MiguelMichaeL

Thank you so much! That would be all for now, thanks :).

Oops so sorry it was around 7 am here last time I replied to you and I haven't slept yet. Here it is. Fixlog.txt

Hello sorry for the late reply here's the msert.log Also just to be clear, apps with the shield icon always run as administrator right? Forgot to run MSERT as admin thats why it took so long. msert.log

Felt like I needed to share some more info about this but I don't know if this stuff is necessary lol I use Opera GX as my browser From my browser history, its seems that this has been going on since the 23rd of July this year going to google via typing "www.google.com" doesn't have webhp on the url but searching something and clicking the google logo redirects you to the google that has it ALSO seems like my girlfriend has it too.

Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/27/21 Scan Time: 3:09 AM Log File: 39bd1562-1efd-11ec-8496-18c04d60a3f4.json -Software Information- Version: 4.4.7.134 Components Version: 1.0.1464 Update Package Version: 1.0.45382 License: Free -System Information- OS: Windows 10 (Build 19043.1237) CPU: x64 File System: NTFS User: DESKTOP-PJO0SPQ\Miguel -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 327895 Threats Detected: 0 Threats Quarantined: 0 Time Elapsed: 7 min, 14 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) 2) Adwcleaner I clicked on scan and it looks like nothing was detected # ------------------------------- # Malwarebytes AdwCleaner 8.3.0.0 # ------------------------------- # Build: 06-29-2021 # Database: 2021-09-09.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 09-27-2021 # Duration: 00:00:06 # OS: Windows 10 Pro # Scanned: 31998 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. AdwCleaner[S00].txt - [1405 octets] - [14/07/2021 02:25:37] AdwCleaner[C00].txt - [1595 octets] - [14/07/2021 02:25:49] AdwCleaner[S01].txt - [1527 octets] - [27/08/2021 14:12:40] AdwCleaner[S02].txt - [1588 octets] - [03/09/2021 03:43:25] AdwCleaner[C02].txt - [1778 octets] - [03/09/2021 03:44:24] AdwCleaner[S03].txt - [1710 octets] - [25/09/2021 06:38:36] AdwCleaner[C03].txt - [1900 octets] - [25/09/2021 06:54:45] AdwCleaner[S04].txt - [1832 octets] - [27/09/2021 03:20:38] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S05].txt ########## I also checked my aunt's laptop and my brother's PC and it looks like they have webhp in there google url and I'm currently asking my girlfriend to confirm if her google url has it too. Addition(2).txt FRST(2).txt

Good day. Recently I noticed something weird with my google url and that it had "webhp" in it. Is this a virus? I've seen posts about it online saying that it is and was wondering if it is true. If so, how can I handle it?

Good day. As the title say, I want to know if there are signs that tells you should not allow a program through firewall.

thank you so much for the help! :)

Sorry for the late reply it was 4 am here when I last replied Beginning verification phase of system scan. Verification 100% complete. Windows Resource Protection found corrupt files and successfully repaired them. For online repairs, details are included in the CBS log file located at windir\Logs\CBS\CBS.log. For example C:\Windows\Logs\CBS\CBS.log. For offline repairs, details are included in the log file provided by the /OFFLOGFILE flag.

Here are the results. I also scanned with HitManPro one time scan. Addition.txt FRST.txt HitmanPro_20210910_0322.log

Thank you for replying, no this was just bugging me. Could this be by chance a malware of some sort? I scan my PC daily and nothings coming up though.

Sorry I accidentally pressed enter lol. Back to what I was saying, is this a bug or by chance a malware problem? here's an example. I didn't touch this shortcut 2 minutes ago. I scanned my PC with Kaspersky and RogueKiller (I'm sorry if I post my virus problem here since I don't know any other virus forums)

Good day recently I've been checking my files on my pc and Files Properties tells me that I've accessed a file that I haven't touched in a while

thanks for replying :)

Hello there. Recently scanned my pc with malwarebytes free and they detected something in obs. Ive been using Kaspersky and RogueKiller and neither of this two has detected anything in obs. results.txt

Thanks a lot for the help! :)

Here it is. I accidentally chose full scan on the first one and cancelled it. msert.log

So does that means that everything is alright?

Hi Maurice! It's still saying 5007 :(. BTW the event ID 1002 was my fault, I accidentally chose quick scan instead of offline. Here's the powershell and log reports: Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. Try the new cross-platform PowerShell https://aka.ms/pscore6 PS C:\Windows\system32> get-mpcomputerstatus AMEngineVersion : 1.1.18300.4 AMProductVersion : 4.18.2105.5 AMRunningMode : Normal AMServiceEnabled : True AMServiceVersion : 4.18.2105.5 AntispywareEnabled : True AntispywareSignatureAge : 0 AntispywareSignatureLastUpdated : 7/5/2021 9:19:57 AM AntispywareSignatureVersion : 1.343.418.0 AntivirusEnabled : True AntivirusSignatureAge : 0 AntivirusSignatureLastUpdated : 7/5/2021 9:19:58 AM AntivirusSignatureVersion : 1.343.418.0 BehaviorMonitorEnabled : True ComputerID : DA88DF45-7C16-4F6F-847C-2342D351CB03 ComputerState : 0 FullScanAge : 1 FullScanEndTime : 7/3/2021 7:59:12 PM FullScanStartTime : 7/3/2021 7:52:05 PM IoavProtectionEnabled : True IsTamperProtected : True IsVirtualMachine : False LastFullScanSource : 1 LastQuickScanSource : 1 NISEnabled : True NISEngineVersion : 1.1.18300.4 NISSignatureAge : 0 NISSignatureLastUpdated : 7/5/2021 9:19:58 AM NISSignatureVersion : 1.343.418.0 OnAccessProtectionEnabled : True QuickScanAge : 0 QuickScanEndTime : 7/5/2021 2:14:07 PM QuickScanStartTime : 7/5/2021 2:13:48 PM RealTimeProtectionEnabled : True RealTimeScanDirection : 0 TamperProtectionSource : Signatures PSComputerName : PS C:\Windows\system32> get-mppreference AllowDatagramProcessingOnWinServer : False AllowNetworkProtectionDownLevel : False AllowNetworkProtectionOnWinServer : False AttackSurfaceReductionOnlyExclusions : AttackSurfaceReductionRules_Actions : AttackSurfaceReductionRules_Ids : CheckForSignaturesBeforeRunningScan : True CloudBlockLevel : 1 CloudExtendedTimeout : 1 ComputerID : DA88DF45-7C16-4F6F-847C-2342D351CB03 ControlledFolderAccessAllowedApplications : ControlledFolderAccessProtectedFolders : DisableArchiveScanning : False DisableAutoExclusions : True DisableBehaviorMonitoring : False DisableBlockAtFirstSeen : False DisableCatchupFullScan : True DisableCatchupQuickScan : True DisableCpuThrottleOnIdleScans : True DisableDatagramProcessing : False DisableDnsOverTcpParsing : False DisableDnsParsing : False DisableEmailScanning : True DisableGradualRelease : False DisableHttpParsing : False DisableInboundConnectionFiltering : False DisableIntrusionPreventionSystem : DisableIOAVProtection : False DisableNetworkProtectionPerfTelemetry : False DisablePrivacyMode : False DisableRdpParsing : False DisableRealtimeMonitoring : False DisableRemovableDriveScanning : True DisableRestorePoint : True DisableScanningMappedNetworkDrivesForFullScan : True DisableScanningNetworkFiles : False DisableScriptScanning : False DisableSshParsing : False DisableTlsParsing : False EnableControlledFolderAccess : 0 EnableDnsSinkhole : False EnableFileHashComputation : False EnableFullScanOnBatteryPower : False EnableLowCpuPriority : False EnableNetworkProtection : 0 EngineUpdatesChannel : 0 ExclusionExtension : ExclusionIpAddress : ExclusionPath : ExclusionProcess : ForceUseProxyOnly : False HighThreatDefaultAction : 0 LowThreatDefaultAction : 0 MAPSReporting : 1 MeteredConnectionUpdates : False ModerateThreatDefaultAction : 0 PlatformUpdatesChannel : 0 ProxyBypass : ProxyPacUrl : ProxyServer : PUAProtection : 1 QuarantinePurgeItemsAfterDelay : 90 RandomizeScheduleTaskTimes : True RealTimeScanDirection : 0 RemediationScheduleDay : 0 RemediationScheduleTime : 02:00:00 ReportingAdditionalActionTimeOut : 10080 ReportingCriticalFailureTimeOut : 10080 ReportingNonCriticalTimeOut : 1440 ScanAvgCPULoadFactor : 50 ScanOnlyIfIdleEnabled : True ScanParameters : 1 ScanPurgeItemsAfterDelay : 15 ScanScheduleDay : 0 ScanScheduleQuickScanTime : 00:00:00 ScanScheduleTime : 02:00:00 SchedulerRandomizationTime : 4 SevereThreatDefaultAction : 0 SharedSignaturesPath : SignatureAuGracePeriod : 0 SignatureBlobFileSharesSources : SignatureBlobUpdateInterval : 60 SignatureDefinitionUpdateFileSharesSources : SignatureDisableUpdateOnStartupWithoutEngine : False SignatureFallbackOrder : MicrosoftUpdateServer|MMPC SignatureFirstAuGracePeriod : 120 SignatureScheduleDay : 8 SignatureScheduleTime : 01:45:00 SignaturesUpdatesChannel : 0 SignatureUpdateCatchupInterval : 1 SignatureUpdateInterval : 0 SubmitSamplesConsent : 1 ThreatIDDefaultAction_Actions : ThreatIDDefaultAction_Ids : UILockdown : False UnknownThreatDefaultAction : 0 PSComputerName : PS C:\Windows\system32> get-mpthreatdetection PS C:\Windows\system32> mbst-grab-results.zip

Woke up and got a little uneasy so I did it instead lol. Here it is :). BTW after I did that the fixlist was removed, is that a sign that I did it right? Fixlog.txt

Thank you Maurice, I'll try this tomorrow since it is currently 1:57 am where I'm at :).

Sure Maurice, thanks :)

Windows PowerShell Copyright (C) Microsoft Corporation. All rights reserved. Try the new cross-platform PowerShell https://aka.ms/pscore6 PS C:\Windows\system32> get-mpcomputerstatus AMEngineVersion : 1.1.18300.4 AMProductVersion : 4.18.2105.5 AMRunningMode : Normal AMServiceEnabled : True AMServiceVersion : 4.18.2105.5 AntispywareEnabled : True AntispywareSignatureAge : 0 AntispywareSignatureLastUpdated : 7/4/2021 10:12:13 AM AntispywareSignatureVersion : 1.343.358.0 AntivirusEnabled : True AntivirusSignatureAge : 0 AntivirusSignatureLastUpdated : 7/4/2021 10:12:14 AM AntivirusSignatureVersion : 1.343.358.0 BehaviorMonitorEnabled : True ComputerID : DA88DF45-7C16-4F6F-847C-2342D351CB03 ComputerState : 0 FullScanAge : 1 FullScanEndTime : 7/3/2021 7:59:12 PM FullScanStartTime : 7/3/2021 7:52:05 PM IoavProtectionEnabled : True IsTamperProtected : True IsVirtualMachine : False LastFullScanSource : 1 LastQuickScanSource : 0 NISEnabled : True NISEngineVersion : 1.1.18300.4 NISSignatureAge : 0 NISSignatureLastUpdated : 7/4/2021 10:12:14 AM NISSignatureVersion : 1.343.358.0 OnAccessProtectionEnabled : True QuickScanAge : 4294967295 QuickScanEndTime : QuickScanStartTime : RealTimeProtectionEnabled : True RealTimeScanDirection : 0 TamperProtectionSource : Signatures PSComputerName : PS C:\Windows\system32> get-mppreference AllowDatagramProcessingOnWinServer : False AllowNetworkProtectionDownLevel : False AllowNetworkProtectionOnWinServer : False AttackSurfaceReductionOnlyExclusions : AttackSurfaceReductionRules_Actions : AttackSurfaceReductionRules_Ids : CheckForSignaturesBeforeRunningScan : False CloudBlockLevel : 1 CloudExtendedTimeout : 1 ComputerID : DA88DF45-7C16-4F6F-847C-2342D351CB03 ControlledFolderAccessAllowedApplications : ControlledFolderAccessProtectedFolders : DisableArchiveScanning : False DisableAutoExclusions : False DisableBehaviorMonitoring : False DisableBlockAtFirstSeen : False DisableCatchupFullScan : True DisableCatchupQuickScan : True DisableCpuThrottleOnIdleScans : True DisableDatagramProcessing : False DisableDnsOverTcpParsing : False DisableDnsParsing : False DisableEmailScanning : True DisableGradualRelease : False DisableHttpParsing : False DisableInboundConnectionFiltering : False DisableIntrusionPreventionSystem : DisableIOAVProtection : False DisableNetworkProtectionPerfTelemetry : False DisablePrivacyMode : False DisableRdpParsing : False DisableRealtimeMonitoring : False DisableRemovableDriveScanning : True DisableRestorePoint : True DisableScanningMappedNetworkDrivesForFullScan : True DisableScanningNetworkFiles : False DisableScriptScanning : False DisableSshParsing : False DisableTlsParsing : False EnableControlledFolderAccess : 0 EnableDnsSinkhole : False EnableFileHashComputation : False EnableFullScanOnBatteryPower : False EnableLowCpuPriority : False EnableNetworkProtection : 0 EngineUpdatesChannel : 0 ExclusionExtension : ExclusionIpAddress : ExclusionPath : ExclusionProcess : ForceUseProxyOnly : False HighThreatDefaultAction : 0 LowThreatDefaultAction : 0 MAPSReporting : 2 MeteredConnectionUpdates : False ModerateThreatDefaultAction : 0 PlatformUpdatesChannel : 0 ProxyBypass : ProxyPacUrl : ProxyServer : PUAProtection : 1 QuarantinePurgeItemsAfterDelay : 90 RandomizeScheduleTaskTimes : True RealTimeScanDirection : 0 RemediationScheduleDay : 0 RemediationScheduleTime : 02:00:00 ReportingAdditionalActionTimeOut : 10080 ReportingCriticalFailureTimeOut : 10080 ReportingNonCriticalTimeOut : 1440 ScanAvgCPULoadFactor : 50 ScanOnlyIfIdleEnabled : True ScanParameters : 1 ScanPurgeItemsAfterDelay : 15 ScanScheduleDay : 0 ScanScheduleQuickScanTime : 00:00:00 ScanScheduleTime : 02:00:00 SchedulerRandomizationTime : 4 SevereThreatDefaultAction : 0 SharedSignaturesPath : SignatureAuGracePeriod : 0 SignatureBlobFileSharesSources : SignatureBlobUpdateInterval : 60 SignatureDefinitionUpdateFileSharesSources : SignatureDisableUpdateOnStartupWithoutEngine : False SignatureFallbackOrder : MicrosoftUpdateServer|MMPC SignatureFirstAuGracePeriod : 120 SignatureScheduleDay : 8 SignatureScheduleTime : 01:45:00 SignaturesUpdatesChannel : 0 SignatureUpdateCatchupInterval : 1 SignatureUpdateInterval : 0 SubmitSamplesConsent : 1 ThreatIDDefaultAction_Actions : ThreatIDDefaultAction_Ids : UILockdown : False UnknownThreatDefaultAction : 0 PSComputerName : PS C:\Windows\system32> get-mpthreatdetection PS C:\Windows\system32> The last command didn't bring up any result.

Even after I've deleted all the other AVS and reset my PC?

Thank you for replying! Here's the zip file. mbst-grab-results.zip