Results 1 to 10 of 11

Thread: Duplicate IP Address & Infected Browser

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Dec 2015
    Posts
    17

    Default Duplicate IP Address & Infected Browser

    Hello,

    Received a duplicate IP address warning along with some browser issues. Also some consistent registry issues detected with Spybot scan & programs running in the background when shutting down.

    Spybot log attached

    FRST.txt logs - to large to upload

    aswMBR Log - Yes for "Virtualization Technology" crashes the PC

    Regards
    m
    Attached Files Attached Files

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Don't worry about posting a aswMBR Log.

    Since you have already run a Farbar Recovery Scan Tool (FRST) Scan, just copy and paste FRST.txt & Addition.txt in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Dec 2015
    Posts
    17

    Default

    Logs added, sorry for the delay
    Attached Files Attached Files

  4. #4
    Junior Member
    Join Date
    Dec 2015
    Posts
    17

    Default

    Was able to run aswMBR but not sure the scan was complete - crashed my PC during scan, log attached
    Attached Files Attached Files

  5. #5
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Let's try this

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-264360123-2859139072-1872116722-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-264360123-2859139072-1872116722-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
    SearchScopes: HKU\S-1-5-21-264360123-2859139072-1872116722-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-27] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-27] (Oracle Corporation)
    U3 idsvc; no ImagePath
    S3 SBFWIMCL; \SystemRoot\system32\DRIVERS\sbfwim.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    U3 wpcsvc; no ImagePath
    C:\Users\Martinat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnmycbw.dll
    C:\Users\Martinat\AppData\Local\Temp\jre-8u60-windows-au.exe
    C:\Users\Martinat\AppData\Local\Temp\jre-8u65-windows-au.exe
    C:\Users\Martinat\AppData\Local\Temp\jre-8u66-windows-au.exe
    C:\Users\Martinat\AppData\Local\Temp\tmp166C.exe
    C:\Users\Martinat\AppData\Local\Temp\tmp283C.exe
    C:\Users\Martinat\AppData\Local\Temp\tmp3CB8.exe
    C:\Users\Martinat\AppData\Local\Temp\tmp5865.exe
    C:\Users\Martinat\AppData\Local\Temp\tmpB0EA.exe
    C:\Users\Martinat\AppData\Local\Temp\tmpC341.exe
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    Task: {220701C2-CA15-443E-854E-786AB323A05E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {3E647D8C-9B6D-4AFA-B243-AD7C23AAB7F8} - System32\Tasks\GPUpdateCheck => C:\Program Files (x86)\GetPrivate\gpup.exe <==== ATTENTION
    Task: {3FBF4831-5399-4D5D-835A-F60688808619} - \ConfigFree Startup Programs -> No File <==== ATTENTION
    Task: {5405F162-916C-42C7-BD83-E72FAFD129FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {5C9BF4FB-1254-44F6-8651-14E7BDCD3EF6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {75565697-7719-41DC-991D-668D4A5DA0FB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {89B137EB-E78C-4A7F-AFFE-93B96CFFAB42} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {8FBB6CFC-9AE0-4317-AAC3-F1C01313089E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {B958B373-B742-46A5-B577-0EE76540D6E3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {BEE555F5-CC84-4EFA-8D52-A87C7C449C45} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {E5B0101D-519B-44FA-9BC9-358C509108AF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {E8FEC769-1ED4-4F43-9F6A-0435EE3574E7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {FCE6FC99-ACC9-4C61-B884-3BF4121D04B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    C:\Windows\Temp\*.*
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



    ~~~~~~~~~~~`
    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply
    created by Aura

    Please post these 3 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Junior Member
    Join Date
    Dec 2015
    Posts
    17

    Default

    Here are the latest logs
    Attached Files Attached Files

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •