Homepage hijacked

Dell Inspiron 1545
November 2, 2009 at 09:07:13
Specs: Microsoft Windows XP Professional, P4 2.4 Ghz HT 1 GB
My homepage somehoe got changed to
http://www.myyearbook.com I never even use that site not sure how it got changed. I know that should be a safe site how could my homepage be hijacked to it? Also I have super antispyware and it should have notified me of the change but it didn't. Also my system is a little slow on startup and my yahoo Im is set to remember my password and sometimes it gives a message that the wrong password was typed. I found some things in my firewall logs. Here is a list of incomeing.
The port number is 13237 what port is that for?

Incoming Log Table
Source IP Destination Port Number
70.45.89.156 13237
159.149.45.88 13237
205.152.37.23 13237
205.152.144.23 13237
205.152.37.23 13237
205.152.144.23 13237
205.152.37.23 13237
205.152.144.23 13237
205.152.37.23 13237
205.152.144.23 13237
205.152.37.23 13237
205.152.144.23 13237
99.140.239.167 13237
205.152.37.23 13237
205.152.144.23 13237
189.83.192.13 13237
205.152.37.23 13237
205.152.144.23 13237
205.152.37.23 13237
205.152.144.23 13237
205.152.37.23 13237
205.152.144.23 13237
205.152.37.23 13237
205.152.144.23 13237
205.152.37.23 13237
205.152.144.23 13237
205.152.37.23 13237
205.152.144.23 13237
205.152.37.23 13237
205.152.144.23 13237
205.152.37.23 13237
205.152.144.23 13237
205.152.37.23 13237
205.152.144.23 13237
217.80.188.212 13237
67.182.245.173 13237
205.152.37.23 13237
205.152.144.23 13237
189.69.23.139 13237
205.152.37.23 13237
205.152.144.23 13237

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


See More: Homepage hijacked

Report •


#1
November 4, 2009 at 07:09:55
Can someone please answer? It is showing my system specs as a Dell Inspiron 1545. The problem is on my desktop.

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#2
November 4, 2009 at 07:16:47
You can give combofix a try, it will probably clear it up for you:
http://www.bleepingcomputer.com/com...
Be sure to download it from that site ONLY and follow the instructions carefully.
Good Luck

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#3
November 4, 2009 at 08:12:54
Ok thanks now the strangest thing has happened. I was haveing issues with my logitech webcam. So I uninstall everything related to logitech webcam. It asked to reboot I click later. I went to msconfig/startup and unchecked all. Rebooted and my settings go to classic mode and I have no sound and cannot access the internet and i am not sure what else.

<edit>
I could just run a ghost backup but I will wait on that because I will loose my Windows 7 beta I have on another partition. I checked all in msconfig and rebooted and still classic mode and no sound internet it is NOT safe mode because the color is normal 32bit. I cannot access the Internet to download combofix. I tried downloading it on my desktop and putting it on a external and transfering it that way but the system doese not see the external drive.

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

Related Solutions

#4
November 4, 2009 at 08:26:50
Ok I got it to see my external. I move it (combofix) over to my desktop and when I try to install it it saids some files are currupt. I think I may need to go ahead and do the ghost backup.
I tried to download combofix again. I tried the ghost backup and got some error could not contact some agent. So I had another idea. But the harddrive in an exteral case and download combofix that way. I may have a true image backup that should work also if this idea fails. I am not sure what the deal is has anyone seen issues like this? Some virus or unknown maleware?
BTW what is port 13237 used for? Did a hacker try to get in to my computer?


Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#5
November 4, 2009 at 19:12:19
Ok I got more info. Something disabled all the services. I was unable to get online I tried cmd and ip/config to see if there was an ip address for my router there was no ip address. So I checked the device manager and it was blank. I googled device manager blank and some things came up about how to unable the services. How do I enable them all without haveing to do one by one? I just basicly want to restore the defalts get them all back running the ones that run by defalt. Anyone please help. I do not want to have to run the ghost backup and loose my windows 7 partition. I do have the combofix log. Here it is.

ComboFix 09-11-04.02 - Chris 11/04/2009 21:38.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.607 [GMT -5:00]
Running from: C:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3934647856-1494803177-2059374841-1000
c:\documents and settings\Chris\My Documents\cc_20091026_110415.reg
c:\recycler\NPROTECT
c:\recycler\S-1-5-21-1479721005-432859483-3195229635-1005

.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-05 02:48 . 2009-11-05 02:48 -------- d-----w- c:\windows\temp
2009-11-04 16:55 . 2009-11-05 02:34 3564524 ----a-r- C:\ComboFix.exe
2009-11-04 15:26 . 2009-11-04 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-04 01:00 . 2009-11-04 13:54 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\AskToolbar
2009-11-03 16:34 . 2009-03-27 06:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2009-11-03 16:33 . 2009-11-03 16:33 -------- d-----w- c:\program files\CPUID
2009-11-03 16:33 . 2009-11-03 16:33 -------- d-----w- c:\program files\Ask.com
2009-11-03 16:08 . 2009-11-03 16:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-03 14:35 . 2009-11-03 16:10 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Adobe
2009-11-03 14:34 . 2009-11-03 16:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-03 14:22 . 2008-03-06 16:51 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2009-11-03 14:22 . 2009-11-03 14:22 -------- d-----w- c:\program files\Belarc
2009-11-03 03:13 . 2009-11-03 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-03 03:13 . 2009-11-03 16:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-02 19:25 . 2009-11-02 19:25 -------- d-----w- C:\Boot
2009-11-02 15:38 . 2009-06-14 00:54 1663488 ----a-w- c:\windows\system32\BootMan.exe
2009-11-02 15:38 . 2009-04-22 19:27 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2009-11-02 15:38 . 2009-04-22 19:28 8704 ----a-w- c:\windows\system32\epmntdrv.sys
2009-11-02 15:38 . 2009-04-22 19:28 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2009-11-02 15:38 . 2009-04-22 19:28 3072 ----a-w- c:\windows\system32\EuGdiDrv.sys
2009-11-02 15:38 . 2009-11-02 15:38 -------- d-----w- c:\program files\EASEUS
2009-10-29 15:34 . 2009-10-29 15:34 -------- d-----w- c:\documents and settings\Chris\Application Data\Malwarebytes
2009-10-29 15:34 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 15:34 . 2009-10-29 15:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 15:34 . 2009-10-29 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-29 15:34 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 13:33 . 2009-10-29 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-10-27 15:02 . 2009-10-27 15:02 -------- d-----w- c:\documents and settings\Chris\Application Data\Windows Search
2009-10-27 13:32 . 2009-10-27 13:32 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Identities
2009-10-27 13:32 . 2009-10-27 13:32 -------- d-----w- c:\documents and settings\Chris\Application Data\Windows Desktop Search
2009-10-27 02:58 . 2009-10-27 02:58 -------- d-----w- c:\windows\system32\XPSViewer
2009-10-27 02:58 . 2009-10-27 02:58 -------- d-----w- c:\program files\MSBuild
2009-10-27 02:58 . 2009-10-27 02:58 -------- d-----w- c:\program files\Reference Assemblies
2009-10-27 02:57 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-10-27 02:57 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-10-27 02:57 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-10-27 02:57 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-10-27 02:57 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-10-27 02:57 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-10-27 02:57 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-10-27 02:51 . 2009-10-27 02:51 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-27 02:51 . 2009-10-27 02:51 -------- d-----w- c:\windows\system32\GroupPolicy
2009-10-27 02:50 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-10-27 02:50 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-10-27 02:50 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-10-27 02:48 . 2009-10-27 02:49 -------- d-----w- c:\windows\system32\URTTemp
2009-10-27 00:52 . 2009-10-27 00:52 -------- d-----w- c:\program files\MSXML 4.0
2009-10-26 17:28 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-26 17:26 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-26 17:23 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-10-26 17:23 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-10-26 17:23 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-10-26 17:23 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-10-26 17:23 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-26 17:23 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-26 17:23 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-10-26 17:23 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-10-26 17:23 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-10-26 17:23 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-10-26 17:23 . 2009-08-05 01:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-10-26 17:23 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-10-26 17:22 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-10-26 17:22 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-10-26 17:21 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2009-10-26 17:20 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-10-26 17:20 . 2008-09-04 17:15 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-10-26 17:19 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-10-26 17:19 . 2008-05-01 14:33 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2009-10-26 17:18 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-10-26 17:17 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-10-26 17:17 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-10-26 16:59 . 2008-10-16 19:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-10-26 16:24 . 2009-10-27 13:59 27262976 ----a-w- C:\VIRTPART.DAT
2009-10-26 15:41 . 2009-10-26 15:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-10-26 15:33 . 2009-10-26 15:33 -------- d-----w- c:\windows\nview
2009-10-26 15:33 . 2008-05-16 19:01 446464 ----a-w- c:\windows\system32\nvudisp.exe
2009-10-26 15:32 . 2008-05-16 16:48 446464 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-26 15:32 . 2009-10-26 15:32 -------- d-----w- C:\NVIDIA
2009-10-26 13:37 . 2009-10-26 13:37 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-26 02:32 . 2009-10-26 02:32 -------- d-----w- c:\program files\Rockstar Games
2009-10-25 22:27 . 2009-10-25 22:27 -------- d-----w- C:\flight95
2009-10-25 22:26 . 1996-01-09 10:38 283648 ----a-w- c:\windows\uninst.exe
2009-10-25 22:24 . 2009-10-25 22:25 -------- d-----w- c:\program files\trailer park tycoon
2009-10-25 22:23 . 2009-10-25 22:23 227 ----a-w- c:\windows\PowerReg.dat
2009-10-25 22:23 . 2000-01-14 17:42 45568 ----a-w- c:\windows\UniFish3.exe
2009-10-25 22:22 . 2009-10-25 22:22 -------- d-----w- c:\program files\Hasbro Interactive
2009-10-25 22:21 . 2009-10-25 22:21 -------- d-----w- c:\program files\Oquirrh
2009-10-25 22:17 . 2009-10-25 22:17 -------- d-----w- c:\program files\Activision Value
2009-10-25 22:11 . 1998-08-10 15:37 32256 ----a-w- c:\windows\system32\PolyMediaDB.dll
2009-10-25 22:10 . 1997-09-08 15:40 76288 ----a-w- c:\windows\system32\dwvercls.dll
2009-10-25 22:10 . 1997-05-29 20:01 175104 ----a-w- c:\windows\system32\dwSockvs.dll
2009-10-25 22:10 . 2009-10-25 22:10 -------- d-----w- c:\program files\Headgames
2009-10-25 21:58 . 1999-08-05 20:51 24576 ----a-w- c:\windows\system32\ealtest.exe
2009-10-25 21:58 . 1999-07-29 23:02 36864 ----a-w- c:\windows\system32\eaexec.exe
2009-10-25 21:57 . 2009-10-25 21:57 -------- d-----w- c:\program files\EA SPORTS
2009-10-25 21:54 . 2009-10-25 21:54 -------- d-----w- c:\program files\Hard Truck 18 Wheels
2009-10-25 21:31 . 2009-10-25 21:31 56832 ------w- c:\windows\system32\iyvu9_32.dll
2009-10-25 21:31 . 2009-10-25 21:31 143872 ------w- c:\windows\system32\iacenc.dll
2009-10-25 21:31 . 2009-10-25 21:31 756736 ------w- c:\windows\system32\ir41_32.dll
2009-10-25 21:30 . 2009-10-26 00:25 -------- d-----w- c:\program files\Microsoft Games
2009-10-25 17:38 . 2009-10-26 07:07 -------- d-----w- C:\$AVG
2009-10-25 17:38 . 2009-10-25 17:38 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-25 17:38 . 2009-10-25 17:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-25 17:38 . 2009-10-25 17:38 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-25 17:38 . 2009-10-25 17:38 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-25 17:38 . 2009-11-04 14:51 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-25 17:38 . 2009-10-25 17:38 -------- d-----w- c:\program files\AVG
2009-10-25 17:38 . 2009-10-25 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-25 17:37 . 2009-10-26 15:40 -------- d-----w- c:\windows\SxsCaPendDel
2009-10-25 17:26 . 2009-11-01 10:31 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Temp
2009-10-25 17:26 . 2009-10-25 17:26 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-10-25 17:26 . 2009-10-25 17:31 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Google
2009-10-25 17:26 . 2009-10-25 17:28 -------- d-----w- c:\program files\Google
2009-10-25 14:59 . 2009-10-25 15:00 117760 ----a-w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-25 14:59 . 2009-10-25 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-25 14:58 . 2009-10-26 00:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-25 14:58 . 2009-10-25 14:58 -------- d-----w- c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com
2009-10-25 14:58 . 2009-10-25 14:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-25 14:47 . 2008-04-14 09:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-10-25 14:46 . 2009-10-25 14:46 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-25 14:44 . 2009-10-25 14:45 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-25 14:44 . 2009-10-25 14:44 -------- d-----w- c:\windows\system32\LogFiles
2009-10-25 14:41 . 2009-10-25 14:41 0 ----a-w- c:\windows\nsreg.dat
2009-10-25 14:41 . 2009-10-25 14:41 -------- d-----w- c:\documents and settings\Chris\Local Settings\Application Data\Mozilla
2009-10-25 14:40 . 2009-10-25 14:40 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 13:49 . 2009-10-31 13:49 -------- d-----w- c:\documents and settings\Chris\Application Data\FCTB000000001
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 22:32 . 2009-10-31 13:49 207360 ----a-w- c:\documents and settings\Chris\Application Data\FCTB000000001\Toolbar\SearchComponent.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 16:52 . 2009-10-31 13:49 272384 ----a-w- c:\documents and settings\Chris\Application Data\FCTB000000001\Toolbar\bookmarksplugin.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-03 00:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ED53F43D-B309-4F2C-A4A3-8D4F81177FD4}]
2009-10-10 15:35 1432576 ----a-w- c:\program files\myYearbook Toolbar\Toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DAB35D68-1CDC-4375-8333-D7BBCEE3C0A0}"= "c:\program files\myYearbook Toolbar\Toolbar.dll" [2009-10-10 1432576]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{dab35d68-1cdc-4375-8333-d7bbcee3c0a0}]
[HKEY_CLASSES_ROOT\FCTB000000001.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB000000001.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DAB35D68-1CDC-4375-8333-D7BBCEE3C0A0}"= "c:\program files\myYearbook Toolbar\Toolbar.dll" [2009-10-10 1432576]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-03 809864]

[HKEY_CLASSES_ROOT\clsid\{dab35d68-1cdc-4375-8333-d7bbcee3c0a0}]
[HKEY_CLASSES_ROOT\FCTB000000001.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{8518B5E9-EDF5-4BDA-B5D3-4AA044EC072D}]
[HKEY_CLASSES_ROOT\FCTB000000001.IEToolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-26 2000112]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"GhostStartTrayApp"="c:\program files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 94208]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-25 2010904]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-25 17:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\myYearbook Toolbar\\TroubleShooter.exe"=
"c:\\Program Files\\myYearbook Toolbar\\ToolbarUpdate.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/25/2009 12:38 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/25/2009 12:38 PM 360584]
R1 GhPciScan;GhostPciScanner;c:\program files\Norton SystemWorks\Norton Ghost\GhPciScan.sys [8/14/2002 2:11 PM 5632]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [10/25/2009 12:38 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/25/2009 12:38 PM 285392]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [11/3/2009 11:34 AM 12672]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [11/2/2009 10:38 AM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [11/2/2009 10:38 AM 3072]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/25/2009 12:26 PM 133104]
S4 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [10/24/2009 9:33 PM 135168]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ALERTER
*NewlyCreated* - MBR
*NewlyCreated* - NAPAGENT
*NewlyCreated* - VSS
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 17:26]

2009-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 17:26]

2009-10-31 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2002-08-30 01:30]

2009-11-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-04-03 00:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\uktccbnc.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{80b90af3-3a6f-417a-935e-55a93ff682bc} - (no file)
HKCU-RunOnce-Setup_bootstrap - e:\\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 21:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Setup_bootstrap = "e:\\setup.exe"?????<???????????????????Name? - ????8????Q???S??????????2805? Wi????D????S??????????????RebootReturnCode????????????B???????????????????SOFTWARE\Microsoft\MediaPlayer?? ???K???????1???1???????HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer?on

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Chris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
.
Completion time: 2009-11-05 21:52
ComboFix-quarantined-files.txt 2009-11-05 02:52

Pre-Run: 43,438,800,896 bytes free
Post-Run: 43,548,639,232 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •

#6
November 4, 2009 at 19:14:48
Also I forgot to add my system is still on classic mode. I tried to go back to xp mode. There is no option for xp mode I am refering to the thems.

Jesus Loves You!

Keyboard not detected. Hit F1 to Continue. BREAKFAST.SYS HALTED Cerial port not Responding!!


Report •


Ask Question