherwise and be functional. Something has changed a great deal between the 2 dds-bootcd runs. The lack of information in log #2 suggests the registry for the operating system was not properly accessed. Did you by chance do the second run while the Registry Editor PE still had the hives loaded? If so, that was a no-no. Please re-read my previous instructions carefully and repeat. FYI - MiniXP is an image file on a compact disk. Booting to MiniXP loads that image into memory, and the files you save to the desktop are only there in memory, not written to the disc. Once you shut down/restart, the memory is cleared. Only files you manipulate on the Hard Drive are affected while running from the cd, whether copied, moved, created, modified or deleted. I have another question. Do you know on what date your computer last booted successfully?
Dave

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users