Do you have the ability to burn a cd, and a blank cd?
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Google redirects & spybot,hijack this problems
Started by
arfon.jones
, Oct 11 2009 04:59 PM
133 replies to this topic
#16
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 18 October 2009 - 04:40 PM
Dave
Register to Remove
#17
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 18 October 2009 - 04:42 PM
yes i do
#18
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 18 October 2009 - 04:54 PM
Great! Please download the Hiren's BootCD v10.0 + Keyboard Patch iso image from the following link, then extract the contents to a folder of it's own.
http://www.hirensbootcd.net/
Next download and install the ISO Recorder version for your operating system (the operating system used to burn the cd).
Once ISO Recorder is installed, insert a blank cd then right click the Hiren'sBootCD.iso file in the Hiren's folder.
Select Copy Image to CD from the right click context menu.
Leave all settings to default in the CD Recording Wizard that opens and burn the disc.
When complete, insert the cd into your computer and restart.
You should be presented with a boot menu.
Select Start Mini Windows XP
Let me know if successful.
*Please do not restart the computer, nor do any other browsing or run any other programs, until I've responded with further instructions. Running from the bootable cd is like God mode, and anything you do could be irreversible.
http://www.hirensbootcd.net/
Next download and install the ISO Recorder version for your operating system (the operating system used to burn the cd).
Once ISO Recorder is installed, insert a blank cd then right click the Hiren'sBootCD.iso file in the Hiren's folder.
Select Copy Image to CD from the right click context menu.
Leave all settings to default in the CD Recording Wizard that opens and burn the disc.
When complete, insert the cd into your computer and restart.
You should be presented with a boot menu.
Select Start Mini Windows XP
Let me know if successful.
*Please do not restart the computer, nor do any other browsing or run any other programs, until I've responded with further instructions. Running from the bootable cd is like God mode, and anything you do could be irreversible.
Dave
#19
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 18 October 2009 - 06:15 PM
not sure if im doing things correctly ive downloaded both programes on to a vista pc (so downloaded 32bit vista version) my damaged pc is xp. when i right click on the hirensbootCD.iso file theres no option to burn to cd i tried copy and paste then inserted the burnt cd to my damaged pc but came up with 'searching for boot record from cd' then goes into normal boot seqence.
#20
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 18 October 2009 - 06:21 PM
It will not work just copying the Hiren's iso to the disk. It must be burnt using an app specifically desgned for creating bootable cd's from iso files. You did install ISO Recorder? Try rebooting and see if you have the proper right click menu item.
Dave
#21
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 19 October 2009 - 05:56 PM
hi I managed to burn the file by right clicking as you instructed the only option that wasnt there in the iso recording wizard was the set to default, so i tried the cd in my pc but it couldent find it on boot up so am unsure what to do next.
#22
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 19 October 2009 - 07:47 PM
Just for the record, I instructed you to leave the CD Recording wizard setting to default, which means 'don't change anything' rather than 'look for a Default setting'. 
You may need to change the boot order in the system BIOS.
To do so, you will need to press a key after the initial beep upon starting the computer (as soon as you see something on the sceen).
The key to press varies from system to system, but is generally either, Enter, Delete, or an F* function key.
Often on the boot screen you will see 'Press * to enter setup". That's the key to press if you see it.
There are many different BIOS configurations, so I cannot give you specific instructions for proceeding without knowing exactly what you have.
What you will be looking for is commonly shown as Boot Order or Boot Options.
There will be choices of Hard Drive, CD-ROM and Floppy disk, at least.
The first boot device should be CD-ROM - change it if necessary.
Second should be Hard Drive.
Once verifying the CD-ROM is set as the first boot device, exit setup, saving the changes.
The computer will restart and if the Hiren's disc is in the drive, and properly burned, it should boot to the cd where you will see the option to boot Mini XP
*You should also be able to look up the manual for your computer online for specific instructions to enter setup and adjust the boot order, should the above not be helpful.
You may need to change the boot order in the system BIOS.
To do so, you will need to press a key after the initial beep upon starting the computer (as soon as you see something on the sceen).
The key to press varies from system to system, but is generally either, Enter, Delete, or an F* function key.
Often on the boot screen you will see 'Press * to enter setup". That's the key to press if you see it.
There are many different BIOS configurations, so I cannot give you specific instructions for proceeding without knowing exactly what you have.
What you will be looking for is commonly shown as Boot Order or Boot Options.
There will be choices of Hard Drive, CD-ROM and Floppy disk, at least.
The first boot device should be CD-ROM - change it if necessary.
Second should be Hard Drive.
Once verifying the CD-ROM is set as the first boot device, exit setup, saving the changes.
The computer will restart and if the Hiren's disc is in the drive, and properly burned, it should boot to the cd where you will see the option to boot Mini XP
*You should also be able to look up the manual for your computer online for specific instructions to enter setup and adjust the boot order, should the above not be helpful.
Dave
#23
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 22 October 2009 - 05:14 PM
Hello Succes ive managed to get the hirens boot cd to get me int the mini windows xp .ill shut down and wait for futher instructions
#24
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 22 October 2009 - 05:30 PM
Great!
Insert the Hiren's BootCD and restart the computer.
From the Hiren's BootCD menu select Start Mini Windows XP.
Once Mini XP has loaded, double click the Network icon on the desktop.
Your network adapter should be detected, drivers installed and configured for a connection.
Once the network connection has been established, a connection icon should be located near the clock in the notification area.
There should be a minimized program on the taskbar named Hiren's BootCD WinTools - click it to bring up the interface (or click Start>Programs>BootCD WinTools or double click the Hiren's BootCD Wintools icon on the desktop).
Click Menu on the interface, then select Browsers>Opera Web Browser.
Navigate here to the forum and click this link.
Download the program and save it to the desktop.
Once saved, close all other windows then double click the program to run it.
When completed, a log will open.
Save the log to the desktop using File>Save as, then post the log in a reply.
*Please do not restart the computer, nor do any other browsing or run any other programs, until I've responded with further instructions. Running from the bootable cd is like God mode, and anything you do could be irreversible.
Insert the Hiren's BootCD and restart the computer.
From the Hiren's BootCD menu select Start Mini Windows XP.
Once Mini XP has loaded, double click the Network icon on the desktop.
Your network adapter should be detected, drivers installed and configured for a connection.
Once the network connection has been established, a connection icon should be located near the clock in the notification area.
There should be a minimized program on the taskbar named Hiren's BootCD WinTools - click it to bring up the interface (or click Start>Programs>BootCD WinTools or double click the Hiren's BootCD Wintools icon on the desktop).
Click Menu on the interface, then select Browsers>Opera Web Browser.
Navigate here to the forum and click this link.
Download the program and save it to the desktop.
Once saved, close all other windows then double click the program to run it.
When completed, a log will open.
Save the log to the desktop using File>Save as, then post the log in a reply.
*Please do not restart the computer, nor do any other browsing or run any other programs, until I've responded with further instructions. Running from the bootable cd is like God mode, and anything you do could be irreversible.
Dave
#25
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 23 October 2009 - 02:06 PM
hello. I managed to run the programe and create a log
DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 21:00:31.10 on Fri 10/23/2009
Internet Explorer: 8.0.6001.18702
============== Pseudo HJT Report ===============
S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} -
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
S-1-5-21-1935681133-1597978318-240782882-1007_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RemoteControl] c:\windows\system32\rmctrl.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
S-1-5-21-1935681133-1597978318-240782882-1007_Policies-explorer: NoWindowsUpdate = 0 (0x0)
S-1-5-21-1935681133-1597978318-240782882-1007_Policies-system: EnableProfileQuota = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: rqRHxusp - rqRHxusp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
APCPBEAgent; c:\progra~1\apc\powerc~1\agent\pbeagent.exe
AVG; [x]
avg8wd; c:\progra~1\avg\avg8\avgwdsvc.exe
AvgLdx86; \SystemRoot\System32\Drivers\avgldx86.sys
AvgTdiX; \SystemRoot\System32\Drivers\avgtdix.sys
fssfltr; system32\DRIVERS\fssfltr_tdi.sys
fsssvc; "c:\program files\windows live\family safety\fsssvc.exe"
gupdate1c9b63b8cc7536e; "c:\program files\google\update\GoogleUpdate.exe" /svc
Lavasoft Ad-Aware Service; [x]
PAC207; system32\DRIVERS\pfc027.sys
PCTCore; system32\drivers\PCTCore.sys
rpvnprpipoufniww; \systemroot\system32\drivers\rpvnprpipoufniww.sys
sdAuxService; c:\program files\spyware doctor\pctsAuxs.exe
SeaPort; "c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe"
Winsock - Google Desktop Search Backup Before First Install; [x]
Winsock - Google Desktop Search Backup Before Last Install; [x]
Winsock2 - Google Desktop Search Backup Before First Install; [x]
Winsock2 - Google Desktop Search Backup Before Last Install; [x]
{017945CB-B466-4F10-96F8-EE9956E84EEE}; [x]
{04D8EFFB-0568-4B5D-ABF5-862962188B58}; [x]
{AACB5D92-5FF1-4F32-BA0D-D1825E165C1F}; [x]
=============== Created Last 30 ================
2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll
2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll
2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-10-06 16:51 <DIR> --d----- c:\documents and settings\all users\application data\AVG Security Toolbar
2009-10-06 16:51 <DIR> --d----- c:\program files\AVG
2009-10-01 20:26 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-10-01 20:26 <DIR> --d----- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2009-09-28 23:44 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-09-28 23:44 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-28 23:43 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-09-27 17:11 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-27 17:11 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-27 17:11 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-27 17:11 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-27 17:11 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-27 17:10 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-27 17:10 <DIR> --d----- c:\documents and settings\arfon jones\application data\PC Tools
2009-09-27 17:10 <DIR> --d----- c:\documents and settings\all users\application data\PC Tools
2009-09-27 15:53 18,176 a------- c:\documents and settings\all users\application data\ywij.com
2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com
2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat
2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif
2009-09-27 15:53 18,333 a------- c:\documents and settings\all users\application data\etujibyh.sys
2009-09-27 15:53 15,410 a------- c:\windows\system32\ezobucix._sy
2009-09-27 15:53 15,197 a------- c:\windows\system32\areludul.db
2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg
2009-09-27 15:53 11,890 a------- c:\documents and settings\all users\application data\qaha.com
2009-09-27 15:53 10,590 a------- c:\documents and settings\arfon jones\application data\aqynacehu.vbs
2009-09-27 15:53 11,891 a------- c:\windows\ihyve.ban
2009-09-27 15:53 14,561 a------- c:\program files\common files\bogawi.dat
2009-09-26 12:51 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll
2009-09-26 12:51 68 a------- c:\windows\system32\gasfkyqbdqoepx.dat
2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat
2009-09-26 12:49 18,777 a------- c:\windows\system32\ywawexupo.db
2009-09-26 12:49 17,582 a------- c:\documents and settings\all users\application data\vegiz.reg
2009-09-26 12:49 17,549 a------- c:\windows\system32\huwuxos.db
2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr
2009-09-26 12:49 16,572 a------- c:\windows\rybekyc._dl
2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg
2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com
2009-09-26 12:49 10,731 a------- c:\documents and settings\all users\application data\ywah.scr
2009-09-26 12:49 12,103 a------- c:\program files\common files\ycisig.pif
2009-09-26 12:49 167,424 a------- c:\windows\system32\_scui.cpl
2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll
2009-09-26 12:43 46 a------- C:\p2hhr.bat
2009-09-26 12:43 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat
2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll
2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys
2009-09-26 12:42 6,656 a------- C:\hxlqib.exe
2009-09-25 21:41 0 a------- c:\windows\win32k.sys
2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp
==================== Find3M ====================
2009-09-27 15:53 11,399 a------- c:\program files\common files\niryvizuf.dl
2009-09-26 12:49 17,248 a------- c:\program files\common files\adegyrut.db
2009-09-26 12:49 16,602 a------- c:\program files\common files\ysirunuq._dl
2009-08-24 22:45 5,632 a------- c:\windows\system32\drivers\StarOpen.sys
2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-26 15:44 48,448 a------- c:\windows\system32\sirenacm.dll
2008-09-23 21:28 31,320 a------- c:\documents and settings\arfon jones\application data\GDIPFONTCACHEV1.DAT
2008-09-17 21:59 87,608 a------- c:\documents and settings\arfon jones\application data\inst.exe
2008-09-17 21:59 47,360 a------- c:\documents and settings\arfon jones\application data\pcouffin.sys
2006-10-10 21:19 278,528 a------- c:\program files\common files\FDEUnInstaller.exe
2004-11-25 20:59 262,144 a------- c:\documents and settings\all users\NTUSER.DAT
==== Installed Programs ======================
2600
2600_Help
2600Trb
4oD
Adobe Flash Player 10 ActiveX
Adobe Photoshop 7.0.1
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.0
AiO_Scan
AiOSoftware
APC PowerChute Business Edition Agent
APC PowerChute Business Edition Console
AVG Free 8.5
BufferChm
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
DiMAGE Viewer
Director
DocProc
DocumentViewer
Driveway and Patio Designer V9.5.22
Easy Price Pro NHE Cal
Easy Price Pro NHE Estimator
ERUNT 1.1j
Fax
Google Earth
Google SketchUp 6
Google Toolbar for Internet Explorer
Google Update Helper
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HMRC Employer CD-ROM 2009
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
hp deskjet 5550 series (Remove only)
HP Diagnostic Assistant
HP Discover Digital Photography
HP Image Zone 4.2
hp print screen utility
HP PSC & OfficeJet 4.2
HP Software Update
HP Unload DLL Patch
HPSystemDiagnostics
InstantShare
InterActual Player
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 11
Java™ 6 Update 3
Junk Mail filter update
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8 Plugin
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MSN
MSN Music Assistant
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero - Burning Rom (Web installer)
Network Play System (Patching)
NHEEstimator
Orange Search Toolbar
OTiCardReader
Overland
PC Camer@
Personal License Update Wizard for Windows Media Player
PhotoGallery
Picasa 3
PowerDVD
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
RegCure 1.6.0.0
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Scan
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
SkinsHP1
Spybot - Search & Destroy
Spyware Doctor 6.0
The Sims House Party
TrayApp
Unload
upapp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Media Player
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
============= FINISH: 21:00:38.14 ===============
Register to Remove
#26
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 23 October 2009 - 02:41 PM
We're going to try doing a minimal amount of work from the bootcd, hopefully enough to allow a normal bootup.
Using the Opera browser in MiniXP, highlight then right click>copy to text the contents of the code box below.
Click Start>Run and type notepad then hit Enter.
Right click in the blank metapad that opens and select Paste.
Click File>Save As
Make sure Desktop is selected, then name it fix.bat
Make sure the Save as type is set to All Files Types
Now click Save
Close fix.bat then double click it to allow it to run.
It should run pretty quickly and close on it's own.
Now restart the computer and allow it to boot the hard drive.
If successful, download ComboFix by sUBs from here, saving the file to your desktop.
Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.
**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.
I will probably not have access to a computer again till Sunday evening. Hang in there!
Using the Opera browser in MiniXP, highlight then right click>copy to text the contents of the code box below.
@echo off ren c:\windows\system32\drivers\gasfkybbgiujrw.sys gasfkybbgiujrw.sys.old ren c:\windows\system32\drivers\rpvnprpipoufniww.sys rpvnprpipoufniww.sys.old cls exit
Click Start>Run and type notepad then hit Enter.
Right click in the blank metapad that opens and select Paste.
Click File>Save As
Make sure Desktop is selected, then name it fix.bat
Make sure the Save as type is set to All Files Types
Now click Save
Close fix.bat then double click it to allow it to run.
It should run pretty quickly and close on it's own.
Now restart the computer and allow it to boot the hard drive.
If successful, download ComboFix by sUBs from here, saving the file to your desktop.
Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.
- Close all open programs and windows
- Double click ComboFix.exe and follow the prompts.
- It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.
**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.
I will probably not have access to a computer again till Sunday evening. Hang in there!
Dave
#27
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 23 October 2009 - 03:28 PM
Hi again
I copied and ran the code as described, It seemed to execute correctly by opening a small widow and closing quite quickly. I then tried booting to hard drive but it still only goes to a black screen with mouse cursor.
#28
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 23 October 2009 - 04:00 PM
Load MiniXP again and open the Hiren's BootCD WinTools and click Menu>Other>Registry Editor PE
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs inwhich you need only click Open.
Next you will be asked if you want to open a User hive - click Yes.
Browse to C:\Documents and Settings and open your user name folder.
You should see a file named ntuser.dat and it should be preselected in the Filename area below.
Click Open.
Click No at the next dialog to open another user hive.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Please make note of the HKEY_USERS path and tell me that exact path, eg; HKEY_USERS\_REMOTE_DAVE
Click OK then minimize the Registry Editor to the taskbar when it opens.
Connect the network, then using the Opera browser, come back to this post and copy the following bolded command to text.
reg query HKLM\_REMOTE_SYSTEM\Select>"%userprofile%\desktop\log.txt"
Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the log.txt file on the desktop.
Post it's contents in a reply here along with the exact path to the user hive as previously noted.
Close the Registry Editor and wait for a 'All Finished' message.
Run the dds-bootcd.exe tool again and post the contents of it's log as well.
May be Sunday before I respond again
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs inwhich you need only click Open.
Next you will be asked if you want to open a User hive - click Yes.
Browse to C:\Documents and Settings and open your user name folder.
You should see a file named ntuser.dat and it should be preselected in the Filename area below.
Click Open.
Click No at the next dialog to open another user hive.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Please make note of the HKEY_USERS path and tell me that exact path, eg; HKEY_USERS\_REMOTE_DAVE
Click OK then minimize the Registry Editor to the taskbar when it opens.
Connect the network, then using the Opera browser, come back to this post and copy the following bolded command to text.
reg query HKLM\_REMOTE_SYSTEM\Select>"%userprofile%\desktop\log.txt"
Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the log.txt file on the desktop.
Post it's contents in a reply here along with the exact path to the user hive as previously noted.
Close the Registry Editor and wait for a 'All Finished' message.
Run the dds-bootcd.exe tool again and post the contents of it's log as well.
May be Sunday before I respond again
Edited by noahdfear, 23 October 2009 - 04:07 PM.
Dave
#29
arfon.jones
-
- Authentic Member
-
- 71 posts
Authentic Member
Posted 25 October 2009 - 01:52 PM
Hello I tried to do everything you instructed
the only H key that came up was
H_KEY_LOCAL_MACHINE\REMOTE_SAM
\REMOTE_SECURITY
\REMOTE_SOFTWARE
\REMOTE_SYSTEM
Had to re download the dds-bootcd as it and the log file had vanished off the desktop
so i ran one log prior to the reg query and one after posting it into the comand window
DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 19:17:26.18 on Sun 10/25/2009
============== Pseudo HJT Report ===============
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll
2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll
2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-28 23:44 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-09-28 23:44 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-28 23:43 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-09-27 17:11 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-27 17:11 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-27 17:11 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-27 17:11 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com
2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat
2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif
2009-09-27 15:53 15,410 a------- c:\windows\system32\ezobucix._sy
2009-09-27 15:53 15,197 a------- c:\windows\system32\areludul.db
2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg
2009-09-27 15:53 11,891 a------- c:\windows\ihyve.ban
2009-09-26 12:51 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll
2009-09-26 12:51 68 a------- c:\windows\system32\gasfkyqbdqoepx.dat
2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat
2009-09-26 12:49 18,777 a------- c:\windows\system32\ywawexupo.db
2009-09-26 12:49 17,549 a------- c:\windows\system32\huwuxos.db
2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr
2009-09-26 12:49 16,572 a------- c:\windows\rybekyc._dl
2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg
2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com
2009-09-26 12:49 167,424 a------- c:\windows\system32\_scui.cpl
2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll
2009-09-26 12:43 46 a------- C:\p2hhr.bat
2009-09-26 12:43 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat
2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll
2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old
2009-09-26 12:42 6,656 a------- C:\hxlqib.exe
2009-09-25 21:41 0 a------- c:\windows\win32k.sys
2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp
==================== Find3M ====================
2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll
==== Installed Programs ======================
============= FINISH: 19:17:31.87 ===============
DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86
Run at 19:37:46.51 on Sun 10/25/2009
============== Pseudo HJT Report ===============
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll
2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll
2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-28 23:44 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-09-28 23:44 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-28 23:43 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-09-27 17:11 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-27 17:11 130,936 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-27 17:11 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-27 17:11 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com
2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat
2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif
2009-09-27 15:53 15,410 a------- c:\windows\system32\ezobucix._sy
2009-09-27 15:53 15,197 a------- c:\windows\system32\areludul.db
2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg
2009-09-27 15:53 11,891 a------- c:\windows\ihyve.ban
2009-09-26 12:51 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll
2009-09-26 12:51 68 a------- c:\windows\system32\gasfkyqbdqoepx.dat
2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat
2009-09-26 12:49 18,777 a------- c:\windows\system32\ywawexupo.db
2009-09-26 12:49 17,549 a------- c:\windows\system32\huwuxos.db
2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr
2009-09-26 12:49 16,572 a------- c:\windows\rybekyc._dl
2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg
2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com
2009-09-26 12:49 167,424 a------- c:\windows\system32\_scui.cpl
2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll
2009-09-26 12:43 46 a------- C:\p2hhr.bat
2009-09-26 12:43 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat
2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll
2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old
2009-09-26 12:42 6,656 a------- C:\hxlqib.exe
2009-09-25 21:41 0 a------- c:\windows\win32k.sys
2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp
==================== Find3M ====================
2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll
2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll
2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll
==== Installed Programs ======================
============= FINISH: 19:37:50.23 ===============
#30
noahdfear
-
- Visiting Fellow
-
- 465 posts
Silver Member
Posted 25 October 2009 - 08:57 PM
Something wrong here.
H_KEY_LOCAL_MACHINE\REMOTE_SAM
should be
HKEY_LOCAL_MACHINE\REMOTE_SAM
It cannot be otherwise and be functional. Something has changed a great deal between the 2 dds-bootcd runs. The lack of information in log #2 suggests the registry for the operating system was not properly accessed. Did you by chance do the second run while the Registry Editor PE still had the hives loaded? If so, that was a no-no. Please re-read my previous instructions carefully and repeat.
FYI - MiniXP is an image file on a compact disk. Booting to MiniXP loads that image into memory, and the files you save to the desktop are only there in memory, not written to the disc. Once you shut down/restart, the memory is cleared. Only files you manipulate on the Hard Drive are affected while running from the cd, whether copied, moved, created, modified or deleted.
I have another question. Do you know on what date your computer last booted successfully?
Dave
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
