TechSpot

Google webhp redirects and popups

Inactive
By rickyvp
Oct 15, 2010
Topic Status:
Not open for further replies.
  1. I have run plenty virus scans and everything but it doesn't seem to find anything, everytime i try go on google it redirects me to google.com/webhp which i suspect is not the real google and then popups will come when i click onto any link.

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    15/10/2010 22:47:27
    mbam-log-2010-10-15 (22-47-27).txt

    Scan type: Quick scan
    Objects scanned: 116375
    Time elapsed: 4 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


    GMER 1.0.15.15319 - http://www.gmer.net
    Rootkit scan 2010-10-15 22:58:45
    Windows 6.1.7600
    Running: eumd1gk4.exe; Driver: C:\Users\Ricky\AppData\Local\Temp\fwlcrpoc.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A55599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A79F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? system32\drivers\cjypcrx.sys The system cannot find the path specified. !
    PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A0E36000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A0E36123 629 Bytes [15, E3, A0, FE, 05, 34, 15, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 5329 A0E36399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 538F A0E363FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
    PAGE spsys.sys!?SPRevision@@3PADA + 543B A0E364AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
    PAGE ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1660] kernel32.dll!SetUnhandledExceptionFilter 767C3162 4 Bytes [C2, 04, 00, 00]

    ---- EOF - GMER 1.0.15 ----

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------



    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Ricky at 23:04:28.07 on 15/10/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1329 [GMT 1:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Users\Ricky\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\Ricky\Downloads\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    uRun: [Google Update] "c:\users\ricky\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

    ============= SERVICES / DRIVERS ===============

    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-7-29 136632]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-8-12 810144]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 96920]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-15 304464]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-15 20952]
    R3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-8-5 750592]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

    =============== Created Last 30 ================

    2010-10-15 21:05:23 -------- d-sh--w- C:\$RECYCLE.BIN
    2010-10-15 20:43:32 77312 ----a-w- c:\windows\MBR.exe
    2010-10-15 20:43:31 98816 ----a-w- c:\windows\sed.exe
    2010-10-15 20:43:31 256512 ----a-w- c:\windows\PEV.exe
    2010-10-15 20:43:31 161792 ----a-w- c:\windows\SWREG.exe
    2010-10-15 12:17:37 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
    2010-10-15 12:17:29 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d4d1c43d-5f25-4bad-a893-abf8af65bd6e}\mpengine.dll
    2010-10-15 00:43:35 -------- d-----w- c:\program files\Defraggler
    2010-10-15 00:14:23 -------- d-----w- c:\users\ricky\appdata\roaming\Malwarebytes
    2010-10-15 00:14:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-15 00:14:02 -------- d-----w- c:\progra~2\Malwarebytes
    2010-10-15 00:14:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-15 00:14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-14 22:38:31 -------- d-----w- c:\users\ricky\appdata\local\ESET
    2010-10-13 19:35:08 -------- d-----w- c:\users\ricky\appdata\roaming\LolClient
    2010-10-13 18:44:19 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
    2010-10-13 18:44:19 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
    2010-10-13 18:44:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2010-10-13 18:44:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2010-10-13 18:44:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2010-10-13 18:39:04 -------- d-----w- C:\Riot Games
    2010-10-13 17:50:55 -------- d-----w- c:\windows\system32\appmgmt
    2010-10-13 17:18:11 -------- d-----w- c:\users\ricky\appdata\local\PMB Files
    2010-10-13 17:18:10 -------- d-----w- c:\progra~2\PMB Files
    2010-10-13 17:17:22 -------- d-----w- c:\program files\Pando Networks
    2010-10-13 17:15:22 -------- d-----w- c:\program files\CCleaner
    2010-10-13 14:30:26 -------- d--h--w- c:\program files\Temp
    2010-10-13 06:22:58 -------- d-----w- c:\windows\Panther
    2010-10-13 01:08:25 -------- d-----w- c:\program files\Microsoft Analysis Services
    2010-10-13 00:18:30 -------- d-----w- c:\users\ricky\appdata\local\Microsoft Help
    2010-10-13 00:18:09 -------- d-----w- c:\users\ricky\appdata\roaming\IObit
    2010-10-13 00:18:06 -------- d-----w- c:\program files\IObit
    2010-10-13 00:12:32 -------- d-----w- c:\program files\ESET
    2010-10-12 23:46:21 -------- d-----w- c:\windows\system32\RTCOM
    2010-10-12 23:46:21 -------- d-----w- c:\program files\Realtek
    2010-10-12 23:44:42 257024 ----a-w- c:\windows\system32\msv1_0.dll
    2010-10-12 23:43:17 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-10-12 23:43:17 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-10-12 23:43:17 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-10-12 23:43:17 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-10-12 23:43:17 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-10-12 23:39:11 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2010-10-12 23:34:27 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2010-10-12 23:32:46 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2010-10-12 23:32:41 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-10-12 23:30:43 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-12 23:29:52 224256 ----a-w- c:\windows\system32\schannel.dll
    2010-10-12 23:28:54 34816 ----a-w- c:\windows\system32\msasn1.dll
    2010-10-12 23:24:42 -------- d-----w- c:\users\ricky\Tracing
    2010-10-12 23:23:29 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2010-10-12 23:23:19 70656 ----a-w- c:\windows\system32\fontsub.dll
    2010-10-12 23:23:19 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-12 23:23:19 293888 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-12 23:21:25 -------- d-----w- c:\windows\en
    2010-10-12 23:20:31 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-10-12 23:19:56 -------- d-----w- c:\windows\PCHEALTH
    2010-10-12 23:18:58 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-10-12 23:18:58 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-10-12 23:18:57 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-10-12 23:18:28 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-10-12 23:17:02 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
    2010-10-12 23:17:02 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2010-10-12 23:16:37 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-10-12 23:16:36 132608 ----a-w- c:\windows\system32\cabview.dll
    2010-10-12 23:14:37 -------- d-----w- c:\users\ricky\appdata\local\Adobe
    2010-10-12 23:14:20 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
    2010-10-12 23:14:19 3181568 ----a-w- c:\windows\system32\mf.dll
    2010-10-12 23:14:19 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2010-10-12 23:14:17 94040 ----a-w- c:\program files\common files\windows live\.cache\2fd7a9281cb6a6308\DSETUP.dll
    2010-10-12 23:14:17 525656 ----a-w- c:\program files\common files\windows live\.cache\2fd7a9281cb6a6308\DXSETUP.exe
    2010-10-12 23:14:17 1691480 ----a-w- c:\program files\common files\windows live\.cache\2fd7a9281cb6a6308\dsetup32.dll
    2010-10-12 23:14:11 94040 ----a-w- c:\program files\common files\windows live\.cache\283a213a1cb6a6307\DSETUP.dll
    2010-10-12 23:14:11 525656 ----a-w- c:\program files\common files\windows live\.cache\283a213a1cb6a6307\DXSETUP.exe
    2010-10-12 23:14:11 1691480 ----a-w- c:\program files\common files\windows live\.cache\283a213a1cb6a6307\dsetup32.dll
    2010-10-12 23:13:36 6260088 ----a-w- c:\program files\common files\windows live\.cache\16a2025e1cb6a6306\Silverlight.4.0.exe
    2010-10-12 23:13:35 -------- d--h--w- c:\windows\msdownld.tmp
    2010-10-12 23:13:22 -------- d-----w- c:\windows\system32\directx
    2010-10-12 23:13:12 -------- d-----w- c:\users\ricky\appdata\local\Google
    2010-10-12 23:12:27 -------- d-----w- c:\users\ricky\appdata\local\Apps
    2010-10-12 23:12:24 -------- d-----w- c:\users\ricky\appdata\local\Deployment
    2010-10-12 23:11:12 -------- d-----w- c:\users\ricky\appdata\local\Windows Live
    2010-10-12 23:11:09 -------- d-----w- c:\program files\common files\Windows Live
    2010-10-12 23:04:16 -------- d-----w- c:\windows\{B251C9DD-FCEA-4039-966F-B989C65D2302}
    2010-10-12 22:51:59 -------- d-----w- c:\users\ricky\appdata\local\Microsoft Games
    2010-10-12 22:35:35 -------- d-----w- c:\progra~2\NVIDIA Corporation
    2010-10-12 22:35:32 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-10-12 22:02:38 -------- d-----w- c:\users\ricky\appdata\local\ElevatedDiagnostics
    2010-10-12 21:48:34 -------- d-----w- c:\program files\Belkin
    2010-10-12 21:45:18 -------- d-sh--w- c:\windows\Installer
    2010-10-12 21:38:49 -------- d-----w- c:\windows\system32\wbem\Performance
    2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-22 23:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-21 13:13:50 1564072 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDRES.DLL
    2010-09-21 13:08:38 439168 ----a-w- c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    2010-09-21 13:06:02 853912 ----a-w- c:\program files\common files\microsoft shared\windows live\wlidcli.dll
    2010-09-21 13:06:02 57752 ----a-w- c:\program files\common files\microsoft shared\windows live\msidcrl40.dll
    2010-09-21 13:03:14 332160 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDCREDPROV.DLL
    2010-09-21 13:03:14 237952 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDPROV.DLL
    2010-09-21 13:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
    2010-09-21 13:03:14 193408 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVCM.EXE
    2010-09-21 13:03:14 1710464 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE
    2010-09-21 13:03:14 145280 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDNSP.DLL

    ==================== Find3M ====================

    2010-10-05 18:57:22 1084008 ----a-w- c:\windows\system32\RTSndMgr.cpl
    2010-10-05 18:57:10 1843816 ----a-w- c:\windows\system32\RtkPgExt.dll
    2010-10-05 18:56:58 66152 ----a-w- c:\windows\system32\RtkCoInst.dll
    2010-10-05 18:56:58 453224 ----a-w- c:\windows\system32\RtkApoApi.dll
    2010-10-05 18:56:48 3610216 ----a-w- c:\windows\system32\RtkAPO.dll
    2010-09-29 12:11:02 1251944 ----a-w- c:\windows\RtlExUpd.dll
    2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-03 06:47:12 305568 ----a-w- c:\windows\system32\FMAPO.dll
    2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll
    2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-07-22 15:37:26 175200 ----a-w- c:\windows\system32\AERTACap.dll
    2010-07-21 15:52:14 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

    ============= FINISH: 23:04:59.22 ===============

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/10/2010 22:35:11
    System Uptime: 15/10/2010 23:00:05 (0 hours ago)

    Motherboard: ASUSTek Computer INC. | | Leonite2
    Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz | Socket 775 | 2000/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 141 GiB total, 102.272 GiB free.
    D: is FIXED (NTFS) - 8 GiB total, 1.002 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP28: 15/10/2010 01:25:37 - Removed Belkin N Wireless USB Adapter Setup
    RP29: 15/10/2010 13:17:07 - Windows Update

    ==== Installed Programs ======================

    Belkin F5D8053 N Wireless USB Adapter
    Belkin N Wireless USB Adapter Setup
    CCleaner
    D3DX10
    Defraggler
    ESET NOD32 Antivirus
    Game Booster 2
    Google Chrome
    League of Legends
    Malwarebytes' Anti-Malware
    Microsoft Application Error Reporting
    Microsoft IntelliPoint 8.0
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word MUI (English) 2010
    Microsoft SQL Server 2005 Compact Edition [ENU]
    MSVCRT
    NVIDIA Display Control Panel
    NVIDIA Drivers
    Pando Media Booster
    Realtek High Definition Audio Driver
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack

    ==== Event Viewer Messages From Past Week ========

    15/10/2010 23:00:29, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x865a7030, 0x865a719c, 0x82c3add0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101510-21434-01.
    15/10/2010 22:36:37, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x867863b0, 0x8678651c, 0x82c66dd0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101510-23181-01.
    15/10/2010 22:04:06, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    15/10/2010 13:49:13, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    13/10/2010 01:12:49, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/10/2010 22:38:25, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.

    ==== End Of File ===========================

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I think this will help you: http://www.google.com/support/websearch/bin/answer.py?hl=en&answer=873

    Reset as needed.

    Can you give me some history on your system. It appears to be new but there are a few errors that shouldn't be on a new machine.

    I also need you to clarify the popups comment. If the setting change for Google doesn't resolve this, I'll need a fuller description.
    ===================================
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    ================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Paste these logs in the next reply. No need to leave attachment also.

    Edit: I forgot to add this:
    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. rickyvp

    rickyvp Newcomer, in training Topic Starter

    Sorry for the long reply just that the online scanner took a while. And that link you gave doesn't seem to be the problem because it is not a country problem but i get redirected to google.com/webhp and i have done some research and most of the people say it is a virus. When I sometimes click onto links from google it opens up a new tab/window of weird websites with no names but IP adresses and all sorts but sometimes my MBAM seems to block most websites saying that they are malicious websites. Well earlier on when I was doing my GMER scan i happened to get a BSOD out of nowhere which I never had before.

    -----------------------------------------------------------------------------------------------------------------------

    ComboFix 10-10-14.04 - Ricky 16/10/2010 0:03.3.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1308 [GMT 1:00]
    Running from: c:\users\Ricky\Downloads\ComboFix.exe
    * Resident AV is active

    .

    ((((((((((((((((((((((((( Files Created from 2010-09-15 to 2010-10-15 )))))))))))))))))))))))))))))))
    .

    2010-10-15 23:07 . 2010-10-15 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-15 12:17 . 2010-09-16 09:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4D1C43D-5F25-4BAD-A893-ABF8AF65BD6E}\mpengine.dll
    2010-10-15 00:43 . 2010-10-15 00:43 -------- d-----w- c:\program files\Defraggler
    2010-10-15 00:14 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-15 00:14 . 2010-10-15 00:14 -------- d-----w- c:\programdata\Malwarebytes
    2010-10-15 00:14 . 2010-10-15 00:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-15 00:14 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-13 18:44 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
    2010-10-13 18:44 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
    2010-10-13 18:44 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
    2010-10-13 18:44 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
    2010-10-13 18:44 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2010-10-13 18:39 . 2010-10-13 18:39 -------- d-----w- C:\Riot Games
    2010-10-13 17:18 . 2010-10-13 17:18 -------- d-----w- c:\programdata\PMB Files
    2010-10-13 17:17 . 2010-10-13 17:17 -------- d-----w- c:\program files\Pando Networks
    2010-10-13 17:15 . 2010-10-13 17:15 -------- d-----w- c:\program files\CCleaner
    2010-10-13 06:22 . 2010-10-12 21:35 -------- d-----w- c:\windows\Panther
    2010-10-13 01:29 . 2010-10-13 01:29 -------- d-----w- c:\program files\Microsoft Works
    2010-10-13 01:28 . 2010-10-13 01:28 -------- d-----w- c:\program files\Microsoft.NET
    2010-10-13 01:08 . 2010-10-13 01:08 -------- d-----w- c:\program files\Microsoft Analysis Services
    2010-10-13 00:18 . 2010-10-13 01:30 -------- d-----w- c:\programdata\Microsoft Help
    2010-10-13 00:18 . 2010-10-13 00:18 -------- d-----w- c:\program files\IObit
    2010-10-13 00:12 . 2010-10-13 00:12 -------- d-----w- c:\program files\ESET
    2010-10-12 23:46 . 2010-10-13 14:51 -------- d-----w- c:\windows\system32\RTCOM
    2010-10-12 23:46 . 2010-10-12 23:46 -------- d-----w- c:\program files\Realtek
    2010-10-12 23:44 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
    2010-10-12 23:43 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-10-12 23:43 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
    2010-10-12 23:43 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
    2010-10-12 23:43 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-10-12 23:43 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
    2010-10-12 23:39 . 2010-10-12 23:39 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2010-10-12 23:34 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
    2010-10-12 23:32 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2010-10-12 23:32 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-10-12 23:30 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-12 23:29 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
    2010-10-12 23:28 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-12 23:23 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2010-10-12 23:23 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-12 23:23 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-12 23:23 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
    2010-10-12 23:21 . 2010-10-12 23:21 -------- d-----w- c:\windows\en
    2010-10-12 23:20 . 2010-10-12 23:20 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-10-12 23:19 . 2010-10-12 23:19 -------- d-----w- c:\windows\PCHEALTH
    2010-10-12 23:19 . 2010-10-12 23:20 -------- d-----w- c:\program files\Windows Live
    2010-10-12 23:18 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-10-12 23:18 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-10-12 23:18 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-10-12 23:18 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
    2010-10-12 23:17 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
    2010-10-12 23:17 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2010-10-12 23:16 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-10-12 23:16 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
    2010-10-12 23:14 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
    2010-10-12 23:14 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2010-10-12 23:14 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
    2010-10-12 23:13 . 2010-10-12 23:13 -------- d--h--w- c:\windows\msdownld.tmp
    2010-10-12 23:11 . 2010-10-12 23:11 -------- d-----w- c:\program files\Common Files\Windows Live
    2010-10-12 23:04 . 2010-10-12 23:04 -------- d-----w- c:\windows\{B251C9DD-FCEA-4039-966F-B989C65D2302}
    2010-10-12 22:53 . 2010-10-12 22:53 -------- d-----w- c:\programdata\NVIDIA
    2010-10-12 22:35 . 2010-10-12 22:35 -------- d-----w- c:\programdata\NVIDIA Corporation
    2010-10-12 22:35 . 2010-10-12 22:36 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-10-12 21:48 . 2010-10-13 18:38 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-10-12 21:48 . 2010-10-12 23:04 -------- d-----w- c:\program files\Belkin
    2010-10-12 21:45 . 2010-10-13 17:50 -------- d-sh--w- c:\windows\Installer
    2010-10-12 21:38 . 2010-10-13 01:23 -------- d-----w- c:\windows\system32\wbem\Performance
    2010-10-12 21:35 . 2010-10-12 23:24 -------- d-----w- c:\users\Ricky
    2010-10-12 21:35 . 2010-10-12 21:35 -------- d-----w- C:\Recovery
    2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-21 13:13 . 2010-09-21 13:13 1564072 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
    2010-09-21 13:08 . 2010-09-21 13:08 439168 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    2010-09-21 13:06 . 2010-09-21 13:06 853912 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
    2010-09-21 13:06 . 2010-09-21 13:06 57752 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
    2010-09-21 13:03 . 2010-09-21 13:03 332160 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
    2010-09-21 13:03 . 2010-09-21 13:03 237952 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
    2010-09-21 13:03 . 2010-09-21 13:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
    2010-09-21 13:03 . 2010-09-21 13:03 193408 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2010-09-21 13:03 . 2010-09-21 13:03 1710464 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2010-09-21 13:03 . 2010-09-21 13:03 145280 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-12 136176]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
    S3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-08-05 750592]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4192115794-1302962319-1767241869-1000Core.job
    - c:\users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-12 23:13]

    2010-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4192115794-1302962319-1767241869-1000UA.job
    - c:\users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-12 23:13]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-10-16 00:09:46
    ComboFix-quarantined-files.txt 2010-10-15 23:09
    ComboFix2.txt 2010-10-15 21:06
    ComboFix3.txt 2010-10-15 20:50

    Pre-Run: 109,547,741,184 bytes free
    Post-Run: 109,504,573,440 bytes free

    - - End Of File - - 18C2EA04620715A3C51184116E66BA20

    -----------------------------------------------------------------------------------------------------------------------


    ESETSmartInstaller@High as downloader log:
    Can not read file from internet.ESETSmartInstaller@High as downloader log:
    Can not read file from internet.# version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=147cb39ee38a2c4884ea7281201afec8
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-10-16 12:11:16
    # local_time=2010-10-16 01:11:16 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=1033
    # osver=6.1.7600 NT
    # compatibility_mode=5893 16776573 100 94 41709 39653149 0 0
    # compatibility_mode=8199 39157181 100 98 24010 5567916 0 0
    # scanned=77120
    # found=0
    # cleaned=0
    # scan_time=1140
    # nod_component=V3 Build:0x30000000




    Edit: Actually I seem to get the new tab/window popup on any website I am on it just happens randomly
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    DId you even try this? Your friends said this is a virus, but you logs do not indicat that.

    Google Web Search is customized for a number of countries and regions across the world. For example, Google.fr provides search results that are most relevant for users in France; Google.co.jp is the Google domain for Japan. We try to direct users to the site that will give them the most relevant results.
    Changing your settings

    If you'd rather use a different Google site, like Google.com, no matter where you are, try one of the following tips:
    First:
    • Click the Google.com link on any other domain.
    • Choose a Google domain manually by visiting the Language Tools page (the section with the flags).
    • Bookmark THIS LINK This is an alternative web address for Google.com that always takes you to Google.com without redirecting you.

    Second:
    If you have the Google Toolbar with the Google Search box:
    • Click on the Wrench at the right end of the Toolbar
    • 'Search' Section
    • UI Language box
    • Click on the arrow point and select English from the drop down menu
    • Close
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.