Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Originally Infected by IS2010...now I'm not sure


  • This topic is locked This topic is locked
67 replies to this topic

#1 tarheelaz

tarheelaz

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 04 January 2010 - 01:21 AM

Originally I was infected with IS 2010 and I think I got rid of it, but I still cannot get my browsers to work properly. Additionally, I cannot start the computer in safe mode. When i restart and hit the F8 key and select safe mode it returns me to the safe mode selection screen (as if i hit F8 again). No matter which safe mode option i choose it will not work. Also, Malware Bytes will not run properly. I have at times got it to work but now it will not. My last AV scan returned nothing but I still am having problems. I also keep getting a google installer pop up error. Another thing is iexplore will automatically start itself for no reason. The list goes on and on!

I want to thank you in advance for the assistance! I go to school in 4 days and planned on taking this laptop with me but right now it is pretty much useless.

Well, here goes...


DDS (Ver_09-12-01.01) - NTFSx86
Run by Bob at 21:54:45.14 on Sun 01/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.279 [GMT -8:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ActivCard\acachsrv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ActivCard\ActivCard Gold\acevtsrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\itunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bob\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: &ESPN: {ae6f2894-af10-4c9c-b16e-1dfc6ff8c0c6} - c:\program files\espn\toolbar\DIGToolBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {1796806A-380C-4D97-B5FF-6ABF2E035CD2} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {17BFCF1A-B579-48a7-9849-719DDD11D340} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
mRun: [DIGStream] c:\program files\digstream\digstream.exe
mRun: [DIGServices] c:\program files\espnruntime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [acEventServ] "c:\program files\activcard\activcard gold\acevtsrv.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [masqform.exe] c:\program files\pureedge\viewer 6.5\masqform.exe -RunOnce
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [asg984jgkfmgasi8ug98jgkfgfb] c:\windows\temp\avp.exe
dRun: [ygua8e7yhuiesfha876yfauy8fe] c:\windows\temp\zjg73o8170.exe
dRun: [settdebugx.exe] c:\windows\temp\settdebugx.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activc~1.lnk - c:\program files\activcard\activcard gold\agquickp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\ipsecdialer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140949609421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab51411.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab41227.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: acAuth - acauth.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\windows\system32\lululune.dll c:\windows\system32\wiboniza.dll c:\windows\system32\hipolugi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: hejasuway - {0ce7be29-0582-4319-a0ca-7b79915728c7} - No File
SSODL: fufajerat - {88ae71d8-aa55-49e2-a901-616171e4b6b4} - No File
SSODL: yamopikeb - {1a340e18-86f6-4548-a261-0dea663fa871} - No File
SSODL: gagepilos - {988861aa-3814-4085-97b2-0894c749d7db} - No File
SSODL: gimodejem - {de7338c4-c8f5-4a21-bcd0-94232db12d7f} - No File
SSODL: fowofokuk - {ede539c3-693d-4e78-95e3-392df7446221} - No File
STS: {0ce7be29-0582-4319-a0ca-7b79915728c7} - No File
STS: {88ae71d8-aa55-49e2-a901-616171e4b6b4} - No File
STS: {1a340e18-86f6-4548-a261-0dea663fa871} - No File
STS: {988861aa-3814-4085-97b2-0894c749d7db} - No File
STS: {de7338c4-c8f5-4a21-bcd0-94232db12d7f} - No File
STS: {ede539c3-693d-4e78-95e3-392df7446221} - No File
LSA: Notification Packages = scecli dubewefu.dll tehayela.dll yikujesa.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bob\applic~1\mozilla\firefox\profiles\cnutx2fg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=
FF - plugin: c:\itunes\mozilla plugins\npitunes.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-1 64288]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-8-26 334984]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-8-26 53896]
R2 ACachSrv;ActivCard Authentication Service;c:\program files\common files\activcard\acachsrv.exe [2002-12-17 135168]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\common files\activcard\acautoreg.exe [2002-11-29 53248]
R2 Accoca;ActivCard Gold service;c:\program files\common files\activcard\accoca.exe [2002-8-12 159744]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-10-4 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-10-4 177776]
R2 CVPNDRV;Cisco Systems IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [2008-4-8 263751]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-28 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20091231.017\naveng.sys [2010-1-1 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20091231.017\navex15.sys [2010-1-1 1323568]
S0 vjpurzn;vjpurzn;c:\windows\system32\drivers\vjpurzn.sys [2009-12-24 0]
S2 gupdate1c98f2d1aad2568;Google Update Service (gupdate1c98f2d1aad2568);c:\program files\google\update\GoogleUpdate.exe [2009-2-14 133104]
S2 KodakDigitalDisplayService;KodakDigitalDisplayService;c:\program files\kodak\digital display\orbkodaklauncher\DllStartupService.exe [2008-8-14 98304]
S2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-11-15 1756912]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-3 24652]
S3 .lgclo;.lgclo; [x]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys [2002-8-2 47660]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-10-4 83568]
S3 ndisdrv;ndisdrv;\??\c:\windows\system32\ndisdrv.sys --> c:\windows\system32\ndisdrv.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-11-15 169200]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-4-8 141752]

=============== Created Last 30 ================

2010-01-03 19:04:22 0 d-----w- c:\documents and settings\bob\DoctorWeb
2010-01-03 01:27:02 860 ----a-w- c:\windows\system32\krl32mainweq.dll
2010-01-03 01:25:58 202 ----a-w- c:\windows\system32\srcr.dat
2010-01-02 03:25:30 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-02 01:36:37 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-02 01:18:42 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-01 21:11:09 0 d-----w- C:\spoolerlogs
2010-01-01 05:16:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-01 05:16:34 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-01 05:16:34 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 05:47:19 773120 ----a-w- c:\windows\system32\drivers\mnubfe.sys
2009-12-28 11:23:09 0 ----a-w- c:\windows\system32\19169.exe
2009-12-28 11:03:09 0 ----a-w- c:\windows\system32\26500.exe
2009-12-28 09:55:52 152 ----a-w- c:\windows\wininit.ini
2009-12-28 07:47:01 96512 ----a-w- c:\windows\system32\drivers\OLD11.tmp
2009-12-28 05:44:07 2713 --sh--w- c:\windows\system32\fatemoko.exe
2009-12-27 20:31:10 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-12-27 20:31:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-12-27 20:29:52 0 d-----w- c:\program files\CCleaner
2009-12-27 17:40:14 0 ----a-w- c:\windows\system32\131.exe
2009-12-27 17:20:13 0 ----a-w- c:\windows\system32\13280.exe
2009-12-27 17:00:11 0 ----a-w- c:\windows\system32\1926.exe
2009-12-27 16:40:08 0 ----a-w- c:\windows\system32\32235.exe
2009-12-27 16:20:06 0 ----a-w- c:\windows\system32\30103.exe
2009-12-27 16:00:04 0 ----a-w- c:\windows\system32\4955.exe
2009-12-27 15:40:01 0 ----a-w- c:\windows\system32\25443.exe
2009-12-27 15:19:59 0 ----a-w- c:\windows\system32\27373.exe
2009-12-27 14:59:57 0 ----a-w- c:\windows\system32\10443.exe
2009-12-27 14:39:54 0 ----a-w- c:\windows\system32\14442.exe
2009-12-27 14:19:52 0 ----a-w- c:\windows\system32\26331.exe
2009-12-27 13:59:50 0 ----a-w- c:\windows\system32\32547.exe
2009-12-27 13:39:48 0 ----a-w- c:\windows\system32\16758.exe
2009-12-27 13:19:45 0 ----a-w- c:\windows\system32\23360.exe
2009-12-27 12:59:43 0 ----a-w- c:\windows\system32\32107.exe
2009-12-27 12:39:41 0 ----a-w- c:\windows\system32\15069.exe
2009-12-27 12:19:38 0 ----a-w- c:\windows\system32\4067.exe
2009-12-27 11:59:36 0 ----a-w- c:\windows\system32\19818.exe
2009-12-27 11:41:47 2713 --sh--w- c:\windows\system32\pozovata.exe
2009-12-27 11:39:34 0 ----a-w- c:\windows\system32\21109.exe
2009-12-27 11:19:31 0 ----a-w- c:\windows\system32\25291.exe
2009-12-27 10:59:29 0 ----a-w- c:\windows\system32\4925.exe
2009-12-27 10:39:27 0 ----a-w- c:\windows\system32\7465.exe
2009-12-27 10:19:24 0 ----a-w- c:\windows\system32\10952.exe
2009-12-27 09:59:22 0 ----a-w- c:\windows\system32\1911.exe
2009-12-27 09:39:20 0 ----a-w- c:\windows\system32\12729.exe
2009-12-27 09:19:17 0 ----a-w- c:\windows\system32\10257.exe
2009-12-27 08:59:15 0 ----a-w- c:\windows\system32\28269.exe
2009-12-27 08:39:13 0 ----a-w- c:\windows\system32\20996.exe
2009-12-27 08:19:10 0 ----a-w- c:\windows\system32\12041.exe
2009-12-27 07:59:08 0 ----a-w- c:\windows\system32\6369.exe
2009-12-27 07:39:06 0 ----a-w- c:\windows\system32\3766.exe
2009-12-27 07:19:04 0 ----a-w- c:\windows\system32\12839.exe
2009-12-27 06:59:01 0 ----a-w- c:\windows\system32\11519.exe
2009-12-27 06:38:59 0 ----a-w- c:\windows\system32\3236.exe
2009-12-27 06:18:57 0 ----a-w- c:\windows\system32\13443.exe
2009-12-27 05:58:54 0 ----a-w- c:\windows\system32\18789.exe
2009-12-27 05:38:52 0 ----a-w- c:\windows\system32\17023.exe
2009-12-27 05:18:50 0 ----a-w- c:\windows\system32\23304.exe
2009-12-27 04:58:47 0 ----a-w- c:\windows\system32\25302.exe
2009-12-27 04:38:45 0 ----a-w- c:\windows\system32\12174.exe
2009-12-27 04:18:43 0 ----a-w- c:\windows\system32\29865.exe
2009-12-27 03:58:40 0 ----a-w- c:\windows\system32\15869.exe
2009-12-27 03:38:38 0 ----a-w- c:\windows\system32\31129.exe
2009-12-27 03:18:36 0 ----a-w- c:\windows\system32\27768.exe
2009-12-27 02:58:33 0 ----a-w- c:\windows\system32\7749.exe
2009-12-27 02:38:31 0 ----a-w- c:\windows\system32\21648.exe
2009-12-27 02:18:29 0 ----a-w- c:\windows\system32\17581.exe
2009-12-27 01:58:26 0 ----a-w- c:\windows\system32\17150.exe
2009-12-27 01:38:24 0 ----a-w- c:\windows\system32\4465.exe
2009-12-27 01:18:22 0 ----a-w- c:\windows\system32\15624.exe
2009-12-27 00:58:19 0 ----a-w- c:\windows\system32\821.exe
2009-12-27 00:38:17 0 ----a-w- c:\windows\system32\10553.exe
2009-12-27 00:18:15 0 ----a-w- c:\windows\system32\32648.exe
2009-12-26 23:58:12 0 ----a-w- c:\windows\system32\16960.exe
2009-12-26 23:38:10 0 ----a-w- c:\windows\system32\4898.exe
2009-12-26 23:18:08 0 ----a-w- c:\windows\system32\2560.exe
2009-12-26 22:58:05 0 ----a-w- c:\windows\system32\29524.exe
2009-12-26 22:38:03 0 ----a-w- c:\windows\system32\22597.exe
2009-12-26 22:18:01 0 ----a-w- c:\windows\system32\11521.exe
2009-12-26 21:57:58 0 ----a-w- c:\windows\system32\11164.exe
2009-12-26 21:37:56 0 ----a-w- c:\windows\system32\26999.exe
2009-12-26 21:17:54 0 ----a-w- c:\windows\system32\25650.exe
2009-12-26 20:57:51 0 ----a-w- c:\windows\system32\23554.exe
2009-12-26 20:37:49 0 ----a-w- c:\windows\system32\22479.exe
2009-12-26 20:17:46 0 ----a-w- c:\windows\system32\21269.exe
2009-12-26 19:57:44 0 ----a-w- c:\windows\system32\2890.exe
2009-12-26 19:37:43 0 ----a-w- c:\windows\system32\7755.exe
2009-12-26 19:17:43 0 ----a-w- c:\windows\system32\8454.exe
2009-12-26 18:57:42 0 ----a-w- c:\windows\system32\3780.exe
2009-12-26 18:37:42 0 ----a-w- c:\windows\system32\1366.exe
2009-12-26 18:17:41 0 ----a-w- c:\windows\system32\22910.exe
2009-12-26 17:57:41 0 ----a-w- c:\windows\system32\24796.exe
2009-12-26 17:37:40 0 ----a-w- c:\windows\system32\9143.exe
2009-12-26 17:17:40 0 ----a-w- c:\windows\system32\11840.exe
2009-12-26 16:57:39 0 ----a-w- c:\windows\system32\3975.exe
2009-12-26 16:37:38 0 ----a-w- c:\windows\system32\19409.exe
2009-12-26 16:17:38 0 ----a-w- c:\windows\system32\19240.exe
2009-12-26 15:57:37 0 ----a-w- c:\windows\system32\21231.exe
2009-12-26 15:37:34 0 ----a-w- c:\windows\system32\32682.exe
2009-12-26 15:17:33 0 ----a-w- c:\windows\system32\13899.exe
2009-12-26 14:57:33 0 ----a-w- c:\windows\system32\5125.exe
2009-12-26 14:37:32 0 ----a-w- c:\windows\system32\30051.exe
2009-12-26 14:17:32 0 ----a-w- c:\windows\system32\8138.exe
2009-12-26 13:57:31 0 ----a-w- c:\windows\system32\26315.exe
2009-12-26 13:37:31 0 ----a-w- c:\windows\system32\11485.exe
2009-12-26 13:17:30 0 ----a-w- c:\windows\system32\1043.exe
2009-12-26 12:57:30 0 ----a-w- c:\windows\system32\6653.exe
2009-12-26 12:37:29 0 ----a-w- c:\windows\system32\4466.exe
2009-12-26 12:17:28 0 ----a-w- c:\windows\system32\8204.exe
2009-12-26 11:57:28 0 ----a-w- c:\windows\system32\16517.exe
2009-12-26 11:37:27 0 ----a-w- c:\windows\system32\14928.exe
2009-12-26 11:17:26 0 ----a-w- c:\windows\system32\22710.exe
2009-12-26 10:57:26 0 ----a-w- c:\windows\system32\3620.exe
2009-12-26 10:37:25 0 ----a-w- c:\windows\system32\20781.exe
2009-12-26 10:17:25 0 ----a-w- c:\windows\system32\30934.exe
2009-12-26 09:57:24 0 ----a-w- c:\windows\system32\28511.exe
2009-12-26 09:37:24 0 ----a-w- c:\windows\system32\12957.exe
2009-12-26 09:17:24 0 ----a-w- c:\windows\system32\14986.exe
2009-12-26 08:57:23 0 ----a-w- c:\windows\system32\3061.exe
2009-12-26 08:37:23 0 ----a-w- c:\windows\system32\14279.exe
2009-12-26 08:17:22 0 ----a-w- c:\windows\system32\16063.exe
2009-12-26 07:57:22 0 ----a-w- c:\windows\system32\15229.exe
2009-12-26 07:37:21 0 ----a-w- c:\windows\system32\12019.exe
2009-12-26 07:17:21 0 ----a-w- c:\windows\system32\31825.exe
2009-12-26 06:57:20 0 ----a-w- c:\windows\system32\22222.exe
2009-12-26 06:37:20 0 ----a-w- c:\windows\system32\18667.exe
2009-12-26 06:17:19 0 ----a-w- c:\windows\system32\2237.exe
2009-12-26 05:57:19 0 ----a-w- c:\windows\system32\7464.exe
2009-12-26 05:37:17 0 ----a-w- c:\windows\system32\15734.exe
2009-12-26 05:17:16 0 ----a-w- c:\windows\system32\9365.exe
2009-12-26 04:57:16 0 ----a-w- c:\windows\system32\24313.exe
2009-12-26 04:37:15 0 ----a-w- c:\windows\system32\20284.exe
2009-12-26 04:17:15 0 ----a-w- c:\windows\system32\31096.exe
2009-12-25 23:24:28 0 ----a-w- c:\windows\system32\11942.exe
2009-12-25 23:04:28 0 ----a-w- c:\windows\system32\2995.exe
2009-12-25 22:44:27 0 ----a-w- c:\windows\system32\491.exe
2009-12-25 22:24:26 0 ----a-w- c:\windows\system32\9961.exe
2009-12-25 22:04:26 0 ----a-w- c:\windows\system32\16827.exe
2009-12-25 21:44:24 0 ----a-w- c:\windows\system32\23281.exe
2009-12-25 21:24:23 0 ----a-w- c:\windows\system32\28145.exe
2009-12-25 21:03:45 0 ----a-w- c:\windows\system32\5705.exe
2009-12-25 20:43:45 0 ----a-w- c:\windows\system32\24464.exe
2009-12-25 09:37:54 0 ----a-w- c:\windows\system32\26962.exe
2009-12-25 09:17:48 0 ----a-w- c:\windows\system32\29358.exe
2009-12-25 08:57:44 0 ----a-w- c:\windows\system32\11478.exe
2009-12-25 08:37:44 0 ----a-w- c:\windows\system32\15724.exe
2009-12-25 01:56:04 0 ----a-w- c:\windows\system32\6334.exe
2009-12-24 13:16:41 0 ----a-w- c:\windows\system32\drivers\vjpurzn.sys
2009-12-14 10:54:24 5823 --sh--w- c:\windows\system32\badeneke.exe
2009-12-14 10:54:24 5820 --sh--w- c:\windows\system32\tajozejo.exe

==================== Find3M ====================

2010-01-02 20:41:24 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-02 20:41:24 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-12-15 06:03:38 65976 ----a-w- c:\docume~1\bob\applic~1\GDIPFONTCACHEV1.DAT
2009-10-28 14:40:47 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:19 149504 ------w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
2009-10-11 12:17:27 411368 ----a-w- c:\windows\system32\deploytk.dll

============= FINISH: 21:58:07.43 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:19 AM

Posted 12 January 2010 - 08:24 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 tarheelaz

tarheelaz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 16 January 2010 - 11:36 AM

Thanks for the reply. I am going to try now. I wanted to throw in a quick reply so the topic does not close out. I have been away at a school so I have not had a chance to reply.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:19 AM

Posted 16 January 2010 - 12:02 PM

Hi,

please run a scan with gmer as well:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 tarheelaz

tarheelaz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 16 January 2010 - 01:03 PM

Currently I am having difficulty getting my laptop started. I get the blue screen of death and then it goes to the option to start in safe mode, normally or last known configuration. No matter which I choose it keeps going through the same cycle.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:19 AM

Posted 16 January 2010 - 01:04 PM

Hi,

what kind of error code do you get? When does it happen?

Do you have a Windows-CD for that PC?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 tarheelaz

tarheelaz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 16 January 2010 - 01:17 PM

it's giving me a stop 0x0000007e error. there are more in parenthesis but it only flashes on the screen for about 2 seconds before trying to boot in safe mode 9which i have not been able to do since this began). i'll see if i can find the boot cd.

#8 tarheelaz

tarheelaz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 16 January 2010 - 01:19 PM

i have a "application and driver recovery DVD" and "operating system CD"

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:19 AM

Posted 16 January 2010 - 01:56 PM

Hi,

ok, we are going to try to take a blind shot here:
  • Insert the operating system CD-ROM into the CD-ROM drive, and then restart the computer.

  • If your PC is not booting from the CD, you need to change the boot order:
    • Restart your PC
    • As soon as you get an image, press the Setup key. This is usually F2, or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
    • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
    • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
    • The tab should now show your current boot order.
      If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
    • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
  • Your PC should now boot from your XP-CD.
    Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.

  • When the "Welcome to Setup" screen appears, press R to start the Recovery Console.

  • When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.
  • The command prompt should then open, type the following commands into it:

    listsvc

    You should see a long list of entries. Scroll down to the services starting with H and see if you can find one starting with H8srt. If you do write down the name.
  • Press Esc to leave the list
  • Type the following into the command line:

    disable H8srtxxxxx
    Note:Replace H8srtxxxxx with the name you've written down earlier
  • Type exit to leave the recovery console and reboot your PC.
This will disable the rootkit present on your system and hopefully allow you to boot again. If that does not work, it will be difficult to figure out the exact cause of the BSOD and you might be better of doing a clean install than trying to fix the problem.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 tarheelaz

tarheelaz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 16 January 2010 - 02:19 PM

looks like a no go. i still keep getting the blue screen. i hate to reinstall everything because obviously there are some files that i wish to keep and will not be able to recover.

#11 tarheelaz

tarheelaz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 16 January 2010 - 03:03 PM

do you think a complete install is the only way to go? Will this lose all my documents, files, etc? And finally, if it is the way to go, will it rid my laptop of the virus i had?

thanks for all your help so far...

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:19 AM

Posted 16 January 2010 - 04:50 PM

Hi,

you do not need to loose your files, even if you do a reformat. There are a couple of solutions that will allow you to recover your documents from a non-booting CD.

One of these is UBCD4Win. An operating system which you can boot from CD. It would allow you to backup your data to an external flash drive.
This would probably be the best way.

Another option we can try first if you wish, is to create a Hiren's Boot-CD and try to invoke system restore from it, if you have system restore enable. No guarantees that this will work though.

Let me know how you wish to proceed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 tarheelaz

tarheelaz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 16 January 2010 - 04:52 PM

i am willing to try anything to keep from losing my data. which do you recommend?

Edited by tarheelaz, 16 January 2010 - 04:54 PM.


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:05:19 AM

Posted 16 January 2010 - 05:25 PM

Hi,

Let's try to use system restore first, then. It may get your PC back up booting:

Let's now create a boot disc so that you can access your sick OS.....

*** Please print these instructions ***
  • Download Hiren's BootCD Iso to the desktop of a clean computer.
  • Extract the zipped HirensBootCD.zip to your desktop.
  • Open the extracted HirensBootCD folder and extract the zipped HirensBootCD.iso.
  • Double click the BurnToCD.cmd bat file contained in the HirensBootCD folder. This will launch BurnCDCC.
  • Insert a blank CD in your drive.
  • Press Start. This will burn the image to disc. After it has completed...
  • Restart your sick computer and boot from the HBCD you created.
    • If your PC is not booting from the CD, you need to change the boot order:
      • Restart your PC
      • As soon as you get an image, press the Setup key. This is usually F2, F10, F12 or Del. On some machines the key can also be a different one. It should, however, be stated on the screen which key is the setup key.
      • Once you enter the computer's BIOS, use the arrow keys and tab key to move between elements. Press enter to select an item to change.
      • Navigate to the tab, where you can set the boot order. It should be called Boot or Boot order
      • The tab should now show your current boot order.
      • If the CD-drive is not at the top, please navigate to the CD-Rom drive with the keys arrows. Then move it to the top of the list. The keys for switching boot position are usually + to move up and - to move down. However they can be different, but they should be stated in the help, so that you can find them easily.
      • Once the CD-drive is on top of the boot order, navigate to Exit and select Exit saving changes.
    • Your PC should now boot from your CD.
    • Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
  • When the CD boots choose "Start MiniWindowsXP". Allow Windows to load. You will see a typical Windows Desktop.
  • You will be able to access your sick drive and save files/folders from here. Let me know when you have gotten this far and I can guide you.
  • If you have an Ethernet connection you can double click the Network icon on the desktop to gain internet access. You will need to choose the "HBCD tools" icon on your Desktop. Choose "Menu" - "Browsers" - "Opera".
  • You should now be connected to the internet.
Let me know if that worked.

You should also have full access to your disk on that CD, so you could just start backing up your data with it, if you prefer that.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 tarheelaz

tarheelaz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 16 January 2010 - 05:29 PM

got it...i will try this and keep my fingers crossed!

thanks again for your help so far...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users