Google redirects & spybot,hijack this problems
Posted 05 November 2009 - 03:21 PM
Register to Remove
Posted 05 November 2009 - 04:23 PM
Copy the contents of the code box below and paste it into a command window while the editor is open and minimized.
reg query "HKLM\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LogonType >"%userprofile%\desktop\look.txt" reg query "HKLM\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Background >>"%userprofile%\desktop\look.txt" start notepad "%userprofile%\desktop\look.txt" exit cls
Post the new log that opens.
Edited by noahdfear, 05 November 2009 - 04:23 PM.
Posted 05 November 2009 - 04:32 PM
Posted 05 November 2009 - 05:14 PM
1. determine if the system would look for replacements on the drive or prompt you for the XP cd when the System File Checker is run
2. determine the method used to logon to your user account
What I propose to do next is attempt to force Windows to run a System File Check on startup by merging a reg file.
If corrupted system files are found they should be automatically replaced with good copies found on the drive.
I also intend to enable the Windows Classic Logon dialog to help verify the bootup process (tells me bootup goes at least to the logon stage).
If you do not use a password to logon, you need only hit Enter or click OK to logon.
The System File Checker should start and be visible after logon, if successful, even if the screen remains in the same state it has been in on previous attempts to logon.
Be patient - it may take quite a while to complete.
You may need to restart the computer when the scan completes to verify any changes.
* The following will create backups of the affected registry keys prior to making any changes and save them to the hard drive*
With Registry Editor PE loaded and minimized, copy the contents of the code box below and paste it into a command window.
@echo off reg save "HKLM\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" c:\winlogon.hiv reg save HKLM\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\Setup c:\setup.hiv reg add "HKLM\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v SFCDisable /t REG_DWORD /d 00000000 /f reg add "HKLM\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v SfcScan /t REG_DWORD /d 00000002 /f reg add "HKLM\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v SFCShowProgress /t REG_DWORD /d 00000001 /f reg add "HKLM\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v LogonType /t REG_DWORD /d 00000000 /f reg del "HKLM\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Background /f reg add HKLM\_REMOTE_SOFTWARE\Microsoft\Windows\CurrentVersion\Setup /v "Installation Sources" /t REG_SZ /d C:\WINDOWS /f exit cls
When the command window closes, close the editor and wait for the All Finished message, then restart and boot the hard drive.
Let me know the results.
Posted 05 November 2009 - 06:41 PM
Posted 05 November 2009 - 07:31 PM
Posted 06 November 2009 - 04:36 PM
Posted 11 November 2009 - 11:19 PM
Sorry for the late reply!
I should have suggested this before - please disconnect all unnecessary peripherals, such as speakers, printers, cameras or any other usb devices. If it's within your means, I would also suggest physically removing any pci devices if they exist, that the computer does not need to boot, such as a network card, modem or add-on graphics/sound card. If there is no change in behavior, I do have one or two other things we can maybe try if you're game. That said;
formatting is an option, though if you prefer to try avoiding a complete re-install of all your programs, you could attempt a repair installation of Windows, provided you have a Windows XP Operating System disc as opposed to a Recovery cd. A repair installation leaves the current file system intact, meaning if the repair is successful, the system will still require cleansing of malware.
You can backup files from within the MiniXP environment. You can burn cds, attach usb hard drive or another physical internal hard drive to be used for data storage.
Posted 13 November 2009 - 06:13 PM
Posted 14 November 2009 - 11:36 AM
Right click the Regmon.zip file and select 7-zip>Extract to "\Regmon".
Open the Regmon folder and double click regmon.exe
Agree to the license.
When regmon opens, click the magnifying glass icon on the toolbar to stop the screen capture.
Click Options>Log Boot then click OK on the message box that opens.
Close regmon and the regmon folder.
Start Registry Editor PE, no user hive necessary, then minimize it to the taskbar.
Highlight and copy to text the contents of the code box below.
@echo off md c:\Regmon copy "%userprofile%\Desktop\Regmon\*.*" c:\Regmon copy X:\i386\System32\drivers\REGSYS701.SYS C:\WINDOWS\system32\drivers\REGSYS701.SYS reg save HKLM\SYSTEM\CurrentControlSet\Services\REGMON701 c:\regmon.hiv reg add HKLM\_REMOTE_SYSTEM\ControlSet005\Services\REGMON701 reg restore HKLM\_REMOTE_SYSTEM\ControlSet005\Services\REGMON701 c:\regmon.hiv reg add "HKLM\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit /t REG_SZ /d C:\Windows\system32\userinit.exe, /f exit cls
Open a command window and paste the copied text in.
Exit Registry Editor PE and restart the computer, allowing it to boot from the hard drive.
Once the boot process goes as far as it will, restart back into MiniXP and locate C:\Windows\regmon.log
Right click the log and select 7zip>Add to "Regmon.zip"
It will create the regmon.zip file in C:\Windows
Open a browser and go to my submission channel, then browse to and upload the regmon.zip file.
Close all Explorer windows.
Open a command prompt and type chkdsk /r c: then hit Enter.
Do not access the C: drive while checkdisk is running.
When checkdisk completes, restart and see if the computer will boot properly.
Was the operating system pre-installed from the factory on this computer?
Register to Remove
Posted 14 November 2009 - 04:53 PM
Posted 14 November 2009 - 05:04 PM
Posted 14 November 2009 - 05:21 PM
Posted 14 November 2009 - 06:01 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users