Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Alureon.H; Patched-SYSFile.d, perhaps more?


  • This topic is locked This topic is locked

#31
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Shows you how long it is since I used that programme I had my syntax wrong :D

So I will do it manually

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

Download and run ERUNT http://www.larsheder...nline.de/erunt/

Start ERUNT, confirm the Welcome message.

Type in the name of a restore folder where the backed up registry
files should be saved, or click "..." to browse your computer's drives
and select a folder. You can also simply leave the default, which is a
folder named ERDNT inside your Windows folder, the advantage being
that you have access to this folder from the Windows Recovery Console
in case Windows does not boot anymore.


Next, select the backup options:

- System registry:

- Current user registy: .

- Other open user registries:

Click "OK" and wait until the backup process is complete. (Note that
depending on your system configuration this may take some time, and
that the first bar is NOT a progress bar, just an indicator that the
program is still running.) The ERDNT program for later restoration of
the registry is automatically copied to the restore folder.

WARNING these fixes are designed for this user only and may cause damage if run on an uninfected machine

REGISTRY FIX

REGEDIT4

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer]
"DisableMSI" =-

[HKLM\Software\Policies\Microsoft\Windows\Installer]
"DisableMSI" =-



Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop Posted Image

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.
  • 0

Advertisements


#32
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Ok, I finished ERUNT and the regfix, and rebooted just for fun. :D I already had the ERUNT installed, but ran it again anyway, checking all three user options this time. Now what do I need to do?

(BTW, a real teacher - as you clearly are - is never afraid to admit error or keep learning! 25-year language teacher here telling you this!)
  • 0

#33
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now rety installing Java and let me know of any errors :D

I was a teacher for about 15 years in the RN, acoustics and oceanography
  • 0

#34
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
I wasn't sure if this last exercise was meant to fix that, so I'm afraid I already did try, and with no success. Same message appears.

My older son briefly had a roommate who got so frustrated with his laptop that he took it outside and blasted it to smithereens with his 12 gauge.

1. It's probably good that he was only briefly my son's roommate.

2. It's VERY good that I don't have a 12 gauge.

Quite a combination, acoustics and oceanography. My science passion is meteorology, but I did do some oceanography, as well as physical geology. Absolutely fascinating! I especially loved learning about the Coreolis effect.
  • 0

#35
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets try with the proper syntax now

Click Start, Run, type cmd click ok.

Copy and paste the following to the command prompt.
SWReg QUERY "HKCU\Software\Policies\Microsoft\Windows\Installer" >> C:\msi.txt
press enter

type exit and press enter to close the cmd window.

Go to C:\ and find the file msi. Double click on that file to open it. Then, please copy/paste its contents in your reply.
  • 0

#36
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Here are the contents of the msi file:

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

SWReg EXPORT KeyName FileName [/nt4]

Keyname ROOTKEY\SubKey (local machine only)
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY
FileName The name of the disk file to export
/nt4 Output reg file as old NT4 format

Examples:

SWReg EXPORT HKLM\Software\MyCo\MyApp AppBkUp.reg /nt4
Exports all subkeys and values of the key MyApp to the file AppBkUp.reg
in the nt4 reg format

SWReg EXPORT HKLM\Software\MyCo MyCoBkUp.reg
Exports the hive MyCo to the file MyCoBkUp.reg

DISCLAIMER
Official download location: SteelWerX (http://www.xs4all.nl/~fstaal01)
Mirrors: Atribune.org (http://www.atribune.org)
BleepingComputer.com (http://www.bleepingcomputer.com)

SteelWerX is not liable for damages of any kind arising from the use of
this program.

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

SWReg EXPORT KeyName FileName [/nt4]

Keyname ROOTKEY\SubKey (local machine only)
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY
FileName The name of the disk file to export
/nt4 Output reg file as old NT4 format

Examples:

SWReg EXPORT HKLM\Software\MyCo\MyApp AppBkUp.reg /nt4
Exports all subkeys and values of the key MyApp to the file AppBkUp.reg
in the nt4 reg format

SWReg EXPORT HKLM\Software\MyCo MyCoBkUp.reg
Exports the hive MyCo to the file MyCoBkUp.reg

DISCLAIMER
Official download location: SteelWerX (http://www.xs4all.nl/~fstaal01)
Mirrors: Atribune.org (http://www.atribune.org)
BleepingComputer.com (http://www.bleepingcomputer.com)

SteelWerX is not liable for damages of any kind arising from the use of
this program.

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

SWReg EXPORT KeyName FileName [/nt4]

Keyname ROOTKEY\SubKey (local machine only)
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY
FileName The name of the disk file to export
/nt4 Output reg file as old NT4 format

Examples:

SWReg EXPORT HKLM\Software\MyCo\MyApp AppBkUp.reg /nt4
Exports all subkeys and values of the key MyApp to the file AppBkUp.reg
in the nt4 reg format

SWReg EXPORT HKLM\Software\MyCo MyCoBkUp.reg
Exports the hive MyCo to the file MyCoBkUp.reg

DISCLAIMER
Official download location: SteelWerX (http://www.xs4all.nl/~fstaal01)
Mirrors: Atribune.org (http://www.atribune.org)
BleepingComputer.com (http://www.bleepingcomputer.com)

SteelWerX is not liable for damages of any kind arising from the use of
this program.

SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

SWReg EXPORT KeyName FileName [/nt4]

Keyname ROOTKEY\SubKey (local machine only)
ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey The full name of a registry key under the selected ROOTKEY
FileName The name of the disk file to export
/nt4 Output reg file as old NT4 format

Examples:

SWReg EXPORT HKLM\Software\MyCo\MyApp AppBkUp.reg /nt4
Exports all subkeys and values of the key MyApp to the file AppBkUp.reg
in the nt4 reg format

SWReg EXPORT HKLM\Software\MyCo MyCoBkUp.reg
Exports the hive MyCo to the file MyCoBkUp.reg

DISCLAIMER
Official download location: SteelWerX (http://www.xs4all.nl/~fstaal01)
Mirrors: Atribune.org (http://www.atribune.org)
BleepingComputer.com (http://www.bleepingcomputer.com)

SteelWerX is not liable for damages of any kind arising from the use of
this program.


SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

Error: Key: software\policies\microsoft\windows\installer does not exist!


SteelWerX Registry Console Tool 3.0
Written by Bobbi Flekman 2006 ©

HKEY_CURRENT_USER\software\policies\microsoft\windows\installer
  • 0

#37
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Right that shows nothing under that key - so lets update the installer

Please go here and download WindowsInstaller-KB884016-v2-x86.exe which is the bottom button this does not use the installer as it is an exe file

Is just Java giving the problem ?
  • 0

#38
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
"Setup has detected that the Service Pack version of this system is newer than the update you are applying. There is no need to install this update."

Yes, Java is the only thing I've not been able to install.

If I were to go through all the steps for removing an Alureon.F outlined here (http://www.geekstogo...ogle-redirects/), would it cause any harmful effects if nothing were there?

Also, is there such a thing as a fake Google toolbar? There was one attached to what I thought was an Adobe Flash Player download, but now I'm thinking I screwed up again.

(You don't happen to have a 12-gauge handy, do you?)
  • 0

#39
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No if there was anything there like that then Combofix would also have detected it

I am trying to figure out why it is java that is playing up 'tis curious

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Once done lets look at your system and see where that Google bar is :D

We will use a different programme this time to ring the changes

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Select All Users
  • Under additional scans select the following
    Reg - NetSvcs
    Reg - Shell Spawning
    Evnt - EventViewer Logs (Last 10 Errors)
    File - Lop Check
    File - Purity Scan

  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Please attach the log in your next post.

  • 0

#40
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
I used the JavaRa that I'd already downloaded and installed. Then I did the updates, and tried to download/save it to the desktop. The first time I tried to download/save it, it stalled on 0% for about 20 minutes. I canceled, then began anew. Since I already had that downloaded as well, it asked if I wanted to replace it, and I said yes. It wouldn't install.

So, I went through the JavaRa steps again, then the update steps, then deleted the two I'd downloaded from before* and tried to run it straight from the website rather than save/then install.

It wouldn't install. Same Windows Installer message. :D


*I had downloaded it in Normal Mode into a G2G folder I'd made on the desktop. Then, I downloaded it in Safe Mode Administrator. Later, I tagged the Normal Mode folder as shared so I could get to it from anywhere. Who says you can't be in two places at the same time?! I am officially beside myself.
  • 0

Advertisements


#41
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK the next stage is to remove the entire key, windows will re-create this key if it is ever required again so it is not a problem

REGISTRY FIX

REGEDIT4

[-HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer]

[-HKLM\Software\Policies\Microsoft\Windows\Installer]


Next you will need to create the repair registry fix to do that copy and paste ALL of the above in the quote box to a notepad file. Ensure there is no space above the REGEDIT4.
Then in notepad go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES
Then in the FILE NAME box type fix.reg
This will create a fix.reg file on your desktop Posted Image

To use this file you will need to right click the icon and select merge, accept the warning if it appears and you are done.
  • 0

#42
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Done.

Rebooted into safe mode Administrator. Opened JavaRa, chose "check for updates," downloaded and tried to run Java.

Got. The. Same. Darn. Message.

I started doing a little sniffing around and found this. Maybe you can make more sense out of it than I, although what little I did pick up seems to bode ill for me.

http://bugs.sun.com/...?bug_id=6205814
  • 0

#43
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
*doing the happy dance* :D

I did it! (screen shot below)


Posted Image



I was wandering through Event Viewer, trying to pinpoint when something might have happened, or I might have done something. Two-three weeks ago, maybe more, I messed around with DEP because IE tabs kept getting closed/reopened and that was one of the suggestions, so I undid it, tried the download, and it worked!

*happy dancing*

I still get tabs closing/reopening, and hung applications, BUT --> Java's in like Flynn!

The Event Viewer is FUUUUUULL of little red x's, mostly for Bonjour Services, crypt32, DCOM.

Ok, Teacher, what's next?
  • 0

#44
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK then lets now try an experiment to see if the opening tabs can be cured. I am currently using IE9 beta and I find it very secure, would you be prepared to give it a go ? If you do not like it you can uninstall it :D

The download link is here

Also what do we have remaining in the problem area
  • 0

#45
shelovestomuse

shelovestomuse

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
I don't have Windows 7, and my XP Pro is 32-bit. Does that matter?

Also, since you didn't say anything about the plethora of Event Viewer errors, can I assume it's fixable, related to the opening/closing tabs, or relatively normal?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP