Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Receiving Redirects on multiple devices


  • Please log in to reply
9 replies to this topic

#1 NickS111

NickS111

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 21 September 2017 - 10:42 PM

Hi,

 

I just went through the Virus Trojan forum and it was determined that my devices (laptop, desktop, others) are clean and or they couldnt figure out the cause of the redirects. My weeks of history is listed under NickS111.

 

The following is the requested information;

 

Make and model of computer - HP Desktop Pavilion 550-047c (bought at Costco)

How the computer is connected (wireless or wired) - wireless

Make and model of Router - Pepwave Surf SOHO MK3. Latest firmware 7.0.1 build 1207

Approximate Distance From the router the PC is if its a wireless connection - 10 feet

What type of internet you have (Dsl, Cable, T-1,etc..) - Cox Cable
 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Nick (administrator) on 21-09-2017 at 20:39:49
Running from "C:\Users\Nick\Desktop"
Microsoft Windows 10 Home  (X64)
Model: 550-047c Manufacturer: Hewlett-Packard

Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

 

========================= IP Configuration: ================================
Intel® Dual Band Wireless-AC 7260 = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration

Windows IP Configuration
   Host Name . . . . . . . . . . . . : Shermans
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 60-02-92-63-52-18
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : D8-FC-93-92-B8-8D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 7260
   Physical Address. . . . . . . . . : D8-FC-93-92-B8-8C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.50.14(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, September 21, 2017 11:15:57 AM
   Lease Expires . . . . . . . . . . : Friday, September 22, 2017 7:44:48 PM
   Default Gateway . . . . . . . . . : 192.168.50.1
   DHCP Server . . . . . . . . . . . : 192.168.50.1
   DNS Servers . . . . . . . . . . . : 208.67.222.123
                                       208.67.220.123
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:20e7:34d1:3f57:cdf1(Preferred)
   Link-local IPv6 Address . . . . . : fe80::20e7:34d1:3f57:cdf1%9(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 301989888
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-0E-D8-EC-60-02-92-63-52-18
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  resolver1-fs.opendns.com
Address:  208.67.222.123

Name:    google.com
Addresses:  2607:f8b0:4007:80c::200e
      172.217.11.78

Pinging google.com [172.217.11.174] with 32 bytes of data:
Reply from 172.217.11.174: bytes=32 time=21ms TTL=55
Reply from 172.217.11.174: bytes=32 time=21ms TTL=55

Ping statistics for 172.217.11.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 21ms, Maximum = 21ms, Average = 21ms
Server:  resolver1-fs.opendns.com
Address:  208.67.222.123

Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      2001:4998:58:c02::a9
      98.139.180.149
      98.138.253.109
      206.190.36.45

Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
Reply from 98.139.180.149: bytes=32 time=92ms TTL=53
Reply from 98.139.180.149: bytes=32 time=92ms TTL=53

Ping statistics for 98.139.180.149:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 92ms, Maximum = 92ms, Average = 92ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  2...60 02 92 63 52 18 ......Realtek PCIe GBE Family Controller
  3...d8 fc 93 92 b8 8d ......Microsoft Wi-Fi Direct Virtual Adapter
  7...d8 fc 93 92 b8 8c ......Intel® Dual Band Wireless-AC 7260
  1...........................Software Loopback Interface 1
  9...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.50.1    192.168.50.14     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
     192.168.50.0    255.255.255.0         On-link     192.168.50.14    291
    192.168.50.14  255.255.255.255         On-link     192.168.50.14    291
   192.168.50.255  255.255.255.255         On-link     192.168.50.14    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.50.14    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.50.14    291
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  9    331 ::/0                     On-link
  1    331 ::1/128                  On-link
  9    331 2001::/32                On-link
  9    331 2001:0:4137:9e76:20e7:34d1:3f57:cdf1/128
                                    On-link
  9    331 fe80::/64                On-link
  9    331 fe80::20e7:34d1:3f57:cdf1/128
                                    On-link
  1    331 ff00::/8                 On-link
  9    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)

 

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/21/2017 07:58:23 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy  error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.

Operation:
   Executing Asynchronous Operation
Context:
   Current State: DoSnapshotSet

Error: (09/16/2017 02:49:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe_AppReadiness, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b
Exception code: 0xc0000374
Fault offset: 0x00000000000f775f
Faulting process id: 0x674
Faulting application start time: 0xsvchost.exe_AppReadiness0
Faulting application path: svchost.exe_AppReadiness1
Faulting module path: svchost.exe_AppReadiness2
Report Id: svchost.exe_AppReadiness3
Faulting package full name: svchost.exe_AppReadiness4
Faulting package-relative application ID: svchost.exe_AppReadiness5

Error: (09/14/2017 09:34:59 PM) (Source: ESENT) (User: )
Description: svchost (2660) SRUJet: Database recovery/restore failed with unexpected error -501.

Error: (09/14/2017 09:34:57 PM) (Source: ESENT) (User: )
Description: svchost (2660) SRUJet: Corruption was detected during soft recovery in logfile C:\WINDOWS\system32\SRU\SRU.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector isec 6 reason 4. This logfile has been damaged and is unusable.

Error: (09/14/2017 09:34:57 PM) (Source: ESENT) (User: )
Description: svchost (2660) SRUJet: The log range read from the file "C:\WINDOWS\system32\SRU\SRU.log" at offset 24576 (0x0000000000006000) for 4096 (0x00001000) bytes failed verification due to a range checksum mismatch.  The expected checksum was 293714657174226303 (0x4137becae32057f) and the actual checksum was 293714657174226303 (0x4137becae32057f). The read operation will fail with error -501 (0xfffffe0b).  If this condition persists then please restore the logfile from a previous backup.

Error: (09/14/2017 09:34:57 PM) (Source: ESENT) (User: )
Description: svchost (2660) SRUJet: Corruption was detected during soft recovery in logfile C:\WINDOWS\system32\SRU\SRU.log. The failing checksum record is located at position END. Data not matching the log-file fill pattern first appeared in sector isec 6 reason 4. This logfile has been damaged and is unusable.

Error: (09/14/2017 09:34:57 PM) (Source: ESENT) (User: )
Description: svchost (2660) SRUJet: The log range read from the file "C:\WINDOWS\system32\SRU\SRU.log" at offset 24576 (0x0000000000006000) for 4096 (0x00001000) bytes failed verification due to a range checksum mismatch.  The expected checksum was 293714657174226303 (0x4137becae32057f) and the actual checksum was 293714657174226303 (0x4137becae32057f). The read operation will fail with error -501 (0xfffffe0b).  If this condition persists then please restore the logfile from a previous backup.

Error: (09/14/2017 01:26:00 PM) (Source: ESENT) (User: )
Description: svchost (2780) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2859008 (0x00000000002ba000) (database page 697 (0x2B9)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (09/14/2017 01:25:00 PM) (Source: ESENT) (User: )
Description: svchost (2780) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2859008 (0x00000000002ba000) (database page 697 (0x2B9)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (09/14/2017 01:24:00 PM) (Source: ESENT) (User: )
Description: svchost (2780) SRUJet: The database page read from the file "C:\WINDOWS\system32\SRU\SRUDB.dat" at offset 2859008 (0x00000000002ba000) (database page 697 (0x2B9)) for 4096 (0x00001000) bytes failed verification because it contains no page data.  The read operation will fail with error -1019 (0xfffffc05).  If this condition persists then please restore the database from a previous backup. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


System errors:
=============
Error: (09/21/2017 07:44:56 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/16/2017 05:07:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/16/2017 02:49:50 PM) (Source: Service Control Manager) (User: )
Description: The App Readiness service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/16/2017 04:33:04 AM) (Source: Service Control Manager) (User: )
Description: The Downloaded Maps Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/15/2017 05:39:01 PM) (Source: Service Control Manager) (User: )
Description: The CldFlt service failed to start due to the following error: %%50 = The request is not supported.

Error: (09/15/2017 05:35:36 PM) (Source: Service Control Manager) (User: )
Description: The Update Orchestrator Service service did not shut down properly after receiving a preshutdown control.

Error: (09/15/2017 08:07:11 AM) (Source: Service Control Manager) (User: )
Description: The Downloaded Maps Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/14/2017 09:41:05 PM) (Source: DCOM) (User: Shermans)
Description: {A0BFCA86-10E0-11E4-AF47-6C626DCFBEE5}

Error: (09/14/2017 09:41:04 PM) (Source: DCOM) (User: Shermans)
Description: {A0BFCA87-10E0-11E4-91F7-6C626DCFBEE5}

Error: (09/14/2017 09:38:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0841: 2017-09 Cumulative Update for Windows 10 Version 1703 for x64-based Systems (KB4038788).

Microsoft Office Sessions:
=========================
Error: (09/21/2017 07:58:23 PM) (Source: VSS)(User: )
Description: QueryFullProcessImageNameW0x80070006, The handle is invalid.
Operation:
   Executing Asynchronous Operation
Context:
   Current State: DoSnapshotSet

Error: (09/16/2017 02:49:49 PM) (Source: Application Error)(User: )
Description: svchost.exe_AppReadiness10.0.15063.002799ef5ntdll.dll10.0.15063.6088274fd8bc000037400000000000f775f 67401d32f35adb37408C:\WINDOWS\System32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dllca0b8645-fc1a-4983-8b00- 9f3fb84f0df6

Error: (09/14/2017 09:34:59 PM) (Source: ESENT)(User: )
Description: svchost2660SRUJet: -501

Error: (09/14/2017 09:34:57 PM) (Source: ESENT)(User: )
Description: svchost2660SRUJet: C:\WINDOWS\system32\SRU\SRU.logENDisec 6 reason 4

Error: (09/14/2017 09:34:57 PM) (Source: ESENT)(User: )
Description: svchost2660SRUJet: C:\WINDOWS\system32\SRU\SRU.log24576 (0x0000000000006000)4096 (0x00001 000)-501 (0xfffffe0b)293714657174226303 (0x4137becae32057f)293714657174226303 (0x4137becae32057f)

Error: (09/14/2017 09:34:57 PM) (Source: ESENT)(User: )
Description: svchost2660SRUJet: C:\WINDOWS\system32\SRU\SRU.logENDisec 6 reason 4

Error: (09/14/2017 09:34:57 PM) (Source: ESENT)(User: )
Description: svchost2660SRUJet: C:\WINDOWS\system32\SRU\SRU.log24576 (0x0000000000006000)4096 (0x00001000)-501 (0xfffffe0b)293714657174226303 (0x4137becae32057f)293714657174226303 (0x4137becae32057f)

Error: (09/14/2017 01:26:00 PM) (Source: ESENT)(User: )
Description: svchost2780SRUJet: C:\WINDOWS\system32\SRU\SRUDB.dat2859008 (0x00000000002ba000)4096 (0x00001000)-1019 (0xfffffc05)697 (0x2B9)

Error: (09/14/2017 01:25:00 PM) (Source: ESENT)(User: )
Description: svchost2780SRUJet: C:\WINDOWS\system32\SRU\SRUDB.dat2859008 (0x00000000002ba000)4096 (0x00001000)-1019 (0xfffffc05)697 (0x2B9)

Error: (09/14/2017 01:24:00 PM) (Source: ESENT)(User: )
Description: svchost2780SRUJet: C:\WINDOWS\system32\SRU\SRUDB.dat2859008 (0x00000000002ba000)4096 (0x00001000)-1019 (0xfffffc05)697 (0x2B9)

=========================== Installed Programs ============================
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{F68DF314-BD12-4549-941C-521CB8D16DDE}) (Version: 40.11.1122.1796 - HP Inc.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
KB4023057 (HKLM\...\{27C6D60B-CAD4-4C70-A1F2-299C731EA8F7}) (Version: 2.0.0.0 - Microsoft Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0.1 - Mozilla)
OpenDNS Updater 2.2.1 (HKLM-x32\...\OpenDNS Updater) (Version: 2.2.1 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7673 - Realtek Semiconductor Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)

========================= Devices: ================================

========================= Memory info: ===================================
Percentage of memory in use: 18%
Total physical RAM: 12191.91 MB
Available physical RAM: 9990.48 MB
Total Virtual: 14623.91 MB
Available Virtual: 12333.46 MB

========================= Partitions: =====================================
1 Drive c: (Windows) (Fixed) (Total:910.73 GB) (Free:846.01 GB) NTFS
2 Drive d: (Recovery Image) (Fixed) (Total:18.47 GB) (Free:2.33 GB) NTFS

========================= Users: ========================================
User accounts for \\SHERMANS

Administrator            DefaultAccount           Guest                    
Nick                     

========================= Minidump Files ==================================
No minidump file found

========================= Restore Points ==================================

**** End of log ****


Edited by hamluis, 26 September 2017 - 08:54 PM.


BC AdBot (Login to Remove)

 


#2 Kilroy

Kilroy

  • BC Advisor
  • 3,445 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:02:44 PM

Posted 22 September 2017 - 11:23 AM

I'd suspect that CCleaner is the source of your problem.

 

Avast! There’s malware in that CCleaner software update

 

CCleaner malware outbreak is much worse than it first appeared



#3 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 22 September 2017 - 11:57 AM

If you have a restore point before you started experiencing the difficulties I would restore to that point in time.



#4 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 22 September 2017 - 03:31 PM

The redirect issue has been occurring since the end of last year (2016). I do use CCleaner. And the described symptoms in the article of the computer being "remotely accessed or controlled", describes my situation. Has CCleaner had the Malware issue going back to that time frame? I have used CCleaner for years with no issues.

The affect is the browser page opening on its own and searching for things by itself, going to website I have heard of or never new existed.  The redirect has occurred on the desktop, laptop, kindles, Ipad, android and windows phones.
 
On desk, I have done restore previously. It didn't resolve issue. Also reinstalled windows. It didn't resolve issue. Bought a new desktop computer, same redirect occurred next day. Someone, somewhere, a program has my ip address and can remotely access my browsers (any browser, tried them all).
 
Trying to resolve, spoke with Mircrosoft. They couldn't help. They recommended Malwarebytes and Bleepingcomputer. Malwarebytes couldn't resolve. Hoping BC Network can help resolve as I haven't ever seen anything like this in my 20 years of using computers.
 
Router and Modem were replaced. Previous router was Asus AC68U.
 
Any other ideas?


Edited by hamluis, 26 September 2017 - 08:56 PM.


#5 Kilroy

Kilroy

  • BC Advisor
  • 3,445 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:02:44 PM

Posted 22 September 2017 - 03:44 PM

If the redirect happens on iPads and Kindles I would suspect your router or network.  Unless there is some questionable application that they all have in common.  Since it seems to affect everything on the network I'd go for network equipment as the source.

 

Have you updated the firmware on the router?

 

Have you changed the default password on the router?

 

Have you disabled remote management on the router?

 

What is your current router?



#6 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 22 September 2017 - 04:15 PM

if you connect directly to the modem do the redirects still happen?

redirects to where?



#7 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 22 September 2017 - 09:39 PM

yes, have latest firmware, router admin login changed multiple times as well as SSID. Used password generator. Remote access is disabled,or do you mean disable wifi interface and access by ethernet only? if that is the case. Router dashboard is accessible by wifi. Current router listed above...Pepwave Soho. Previous router was Asus AC68U.

 

text file attached of redirects.

Attached Files



#8 NickS111

NickS111
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:12:44 PM

Posted 22 September 2017 - 11:28 PM

to answer the other question, we have 2 devices hard wired to router; playstation and sony blu-ray. can't say we had issues with those devices. Haven't tried connecting directly to modem. could setup and see what happens.



#9 hamluis

hamluis

    Moderator


  • Moderator
  • 56,286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:44 PM

Posted 26 September 2017 - 08:58 PM

.Please Publish a Snapshot using Speccy taking care to post the link of the snapshot in your next post.

   Go to Piriform's website, and download the free version on the left.  Click Download from Piriform.com (the FileHippo link requires an extra click). Or if you want to use a portable version of Speccy (which doesn't require installation), click the builds page link and download the portable version. You will now be asked where you want to save the file. The best place to put it is the Desktop, as it will be easy to find later.

    After the file finishes downloading, you are ready to run Speccy. If you downloaded the installer, simply double-click on it and follow the prompts until installation is complete. If you downloaded the portable version, you will need to unzip it before use. Right-click the ZIP file and click Extract all. Click Next. Open up the extracted folder and double-click on Speccy.
 
     Once inside Speccy, it will look similar to this (with your computer's specifications, of course):
 
post-33068-0-86653600-1480692866_thumb.j

     Now, at the top, click File > Publish Snapshot.

     Click Yes > then Copy to Clipboard

Now, once you are back in the forum topic you are posting in, click the ADD REPLY or REPLY TO THIS TOPIC button. Right-click in the empty space of the Reply box and click Paste. Then, click Add Reply below the Reply box.

Louis



#10 Joni_T

Joni_T

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 25 February 2018 - 09:27 AM

Was this ever resolved?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users