Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible redirect virus Help!


  • Please log in to reply
12 replies to this topic

#1 Andrew77

Andrew77

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Texas
  • Local time:06:50 PM

Posted 02 November 2015 - 04:40 AM

Moderator note: Member has some form of Windows 8.  Another duplicate was removed from there. ~ OB

 

Hello, I have tried everything to find out what is causing me to be redirected to various sites, such as ad.doubleclick.net and other sites.. I have run Malwarebytes (premium), Kaspersky Internety Security 2016 (Premium), Adwcleaner, JRT Junkware cleaner,.... I even deleted a bunch of SSL certificates In my personal folder labeled Fiddler Root DO_NOT_TRUST. So I really need some help from someone who knows what they're doing cause I'm lost.


Edited by Orange Blossom, 02 November 2015 - 12:49 PM.
Moved to AII from log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Andrew77

Andrew77
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Texas
  • Local time:06:50 PM

Posted 02 November 2015 - 12:37 PM

Is there a prerequisite to donate to your site? I see everyone else's posts have been answered. I have tried many forums and I get the same cold shoulder. If it is something I'm saying or doing wrong please tell me and I will modify my forum etiquette (which I am not familiar with using the forum template)... I am very worried that my PC is being heavily monitored which is causing me to not trust anything online, like purchases, passwords over sites with no HTTPS/SSL verification. Anyways, I know your forum rules on this topic says to wait at least five day, but if someone could just tell me if I'm posting to this forum correctly. Thanks again and hope you have a great day :-)



#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 02 November 2015 - 02:31 PM

Hi Andrew77 :)

My name is Aura and I'll be assisting you with your issue. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Andrew77

Andrew77
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Texas
  • Local time:06:50 PM

Posted 02 November 2015 - 04:26 PM

Awesome! Thank you for getting me started with this. I don't care if this sounds dorky but I'm stoked right now lol

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Andrew (administrator) on 02-11-2015 at 15:23:22
Running from "C:\Users\Andrew\Downloads"
Microsoft Windows 8.1  (X64)
Model: HP 15 TS Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Realtek RTL8188EE 802.11 b/g/n Wi-Fi Adapter = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : AndrewsPC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Local Area Connection* 3:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #3
   Physical Address. . . . . . . . . : 10-08-B1-F8-CE-3D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8188EE 802.11 b/g/n Wi-Fi Adapter
   Physical Address. . . . . . . . . : 10-08-B1-F8-CE-3D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:304:cd3d:2479:c4ab:c36e:6c19:6cbc(Preferred) 
   Temporary IPv6 Address. . . . . . : 2602:304:cd3d:2479:e9a0:c03b:f1eb:8b34(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::c4ab:c36e:6c19:6cbc%15(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.202(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, November 2, 2015 3:16:52 PM
   Lease Expires . . . . . . . . . . : Tuesday, November 3, 2015 3:16:53 PM
   Default Gateway . . . . . . . . . : fe80::8237:73ff:fe7b:e49b%15
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 235931825
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-66-C2-1A-EC-B1-D7-DA-FD-F0
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : EC-B1-D7-DA-FD-F0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:388d:1881:3f57:fe35(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::388d:1881:3f57:fe35%4(Preferred) 
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 352321536
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-66-C2-1A-EC-B1-D7-DA-FD-F0
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{38E53649-88FE-49AE-AD92-824B75A299B0}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  dslrouter
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2607:f8b0:4010:801::1004
 216.58.192.46
 
 
Pinging google.com [2607:f8b0:4010:801::1004] with 32 bytes of data:
Request timed out.
Request timed out.
 
Ping statistics for 2607:f8b0:4010:801::1004:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
Server:  dslrouter
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [2001:4998:c:a06::2:4008] with 32 bytes of data:
Request timed out.
Request timed out.
 
Ping statistics for 2001:4998:c:a06::2:4008:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...10 08 b1 f8 ce 3d ......Microsoft Wi-Fi Direct Virtual Adapter #3
 15...10 08 b1 f8 ce 3d ......Realtek RTL8188EE 802.11 b/g/n Wi-Fi Adapter
  3...ec b1 d7 da fd f0 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.202     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.202    281
    192.168.1.202  255.255.255.255         On-link     192.168.1.202    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.202    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.202    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.202    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15    281 ::/0                     fe80::8237:73ff:fe7b:e49b
  1    306 ::1/128                  On-link
  4    306 2001::/32                On-link
  4    306 2001:0:9d38:90d7:388d:1881:3f57:fe35/128
                                    On-link
 15    281 2602:304:cd3d:2479::/64  On-link
 15    281 2602:304:cd3d:2479:c4ab:c36e:6c19:6cbc/128
                                    On-link
 15    281 2602:304:cd3d:2479:e9a0:c03b:f1eb:8b34/128
                                    On-link
 15    281 fe80::/64                On-link
  4    306 fe80::/64                On-link
  4    306 fe80::388d:1881:3f57:fe35/128
                                    On-link
 15    281 fe80::c4ab:c36e:6c19:6cbc/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    281 ff00::/8                 On-link
  4    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (11/02/2015 03:14:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x10f4
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
Error: (11/02/2015 03:08:39 PM) (Source: Application Error) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x3974
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
Error: (11/02/2015 03:08:34 PM) (Source: Application Error) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x4bac
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
Error: (11/02/2015 10:27:32 AM) (Source: Application Error) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x3338
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
Error: (11/02/2015 10:18:37 AM) (Source: Application Error) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x4c4c
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
Error: (11/02/2015 12:39:35 AM) (Source: Application Error) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0xc18
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
Error: (11/01/2015 08:30:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x16d4
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5
 
Error: (11/01/2015 04:12:12 PM) (Source: Office 2016 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (10/31/2015 03:11:00 PM) (Source: Office 2016 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (10/30/2015 03:11:06 PM) (Source: Office 2016 Licensing Service) (User: )
Description: Subscription licensing service failed: -1073418220
 
 
System errors:
=============
Error: (11/02/2015 03:12:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (11/02/2015 03:12:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (11/02/2015 03:12:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (11/02/2015 03:07:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (11/02/2015 12:48:03 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (11/02/2015 12:48:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (11/02/2015 12:48:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (11/02/2015 12:48:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (11/02/2015 12:48:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
Error: (11/02/2015 10:18:02 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
 
 
Microsoft Office Sessions:
=========================
Error: (11/02/2015 03:14:38 PM) (Source: Application Error)(User: )
Description: GWXUX.exe6.3.9600.1806456042d8fntdll.dll6.3.9600.1800755c4c16bc0000005000000000003d86e10f401d115b3772067d8C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dllb9293bf1-81a6-11e5-82b0-ecb1d7dafdf0
 
Error: (11/02/2015 03:08:39 PM) (Source: Application Error)(User: )
Description: GWXUX.exe6.3.9600.1806456042d8fntdll.dll6.3.9600.1800755c4c16bc0000005000000000003d86e397401d115b2a4e414c6C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dlle3247514-81a5-11e5-82af-ecb1d7dafdf0
 
Error: (11/02/2015 03:08:34 PM) (Source: Application Error)(User: )
Description: GWXUX.exe6.3.9600.1806456042d8fntdll.dll6.3.9600.1800755c4c16bc0000005000000000003d86e4bac01d115b2a1029976C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dlle04dfe02-81a5-11e5-82af-ecb1d7dafdf0
 
Error: (11/02/2015 10:27:32 AM) (Source: Application Error)(User: )
Description: GWXUX.exe6.3.9600.1806456042d8fntdll.dll6.3.9600.1800755c4c16bc0000005000000000003d86e333801d1158b5f794968C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll9dadbe24-817e-11e5-82af-ecb1d7dafdf0
 
Error: (11/02/2015 10:18:37 AM) (Source: Application Error)(User: )
Description: GWXUX.exe6.3.9600.1806456042d8fntdll.dll6.3.9600.1800755c4c16bc0000005000000000003d86e4c4c01d1158a1ef47d61C:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll5ebe4173-817d-11e5-82af-ecb1d7dafdf0
 
Error: (11/02/2015 12:39:35 AM) (Source: Application Error)(User: )
Description: GWXUX.exe6.3.9600.1806456042d8fntdll.dll6.3.9600.1800755c4c16bc0000005000000000003d86ec1801d115393cebc5ccC:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll7ae4a112-812c-11e5-82ae-ecb1d7dafdf0
 
Error: (11/01/2015 08:30:04 PM) (Source: Application Error)(User: )
Description: GWXUX.exe6.3.9600.1806456042d8fntdll.dll6.3.9600.1800755c4c16bc0000005000000000003d86e16d401d11516612dec0eC:\WINDOWS\System32\GWX\GWXUX.exeC:\WINDOWS\SYSTEM32\ntdll.dll9fb46e67-8109-11e5-82ad-ecb1d7dafdf0
 
Error: (11/01/2015 04:12:12 PM) (Source: Office 2016 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (10/31/2015 03:11:00 PM) (Source: Office 2016 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418220
 
Error: (10/30/2015 03:11:06 PM) (Source: Office 2016 Licensing Service)(User: )
Description: Subscription licensing service failed: -1073418220
 
 
=========================== Installed Programs ============================
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5406 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5406 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3024 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3024 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{90CE78B2-4F84-4BE8-B55C-ED85759C8445}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{E8F2076D-1885-4A0F-83D8-77B1F9D384CE}) (Version: 2.5.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.11 - Softex Inc.) Hidden
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Software Updater Beta (HKLM-x32\...\{1090DB8D-3818-470D-8467-B1062169CC45}) (Version: 1.5.0.133 - Kaspersky Lab) Hidden
Kaspersky Software Updater Beta (HKLM-x32\...\InstallWIX_{1090DB8D-3818-470D-8467-B1062169CC45}) (Version: 1.5.0.133 - Kaspersky Lab)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6001.1034 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mumble 1.2.10 (HKLM-x32\...\{63243F5C-E941-4461-A4B0-2689A9A3BF13}) (Version: 1.2.10 - Thorvald Natvig)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
OEM Application Profile (HKLM-x32\...\{1D464EFF-EC8B-F225-2F74-F74143200DDF}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
OEM Application Profile (HKLM-x32\...\{8F92E0CF-620B-5C20-F292-59C93567B06D}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.6001.1034 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.6001.1034 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.6001.1034 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.35.716.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - Keen Software House)
Space Engineers Toolbox (HKLM-x32\...\{6FC978C6-42CB-4326-AB1A-0EF9E98CBFBE}) (Version: 01.105.015.1 - Mid-Space Productions)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.9 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
Warhammer 40,000: Dawn of War – Soulstorm (HKLM-x32\...\Steam App 9450) (Version:  - Relic Entertainment)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 22%
Total physical RAM: 7112.98 MB
Available physical RAM: 5480.54 MB
Total Virtual: 8264.98 MB
Available Virtual: 6171.43 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows) (Fixed) (Total:908 GB) (Free:755.22 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:22.49 GB) (Free:2.5 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ANDREWSPC
 
Administrator            Andrew                   Drewski                  
Guest                    
 
 
**** End of log ****


#5 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 02 November 2015 - 05:29 PM

Which web browser are you using, and what extensions does it have? Also, are the redirects plain redirects? Like you click on a link, and a new tab open to a redirect page, or do you only see the "redirect" in the bottom left corner after you click on a page, but the actual page you wanted to open load?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#6 Andrew77

Andrew77
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Texas
  • Local time:06:50 PM

Posted 02 November 2015 - 07:51 PM

I use the Kaspersky Secure browser Extension in Chrome and no other extensions that are not default Chrome,, which is my default browser. It just goes blank and nothing loads at all, and in the address bar it says http://ad.doubleclick.net/clk;202205992;26664956;o;u=ds&sv1=2064227207&sv2=20151103130&sv3=88112;%3fhttp://promo.bankofamerica.com/multiproduct/desktop/?cm_mmc=ENT-Consumer-_-Google-PS-_-bank%20of%20america-_-Control%20-%20High%20Volume%20-%20Bank%20Of%20America%20Exact_Bank%20Of%20America%20Exact&gclid=Cj0KEQiAsNyxBRDBuKrMhsbt3vwBEiQAdRgPspcai0YKdokgFfxcOR9pt-4xP7GomfUXxJM52_EXDswaAmgn8P8HAQ&gclsrc=aw.ds

This is me trying to load Bank Of America's website, but this happens with loads of different sites, mostly on advertisements that I would try to click on. For instance, I wanted to buy a cooling tray for my laptop and when I searched Google, I tried to click on any of the various pictures of cooling trays and their corresponding web vendors and every picture I clicked on went to Ad.doubleclick.net. and sometimes other sites too, but that one is the most common. Thank you for your reply, by the way, I just got off work right now. This is an image of what I see >>>> http://imgur.com/vVCxU8K <<<<



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 02 November 2015 - 09:53 PM

This looks like a cache issue to me. Follow the instructions below please.

3DPGbxe.pngTemp File Cleaner (TFC)
  • Download Temp File Cleaner (TFC) and move it to your Desktop;
  • Right-click on TFC.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Simply click on Start to launch the clean-up and wait until it completes;
    s5yB2E8.png
  • Depending on which processes are running, all your programs will be closed and explorer.exe (your Windows shell) will be killed, it will however be relaunched shortly after so do not panic;
  • There's no log to give for this tool;
On a side note, DoubleClick is legitimate, it's part of Google Ads service.

https://www.doubleclickbygoogle.com/

It's pretty much on every website there is.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Andrew77

Andrew77
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Texas
  • Local time:06:50 PM

Posted 03 November 2015 - 04:42 PM

Oh wow!! Thank you so much!!! This whole time it was a legitimate redirect from Google?? Well Scroogle can go suck a lemon. It is a pointless operation on their part because it just sits there blank... and nothing loads nothing happens.Maybe it's not just that "nothing" happens, maybe something is happening, just not anything that is visible to me :) Oh the joys of living in the information age... If we are unaware and uninitiated, then we are but lambs for the slaughter. Thanks for your time. One more thing, when I try to download Tempfile cleaner on your website I get redirected to http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/ is this something you are aware of and am I safe to continue? I also have CCleaner by Piriform, so would it be redundant to use the Tempfile cleaner as well? I delete my Temp folder regularly (and manually) 


Edited by Andrew77, 03 November 2015 - 04:43 PM.


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 03 November 2015 - 05:25 PM

This is the right redirection, since TFC is a tool by OldTimer and also hosted on GeeksToGo :) And you can run both CCleaner and TFC, both of them will cover pretty much every location there is to cover when it comes to temporary files.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 Andrew77

Andrew77
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Texas
  • Local time:06:50 PM

Posted 04 November 2015 - 12:27 AM

Awesome! You are apreciated



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 04 November 2015 - 06:30 AM

No problem, was there anything else? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Andrew77

Andrew77
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Texas
  • Local time:06:50 PM

Posted 04 November 2015 - 12:55 PM

Nope, that's it :)



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 PM

Posted 04 November 2015 - 12:59 PM

Alright then you're good to go! Have a good day Andrew :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users