google redirects to advertisement sites

View previous topic View next topic Go down

google redirects to advertisement sites

Post by Alphonso12 on Sun May 22, 2011 9:26 pm

OTL Extras logfile created on: 5/22/2011 8:41:57 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\LAM & JMB\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.45 Mb Total Physical Memory | 237.52 Mb Available Physical Memory | 31.03% Memory free
1.87 Gb Paging File | 0.24 Gb Available in Paging File | 12.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 189.52 Gb Free Space | 81.38% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: LAM & JMB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056E6926-DFC1-48ED-895D-CC47FCEFC3FA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0C0AFF99-D6FA-4BEA-A024-E9F654C4E8BB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{0DD5373C-5744-4FC3-869B-05D01E5BC9BC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{2C359B99-C8BD-47A4-9EA6-FEFC8067C011}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A96007C-9556-4E74-AF41-C718B6503393}" = lport=445 | protocol=6 | dir=in | app=system |
"{3ADA52D2-7CDB-4B89-9FC6-36E30117F2C9}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{4383D04B-576A-4657-89DB-6377D4EF1001}" = rport=2869 | protocol=6 | dir=out | app=system |
"{455EADDB-32E6-4055-90E4-EE590F4F3126}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{56ADC577-EDCB-4FDA-B6A0-C2C289B350D4}" = rport=139 | protocol=6 | dir=out | app=system |
"{5C3E7CE3-17E6-48BA-8BFE-CBFB47EEA899}" = lport=1723 | protocol=6 | dir=in | app=system |
"{5CD8854E-D9C1-42FC-9F69-7BF360211D2D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5E2A454F-132B-4E69-94A9-C371EC27FB96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{5E80B4BB-E162-4013-A729-0359145AF8C0}" = rport=1723 | protocol=6 | dir=out | app=system |
"{6A48FCE8-8281-4D97-B8C2-FD6DBEFDC57A}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{6C352ECB-9ACC-4912-AAD0-EF18A92AC805}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6D12FB28-74B1-4CF4-B192-6ABC3CDBCDC9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{741C9395-29F4-4E59-B512-ADCA0241406B}" = rport=445 | protocol=6 | dir=out | app=system |
"{7A293A16-CF7C-4224-95A9-341EBE2437DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C516FC9-3CD3-4080-9454-591ACFF55DAB}" = lport=1701 | protocol=17 | dir=in | app=system |
"{8E3A82B6-5B16-481D-BE19-95AB3934982C}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EF266DF-C06B-4450-9DA6-C682AFB1A549}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |
"{91670D95-416A-44B1-9DB0-279DEF7517EE}" = rport=138 | protocol=17 | dir=out | app=system |
"{91E02E34-200D-4007-9598-EA7CFF84F37A}" = lport=445 | protocol=6 | dir=in | app=system |
"{ACF40FD4-C546-4415-B95B-D27391D4B4B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B327B2C5-6CE9-49DF-B717-826949AEAF5C}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{BDFACB23-2DB7-4A52-AE60-D80EEC014F6D}" = lport=137 | protocol=17 | dir=in | app=system |
"{BEE597A5-F42A-4F12-B100-C94E59EFB388}" = lport=138 | protocol=17 | dir=in | app=system |
"{BF6C52BF-8106-4473-A459-426A563EA5B9}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |
"{C00361A3-0EE8-45B1-84F7-E4A196092F26}" = lport=445 | protocol=6 | dir=in | app=system |
"{C1D2DD3C-93C0-4B39-A22A-F1DBA03956E8}" = rport=137 | protocol=17 | dir=out | app=system |
"{D6048136-6C5F-40EF-A81D-20BE89DCB6E4}" = lport=139 | protocol=6 | dir=in | app=system |
"{D973F370-AA50-453F-A10F-F905AD8A6021}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E163A86D-2738-462F-B46D-46F05B39183D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{E75F610D-36A1-4251-9E19-684E90EC7C6F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{EAE71395-B1CE-43FC-9382-5AC358B6A4F4}" = rport=1701 | protocol=17 | dir=out | app=system |
"{ECF7E0D0-FBEE-4BA6-9ECE-06F6DB5A1F01}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{FCC3D23C-4F15-454B-85A9-65D0F370B611}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034BE123-11AD-4B81-9B36-B0CF8ECD42B6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0C2C536E-448E-4995-A5F4-49319F60AF57}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{14EC077E-B148-40F9-A945-8F89BBC4DB9B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{16B3C0FA-1255-4499-B982-34E33028EA45}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{1D012943-8813-4CF7-AA28-9655EB2D9B4D}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{1D90B8C7-CB4A-4CC8-B9B9-8B4B40E4271D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1D9A47E0-DB4D-4C4D-AA1D-E17598EA5D48}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1ED99F04-45A5-44AE-AA82-5D9D76724D51}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{28F39243-530A-4B0E-9684-5F7BC380CFB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{328C2E69-9EF3-4F52-BC26-28DD8972DB25}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{38422AE1-5DA8-4F40-91CB-514C03666722}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{414DD5F9-013C-4EB5-8E71-4852F8BAAE34}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{4A2D1EDA-D10F-4E42-BA47-BA01EE550A44}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{4B4D87B3-3CEC-4F18-8D36-2062128993BA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5562A5B5-56A1-452C-9615-9376BA54FBC4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6012E7FD-5A0A-4695-848A-453FC21546C8}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{695416AF-F1A0-4A50-961A-74D741CE745B}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{75B51F51-5002-4F09-A807-337A87B9745F}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{771946DB-EDE1-48FA-A12F-004C0DBA02A0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7B17CA9E-537D-4731-A00E-E29D4AE75EDC}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{7F530C57-C256-457F-98CA-9BF41D9A1ADC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{7FEB01F6-9485-406F-A571-8999FB1C9D14}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{8CF6DCA0-466B-4DFB-9B57-C1F6EC2B0D53}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{8DDA30AF-81A0-4FEF-B30E-022305745F3F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{9CFB81B8-49A0-4984-966A-BDB117EB6D96}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A8866234-CCFF-40C3-94F8-5A7FA57299E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{A9825D0E-8A2D-4D15-ADB1-80AA798AA723}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{AE16DAFB-A4CC-47D0-98D6-DFED55ECB5B5}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{B6668B93-CCF7-4D77-B34C-7F8D24B7CE31}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{C49D2AF3-299A-426B-875A-365641280914}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{C67FAEEA-CAC7-49C4-BB43-A7FF70BD7EC6}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{C8D0ED48-3C43-46BC-B254-E069F480BA69}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{CC0DC6B1-09FB-4075-BADD-F9E7C80C7584}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D7C9DC09-F130-4EE7-ABAB-1CDE2633E9AA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E2A32A6A-B2C4-4A27-A4A5-19E0A08D38C0}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{E6483DDD-1D91-472E-BDA0-9F39D34B9772}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{F0B63BD7-2F3D-4002-BE7C-30EBE354EFA2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{F0BD0597-E8D2-442E-8902-9F51E3058CE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{F100D76F-0F6E-4677-9091-14177E172297}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{F9DC45E2-5122-43D7-B26D-D34269D46083}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{FF7E8624-447B-4646-8E36-4566698B7BCC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{12CFC8C9-EFA5-4CDF-9C79-BF2644E2619A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{24D72A22-EA3C-4725-9D11-AD943CE2CA82}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{71BF8156-4EBA-4E55-935E-14C35CE2CDBD}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{C1CED11E-61AA-4051-9B35-EE7CA0823505}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{AF1EE8CF-23AC-442A-9361-B1861530FDC7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{B8CF19D7-CA94-457C-AD74-A3D7C9B4FAEC}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{BDAD4AB5-D55F-465B-8354-5D646BE06AC5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F0A303BE-8B27-4F2E-B844-B438D6679ED9}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DBB66CD-38C7-472C-BBB9-06BFDA182A29}" = F2400
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6209782-BDE3-461A-81BC-D6BF0965E5F0}" = AutoBackup
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"65cfa16ae20f2ee7307ea540c96e05e8" = Monopoly
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_7" = AIM 7
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Defraggler" = Defraggler
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"ViewpointMediaPlayer" = Viewpoint Media Player
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2011 9:06:20 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 35125

Error - 5/21/2011 9:06:22 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/21/2011 9:06:22 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 37266

Error - 5/21/2011 9:06:22 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37266

Error - 5/22/2011 7:18:17 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/22/2011 7:18:17 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 123152906

Error - 5/22/2011 7:18:17 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 123152906

Error - 5/22/2011 7:18:20 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/22/2011 7:18:20 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 123155000

Error - 5/22/2011 7:18:20 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 123155000

[ System Events ]
Error - 5/22/2011 7:19:46 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 7:19:50 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 7:50:07 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 7:50:11 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 8:22:40 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 8:22:44 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 8:35:48 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 8:35:52 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 8:36:16 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 8:36:20 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.


< End of report >

Alphonso12
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2011-05-22
OS OS : vista
Points Points : 20293
# Likes # Likes : 0

View user profile

Back to top Go down

Re: google redirects to advertisement sites

Post by Crush on Sun May 22, 2011 11:13 pm

Hi,

Were you able to generate the Extras.txt and aswMBR logs?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42118
# Likes # Likes : 0

View user profile

Back to top Go down

Re: google redirects to advertisement sites

Post by Alphonso12 on Thu May 26, 2011 8:52 pm

here it goes

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-22 21:14:06
-----------------------------
21:14:06.489 OS Version: Windows 6.0.6002 Service Pack 2
21:14:06.489 Number of processors: 1 586 0x4C02
21:14:06.490 ComputerName: OWNER-PC UserName:
21:14:18.383 Initialize success
21:15:26.561 The log file has been saved successfully to "C:\Users\LAM & JMB\Desktop\aswMBR.txt"
21:15:33.129 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\SI31121Port2Path0Target0Lun0
21:15:33.133 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 11
21:15:33.149 Disk 0 MBR read successfully
21:15:33.152 Disk 0 MBR scan
21:15:33.155 Disk 0 unknown MBR code
21:15:33.164 Disk 0 scanning sectors +488394752
21:15:33.220 Disk 0 scanning C:\Windows\system32\drivers
21:15:43.028 Service scanning
21:15:46.197 Disk 0 trace - called modules:
21:15:46.233 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll SCSIPORT.SYS SI3112.sys partmgr.sys volmgr.sys ecache.sys volsnap.sys dxgkrnl.sys atikmdag.sys
21:15:46.249 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x847288f8]
21:15:46.253 3 CLASSPNP.SYS[863a88b3] -> nt!IofCallDriver -> [0x84316f08]
21:15:46.259 5 acpi.sys[806126bc] -> nt!IofCallDriver -> \Device\Scsi\SI31121Port2Path0Target0Lun0[0x84308030]
21:15:46.265 Scan finished successfully
21:18:01.424 Disk 0 MBR has been saved successfully to "C:\Users\LAM & JMB\Desktop\MBR.dat"
21:18:01.433 The log file has been saved successfully to "C:\Users\LAM & JMB\Desktop\aswMBR2.txt"



Alphonso12
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2011-05-22
OS OS : vista
Points Points : 20293
# Likes # Likes : 0

View user profile

Back to top Go down

Re: google redirects to advertisement sites

Post by Crush on Fri May 27, 2011 3:15 pm

and Extras.txt?

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42118
# Likes # Likes : 0

View user profile

Back to top Go down

Re: google redirects to advertisement sites

Post by Alphonso12 on Sun May 29, 2011 8:15 pm

OTL Extras logfile created on: 5/22/2011 8:41:57 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\LAM & JMB\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.45 Mb Total Physical Memory | 237.52 Mb Available Physical Memory | 31.03% Memory free
1.87 Gb Paging File | 0.24 Gb Available in Paging File | 12.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 189.52 Gb Free Space | 81.38% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: LAM & JMB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056E6926-DFC1-48ED-895D-CC47FCEFC3FA}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0C0AFF99-D6FA-4BEA-A024-E9F654C4E8BB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{0DD5373C-5744-4FC3-869B-05D01E5BC9BC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{2C359B99-C8BD-47A4-9EA6-FEFC8067C011}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3A96007C-9556-4E74-AF41-C718B6503393}" = lport=445 | protocol=6 | dir=in | app=system |
"{3ADA52D2-7CDB-4B89-9FC6-36E30117F2C9}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{4383D04B-576A-4657-89DB-6377D4EF1001}" = rport=2869 | protocol=6 | dir=out | app=system |
"{455EADDB-32E6-4055-90E4-EE590F4F3126}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{56ADC577-EDCB-4FDA-B6A0-C2C289B350D4}" = rport=139 | protocol=6 | dir=out | app=system |
"{5C3E7CE3-17E6-48BA-8BFE-CBFB47EEA899}" = lport=1723 | protocol=6 | dir=in | app=system |
"{5CD8854E-D9C1-42FC-9F69-7BF360211D2D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5E2A454F-132B-4E69-94A9-C371EC27FB96}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{5E80B4BB-E162-4013-A729-0359145AF8C0}" = rport=1723 | protocol=6 | dir=out | app=system |
"{6A48FCE8-8281-4D97-B8C2-FD6DBEFDC57A}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{6C352ECB-9ACC-4912-AAD0-EF18A92AC805}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{6D12FB28-74B1-4CF4-B192-6ABC3CDBCDC9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{741C9395-29F4-4E59-B512-ADCA0241406B}" = rport=445 | protocol=6 | dir=out | app=system |
"{7A293A16-CF7C-4224-95A9-341EBE2437DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C516FC9-3CD3-4080-9454-591ACFF55DAB}" = lport=1701 | protocol=17 | dir=in | app=system |
"{8E3A82B6-5B16-481D-BE19-95AB3934982C}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EF266DF-C06B-4450-9DA6-C682AFB1A549}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |
"{91670D95-416A-44B1-9DB0-279DEF7517EE}" = rport=138 | protocol=17 | dir=out | app=system |
"{91E02E34-200D-4007-9598-EA7CFF84F37A}" = lport=445 | protocol=6 | dir=in | app=system |
"{ACF40FD4-C546-4415-B95B-D27391D4B4B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B327B2C5-6CE9-49DF-B717-826949AEAF5C}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{BDFACB23-2DB7-4A52-AE60-D80EEC014F6D}" = lport=137 | protocol=17 | dir=in | app=system |
"{BEE597A5-F42A-4F12-B100-C94E59EFB388}" = lport=138 | protocol=17 | dir=in | app=system |
"{BF6C52BF-8106-4473-A459-426A563EA5B9}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |
"{C00361A3-0EE8-45B1-84F7-E4A196092F26}" = lport=445 | protocol=6 | dir=in | app=system |
"{C1D2DD3C-93C0-4B39-A22A-F1DBA03956E8}" = rport=137 | protocol=17 | dir=out | app=system |
"{D6048136-6C5F-40EF-A81D-20BE89DCB6E4}" = lport=139 | protocol=6 | dir=in | app=system |
"{D973F370-AA50-453F-A10F-F905AD8A6021}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E163A86D-2738-462F-B46D-46F05B39183D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{E75F610D-36A1-4251-9E19-684E90EC7C6F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{EAE71395-B1CE-43FC-9382-5AC358B6A4F4}" = rport=1701 | protocol=17 | dir=out | app=system |
"{ECF7E0D0-FBEE-4BA6-9ECE-06F6DB5A1F01}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{FCC3D23C-4F15-454B-85A9-65D0F370B611}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034BE123-11AD-4B81-9B36-B0CF8ECD42B6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0C2C536E-448E-4995-A5F4-49319F60AF57}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{14EC077E-B148-40F9-A945-8F89BBC4DB9B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{16B3C0FA-1255-4499-B982-34E33028EA45}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{1D012943-8813-4CF7-AA28-9655EB2D9B4D}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{1D90B8C7-CB4A-4CC8-B9B9-8B4B40E4271D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1D9A47E0-DB4D-4C4D-AA1D-E17598EA5D48}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1ED99F04-45A5-44AE-AA82-5D9D76724D51}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{28F39243-530A-4B0E-9684-5F7BC380CFB1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{328C2E69-9EF3-4F52-BC26-28DD8972DB25}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{38422AE1-5DA8-4F40-91CB-514C03666722}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{414DD5F9-013C-4EB5-8E71-4852F8BAAE34}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{4A2D1EDA-D10F-4E42-BA47-BA01EE550A44}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{4B4D87B3-3CEC-4F18-8D36-2062128993BA}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5562A5B5-56A1-452C-9615-9376BA54FBC4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6012E7FD-5A0A-4695-848A-453FC21546C8}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{695416AF-F1A0-4A50-961A-74D741CE745B}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{75B51F51-5002-4F09-A807-337A87B9745F}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{771946DB-EDE1-48FA-A12F-004C0DBA02A0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7B17CA9E-537D-4731-A00E-E29D4AE75EDC}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{7F530C57-C256-457F-98CA-9BF41D9A1ADC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{7FEB01F6-9485-406F-A571-8999FB1C9D14}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{8CF6DCA0-466B-4DFB-9B57-C1F6EC2B0D53}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{8DDA30AF-81A0-4FEF-B30E-022305745F3F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{9CFB81B8-49A0-4984-966A-BDB117EB6D96}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{A8866234-CCFF-40C3-94F8-5A7FA57299E3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{A9825D0E-8A2D-4D15-ADB1-80AA798AA723}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{AE16DAFB-A4CC-47D0-98D6-DFED55ECB5B5}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{B6668B93-CCF7-4D77-B34C-7F8D24B7CE31}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{C49D2AF3-299A-426B-875A-365641280914}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{C67FAEEA-CAC7-49C4-BB43-A7FF70BD7EC6}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{C8D0ED48-3C43-46BC-B254-E069F480BA69}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{CC0DC6B1-09FB-4075-BADD-F9E7C80C7584}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{D7C9DC09-F130-4EE7-ABAB-1CDE2633E9AA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E2A32A6A-B2C4-4A27-A4A5-19E0A08D38C0}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{E6483DDD-1D91-472E-BDA0-9F39D34B9772}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{F0B63BD7-2F3D-4002-BE7C-30EBE354EFA2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{F0BD0597-E8D2-442E-8902-9F51E3058CE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{F100D76F-0F6E-4677-9091-14177E172297}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{F9DC45E2-5122-43D7-B26D-D34269D46083}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{FF7E8624-447B-4646-8E36-4566698B7BCC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{12CFC8C9-EFA5-4CDF-9C79-BF2644E2619A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{24D72A22-EA3C-4725-9D11-AD943CE2CA82}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{71BF8156-4EBA-4E55-935E-14C35CE2CDBD}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{C1CED11E-61AA-4051-9B35-EE7CA0823505}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{AF1EE8CF-23AC-442A-9361-B1861530FDC7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{B8CF19D7-CA94-457C-AD74-A3D7C9B4FAEC}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{BDAD4AB5-D55F-465B-8354-5D646BE06AC5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F0A303BE-8B27-4F2E-B844-B438D6679ED9}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5546F4E9-B0F4-4F54-B949-2AB006C9284F}" = DJ_AIO_06_F2400_SW_Min
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DBB66CD-38C7-472C-BBB9-06BFDA182A29}" = F2400
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{819CA3BC-2FF8-4811-B42F-421F7BFD3559}" = HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}" = Copy
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C73F2967-062E-48F2-A462-D335B8950183}" = Safari
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6209782-BDE3-461A-81BC-D6BF0965E5F0}" = AutoBackup
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"65cfa16ae20f2ee7307ea540c96e05e8" = Monopoly
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AIM_7" = AIM 7
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Defraggler" = Defraggler
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"InstallShield_{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"ViewpointMediaPlayer" = Viewpoint Media Player
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/21/2011 9:06:20 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 35125

Error - 5/21/2011 9:06:22 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/21/2011 9:06:22 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 37266

Error - 5/21/2011 9:06:22 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37266

Error - 5/22/2011 7:18:17 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/22/2011 7:18:17 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 123152906

Error - 5/22/2011 7:18:17 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 123152906

Error - 5/22/2011 7:18:20 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/22/2011 7:18:20 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 123155000

Error - 5/22/2011 7:18:20 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 123155000

[ System Events ]
Error - 5/22/2011 7:19:46 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 7:19:50 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 7:50:07 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 7:50:11 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 8:22:40 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 8:22:44 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 8:35:48 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 8:35:52 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 8:36:16 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.

Error - 5/22/2011 8:36:20 PM | Computer Name = Owner-PC | Source = disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.


< End of report >

Alphonso12
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2011-05-22
OS OS : vista
Points Points : 20293
# Likes # Likes : 0

View user profile

Back to top Go down

Re: google redirects to advertisement sites

Post by Crush on Sun May 29, 2011 9:40 pm

Hi,

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: [You must be registered and logged in to see this link.]

Additional info: [You must be registered and logged in to see this link.]

I suggest you remove the program now.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

======

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log

Crush
Master
Master

Posts Posts : 3889
Joined Joined : 2010-01-27
Gender Gender : Male
Points Points : 42118
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum