Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Deep rooted browser hijack? [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Intriguing, did you install or update any programmes yesterday ?

Lets have another look see

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Select LOP and Purity
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    c:\program files (x86)\Google\Desktop
    c:\program files\Google\Desktop
    dir "%systemdrive%\*" /S /A:L /C
    /md5start
    rpcss.dll
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Attach both logs

  • 0

Advertisements


#17
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Hi again, no have not done any updates nor downloaded anything at all. Microsoft did have one update yesterday morning on shutdown but long before I went through your process. It also did one update this morning on shutdown. One oddish thing though, before I contacted you, I tried to do a system restore to see if that got rid of the gremlin, but no restore points were available apart from one 24 hours old.
Files attached.

Attached Files

  • Attached File  Extras.Txt   123.56KB   110 downloads
  • Attached File  OTL.Txt   196.15KB   42 downloads

  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The system restore point is the one created when the system was running properly ...

Could you temporarily uninstall the following two programmes :

IE New Window Maximizer
IObit


Then we will run an OTL fix again and follow that up with resetting IE as before

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm019^LESLA^es&si=COGn69Xk9LQCFW_KtAod0H8AQA&ptb=5C95F48D-62C8-420B-975D-1EA1228BE01F&psa=&ind=2013011911&st=sb&n=77fc1fc7&searchfor={searchTerms}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.


:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#19
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Ady
->Temp folder emptied: 4236831 bytes
->Temporary Internet Files folder emptied: 509575 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 92052035 bytes
->Flash cache emptied: 14907701 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1740203 bytes
->Flash cache emptied: 53664 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64108 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 11637026 bytes

Total Files Cleaned = 119,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02202014_193934

Files\Folders moved on Reboot...
C:\Users\Ady\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ady\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you could now reset IE as before and check that it works. If it does then shut the computer down for 10 minutes. Reboot and check IE again, let me know the result please
  • 0

#21
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Results good
:thumbsup: My Google desktop icon was inoperable but got a new one and it works fine, including all links through emails etc. Just a thought...can the virus/malware be contained in desktop icons?...or perhaps the code that links them? I tried to deal with a similar problem on a friends computer recently and using old d/top icons resulted in a lot of strange behaviour, when I renewed the internet desktop icons the long eay round, the problem seemed to go away.
As usual, I will give you a progress report late tomorrow, and again, in advance, many many thanks.

Adrian.
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The main thing is to see if it holds after the system has been shutdown then rebooted.
  • 0

#23
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
I followed your procedure exactly including ten min shutdown...do you want me to shut down before bed? as i usually leave it on all the time.
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If that is OK it would be a good test. My current theory is that Iobit was reinstating the registry entries for IE as a part of it protection
  • 0

#25
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Ok, fine. Is it a fault with Advanced system care 7 which I recently upgraded to from 6? I have been using it for years and also frequent a boating forum where there are a number of IT prfessionals who recommend it to others. Also, do you see a problem with redownloading A S Care 7?

p.s. Have a good evening.

Edited by Zanshin, 20 February 2014 - 03:23 PM.

  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No not at all, although most of the functions it has are actually built into windows :)
  • 0

#27
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Hi EB,
mixed news Im afraid. IE is working correctly but quite sluggish at the momemnt. A number of things seem to have gone tits up since this morning. I wnent to do a Windows/microsoft update...there were 4.....2 important and 2 additional. Since then I have tried without success to download/install updates but always error messages. 3 have down loaded after difficulty and several times trying but one just wont download/install. The error messages have been...
Code 8024200D, 800F0203, and latest has been Windows Update has encountered problems code 80242000.
Also, sound has disappeared on the laptop, Graphics card has a yellow triangle against it when searching audio/video problems/solutions and two yellow triangles against MTP USB and another against Easy Transfer cable in the system settings.
Besides which, I tried to do an HP update with all drivers and software but at the end of it when I reboot, Start Up repair kicks in and at the end it says not working. You tube clips have graphics but no sound, in house videos are pixelating when playing and also no sound.....where the heck do I go from here??

Edited by Zanshin, 21 February 2014 - 01:21 PM.

  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK use the last restore point that was made by OTL

Then Run the MS fixit on this page http://support.micro...windows_update/

Once done then just download the updates but do not install yet

Let me know if all anciliary bits are working.. Video, sound etc
  • 0

#29
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
You ll have to guide me to where to access the last restore point please in OTL, also my OTL is in Spanish....Im in Andalucia....so although I speak reasonably, understanding computer jargon id a bit different.
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK here we go :)
In the search box in the start menu type rstrui.exe

Then click the file that appears at the top

When the dialogue opens select next and the following page will appear



Select the restore point created by OTL (this will be before the windows updates )
Then click next and allow the computer to restore
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP