Hello and welcome to TechSpot.
Please do the following.
Run HJT and do a system scan. Place a check in the box next to the following entries (if there):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [http]ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [http]www.gozobil.lx.ro
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [http]www.gozobil.lx.ro
1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [http]www.gozobil.lx.ro
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [http]www.gozobil.lx.ro
F3 - REG:win.ini: run=C:\WINDOWS\system32\winlogin.exe
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
Click the Fix Checked button. Wait until it's done fixing, then close HijackThis.
Please navigate to
www.virustotal.com.
In the
Upload a file section, click the
Choose... button.
Navigate to the following file:
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
Click the
Open button, then click
Send File.
Make note of the results.
In Windows Explorer, turn on "show all files and folders, including hidden and system." See how
HERE.
Search your system for the filename
info.exe and make note of the locations where the file is found. Delete all instances of the file, then post here where the file was located. Also post the VirusTotal results, as well as fresh HijackThis and ComboFix logs.
Please post an AVG Anti-Spyware log and the AVG Anti-Rootkit scan results as per
this thread.
Regards
This thread is for the use of novice101 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.