Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

i can't access any antivirus website [Closed]


  • This topic is locked This topic is locked

#1
teebee77

teebee77

    New Member

  • Member
  • Pip
  • 1 posts
Hy
I recently noticed that i cant access any antivirus websites. I read a few topics and found that i should install combofix, but after that i dont know what to do .. so here is the log from combofix:
ComboFix 13-07-27.01 - Teebee 30.07.2013 1:31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.40.1033.18.1270.438 [GMT 3:00]
Running from: c:\documents and settings\Teebee\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\conotinuetossave
c:\documents and settings\All Users\Application Data\conotinuetossave\51b0c68b8db74.dll
c:\documents and settings\All Users\Application Data\conotinuetossave\51b0c68b8db74.tlb
c:\documents and settings\All Users\Application Data\conotinuetossave\settings.ini
c:\documents and settings\All Users\Application Data\SeaurCh-NNewTab
c:\documents and settings\All Users\Application Data\SeaurCh-NNewTab\51b0c69f5b4e9.dll
c:\documents and settings\All Users\Application Data\SeaurCh-NNewTab\51b0c69f5b4e9.tlb
c:\documents and settings\All Users\Application Data\SeaurCh-NNewTab\data\SeaurCh-NNewTab.dat
c:\documents and settings\All Users\Application Data\SeaurCh-NNewTab\settings.ini
c:\documents and settings\Teebee\Application Data\Gizmo
c:\documents and settings\Teebee\Application Data\Gizmo\mru.xml
c:\documents and settings\Teebee\Application Data\Gizmo\update.xml
c:\windows\system32\Uninstall-TvPlugin-5.4
.
.
((((((((((((((((((((((((( Files Created from 2013-06-28 to 2013-07-29 )))))))))))))))))))))))))))))))
.
.
2013-07-29 14:29 . 2008-03-03 15:21 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2013-07-29 14:29 . 2008-03-03 11:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2013-07-29 14:27 . 2013-07-29 14:27 -------- d-----w- c:\program files\ESET
2013-07-29 14:27 . 2013-07-29 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2013-07-07 20:50 . 2013-07-07 20:50 -------- d-----w- c:\documents and settings\Teebee\Application Data\Unity
2013-07-07 20:48 . 2013-07-07 20:48 -------- d-----w- c:\documents and settings\Teebee\Local Settings\Application Data\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-26 08:59 . 2013-07-26 08:59 119296 ---ha-w- c:\documents and settings\Teebee\Application Data\Ltfmfx.exe
2013-06-22 09:30 . 2013-06-22 09:30 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-22 09:30 . 2012-11-25 23:45 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-22 09:30 . 2012-11-25 21:49 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-22 09:30 . 2012-11-25 21:49 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-03 09:30 . 2013-04-03 09:29 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2012-06-19 . 474D3DCCB57DEFCD917311EEC47204B9 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2012-06-19 . F2DF0FDBD41B34112EE05ED04258F052 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GizmoDriveDelegate"="c:\progra~1\GIZMO\GDRIVE.DLL" [2012-11-25 390752]
"GizmoDriveDelegate"="c:\progra~1\GIZMO\GDRIVE.DLL" [2012-11-25 390752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2012-06-19 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Gizmo.lnk - c:\program files\Gizmo\gizmo.exe /NoSplash /NoShow [2012-11-26 220768]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, credssp.dll, digest.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Steam"="c:\program files\Steam\steam.exe" -silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SMSERIAL"=c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Jocuri\\Age of Empires II\\empires2.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version8\\TeamViewer_Service.exe"=
"c:\\Documents and Settings\\Teebee\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13613:TCP"= 13613:TCP:BitComet 13613 TCP
"13613:UDP"= 13613:UDP:BitComet 13613 UDP
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [15.06.2012 11:33 13616]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [15.06.2012 11:33 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [15.06.2012 11:33 13616]
R1 GizmoDrv;Gizmo Device Driver;c:\windows\system32\drivers\gizmodrv.sys [26.11.2012 01:28 23624]
R2 Gizmo Central;Gizmo Central;c:\program files\Gizmo\gservice.exe [26.11.2012 01:28 31856]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [19.09.2012 13:10 1699168]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [18.09.2012 17:02 10088]
R4 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys --> c:\windows\system32\DRIVERS\epfwtdir.sys [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [23.08.2001 15:00 3584]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [13.05.2011 04:21 30312]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [13.05.2011 04:21 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [13.05.2011 04:21 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [13.05.2011 04:21 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [13.05.2011 04:21 114280]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [14.12.2012 12:08 1436160]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [23.07.2009 06:08 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30.03.2009 04:09 239336]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [09.11.2012 12:21 160944]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30.03.2009 04:23 366936]
S4 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [04.12.2012 22:38 3560800]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-25 23:53]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-25 23:53]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1935655697-1644491937-1003Core.job
- c:\documents and settings\Teebee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-11-25 22:47]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1935655697-1644491937-1003UA.job
- c:\documents and settings\Teebee\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-11-25 22:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://websearch.pu-result.info/?pid=726&r=2013/06/06&hid=980115445&lg=EN&cc=RO
mStart Page = hxxp://websearch.pu-result.info/?pid=726&r=2013/06/06&hid=980115445&lg=EN&cc=RO
uSearchURL,(Default) = hxxp://www.google.ro
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\Teebee\Application Data\Mozilla\Firefox\Profiles\g3jhf7i2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.pu-result.info/?pid=726&r=2013/06/06&hid=980115445&lg=EN&cc=RO&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://websearch.pu-result.info/?pid=726&r=2013/06/06&hid=980115445&lg=EN&cc=RO
FF - prefs.js: keyword.URL - hxxp://websearch.pu-result.info/?pid=726&r=2013/06/06&hid=980115445&lg=EN&cc=RO&l=1&q=
FF - ExtSQL: 2013-06-07 19:43; [email protected]; c:\documents and settings\Teebee\Application Data\Mozilla\Firefox\Profiles\g3jhf7i2.default\extensions\[email protected]
FF - ExtSQL: 2013-06-07 19:43; [email protected]; c:\documents and settings\Teebee\Application Data\Mozilla\Firefox\Profiles\g3jhf7i2.default\extensions\[email protected]
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-SopCast Tv Plugin 5.4 Setup - c:\windows\system32\Uninstall-TvPlugin-5.4
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-30 01:42
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Ltfmfx = c:\documents and settings\Teebee\Application Data\Ltfmfx.exe
.
scanning hidden files ...
.
.
c:\documents and settings\Teebee\Application Data\Ltfmfx.exe 119296 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(984)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'csrss.exe'(956)
c:\windows\system32\WININET.dll
.
Completion time: 2013-07-30 01:46:03
ComboFix-quarantined-files.txt 2013-07-29 22:45
.
Pre-Run: 22.306.562.048 bytes free
Post-Run: 22.003.306.496 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8735B9621FACB45C996B495E90FCDCEF
8F558EB6672622401DA993E1E865C861
  • 0

Advertisements


#2
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Hi teebee77 and welcome at GeekstoGo!

I'm crooleeck and I'll try to help you. But first please notice that I'm not limitless, I'm not familiar with all software, I don't know everything. However, it has taken me years to learn what I know. I would be glad to help you.

Fight against malware is NOT instantaneous, most infections require several courses of action to completely eradicate. It's also time-consuming, so be patient! We all like to know final result, so if you have since resolved the issues you were originally experiencing, or have received help elsewhere, please post.

Note:
  • Please watch this topic. Part of the fix may require you to being Safe Mode, which will not allow you to access the internet, or my instructions! Please save or print following instrucions.
  • Do exactly - step by step - what I wish for. Don't be afraid! If there's anything you don't understand, stop and ask!
  • Please don't run unsupervised tools or fix on your own without my direction - it can be dangerous.
  • You must reply within 3 days or your topic will be closed
  • Everyone except user: Instructions are prepared only for this case.

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

I'll post instruction I fast I can.
  • 0

#3
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
teebee77, you have a backdoor infection.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of its backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

That said, I can still help you clean out the malware as best as I can without going that route, so if you decide that you don't want to do a format and reinstall of Windows, please let me know in next post.

I see AV modification in logs:
2013-07-29 14:29 . 2008-03-03 15:21	568	---ha-w-	c:\windows\nod32fixtemdono.reg
2013-07-29 14:29 . 2008-03-03 11:25	5702	---ha-w-	c:\windows\nod32restoretemdono.reg
Our Terms of Use is simple:

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.

Please uninstall illegal software, otherwise we can't help you.
Cracked software and using P2P programs is probably main reason why you are infected.

Be in mind that you can choose another free antivirus:
It's first line to keep system clean. Install only oneoffollowing:

I like the last one - different cloud technology, fast and light.
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP