Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect IE/Firefox

Started by GreyTalon , Jul 23 2009 11:46 AM

  • Please log in to reply

#1
GreyTalon
Posted 23 July 2009 - 11:46 AM

GreyTalon

    Member

  • Member
  • PipPip
  • 18 posts
Hey all I'm Talon and I have the google Redirect problem. I looked at some of the others on this site complaining of the same thing so I downloaded OTL,Combo-Fix, and reinstalled HijackThis! so thank you for your help and I will post and do all you ask to help me fix my computer :) Thanks a lot!

-----Combo-Fix-----
ComboFix 09-07-23.01 - customer 07/23/2009 13:17.8.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.281 [GMT -4:00]
Running from: c:\documents and settings\customer\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\WMEncoder.msi
c:\windows\system32\drivers\geyekrvmtnbobr.sys
c:\windows\system32\geyekrabwwbjes.dat
c:\windows\system32\geyekrpiwnrwri.dll
c:\windows\system32\geyekrqoiqrsip.dat
c:\windows\system32\geyekrxquwkknb.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_geyekrwbnyrekx


((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
.

2009-07-23 16:59 . 2009-07-23 17:06 -------- d-----w- C:\ComboFix
2009-07-23 16:03 . 2009-07-23 16:03 -------- d-----w- c:\documents and settings\customer\Application Data\PCToolsFirewallPlus
2009-07-23 15:48 . 2009-07-23 15:51 -------- d-----w- c:\program files\WinClamAVShield
2009-07-23 15:37 . 2009-07-23 15:37 -------- d-----w- c:\program files\Crawler
2009-07-23 15:37 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 15:37 . 2009-07-23 17:04 -------- d-----w- c:\documents and settings\customer\Application Data\Spyware Terminator
2009-07-23 15:37 . 2009-07-23 15:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 15:37 . 2009-07-23 15:37 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-07-23 15:37 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 15:37 . 2009-07-23 16:24 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2009-07-23 15:37 . 2009-07-23 17:04 -------- d-----w- c:\program files\Spyware Terminator
2009-07-23 05:12 . 2009-07-23 05:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-23 04:58 . 2009-07-23 04:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-23 04:58 . 2009-07-23 04:58 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-23 03:04 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-07-23 03:04 . 2009-07-23 03:04 -------- d-----w- c:\program files\Alwil Software
2009-07-19 19:34 . 2009-07-19 19:34 -------- d-----w- c:\documents and settings\customer\Local Settings\Application Data\Conduit
2009-07-19 19:34 . 2009-07-19 19:34 -------- d-----w- c:\program files\Conduit
2009-07-19 19:34 . 2009-07-23 14:38 -------- d-----w- c:\documents and settings\customer\Local Settings\Application Data\free-downloads.net
2009-07-19 19:34 . 2009-07-22 14:14 -------- d-----w- c:\program files\free-downloads.net
2009-07-06 00:56 . 2009-07-06 00:56 -------- d-----w- c:\program files\Stardock
2009-06-29 02:14 . 2009-07-10 03:36 -------- d-----w- c:\program files\Battle for Wesnoth 1.6.3
2009-06-28 20:42 . 2009-06-28 22:47 -------- d-----w- c:\documents and settings\customer\Application Data\IObit
2009-06-28 20:41 . 2009-07-23 14:57 -------- d-----w- c:\program files\IObit
2009-06-28 13:35 . 2009-06-28 13:35 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-06-26 05:31 . 2009-06-26 05:31 -------- d-sh--w- c:\documents and settings\customer\IECompatCache
2009-06-23 19:28 . 2009-06-23 19:28 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-23 19:19 . 2009-06-23 19:19 -------- d-sh--w- c:\documents and settings\customer\PrivacIE
2009-06-23 19:09 . 2009-06-23 19:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-23 18:56 . 2009-06-23 18:56 -------- d-sh--w- c:\documents and settings\customer\IETldCache
2009-06-23 18:40 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-23 18:38 . 2009-06-23 18:40 -------- d-----w- c:\windows\ie8updates
2009-06-23 18:36 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-23 18:36 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-23 18:29 . 2009-06-23 18:36 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 16:17 . 2007-06-28 18:34 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-23 15:25 . 2007-05-11 19:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-23 15:25 . 2007-11-25 01:47 -------- d-----w- c:\program files\McAfee
2009-07-23 14:56 . 2007-12-02 14:08 -------- d-----w- c:\program files\Sun
2009-07-23 14:56 . 2009-06-09 21:35 -------- d-----w- c:\program files\Myth II
2009-07-23 14:55 . 2007-05-11 20:14 -------- d-----w- c:\program files\Google
2009-07-23 14:43 . 2009-01-31 02:43 0 ----a-w- c:\documents and settings\customer\Local Settings\Application Data\prvlcl.dat
2009-07-23 04:58 . 2007-05-31 22:51 -------- d-----w- c:\program files\DivX
2009-07-22 14:07 . 2009-01-03 17:03 -------- d-----w- c:\program files\BaldursGateTutu
2009-07-22 14:07 . 2008-10-05 17:16 -------- d-----w- c:\program files\AIM Music Link
2009-07-22 14:07 . 2007-07-02 04:46 -------- d-----w- c:\documents and settings\customer\Application Data\IMVU
2009-07-22 14:07 . 2007-06-23 01:40 -------- d-----w- c:\program files\Starcraft
2009-07-22 14:07 . 2007-05-15 21:30 -------- d-----w- c:\program files\Warcraft III
2009-07-19 20:15 . 2008-05-20 22:49 -------- d-----w- c:\documents and settings\customer\Application Data\Petroglyph
2009-07-19 19:59 . 2008-12-23 04:17 -------- d-----w- c:\program files\LucasArts
2009-07-19 19:59 . 2006-09-20 17:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-19 18:58 . 2008-08-05 22:06 -------- d-----w- c:\documents and settings\customer\Application Data\DAEMON Tools
2009-07-12 19:49 . 2008-04-15 23:52 -------- d-----w- c:\documents and settings\customer\Application Data\Intuit
2009-07-12 19:49 . 2007-11-24 18:11 -------- d-----w- c:\documents and settings\customer\Application Data\Ventrilo
2009-07-12 19:49 . 2007-05-25 21:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ATI MMC
2009-07-12 19:49 . 2007-11-24 18:11 -------- d-----w- c:\program files\VentSrv
2009-07-12 19:49 . 2009-06-07 21:15 -------- d-----w- c:\program files\Myth_TFL
2009-07-12 19:49 . 2009-03-14 14:32 -------- d-----w- c:\program files\MagicISO
2009-07-12 19:49 . 2007-05-25 21:14 -------- d-----w- c:\program files\ATI Multimedia
2009-07-12 19:49 . 2007-05-12 03:57 -------- d-----w- c:\program files\AOL 9.0
2009-07-12 19:49 . 2008-12-05 21:24 -------- d-----w- c:\program files\GameSpy Arcade
2009-06-28 18:27 . 2008-03-07 00:52 -------- d-----w- c:\documents and settings\customer\Application Data\IGN_DLM
2009-06-28 18:26 . 2009-06-14 02:57 -------- d-----w- c:\program files\EV Nova
2009-06-16 14:36 . 2002-08-29 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2002-08-29 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 23:19 . 2007-05-15 21:34 78315 -c--a-w- c:\windows\War3Unin.dat
2009-06-11 19:08 . 2009-06-11 19:08 -------- d-----w- c:\program files\Lionhead Studios
2009-06-11 19:00 . 2009-06-11 19:00 -------- d-----w- c:\program files\Phantombility
2009-06-03 19:09 . 2005-08-30 04:02 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 02:15 . 2007-07-03 21:25 -------- d-----w- c:\program files\Diablo II
2009-05-31 01:00 . 2009-01-30 01:58 -------- d-----w- c:\documents and settings\customer\Application Data\AVGTOOLBAR
2009-05-13 05:15 . 2006-06-23 16:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2002-08-29 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 21:40 . 2008-08-05 22:07 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-23 01:45 . 2008-12-21 20:09 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-07-22 2215960]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2009-07-22 14:14 2215960 ----a-w- c:\program files\free-downloads.net\tbfre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-07-22 2215960]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfre1.dll" [2009-07-22 2215960]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2003-09-02 106574]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-25 2328712]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-07-23 3055616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-06-21 126976]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-01-21 335872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-23 2173440]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1178913210\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"c:\\Program Files\\Lexmark 1300 Series\\App4R.exe"=
"c:\\WINDOWS\\system32\\lxdccoms.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdctime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdcjswx.exe"=
"c:\\Documents and Settings\\Guest\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"37900:TCP"= 37900:TCP:*:Disabled:SolidNetworkManager
"37900:UDP"= 37900:UDP:*:Disabled:SolidNetworkManager
"8020:TCP"= 8020:TCP:*:Disabled:SolidNetworkManager
"8020:UDP"= 8020:UDP:*:Disabled:SolidNetworkManager
"27242:TCP"= 27242:TCP:*:Disabled:SolidNetworkManager
"27242:UDP"= 27242:UDP:*:Disabled:SolidNetworkManager

R0 phmcd;phmcd;c:\windows\system32\drivers\phmcd.sys [4/8/2008 02:41 PM 44696]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [7/23/2009 11:37 AM 142592]
R2 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R2 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [10/1/2007 08:19 PM 99248]
S2 gupdate1ca0b5232bdbe00;Google Update Service (gupdate1ca0b5232bdbe00);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2009 12:58 AM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


.
------- Supplementary Scan -------
.
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\docume~1\customer\APPLIC~1\Mozilla\Firefox\Profiles\koao2iec.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr&p=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: XUL Cache: {ADE1A1D1-45B8-45BF-AD03-9E615BDF38C0} - c:\documents and settings\customer\Local Settings\Application Data\{ADE1A1D1-45B8-45BF-AD03-9E615BDF38C0}\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-23 13:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-1715567821-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:62,cd,ed,35,0f,ec,66,6b,b2,9f,0c,cf,d9,16,18,06,de,81,2a,31,cd,33,2c,
ff,45,d5,3a,96,df,71,9b,83,9b,6c,88,30,08,df,7d,07,1d,08,bc,3f,37,b6,9a,d7,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-1659004503-1715567821-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:c5,fb,de,2e,d7,52,04,58,47,c2,2d,1a,7e,51,6a,f3,99,4e,7c,0f,75,
dd,48,76,03,f0,a1,54,d7,00,cb,28,c7,a7,52,c4,ed,c1,a8,d5,22,75,c2,3d,a8,b7,\
"rkeysecu"=hex:97,e6,3e,d8,d7,66,44,7b,0e,a2,31,14,67,66,b2,66

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B58C2440-A1A3-11d1-B024-006097C9A284}\LocalServer32]
@DACL=(02 0000)
@="c:\\Program Files\\Microsoft Office\\Office\\1033\\msohelp.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B58C2440-A1A3-11d1-B024-006097C9A284}\ProgID]
@DACL=(02 0000)
@="MsoHelpKeyDlg.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B58C2440-A1A3-11d1-B024-006097C9A284}\VersionIndependentProgID]
@DACL=(02 0000)
@="MsoHelpKeyDlg"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B58C2441-A1A3-11d1-B024-006097C9A284}\LocalServer32]
@DACL=(02 0000)
@="c:\\Program Files\\Microsoft Office\\Office\\1033\\msohelp.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B58C2441-A1A3-11d1-B024-006097C9A284}\ProgID]
@DACL=(02 0000)
@="MsoHelpAWDlg.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B58C2441-A1A3-11d1-B024-006097C9A284}\VersionIndependentProgID]
@DACL=(02 0000)
@="MsoHelpAWDlg"

[HKEY_LOCAL_MACHINE\software\Disney\Disney Online]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Services\MediaGuide]
@DACL=(02 0000)
"FriendlyName"="Media Guide"
"ColorPlayer"="#0063B0"
"ImageLargeURL"="http://images.metase...er11_30x30.png"
"ImageMenuURL"="http://images.metase..._rgb_15x15.png"
"Task1ButtonText"="Media Guide"
"Task1ButtonTip"="Media Guide"
"Type"=dword:00000002

[HKEY_LOCAL_MACHINE\software\WinKernelTimeServiceIWN\{17333768-0154-0324-7263-42450F0FF0GS}]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-23 13:27
ComboFix-quarantined-files.txt 2009-07-23 17:27

Pre-Run: 42,549,989,376 bytes free
Post-Run: 42,711,937,024 bytes free

285 --- E O F --- 2009-07-16 13:55


*edit* weird it looks like its fixed now if you dont mind taking a look and telling me if it really is *edit*

Edited by GreyTalon, 23 July 2009 - 01:08 PM.

  • 0

Advertisements

#2
GreyTalon
Posted 03 August 2009 - 09:56 PM

GreyTalon

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
The issue is apparently resolved and this topic can be closed at your earliest convenience.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP