Infected PC despite multiple scans(hjt log attached)

By novice101
Jul 18, 2007
Topic Status:
Not open for further replies.
  1. Even after turning active monitoring programs off, showing all files and folders including hidden and system, safe-mode booting, rescanning using HouseCall, NIS 2007, AVG antispyware, Ad-Aware SE Personal, windows defender, etc. still getting unwanted twenty-plus Internet Explorer self generating pop-up browser pages hogging cpu resources & paralysing computer. Repeated IE pages include 'counterstrike', 'qaz2007' etc.

    I created HJT 2.0.2 and Combofix logs as per your website instructions and are both attached as txt files.

    Please Analyse and provide detailed restoration instructions.
    Thank you
  2. kitty500cat

    kitty500cat Newcomer, in training Posts: 2,407   +6

    Hello and welcome to TechSpot.

    Please do the following.

    Run HJT and do a system scan. Place a check in the box next to the following entries (if there):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [http]ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [http]www.gozobil.lx.ro
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [http]www.gozobil.lx.ro
    1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [http]www.gozobil.lx.ro
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [http]www.gozobil.lx.ro
    F3 - REG:win.ini: run=C:\WINDOWS\system32\winlogin.exe
    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

    Click the Fix Checked button. Wait until it's done fixing, then close HijackThis.

    Please navigate to www.virustotal.com.

    In the Upload a file section, click the Choose... button.

    Navigate to the following file:

    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

    Click the Open button, then click Send File.

    Make note of the results.

    In Windows Explorer, turn on "show all files and folders, including hidden and system." See how HERE.

    Search your system for the filename info.exe and make note of the locations where the file is found. Delete all instances of the file, then post here where the file was located. Also post the VirusTotal results, as well as fresh HijackThis and ComboFix logs.

    Please post an AVG Anti-Spyware log and the AVG Anti-Rootkit scan results as per this thread.

    Regards :)

    This thread is for the use of novice101 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.