1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google Redirect

Discussion in 'Virus & Other Malware Removal' started by Mahatma7215, Apr 10, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Mahatma7215

    Mahatma7215 Thread Starter

    Joined:
    Mar 21, 2005
    Messages:
    109
    I believe that I had the google redirector so found a post and followed instructions

    Am running vista, use AVG Free edition.

    Seems that the redirect is gone, but internet still running slow.
    concerned about other possible viruses.

    Here is the combo fix report

    ComboFix 10-04-10.01 - Ted 04/10/2010 11:51:44.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.273 [GMT -7:00]
    Running from: c:\users\Ted\Desktop\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-3483109943-3815345499-1210177127-500
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
    .

    2010-04-10 19:07 . 2010-04-10 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-04-10 19:07 . 2010-04-10 19:08 -------- d-----w- c:\users\Ted\AppData\Local\temp
    2010-04-10 19:07 . 2010-04-10 19:07 -------- d-----w- c:\users\Dominik\AppData\Local\temp
    2010-04-10 19:07 . 2010-04-10 19:07 -------- d-----w- c:\users\Barbara\AppData\Local\temp
    2010-04-08 15:07 . 2010-04-08 15:07 4255072 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
    2010-04-02 16:26 . 2010-04-02 16:26 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
    2010-04-02 16:26 . 2010-04-02 16:26 2059544 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
    2010-04-02 16:26 . 2010-04-02 16:26 1598744 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
    2010-04-02 16:26 . 2010-04-02 16:26 1274136 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
    2010-04-02 16:26 . 2010-04-02 16:26 598296 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
    2010-04-02 16:26 . 2010-04-02 16:26 1515224 ----a-w- c:\programdata\avg9\update\backup\avgwd.dll
    2010-04-02 16:26 . 2010-04-02 16:26 459544 ----a-w- c:\programdata\avg9\update\backup\avgcclix.dll
    2010-04-02 16:26 . 2010-04-02 16:26 313112 ----a-w- c:\programdata\avg9\update\backup\avglogx.dll
    2010-04-02 16:26 . 2010-04-02 16:26 556824 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
    2010-04-02 16:26 . 2010-04-02 16:26 1086744 ----a-w- c:\programdata\avg9\update\backup\avgchsvx.exe
    2010-04-02 16:26 . 2010-04-02 16:26 301336 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
    2010-04-02 16:21 . 2010-04-02 16:21 1685784 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
    2010-04-02 16:21 . 2010-04-02 16:21 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
    2010-04-01 03:03 . 2010-04-01 03:03 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-03-27 00:49 . 2010-03-27 00:49 -------- d-----w- c:\temp\MotoConnectTemp
    2010-03-25 14:53 . 2010-03-25 14:54 20846064 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
    2010-03-17 16:49 . 2010-03-17 16:49 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
    2010-03-17 16:49 . 2010-03-17 16:49 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
    2010-03-17 16:49 . 2010-03-17 16:49 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-10 18:42 . 2009-12-02 05:51 -------- d-----w- c:\programdata\avg9
    2010-04-04 18:04 . 2010-03-07 15:17 439816 ----a-w- c:\users\Ted\AppData\Roaming\Real\Update\setup3.10\setup.exe
    2010-03-31 22:11 . 2010-03-03 03:08 439816 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\setup.exe
    2010-03-11 14:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-03-11 06:08 . 2008-06-06 01:24 -------- d-----w- c:\programdata\Microsoft Help
    2010-03-07 17:03 . 2008-08-24 03:08 104392 ----a-w- c:\users\Dominik\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-03-04 05:37 . 2009-04-02 05:28 -------- d-----w- c:\programdata\Electronic Arts
    2010-03-04 05:29 . 2010-03-04 05:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-03-04 05:28 . 2010-03-04 05:37 38784 ----a-w- c:\users\Barbara\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-03-04 05:28 . 2010-03-04 05:29 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2010-03-03 14:16 . 2010-03-03 14:16 8405312 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
    2010-03-03 14:16 . 2010-03-03 14:16 149000 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
    2010-03-03 14:15 . 2010-03-03 14:15 10309448 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
    2010-03-03 14:15 . 2010-03-03 14:15 283280 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
    2010-03-03 14:15 . 2010-03-03 14:15 181768 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\carb\LaunchHelper.exe
    2010-03-03 14:15 . 2010-03-03 14:15 79368 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
    2010-03-03 14:15 . 2010-03-03 14:15 64000 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
    2010-03-03 14:15 . 2010-03-03 14:15 52288 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
    2010-03-03 14:15 . 2010-03-03 14:15 50688 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
    2010-03-03 14:15 . 2010-03-03 14:15 49152 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
    2010-03-03 14:15 . 2010-03-03 14:15 118784 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
    2010-02-25 06:05 . 2010-01-06 00:23 -------- d-----w- c:\program files\Ask.com
    2010-02-24 14:39 . 2008-08-24 01:07 104392 ----a-w- c:\users\Barbara\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-24 13:14 . 2008-08-24 18:27 104392 ----a-w- c:\users\Ted\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-02-24 11:25 . 2008-06-06 01:22 -------- d-----w- c:\program files\BigFix
    2010-02-23 15:43 . 2008-06-06 01:21 -------- d-----w- c:\program files\Common Files\Adobe
    2010-02-23 06:39 . 2010-03-30 23:10 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-23 06:33 . 2010-03-30 23:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-02-23 06:33 . 2010-03-30 23:10 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-02-23 04:55 . 2010-03-30 23:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-02-20 23:06 . 2010-03-11 05:55 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2010-02-20 23:05 . 2010-03-11 05:55 30720 ----a-w- c:\windows\system32\httpapi.dll
    2010-02-20 20:53 . 2010-03-11 05:55 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2010-02-14 15:55 . 2008-06-06 01:16 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-02-13 23:05 . 2010-02-13 23:05 -------- d-----w- c:\program files\VCE3
    2010-01-25 12:00 . 2010-02-24 07:32 471552 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-01-25 12:00 . 2010-02-24 07:31 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-25 12:00 . 2010-02-24 07:31 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-25 12:00 . 2010-02-24 07:32 471552 ----a-w- c:\windows\system32\secproc.dll
    2010-01-25 11:58 . 2010-02-24 07:31 332288 ----a-w- c:\windows\system32\msdrm.dll
    2010-01-25 08:21 . 2010-02-24 07:31 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-25 08:21 . 2010-02-24 07:31 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-25 08:21 . 2010-02-24 07:31 518144 ----a-w- c:\windows\system32\RMActivate.exe
    2010-01-25 08:21 . 2010-02-24 07:31 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-23 09:26 . 2010-02-24 07:32 2048 ----a-w- c:\windows\system32\tzres.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{69d1a568-ffdf-4ef5-8919-7003582e0ee8}"= "c:\program files\Playdom\tbPlay.dll" [2009-12-31 2349080]

    [HKEY_CLASSES_ROOT\clsid\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]
    2009-12-31 19:53 2349080 ----a-w- c:\program files\Playdom\tbPlay.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-02-05 00:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{69d1a568-ffdf-4ef5-8919-7003582e0ee8}"= "c:\program files\Playdom\tbPlay.dll" [2009-12-31 2349080]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]

    [HKEY_CLASSES_ROOT\clsid\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]
    "{69D1A568-FFDF-4EF5-8919-7003582E0EE8}"= "c:\program files\Playdom\tbPlay.dll" [2009-12-31 2349080]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CLASSES_ROOT\clsid\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-11 2919608]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-05 142104]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-05 154392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-05 138008]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
    "lxbmmon.exe"="c:\program files\Lexmark 4200 Series\lxbmmon.exe" [2007-01-30 230320]
    "Lexmark 4200 Series Fax Server"="c:\program files\Lexmark 4200 Series\fm3032.exe" [2007-01-30 160688]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-12-02 413696]
    "Skytel"="Skytel.exe" [2007-04-13 1822720]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-23 198160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]

    c:\users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

    c:\users\Ted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):9f,a7,4e,de,79,ed,c9,01

    R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
    S2 lxbm_device;lxbm_device;c:\windows\system32\lxbmcoms.exe [2007-01-30 537520]
    S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2009-07-18 91392]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.charter.net/index.php
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W3653a
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\f85f0u17.default\
    FF - prefs.js: browser.startup.homepage - hxxp://angel.waol.org/
    FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
    MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
    AddRemove-Davis's Drug Search for Nurses, 11e - c:\program files\FA Davis\Davis's Drug Search for Nurses



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-10 12:08
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3483109943-3815345499-1210177127-1002\Software\SecuROM\License information*]
    "datasecu"=hex:55,9a,2c,2f,3f,3f,91,99,05,8b,03,ab,a0,6d,2a,e6,da,84,1f,83,5c,
    30,1d,f8,4a,2f,fc,33,82,43,0d,63,00,cc,f4,6d,b4,37,61,aa,e2,da,72,79,5a,58,\
    "rkeysecu"=hex:7f,6c,16,ba,1a,80,6a,4e,f0,8f,d2,94,da,d7,22,65

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-04-10 12:14:03
    ComboFix-quarantined-files.txt 2010-04-10 19:14

    Pre-Run: 197,530,587,136 bytes free
    Post-Run: 198,722,240,512 bytes free

    - - End Of File - - 47DA160702413DD48857786339ED4349


    And here is the Hijack this report I ran after combofix

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 12:50:24 PM, on 4/10/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Lexmark 4200 Series\LXBMmon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Pando Networks\Media Booster\PMB.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/index.php
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W3653a
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1308.0\msneshellx.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1308.0\msneshellx.dll
    O3 - Toolbar: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [lxbmmon.exe] "C:\Program Files\Lexmark 4200 Series\lxbmmon.exe"
    O4 - HKLM\..\Run: [Lexmark 4200 Series Fax Server] "C:\Program Files\Lexmark 4200 Series\fm3032.exe" /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax7705.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: lxbm_device - - C:\Windows\system32\lxbmcoms.exe
    O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7628 bytes


    Any help would be greatly appreciated

    Ted
     
  2. Mahatma7215

    Mahatma7215 Thread Starter

    Joined:
    Mar 21, 2005
    Messages:
    109
    It seems as if the redirector is still doing it's thing. Help would be great this is very frustrating, It happened to my wife, we have multiple users on this computer, do I have to clean each user profile seperately?
     
  3. Mahatma7215

    Mahatma7215 Thread Starter

    Joined:
    Mar 21, 2005
    Messages:
    109
    The redirector seems to still be active. My problems only seem to be related to internet browsing, regular applications work fine. But when browsing I get redirected often, or IE reports that connection to the internet is lost, even though it isn't. Also oftentimes images are not showing up on webpages also.

    Any assistance is, as always, greatly appreciated.
     
  4. Mahatma7215

    Mahatma7215 Thread Starter

    Joined:
    Mar 21, 2005
    Messages:
    109
    It seems better, but still does it occasionally. I will deal with it for now if it gets worse I will return, but for now I guess it's ok.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/916041

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice