I recently noticed that i cant access any antivirus websites. I read a few topics and found that i should install combofix, but after that i dont know what to do .. so here is the log from combofix:
ComboFix 13-07-27.01 - Teebee 30.07.2013 1:31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.40.1033.18.1270.438 [GMT 3:00]
Running from: c:\documents and settings\Teebee\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\conotinuetossave
c:\documents and settings\All Users\Application Data\conotinuetossave\51b0c68b8db74.dll
c:\documents and settings\All Users\Application Data\conotinuetossave\51b0c68b8db74.tlb
c:\documents and settings\All Users\Application Data\conotinuetossave\settings.ini
c:\documents and settings\All Users\Application Data\SeaurCh-NNewTab
c:\documents and settings\All Users\Application Data\SeaurCh-NNewTab\51b0c69f5b4e9.dll
c:\documents and settings\All Users\Application Data\SeaurCh-NNewTab\51b0c69f5b4e9.tlb
c:\documents and settings\All Users\Application Data\SeaurCh-NNewTab\data\SeaurCh-NNewTab.dat
c:\documents and settings\All Users\Application Data\SeaurCh-NNewTab\settings.ini
c:\documents and settings\Teebee\Application Data\Gizmo
c:\documents and settings\Teebee\Application Data\Gizmo\mru.xml
c:\documents and settings\Teebee\Application Data\Gizmo\update.xml
c:\windows\system32\Uninstall-TvPlugin-5.4
.
.
((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-29 )))))))))))))))))))))))))))))))
.
.
2013-07-29 14:29 . 2008-03-03 15:21 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2013-07-29 14:29 . 2008-03-03 11:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2013-07-29 14:27 . 2013-07-29 14:27 -------- d-----w- c:\program files\ESET
2013-07-29 14:27 . 2013-07-29 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2013-07-07 20:50 . 2013-07-07 20:50 -------- d-----w- c:\documents and settings\Teebee\Application Data\Unity
2013-07-07 20:48 . 2013-07-07 20:48 -------- d-----w- c:\documents and settings\Teebee\Local Settings\Application Data\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-26 08:59 . 2013-07-26 08:59 119296 ---ha-w- c:\documents and settings\Teebee\Application Data\Ltfmfx.exe
2013-06-22 09:30 . 2013-06-22 09:30 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-22 09:30 . 2012-11-25 23:45 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-22 09:30 . 2012-11-25 21:49 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-22 09:30 . 2012-11-25 21:49 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-03 09:30 . 2013-04-03 09:29 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-06-19 . 474D3DCCB57DEFCD917311EEC47204B9 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2012-06-19 . F2DF0FDBD41B34112EE05ED04258F052 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GizmoDriveDelegate"="c:\progra~1\GIZMO\GDRIVE.DLL" [2012-11-25 390752]
"GizmoDriveDelegate"="c:\progra~1\GIZMO\GDRIVE.DLL" [2012-11-25 390752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2012-06-19 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Gizmo.lnk - c:\program files\Gizmo\gizmo.exe /NoSplash /NoShow [2012-11-26 220768]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Steam"="c:\program files\Steam\steam.exe" -silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Jocuri\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\Teebee\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13613:TCP"= 13613:TCP:BitComet 13613 TCP
"13613:UDP"= 13613:UDP:BitComet 13613 UDP
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [15.06.2012 11:33 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [15.06.2012 11:33 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [15.06.2012 11:33 13616]
R1 GizmoDrv;Gizmo Device Driver;c:\windows\system32\drivers\gizmodrv.sys [26.11.2012 01:28 23624]
R2 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [26.11.2012 01:28 31856]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [19.09.2012 13:10 1699168]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [18.09.2012 17:02 10088]
R4 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [23.08.2001 15:00 3584]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [13.05.2011 04:21 30312]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [13.05.2011 04:21 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [13.05.2011 04:21 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [13.05.2011 04:21 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [13.05.2011 04:21 114280]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [14.12.2012 12:08 1436160]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.07.2009 06:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.03.2009 04:09 239336]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [09.11.2012 12:21 160944]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.03.2009 04:23 366936]
S4 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [04.12.2012 22:38 3560800]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-25 23:53]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-25 23:53]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1935655697-1644491937-1003Core.job
- c:\documents and settings\Teebee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-11-25 22:47]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1935655697-1644491937-1003UA.job
- c:\documents and settings\Teebee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-11-25 22:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://websearch.pu-result.info/?pid=726&r=2013/06/06&hid=980115445&lg=EN&cc=RO
mStart Page = hxxp://websearch.pu-result.info/?pid=726&r=2013/06/06&hid=980115445&lg=EN&cc=RO
uSearchURL,(Default) = hxxp://www.google.ro
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Teebee\Application Data\Mozilla\Firefox\Profiles\g3jhf7i2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-result.info/?pid=726&r=2013/06/06&hid=980115445&lg=EN&cc=RO&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://websearch.pu-result.info/?pid=726&r=2013/06/06&hid=980115445&lg=EN&cc=RO
FF - prefs.js: keyword.URL - hxxp://websearch.pu-result.info/?pid=726&r=2013/06/06&hid=980115445&lg=EN&cc=RO&l=1&q=
FF - ExtSQL: 2013-06-07 19:43; [email protected]; c:\documents and settings\Teebee\Application Data\Mozilla\Firefox\Profiles\g3jhf7i2.default\extensions\[email protected]
FF - ExtSQL: 2013-06-07 19:43; [email protected]; c:\documents and settings\Teebee\Application Data\Mozilla\Firefox\Profiles\g3jhf7i2.default\extensions\[email protected]
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-SopCast Tv Plugin 5.4 Setup - c:\windows\system32\Uninstall-TvPlugin-5.4
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-30 01:42
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Ltfmfx = c:\documents and settings\Teebee\Application Data\Ltfmfx.exe
.
scanning hidden files ...
.
.
c:\documents and settings\Teebee\Application Data\Ltfmfx.exe 119296 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'csrss.exe'(956)
c:\windows\system32\WININET.dll
.
Completion time: 2013-07-30 01:46:03
ComboFix-quarantined-files.txt 2013-07-29 22:45
.
Pre-Run: 22.306.562.048 bytes free
Post-Run: 22.003.306.496 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8735B9621FACB45C996B495E90FCDCEF
8F558EB6672622401DA993E1E865C861