Infected PC despite multiple scans(hjt log attached)

By novice101
Jul 18, 2007
  1. Even after turning active monitoring programs off, showing all files and folders including hidden and system, safe-mode booting, rescanning using HouseCall, NIS 2007, AVG antispyware, Ad-Aware SE Personal, windows defender, etc. still getting unwanted twenty-plus Internet Explorer self generating pop-up browser pages hogging cpu resources & paralysing computer. Repeated IE pages include 'counterstrike', 'qaz2007' etc.

    I created HJT 2.0.2 and Combofix logs as per your website instructions and are both attached as txt files.

    Please Analyse and provide detailed restoration instructions.
    Thank you
  2. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Hello and welcome to TechSpot.

    Please do the following.

    Run HJT and do a system scan. Place a check in the box next to the following entries (if there):

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [http]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [http]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [http]
    1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [http]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [http]
    F3 - REG:win.ini: run=C:\WINDOWS\system32\winlogin.exe
    O1 - Hosts:
    O1 - Hosts:
    O2 - BHO: (no name) - SOFTWARE - (no file)
    O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)

    Click the Fix Checked button. Wait until it's done fixing, then close HijackThis.

    Please navigate to

    In the Upload a file section, click the Choose... button.

    Navigate to the following file:

    C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

    Click the Open button, then click Send File.

    Make note of the results.

    In Windows Explorer, turn on "show all files and folders, including hidden and system." See how HERE.

    Search your system for the filename info.exe and make note of the locations where the file is found. Delete all instances of the file, then post here where the file was located. Also post the VirusTotal results, as well as fresh HijackThis and ComboFix logs.

    Please post an AVG Anti-Spyware log and the AVG Anti-Rootkit scan results as per this thread.

    Regards :)

    This thread is for the use of novice101 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our Security and the Web forum.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...