Google Redirect

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Mahatma7215

Thread Starter
Joined
Mar 21, 2005
Messages
160
I believe that I had the google redirector so found a post and followed instructions

Am running vista, use AVG Free edition.

Seems that the redirect is gone, but internet still running slow.
concerned about other possible viruses.

Here is the combo fix report

ComboFix 10-04-10.01 - Ted 04/10/2010 11:51:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.273 [GMT -7:00]
Running from: c:\users\Ted\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3483109943-3815345499-1210177127-500
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-03-10 to 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-10 19:07 . 2010-04-10 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-10 19:07 . 2010-04-10 19:08 -------- d-----w- c:\users\Ted\AppData\Local\temp
2010-04-10 19:07 . 2010-04-10 19:07 -------- d-----w- c:\users\Dominik\AppData\Local\temp
2010-04-10 19:07 . 2010-04-10 19:07 -------- d-----w- c:\users\Barbara\AppData\Local\temp
2010-04-08 15:07 . 2010-04-08 15:07 4255072 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-04-02 16:26 . 2010-04-02 16:26 4076824 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-04-02 16:26 . 2010-04-02 16:26 2059544 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2010-04-02 16:26 . 2010-04-02 16:26 1598744 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-04-02 16:26 . 2010-04-02 16:26 1274136 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-04-02 16:26 . 2010-04-02 16:26 598296 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-04-02 16:26 . 2010-04-02 16:26 1515224 ----a-w- c:\programdata\avg9\update\backup\avgwd.dll
2010-04-02 16:26 . 2010-04-02 16:26 459544 ----a-w- c:\programdata\avg9\update\backup\avgcclix.dll
2010-04-02 16:26 . 2010-04-02 16:26 313112 ----a-w- c:\programdata\avg9\update\backup\avglogx.dll
2010-04-02 16:26 . 2010-04-02 16:26 556824 ----a-w- c:\programdata\avg9\update\backup\avgchjwx.dll
2010-04-02 16:26 . 2010-04-02 16:26 1086744 ----a-w- c:\programdata\avg9\update\backup\avgchsvx.exe
2010-04-02 16:26 . 2010-04-02 16:26 301336 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-04-02 16:21 . 2010-04-02 16:21 1685784 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-02 16:21 . 2010-04-02 16:21 1035032 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-04-01 03:03 . 2010-04-01 03:03 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-27 00:49 . 2010-03-27 00:49 -------- d-----w- c:\temp\MotoConnectTemp
2010-03-25 14:53 . 2010-03-25 14:54 20846064 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-17 16:49 . 2010-03-17 16:49 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-03-17 16:49 . 2010-03-17 16:49 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-03-17 16:49 . 2010-03-17 16:49 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 18:42 . 2009-12-02 05:51 -------- d-----w- c:\programdata\avg9
2010-04-04 18:04 . 2010-03-07 15:17 439816 ----a-w- c:\users\Ted\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-31 22:11 . 2010-03-03 03:08 439816 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-11 14:52 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 06:08 . 2008-06-06 01:24 -------- d-----w- c:\programdata\Microsoft Help
2010-03-07 17:03 . 2008-08-24 03:08 104392 ----a-w- c:\users\Dominik\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-04 05:37 . 2009-04-02 05:28 -------- d-----w- c:\programdata\Electronic Arts
2010-03-04 05:29 . 2010-03-04 05:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-04 05:28 . 2010-03-04 05:37 38784 ----a-w- c:\users\Barbara\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-04 05:28 . 2010-03-04 05:29 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-03-03 14:16 . 2010-03-03 14:16 8405312 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-03 14:16 . 2010-03-03 14:16 149000 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-03 14:15 . 2010-03-03 14:15 10309448 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-03 14:15 . 2010-03-03 14:15 283280 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-03 14:15 . 2010-03-03 14:15 181768 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-03 14:15 . 2010-03-03 14:15 79368 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-03 14:15 . 2010-03-03 14:15 64000 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-03 14:15 . 2010-03-03 14:15 52288 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-03 14:15 . 2010-03-03 14:15 50688 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-03 14:15 . 2010-03-03 14:15 49152 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-03 14:15 . 2010-03-03 14:15 118784 ----a-w- c:\users\Barbara\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-02-25 06:05 . 2010-01-06 00:23 -------- d-----w- c:\program files\Ask.com
2010-02-24 14:39 . 2008-08-24 01:07 104392 ----a-w- c:\users\Barbara\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 13:14 . 2008-08-24 18:27 104392 ----a-w- c:\users\Ted\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 11:25 . 2008-06-06 01:22 -------- d-----w- c:\program files\BigFix
2010-02-23 15:43 . 2008-06-06 01:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-23 06:39 . 2010-03-30 23:10 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 23:10 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-30 23:10 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-30 23:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 05:55 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 05:55 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 05:55 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-14 15:55 . 2008-06-06 01:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-13 23:05 . 2010-02-13 23:05 -------- d-----w- c:\program files\VCE3
2010-01-25 12:00 . 2010-02-24 07:32 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 07:31 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 07:31 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 07:32 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 07:31 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 07:31 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 07:31 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 07:31 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 07:31 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 07:32 2048 ----a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{69d1a568-ffdf-4ef5-8919-7003582e0ee8}"= "c:\program files\Playdom\tbPlay.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]
2009-12-31 19:53 2349080 ----a-w- c:\program files\Playdom\tbPlay.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-05 00:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{69d1a568-ffdf-4ef5-8919-7003582e0ee8}"= "c:\program files\Playdom\tbPlay.dll" [2009-12-31 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]

[HKEY_CLASSES_ROOT\clsid\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-05 1197448]
"{69D1A568-FFDF-4EF5-8919-7003582E0EE8}"= "c:\program files\Playdom\tbPlay.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{69d1a568-ffdf-4ef5-8919-7003582e0ee8}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-10-11 2919608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-05 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-05 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-05 138008]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"lxbmmon.exe"="c:\program files\Lexmark 4200 Series\lxbmmon.exe" [2007-01-30 230320]
"Lexmark 4200 Series Fax Server"="c:\program files\Lexmark 4200 Series\fm3032.exe" [2007-01-30 160688]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-12-02 413696]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-23 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]

c:\users\Dominik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\users\Ted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):9f,a7,4e,de,79,ed,c9,01

R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S2 lxbm_device;lxbm_device;c:\windows\system32\lxbmcoms.exe [2007-01-30 537520]
S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2009-07-18 91392]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.charter.net/index.php
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W3653a
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\f85f0u17.default\
FF - prefs.js: browser.startup.homepage - hxxp://angel.waol.org/
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
AddRemove-Davis's Drug Search for Nurses, 11e - c:\program files\FA Davis\Davis's Drug Search for Nurses



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 12:08
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3483109943-3815345499-1210177127-1002\Software\SecuROM\License information*]
"datasecu"=hex:55,9a,2c,2f,3f,3f,91,99,05,8b,03,ab,a0,6d,2a,e6,da,84,1f,83,5c,
30,1d,f8,4a,2f,fc,33,82,43,0d,63,00,cc,f4,6d,b4,37,61,aa,e2,da,72,79,5a,58,\
"rkeysecu"=hex:7f,6c,16,ba,1a,80,6a,4e,f0,8f,d2,94,da,d7,22,65

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-04-10 12:14:03
ComboFix-quarantined-files.txt 2010-04-10 19:14

Pre-Run: 197,530,587,136 bytes free
Post-Run: 198,722,240,512 bytes free

- - End Of File - - 47DA160702413DD48857786339ED4349


And here is the Hijack this report I ran after combofix

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:50:24 PM, on 4/10/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Lexmark 4200 Series\LXBMmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.charter.net/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=WM&Br=EM&Loc=ENG_US&Sys=DTP&M=W3653a
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1308.0\msneshellx.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1308.0\msneshellx.dll
O3 - Toolbar: Playdom Toolbar - {69d1a568-ffdf-4ef5-8919-7003582e0ee8} - C:\Program Files\Playdom\tbPlay.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [lxbmmon.exe] "C:\Program Files\Lexmark 4200 Series\lxbmmon.exe"
O4 - HKLM\..\Run: [Lexmark 4200 Series Fax Server] "C:\Program Files\Lexmark 4200 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax7705.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxbm_device - - C:\Windows\system32\lxbmcoms.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7628 bytes


Any help would be greatly appreciated

Ted
 

Mahatma7215

Thread Starter
Joined
Mar 21, 2005
Messages
160
It seems as if the redirector is still doing it's thing. Help would be great this is very frustrating, It happened to my wife, we have multiple users on this computer, do I have to clean each user profile seperately?
 

Mahatma7215

Thread Starter
Joined
Mar 21, 2005
Messages
160
The redirector seems to still be active. My problems only seem to be related to internet browsing, regular applications work fine. But when browsing I get redirected often, or IE reports that connection to the internet is lost, even though it isn't. Also oftentimes images are not showing up on webpages also.

Any assistance is, as always, greatly appreciated.
 

Mahatma7215

Thread Starter
Joined
Mar 21, 2005
Messages
160
It seems better, but still does it occasionally. I will deal with it for now if it gets worse I will return, but for now I guess it's ok.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top