Inactive Google webhp redirects and popups

rickyvp · Oct 15, 2010

I have run plenty virus scans and everything but it doesn't seem to find anything, everytime I try go on google it redirects me to google.com/webhp which I suspect is not the real google and then popups will come when I click onto any link.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15/10/2010 22:47:27
mbam-log-2010-10-15 (22-47-27).txt

Scan type: Quick scan
Objects scanned: 116375
Time elapsed: 4 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15319 - http://www.gmer.net
Rootkit scan 2010-10-15 22:58:45
Windows 6.1.7600
Running: eumd1gk4.exe; Driver: C:\Users\Ricky\AppData\Local\Temp\fwlcrpoc.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A55599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A79F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? system32\drivers\cjypcrx.sys The system cannot find the path specified. !
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A0E36000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A0E36123 629 Bytes [15, E3, A0, FE, 05, 34, 15, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A0E36399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A0E363FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B A0E364AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1660] kernel32.dll!SetUnhandledExceptionFilter 767C3162 4 Bytes [C2, 04, 00, 00]

---- EOF - GMER 1.0.15 ----

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_10-10-10.03) - NTFSx86
Run by Ricky at 23:04:28.07 on 15/10/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1329 [GMT 1:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Ricky\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Ricky\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [Google Update] "c:\users\ricky\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-7-29 136632]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-8-12 810144]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2010-7-29 96920]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-15 304464]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-10-15 20952]
R3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-8-5 750592]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-10-15 21:05:23 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-15 20:43:32 77312 ----a-w- c:\windows\MBR.exe
2010-10-15 20:43:31 98816 ----a-w- c:\windows\sed.exe
2010-10-15 20:43:31 256512 ----a-w- c:\windows\PEV.exe
2010-10-15 20:43:31 161792 ----a-w- c:\windows\SWREG.exe
2010-10-15 12:17:37 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-10-15 12:17:29 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d4d1c43d-5f25-4bad-a893-abf8af65bd6e}\mpengine.dll
2010-10-15 00:43:35 -------- d-----w- c:\program files\Defraggler
2010-10-15 00:14:23 -------- d-----w- c:\users\ricky\appdata\roaming\Malwarebytes
2010-10-15 00:14:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-15 00:14:02 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-15 00:14:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 00:14:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-14 22:38:31 -------- d-----w- c:\users\ricky\appdata\local\ESET
2010-10-13 19:35:08 -------- d-----w- c:\users\ricky\appdata\roaming\LolClient
2010-10-13 18:44:19 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-10-13 18:44:19 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-10-13 18:44:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-10-13 18:44:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-10-13 18:44:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-10-13 18:39:04 -------- d-----w- C:\Riot Games
2010-10-13 17:50:55 -------- d-----w- c:\windows\system32\appmgmt
2010-10-13 17:18:11 -------- d-----w- c:\users\ricky\appdata\local\PMB Files
2010-10-13 17:18:10 -------- d-----w- c:\progra~2\PMB Files
2010-10-13 17:17:22 -------- d-----w- c:\program files\Pando Networks
2010-10-13 17:15:22 -------- d-----w- c:\program files\CCleaner
2010-10-13 14:30:26 -------- d--h--w- c:\program files\Temp
2010-10-13 06:22:58 -------- d-----w- c:\windows\Panther
2010-10-13 01:08:25 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-10-13 00:18:30 -------- d-----w- c:\users\ricky\appdata\local\Microsoft Help
2010-10-13 00:18:09 -------- d-----w- c:\users\ricky\appdata\roaming\IObit
2010-10-13 00:18:06 -------- d-----w- c:\program files\IObit
2010-10-13 00:12:32 -------- d-----w- c:\program files\ESET
2010-10-12 23:46:21 -------- d-----w- c:\windows\system32\RTCOM
2010-10-12 23:46:21 -------- d-----w- c:\program files\Realtek
2010-10-12 23:44:42 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-10-12 23:43:17 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-12 23:43:17 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-12 23:43:17 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-12 23:43:17 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-12 23:43:17 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-12 23:39:11 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-10-12 23:34:27 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-12 23:32:46 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-10-12 23:32:41 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-12 23:30:43 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-12 23:29:52 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-12 23:28:54 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-10-12 23:24:42 -------- d-----w- c:\users\ricky\Tracing
2010-10-12 23:23:29 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-12 23:23:19 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-10-12 23:23:19 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-12 23:23:19 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-10-12 23:21:25 -------- d-----w- c:\windows\en
2010-10-12 23:20:31 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-12 23:19:56 -------- d-----w- c:\windows\PCHEALTH
2010-10-12 23:18:58 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-12 23:18:58 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-12 23:18:57 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-12 23:18:28 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-12 23:17:02 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-12 23:17:02 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-12 23:16:37 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-10-12 23:16:36 132608 ----a-w- c:\windows\system32\cabview.dll
2010-10-12 23:14:37 -------- d-----w- c:\users\ricky\appdata\local\Adobe
2010-10-12 23:14:20 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-12 23:14:19 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-12 23:14:19 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-12 23:14:17 94040 ----a-w- c:\program files\common files\windows live\.cache\2fd7a9281cb6a6308\DSETUP.dll
2010-10-12 23:14:17 525656 ----a-w- c:\program files\common files\windows live\.cache\2fd7a9281cb6a6308\DXSETUP.exe
2010-10-12 23:14:17 1691480 ----a-w- c:\program files\common files\windows live\.cache\2fd7a9281cb6a6308\dsetup32.dll
2010-10-12 23:14:11 94040 ----a-w- c:\program files\common files\windows live\.cache\283a213a1cb6a6307\DSETUP.dll
2010-10-12 23:14:11 525656 ----a-w- c:\program files\common files\windows live\.cache\283a213a1cb6a6307\DXSETUP.exe
2010-10-12 23:14:11 1691480 ----a-w- c:\program files\common files\windows live\.cache\283a213a1cb6a6307\dsetup32.dll
2010-10-12 23:13:36 6260088 ----a-w- c:\program files\common files\windows live\.cache\16a2025e1cb6a6306\Silverlight.4.0.exe
2010-10-12 23:13:35 -------- d--h--w- c:\windows\msdownld.tmp
2010-10-12 23:13:22 -------- d-----w- c:\windows\system32\directx
2010-10-12 23:13:12 -------- d-----w- c:\users\ricky\appdata\local\Google
2010-10-12 23:12:27 -------- d-----w- c:\users\ricky\appdata\local\Apps
2010-10-12 23:12:24 -------- d-----w- c:\users\ricky\appdata\local\Deployment
2010-10-12 23:11:12 -------- d-----w- c:\users\ricky\appdata\local\Windows Live
2010-10-12 23:11:09 -------- d-----w- c:\program files\common files\Windows Live
2010-10-12 23:04:16 -------- d-----w- c:\windows\{B251C9DD-FCEA-4039-966F-B989C65D2302}
2010-10-12 22:51:59 -------- d-----w- c:\users\ricky\appdata\local\Microsoft Games
2010-10-12 22:35:35 -------- d-----w- c:\progra~2\NVIDIA Corporation
2010-10-12 22:35:32 -------- d-----w- c:\program files\NVIDIA Corporation
2010-10-12 22:02:38 -------- d-----w- c:\users\ricky\appdata\local\ElevatedDiagnostics
2010-10-12 21:48:34 -------- d-----w- c:\program files\Belkin
2010-10-12 21:45:18 -------- d-sh--w- c:\windows\Installer
2010-10-12 21:38:49 -------- d-----w- c:\windows\system32\wbem\Performance
2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 23:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 13:13:50 1564072 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDRES.DLL
2010-09-21 13:08:38 439168 ----a-w- c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
2010-09-21 13:06:02 853912 ----a-w- c:\program files\common files\microsoft shared\windows live\wlidcli.dll
2010-09-21 13:06:02 57752 ----a-w- c:\program files\common files\microsoft shared\windows live\msidcrl40.dll
2010-09-21 13:03:14 332160 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDCREDPROV.DLL
2010-09-21 13:03:14 237952 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDPROV.DLL
2010-09-21 13:03:14 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-21 13:03:14 193408 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVCM.EXE
2010-09-21 13:03:14 1710464 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE
2010-09-21 13:03:14 145280 ----a-w- c:\program files\common files\microsoft shared\windows live\WLIDNSP.DLL

==================== Find3M ====================

2010-10-05 18:57:22 1084008 ----a-w- c:\windows\system32\RTSndMgr.cpl
2010-10-05 18:57:10 1843816 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-10-05 18:56:58 66152 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-10-05 18:56:58 453224 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-10-05 18:56:48 3610216 ----a-w- c:\windows\system32\RtkAPO.dll
2010-09-29 12:11:02 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-03 06:47:12 305568 ----a-w- c:\windows\system32\FMAPO.dll
2010-09-01 04:23:49 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-01 02:34:52 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 04:32:30 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 05:46:48 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 04:39:58 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-08-21 05:36:33 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-21 05:33:24 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-22 15:37:26 175200 ----a-w- c:\windows\system32\AERTACap.dll
2010-07-21 15:52:14 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll

============= FINISH: 23:04:59.22 ===============

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2010 22:35:11
System Uptime: 15/10/2010 23:00:05 (0 hours ago)

Motherboard: ASUSTek Computer INC. | | Leonite2
Processor: Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz | Socket 775 | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 141 GiB total, 102.272 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.002 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP28: 15/10/2010 01:25:37 - Removed Belkin N Wireless USB Adapter Setup
RP29: 15/10/2010 13:17:07 - Windows Update

==== Installed Programs ======================

Belkin F5D8053 N Wireless USB Adapter
Belkin N Wireless USB Adapter Setup
CCleaner
D3DX10
Defraggler
ESET NOD32 Antivirus
Game Booster 2
Google Chrome
League of Legends
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
MSVCRT
NVIDIA Display Control Panel
NVIDIA Drivers
Pando Media Booster
Realtek High Definition Audio Driver
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack

==== Event Viewer Messages From Past Week ========

15/10/2010 23:00:29, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x865a7030, 0x865a719c, 0x82c3add0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101510-21434-01.
15/10/2010 22:36:37, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x867863b0, 0x8678651c, 0x82c66dd0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101510-23181-01.
15/10/2010 22:04:06, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
15/10/2010 13:49:13, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
13/10/2010 01:12:49, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/10/2010 22:38:25, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.

==== End Of File ===========================

Bobbye · Oct 15, 2010

Welcome to TechSpot! I think this will help you: http://www.google.com/support/websearch/bin/answer.py?hl=en&answer=873

Reset as needed.

Can you give me some history on your system. It appears to be new but there are a few errors that shouldn't be on a new machine.

I also need you to clarify the popups comment. If the setting change for Google doesn't resolve this, I'll need a fuller description.
===================================
Please download ComboFix from Here and save to your Desktop.

[1]. Do NOT rename Combofix unless instructed.
[2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3].Close any open browsers.
[4]. Double click combofix.exe & follow the prompts to run.
NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
[5]. If Combofix asks you to install Recovery Console, please allow it.
[6]. If Combofix asks you to update the program, always allow.
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
[7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the Active X control to install
Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
Click Start
Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
Click Scan
Wait for the scan to finish
Re-enable your Antivirus software.
A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Paste these logs in the next reply. No need to leave attachment also.

Edit: I forgot to add this:
Important!
Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

rickyvp · Oct 15, 2010

Sorry for the long reply just that the online scanner took a while. And that link you gave doesn't seem to be the problem because it is not a country problem but i get redirected to google.com/webhp and i have done some research and most of the people say it is a virus. When I sometimes click onto links from google it opens up a new tab/window of weird websites with no names but IP adresses and all sorts but sometimes my MBAM seems to block most websites saying that they are malicious websites. Well earlier on when I was doing my GMER scan i happened to get a BSOD out of nowhere which I never had before.

-----------------------------------------------------------------------------------------------------------------------

ComboFix 10-10-14.04 - Ricky 16/10/2010 0:03.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2046.1308 [GMT 1:00]
Running from: c:\users\Ricky\Downloads\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-09-15 to 2010-10-15 )))))))))))))))))))))))))))))))
.

2010-10-15 23:07 . 2010-10-15 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-15 12:17 . 2010-09-16 09:24 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4D1C43D-5F25-4BAD-A893-ABF8AF65BD6E}\mpengine.dll
2010-10-15 00:43 . 2010-10-15 00:43 -------- d-----w- c:\program files\Defraggler
2010-10-15 00:14 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-15 00:14 . 2010-10-15 00:14 -------- d-----w- c:\programdata\Malwarebytes
2010-10-15 00:14 . 2010-10-15 00:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-15 00:14 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-13 18:44 . 2008-07-31 09:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2010-10-13 18:44 . 2008-07-31 09:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2010-10-13 18:44 . 2008-07-12 07:18 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2010-10-13 18:44 . 2008-07-12 07:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2010-10-13 18:44 . 2008-07-12 07:18 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2010-10-13 18:39 . 2010-10-13 18:39 -------- d-----w- C:\Riot Games
2010-10-13 17:18 . 2010-10-13 17:18 -------- d-----w- c:\programdata\PMB Files
2010-10-13 17:17 . 2010-10-13 17:17 -------- d-----w- c:\program files\Pando Networks
2010-10-13 17:15 . 2010-10-13 17:15 -------- d-----w- c:\program files\CCleaner
2010-10-13 06:22 . 2010-10-12 21:35 -------- d-----w- c:\windows\Panther
2010-10-13 01:29 . 2010-10-13 01:29 -------- d-----w- c:\program files\Microsoft Works
2010-10-13 01:28 . 2010-10-13 01:28 -------- d-----w- c:\program files\Microsoft.NET
2010-10-13 01:08 . 2010-10-13 01:08 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-10-13 00:18 . 2010-10-13 01:30 -------- d-----w- c:\programdata\Microsoft Help
2010-10-13 00:18 . 2010-10-13 00:18 -------- d-----w- c:\program files\IObit
2010-10-13 00:12 . 2010-10-13 00:12 -------- d-----w- c:\program files\ESET
2010-10-12 23:46 . 2010-10-13 14:51 -------- d-----w- c:\windows\system32\RTCOM
2010-10-12 23:46 . 2010-10-12 23:46 -------- d-----w- c:\program files\Realtek
2010-10-12 23:44 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-10-12 23:43 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-12 23:43 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-12 23:43 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-12 23:43 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-12 23:43 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-12 23:39 . 2010-10-12 23:39 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-10-12 23:34 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-12 23:32 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-10-12 23:32 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-12 23:30 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-12 23:29 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-12 23:28 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-12 23:23 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-12 23:23 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-12 23:23 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-10-12 23:23 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-10-12 23:21 . 2010-10-12 23:21 -------- d-----w- c:\windows\en
2010-10-12 23:20 . 2010-10-12 23:20 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-12 23:19 . 2010-10-12 23:19 -------- d-----w- c:\windows\PCHEALTH
2010-10-12 23:19 . 2010-10-12 23:20 -------- d-----w- c:\program files\Windows Live
2010-10-12 23:18 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-12 23:18 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-12 23:18 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-12 23:18 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-12 23:17 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-12 23:17 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-12 23:16 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-10-12 23:16 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-10-12 23:14 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2010-10-12 23:14 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2010-10-12 23:14 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
2010-10-12 23:13 . 2010-10-12 23:13 -------- d--h--w- c:\windows\msdownld.tmp
2010-10-12 23:11 . 2010-10-12 23:11 -------- d-----w- c:\program files\Common Files\Windows Live
2010-10-12 23:04 . 2010-10-12 23:04 -------- d-----w- c:\windows\{B251C9DD-FCEA-4039-966F-B989C65D2302}
2010-10-12 22:53 . 2010-10-12 22:53 -------- d-----w- c:\programdata\NVIDIA
2010-10-12 22:35 . 2010-10-12 22:35 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-10-12 22:35 . 2010-10-12 22:36 -------- d-----w- c:\program files\NVIDIA Corporation
2010-10-12 21:48 . 2010-10-13 18:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-10-12 21:48 . 2010-10-12 23:04 -------- d-----w- c:\program files\Belkin
2010-10-12 21:45 . 2010-10-13 17:50 -------- d-sh--w- c:\windows\Installer
2010-10-12 21:38 . 2010-10-13 01:23 -------- d-----w- c:\windows\system32\wbem\Performance
2010-10-12 21:35 . 2010-10-12 23:24 -------- d-----w- c:\users\Ricky
2010-10-12 21:35 . 2010-10-12 21:35 -------- d-----w- C:\Recovery
2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 13:13 . 2010-09-21 13:13 1564072 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL
2010-09-21 13:08 . 2010-09-21 13:08 439168 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
2010-09-21 13:06 . 2010-09-21 13:06 853912 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
2010-09-21 13:06 . 2010-09-21 13:06 57752 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
2010-09-21 13:03 . 2010-09-21 13:03 332160 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
2010-09-21 13:03 . 2010-09-21 13:03 237952 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL
2010-09-21 13:03 . 2010-09-21 13:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
2010-09-21 13:03 . 2010-09-21 13:03 193408 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2010-09-21 13:03 . 2010-09-21 13:03 1710464 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2010-09-21 13:03 . 2010-09-21 13:03 145280 ----a-w- c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-12 136176]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-08-05 750592]

.
Contents of the 'Scheduled Tasks' folder

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4192115794-1302962319-1767241869-1000Core.job
- c:\users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-12 23:13]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4192115794-1302962319-1767241869-1000UA.job
- c:\users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-12 23:13]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-16 00:09:46
ComboFix-quarantined-files.txt 2010-10-15 23:09
ComboFix2.txt 2010-10-15 21:06
ComboFix3.txt 2010-10-15 20:50

Pre-Run: 109,547,741,184 bytes free
Post-Run: 109,504,573,440 bytes free

- - End Of File - - 18C2EA04620715A3C51184116E66BA20

-----------------------------------------------------------------------------------------------------------------------

ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=147cb39ee38a2c4884ea7281201afec8
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-16 12:11:16
# local_time=2010-10-16 01:11:16 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 41709 39653149 0 0
# compatibility_mode=8199 39157181 100 98 24010 5567916 0 0
# scanned=77120
# found=0
# cleaned=0
# scan_time=1140
# nod_component=V3 Build:0x30000000

Edit: Actually I seem to get the new tab/window popup on any website I am on it just happens randomly

Bobbye · Oct 23, 2010

DId you even try this? Your friends said this is a virus, but you logs do not indicat that.

Google Web Search is customized for a number of countries and regions across the world. For example, Google.fr provides search results that are most relevant for users in France; Google.co.jp is the Google domain for Japan. We try to direct users to the site that will give them the most relevant results.
Changing your settings

If you'd rather use a different Google site, like Google.com, no matter where you are, try one of the following tips:
First:

Click the Google.com link on any other domain.
Choose a Google domain manually by visiting the Language Tools page (the section with the flags).
Bookmark THIS LINK This is an alternative web address for Google.com that always takes you to Google.com without redirecting you.

Second:
If you have the Google Toolbar with the Google Search box:

Click on the Wrench at the right end of the Toolbar
'Search' Section
UI Language box
Click on the arrow point and select English from the drop down menu
Close

Inactive Google webhp redirects and popups

rickyvp

Attachments

Bobbye

Posts: 16,313 +36

rickyvp

Bobbye

Posts: 16,313 +36

Similar threads

Latest posts