Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Deep rooted browser hijack? [Solved]


  • This topic is locked This topic is locked

#76
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
You could be right re Windows...often wondered when I bought it new why several HP packages which were supposed to be installed, weren t...possible corrupt install from factory? Anyway, over the last year i have had one or two blue screen moments, crash dump, just did it again when I went to use kaspersky followed by an error code, after which I rebooted (no problem rebooting) as per the error attached from Kaspersky...images attached for both. I will now download Kaspersky again from your link and run the scans you advise in this window, if I can. Will let you know how it progresses.

Attached Thumbnails

  • 2014-02-26 16.49.35.jpg
  • 2014-02-26 17.00.47.jpg

  • 0

Advertisements


#77
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Another quick addenda in case I forget, on occasions I have been asked to use Startup Repair, this does not work either, on several occasions I have used, finished scanning only to be told Do You Want To Go To System Restore....which again doesn t sort any of the problems.

Edited by Zanshin, 26 February 2014 - 10:26 AM.

  • 0

#78
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
And again an addenda......just had a second blue screen when trying to load Kaspersky, same dump message as before...rebooted normally and tried again. Finally managed to get the App to work and now just come back to G to Go to re collect the scanning codes.
  • 0

#79
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Ranscript and didnt reboot but did give an analysis...here, will now reboot and run another analysis scan.

26/02/2014 17:43:41 Task started Manual Disinfection
26/02/2014 17:43:45 1.1 Searching for user-mode API hooks
26/02/2014 17:43:45 Analysis: kernel32.dll, export table found in section .text
26/02/2014 17:43:45 IAT modification detected: CreateProcessA - 003F0010<>77261072
26/02/2014 17:43:45 Analysis: ntdll.dll, export table found in section .text
26/02/2014 17:43:45 Analysis: user32.dll, export table found in section .text
26/02/2014 17:43:45 Analysis: advapi32.dll, export table found in section .text
26/02/2014 17:43:45 Analysis: ws2_32.dll, export table found in section .text
26/02/2014 17:43:45 Analysis: wininet.dll, export table found in section .text
26/02/2014 17:43:45 Analysis: rasapi32.dll, export table found in section .text
26/02/2014 17:43:45 Analysis: urlmon.dll, export table found in section .text
26/02/2014 17:43:45 Analysis: netapi32.dll, export table found in section .text
26/02/2014 17:43:49 1.2 Searching for kernel-mode API hooks
26/02/2014 17:43:49 Error loading driver - scan interrupted [C000036B]
26/02/2014 17:44:13 1.4 Searching for masking processes and drivers
26/02/2014 17:44:13 Checking not performed: extended monitoring driver (AVZPM) is not installed
26/02/2014 17:44:13 1.5 Checking of IRP handlers
26/02/2014 17:44:13 Error loading driver - scan interrupted [C000036B]
26/02/2014 17:44:13 Processing error AVZ Guard error: C000036B Error code: 00000000
26/02/2014 17:44:13 Delete file: C:\Users\Ady\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
26/02/2014 17:44:13 >>>To delete the file C:\Users\Ady\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE reboot is required
26/02/2014 17:44:13 Removing traces of deleted files...
26/02/2014 17:44:20 Script executed without errors
26/02/2014 17:44:20 Task completed Manual Disinfection
  • 0

#80
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Further update....rebooted, started Kaspersky and top left appeared a small Windows window....."Windows Sys 32 Drivers" which appeared to be moving files...no sooner had it started for a few seconds then it went straight to Physical Dump blue screen as before. Windows is now taking longer to reboot each time with blank black screen for several seconds. Will now try another Kasperky initialise and if anothe blue screen comes up, I will reboot, inform you then await firther instructions.
  • 0

#81
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
latest log after getting kasperky to respond attched.

Attached Files


  • 0

#82
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Here is the OTL report.


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ady\Desktop\cmd.bat deleted successfully.
C:\Users\Ady\Desktop\cmd.txt deleted successfully.
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection* 30 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Local Area Connection* 30:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::70ea:da19:89f3:dbf%14
Default Gateway . . . . . . . . . :
Tunnel adapter Reusable ISATAP Interface {039343E4-2FD7-41BA-BE59-88D657499E3A}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{5179CD7B-B6E6-467C-8ABF-50995E4E3FF2}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Reusable ISATAP Interface {E0F93BB5-F3B3-460E-A3AD-BE088DE676D0}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{CF0FCCE9-2683-4924-A426-0514764868E0}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{7C178361-6FF2-40FC-96AC-F2842E05C8ED}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{685FF4FD-A7DD-48F7-BFA3-DCCF7D4653DD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Reusable ISATAP Interface {09858E09-C357-49C1-95CD-063E4F534D11}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Ady\Desktop\cmd.bat deleted successfully.
C:\Users\Ady\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection* 30 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Local Area Connection* 30:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::70ea:da19:89f3:dbf%14
IPv4 Address. . . . . . . . . . . : 192.168.1.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
Tunnel adapter Reusable ISATAP Interface {039343E4-2FD7-41BA-BE59-88D657499E3A}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{5179CD7B-B6E6-467C-8ABF-50995E4E3FF2}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Reusable ISATAP Interface {E0F93BB5-F3B3-460E-A3AD-BE088DE676D0}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{CF0FCCE9-2683-4924-A426-0514764868E0}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Local Area Connection* 13:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{7C178361-6FF2-40FC-96AC-F2842E05C8ED}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{685FF4FD-A7DD-48F7-BFA3-DCCF7D4653DD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Reusable ISATAP Interface {09858E09-C357-49C1-95CD-063E4F534D11}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Ady\Desktop\cmd.bat deleted successfully.
C:\Users\Ady\Desktop\cmd.txt deleted successfully.
< netsh winsock reset /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Ady\Desktop\cmd.bat deleted successfully.
C:\Users\Ady\Desktop\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Ady\Desktop\cmd.bat deleted successfully.
C:\Users\Ady\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Ady
->Temp folder emptied: 624356286 bytes
->Temporary Internet Files folder emptied: 93790501 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 4658 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 1965056 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 150736 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 132490653 bytes

Total Files Cleaned = 813,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02262014_181754

Files\Folders moved on Reboot...
C:\Users\Ady\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ady\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#83
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
At this stage you would probably be best backing up all the data that you need and factory resetting the computer

What is the model of HP that you have ?
  • 0

#84
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
I had a wine spillage over the keyboard last year and it took a local computer guy when replacing it a little time to find this product code... HP Pavilion g6-2011sa Notebook PC .....although when I go to HP for updates on software or downloads it doesnt seem to recognise the code....possible because I bought it in Spain?....although that should make no differnce at all.
  • 0

#85
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you follow the steps on this page you will be able to restore the computer to its factory settings. But, don't forget to back up any licences and important files first http://h10025.www1.h...257239&sw_lang=

•Factory Reset: Factory Reset removes all partitions, reformats the entire hard drive, reinstalls the original operating system, and reinstalls all the original hardware drivers and software. This option also recreates the required Recovery partition (usually D:) and UEFI partition (usually E:) and reinstalls the required software.

The Factory Reset option returns all of the notebook's software to the condition it was in at the time of purchase. All user changes or additions are removed


  • 0

Advertisements


#86
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Ok thanks EB...will have to buy an external HD first for back up.
  • 0

#87
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry we could not repair it but the damage appeared to be to deep
  • 0

#88
Zanshin

Zanshin

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
Thanks for all your help and trying so long. Zanshin out.
  • 0

#89
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP