Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't access google's search results


  • This topic is locked This topic is locked
1 reply to this topic

#1 forever_jesslyn

forever_jesslyn

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 16 July 2009 - 01:16 PM

A few months ago, my computer was infected with malware. However, I got rid of it by downloading a malware removal tool. Since my computer has been infected, it's been running really slow. Also, whenever I search something up on google it takes even longer, and then when I click on a search result link it brings me to this page that says "Redirecting..." before it brings me to this weird ad page. I tried scanning the computer with a variety of anti-virus scanners, but all of them came up with nothing. I posted this question on Yahoo! Answers and a guy told me to go to this website (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) and run ComboFix. I did what it said and this is what I came up with. Can someone tell me what to do next? (BTW, i don't know why some of it is in Chinese; my sister used this Chinese software for her school project once, but I uninstalled it.) Thanks!

ComboFix 09-07-14.08 - HP_Administrator 16/07/2009 10:53.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.886.1033.18.959.509 [GMT -7:00]
執行位置: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
.
/wow section - STAGE 完成項目3
The syntax of the command is incorrect.

/wow section 未完成

((((((((((((((((((((((((( 2009-06-16 至 2009-07-16 的新的檔案 )))))))))))))))))))))))))))))))
.

2009-07-16 06:20 . 2009-07-16 17:53 878112 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-16 06:20 . 2009-07-16 17:53 27936 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-07-16 06:08 . 2009-07-16 17:34 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-07-16 06:08 . 2009-07-16 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-07-16 06:07 . 2009-07-16 06:07 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 17:33 . 2008-07-25 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-16 06:27 . 2009-07-16 06:20 1748 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-16 06:27 . 2009-07-16 06:20 1148 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-06-28 01:11 . 2005-12-27 15:56 -------- d-----w- c:\program files\Google
2009-06-27 16:23 . 2005-12-27 15:37 -------- d-----w- c:\program files\Microsoft Money 2005
2009-06-16 14:55 . 2004-08-10 05:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2004-08-10 05:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:24 . 2004-08-10 05:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 23:41 . 2009-06-02 23:41 390664 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-23 04:28 . 2005-12-27 15:59 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-23 04:26 . 2005-12-27 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-05-23 01:46 . 2006-11-08 04:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\NJStar
2009-05-23 01:46 . 2006-11-08 04:28 -------- d-----w- c:\program files\NJStar Chinese WP
2009-05-22 22:40 . 2009-05-15 01:42 -------- d-----w- c:\program files\AppRanger
2009-05-22 22:40 . 2009-05-15 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AppRanger
2009-05-22 02:06 . 2009-05-22 02:06 -------- d-----w- c:\program files\Citrix
2009-05-07 15:44 . 2004-08-10 05:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2004-08-10 05:00 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-10 05:00 81920 ----a-w- c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-12 185896]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"PCDrProfiler"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-05-22 02:06 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R4 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys --> c:\windows\system32\Drivers\avgtdix.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - AvgLdx86
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


.
------- 而外的掃描 -------
.
uStart Page = hxxp://www.google.ca/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q106&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 10:53
Windows 5.1.2600 Service Pack 2 NTFS

掃描被隱藏的進程 ...

掃描被隱藏的啟動組 ...

掃描被隱藏的文件 ...


**************************************************************************
.
--------------------- 運行進程下的動態鏈接庫 ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(976)
c:\windows\system32\INetHTTPFilter.dll

- - - - - - - > 'explorer.exe'(1620)
c:\windows\IME\SPGRMR.DLL
.
完成時間: 2009-07-16 10:57
ComboFix-quarantined-files.txt 2009-07-16 17:56

Pre-Run: 285,506,052,096 bytes free
Post-Run: 285,491,326,976 bytes free

139 --- E O F --- 2009-07-15 21:02

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:08:38 AM

Posted 16 July 2009 - 02:19 PM

Please note the message text in blue at the top of the Am I infected? What do I do? forum.

ComboFix logs should not to be posted outside the HijackThis forums and then only when requested by a HJT Team member. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem in the Am I infected? What do I do? forum. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed. If you have any questions, please PM any Moderator.
The BC Staff

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users