Infected PC despite multiple scans(hjt log attached)

Status
Not open for further replies.
Even after turning active monitoring programs off, showing all files and folders including hidden and system, safe-mode booting, rescanning using HouseCall, NIS 2007, AVG antispyware, Ad-Aware SE Personal, windows defender, etc. still getting unwanted twenty-plus Internet Explorer self generating pop-up browser pages hogging cpu resources & paralysing computer. Repeated IE pages include 'counterstrike', 'qaz2007' etc.

I created HJT 2.0.2 and Combofix logs as per your website instructions and are both attached as txt files.

Please Analyse and provide detailed restoration instructions.
Thank you
 
Hello and welcome to TechSpot.

Please do the following.

Run HJT and do a system scan. Place a check in the box next to the following entries (if there):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [http]ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [http]www.gozobil.lx.ro
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [http]www.gozobil.lx.ro
1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [http]www.gozobil.lx.ro
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [http]www.gozobil.lx.ro
F3 - REG:win.ini: run=C:\WINDOWS\system32\winlogin.exe
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

Click the Fix Checked button. Wait until it's done fixing, then close HijackThis.

Please navigate to www.virustotal.com.

In the Upload a file section, click the Choose... button.

Navigate to the following file:

C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

Click the Open button, then click Send File.

Make note of the results.

In Windows Explorer, turn on "show all files and folders, including hidden and system." See how HERE.

Search your system for the filename info.exe and make note of the locations where the file is found. Delete all instances of the file, then post here where the file was located. Also post the VirusTotal results, as well as fresh HijackThis and ComboFix logs.

Please post an AVG Anti-Spyware log and the AVG Anti-Rootkit scan results as per this thread.

Regards :)

This thread is for the use of novice101 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
 
Status
Not open for further replies.
Back