HP Pavilion Recovery error and inability to get past HP recovery manager

amznwmn

Member
I will try to be as precise as possible and give as much info as I can, but I'm not sure what info is inconsequential and what isn't at this point. But, here goes...

For 2 weeks I have tried to outsmart whoever it is that has had complete remote access to my laptop but changing as many admin permissions and incoming/outgoing connections that I could find to keep them out.

A couple of days ago, I did a system restore to factory settings, thinking this would do it. It didn't; he was still there. He locked me out of all admin tools yesterday.

I have a system recovery disc made about a year ago, and put that in my CD drive tonight, thinking I could completely reformat the drive and wipe him out. However, at start-up, I pushed F2 and came up with a screen that said something about running the disc from E drive (I apologize for not be able to give you specific language but I never thought it would get this far with no progress). However, under the line showing the drive it was booting from, there was another line that started "DETECTHAL /REDIRECT " then went on to say something about "redirect name" and redirect path", none of which sounded legit to me. And considering that this intruder had created so many other fake error/info msgs already, I didn't want to take the chance of this being something else that he had stuck in there.

I backed out of that reboot and restarted. I've subequently tried to restart over a dozen times from the CD, but even in Safe Mode, it reverts to the HP Recovery Manager.

Once there, I go through the prompts to reformat, but then get an error msg that says :error: 0x 400110020000100a. If the problem persists, contact HP."

I can't get past this error, nor can I get any type of command promt to come up (I tried starting in safe mode with command prompt and it reverted back to the recovery manager).

Once the error comes up and I click OK to close it, my laptop restarts and I continue in the same endless cycle.

If I try to boot up without the recovery disc in the CD drive, I get a black screen that says, "Operating system not found".

I am assuming then that my Windows Vista system recovery disc is not working (although if I put it into another computer, I can see the files on it and there doesn't seem to be anything wrong).

I have a backup disc that I made a couple of years ago when I had Norton installed, but have not tried them. Should I?

Also, a friend suggested that I use the recovery discs for my PC (with Windows 2003) just to get an operating system loaded (if it will load automatically from the CD), then go in and try to access the Vista recovery CD.

I wish there was a quick fix to all of this, as its been a very long 2 weeks trying to get this guy out of my laptop, and frustrating because I've been so incredibly unsuccessful.

I know you ask for detailed system information, but I'm not sure what more I can tell you. Please let me know what you need, and I will do my very best to answer.

Any help with this issue would be so so appreciated - beyond words at this point. So, thank you to whoever can help.
 

My Computer

It sounds to me like you have malware. I suggest running malwarebytes.
 

My Computer

System One

  • Operating System
    Vista Home Premium 64 bit SP2
    Manufacturer/Model
    Cyberpower
    CPU
    Intel Quad CPU Q6700 2.67 GHZ
    Motherboard
    NVIDIA 780i
    Memory
    4 GB
    Graphics Card(s)
    MSI GTX 560 TI Twin Frozr
    Sound Card
    Sound Blaster SB Audigy
    Monitor(s) Displays
    Viewsonic VG2436
    Screen Resolution
    1920x1080p
    Hard Drives
    Samsung HD 105SI
    WDC WD20
    Case
    Apevia XJupiter
    Cooling
    air
    Keyboard
    Logitech MX 3200
    Mouse
    Logitech MX 600
    Internet Speed
    30 Mbps
I appreciate the attempt to help, Wither3, and maybe I wasn't as clear as I thought I was in describing the problem.

I CANNOT boot up. PERIOD.

Besides that, Malwarebytes was so long ago...whatever has/had control of my system had created a fake Malwarebytes response window which showed no infected files in less than 10 seconds response time.

When I still had access to my system files and admin tools, I tried to go in and change the incoming/outgoing network connection rules to block all connections. There were so many that I didn't finish in one night so left it where I was at the time.

Next morning, I see that my compter was turned off. Once started, I got a msg that Windows had to restart my computer to install updates. I tried to go back into the admin tool where I was changing the connection rules, but I was locked out of it. Every admin tool I tried to open, I was locked out of. I kept getting a msg off to the side saying an unknown program wanted to access my computer. I declined each time, but in doing so, I still couldn't get back into my admin tools to change anymore settings.

Consequently, I tried doing a system restore back to factory settings the following day, thinking that would get rid of this "thing" that had control.

Unfortunately, even after a system restore to factory settings, it was still there.

At that point, I was told I should try to use the system recovery disc to reformat the drive, etc. However, when I initially put the disc in and tried to access it to boot from it, that's when I got the "Detecthal/ Redirect" command line asking me to accept that command or cancel. I chose to cancel.

Since then, I cannot get past the error msg in system recovery manager. No matter what safe mode I boot into, it reverts to the system recovery manager and I go through the first few steps until it again and again gives me the error msg I mentioned before.

I don't know if this "thing" somehow corrupted my recovery disc and that's why I get the error msg? I did copy the files off the recovery CD onto a flash drive but I'm not sure how to access that at boot up.

I tried going into the Bios but the only thing I had access to change was the boot up order. I wasn't given any other options to do anything, or run any commands - nothing.

I read some other posts last night abut booting up from a command prompt, and thought I might try booting into safe mood with command prompt again and see if I even get the option to enter a prompt. If I do, then I would enter "rstrui" and try to restore the system that way.

I haven't done any of this yet, but if I shouldn't, please let me know now - although I'm not sure how much more I can mess up my system....it seems to be pretty much toast right now.

Any ideas??
 

My Computer

My Computer

System One

  • Operating System
    Vista Home Premium 64 bit SP2
    Manufacturer/Model
    Cyberpower
    CPU
    Intel Quad CPU Q6700 2.67 GHZ
    Motherboard
    NVIDIA 780i
    Memory
    4 GB
    Graphics Card(s)
    MSI GTX 560 TI Twin Frozr
    Sound Card
    Sound Blaster SB Audigy
    Monitor(s) Displays
    Viewsonic VG2436
    Screen Resolution
    1920x1080p
    Hard Drives
    Samsung HD 105SI
    WDC WD20
    Case
    Apevia XJupiter
    Cooling
    air
    Keyboard
    Logitech MX 3200
    Mouse
    Logitech MX 600
    Internet Speed
    30 Mbps
Sounds to me like the "detecthal" is perfectly legitimate. "Hardware Abstraction Layer", not "HAL" as some nickname for a hacker (callback to 2001: A Spacey Odyssey).

Anyway, you do a complete system restore to factory settings and you still have this problem. This is VERY strange. I'm assuming you have uncorrupted original media. Having reformatted your hard drive and reinstalled the operating system, this should have gotten rid of every trace of the malware.

The only things I can think of at this point are this:
1) Your CMOS is infected somehow. This is the boot firmware that resides in your CPU, and remains as-is even after a complete operating system installation. For someone to infect this, it would take incredible talent. If you're not working for some company in an important position where people would want to steal company secrets, it's highly unlikely that your CMOS is infected.
2) Your network is not sufficiently protected. Whenever you are connected, some devious person that is trying to make your life miserable is monitoring your presence. As soon as you're on the network during the operating system install, they hack into you before you can set the administrator password.

First and foremost, do your reset to system factory defaults OFF LINE. Why give anyone the chance to touch your computer? Get it off the network. Doing it wirelessly and don't know how to prevent it? Turn off your router so your computer can't find the network, then go into your control panel to disable wireless. Second, use another computer to download a good firewall, then install it on your computer after restoring the operating system. Once you have this, then you can allow your computer to access the Internet. Third, get WPA2 or better security setup on your router. And finally, maybe you have a deficient router? Consider upgrading to a more robust one.
 

My Computer

System One

  • Manufacturer/Model
    HP Pavillion dv5t
    CPU
    Intel Core Duo 2.53GHz
    Memory
    4Gb
    Graphics Card(s)
    NVidia GeForce 9600M GT 512Mb
    Screen Resolution
    1280x800 32bit
    Hard Drives
    Seagate Momentus XT 500Gb
    Hitachi Travelstar HTS543225L9A300 250Gb
    Mouse
    Microsoft 4000
Back
Top