Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Duplicate IP Address & Infected Browser

  1. #1
    Junior Member
    Join Date
    Dec 2015
    Posts
    17

    Default Duplicate IP Address & Infected Browser

    Hello,

    Received a duplicate IP address warning along with some browser issues. Also some consistent registry issues detected with Spybot scan & programs running in the background when shutting down.

    Spybot log attached

    FRST.txt logs - to large to upload

    aswMBR Log - Yes for "Virtualization Technology" crashes the PC

    Regards
    m
    Attached Files Attached Files

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Don't worry about posting a aswMBR Log.

    Since you have already run a Farbar Recovery Scan Tool (FRST) Scan, just copy and paste FRST.txt & Addition.txt in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Dec 2015
    Posts
    17

    Default

    Logs added, sorry for the delay
    Attached Files Attached Files

  4. #4
    Junior Member
    Join Date
    Dec 2015
    Posts
    17

    Default

    Was able to run aswMBR but not sure the scan was complete - crashed my PC during scan, log attached
    Attached Files Attached Files

  5. #5
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Let's try this

    Start Farbar Recovery Scan Tool with Administrator privileges
    (Right click on the FRST icon and select Run as administrator)

    highlight on the text below and select Copy.
    beginning with Start:: and finishing with End::
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Highlight the entire content of the quote box below and select Copy.


    Start::
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoFolderOptions] 0
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-264360123-2859139072-1872116722-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-264360123-2859139072-1872116722-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
    SearchScopes: HKU\S-1-5-21-264360123-2859139072-1872116722-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
    FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-27] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-27] (Oracle Corporation)
    U3 idsvc; no ImagePath
    S3 SBFWIMCL; \SystemRoot\system32\DRIVERS\sbfwim.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    U3 wpcsvc; no ImagePath
    C:\Users\Martinat\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnmycbw.dll
    C:\Users\Martinat\AppData\Local\Temp\jre-8u60-windows-au.exe
    C:\Users\Martinat\AppData\Local\Temp\jre-8u65-windows-au.exe
    C:\Users\Martinat\AppData\Local\Temp\jre-8u66-windows-au.exe
    C:\Users\Martinat\AppData\Local\Temp\tmp166C.exe
    C:\Users\Martinat\AppData\Local\Temp\tmp283C.exe
    C:\Users\Martinat\AppData\Local\Temp\tmp3CB8.exe
    C:\Users\Martinat\AppData\Local\Temp\tmp5865.exe
    C:\Users\Martinat\AppData\Local\Temp\tmpB0EA.exe
    C:\Users\Martinat\AppData\Local\Temp\tmpC341.exe
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    CustomCLSID: HKU\S-1-5-21-264360123-2859139072-1872116722-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Martinat\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll => No File
    Task: {220701C2-CA15-443E-854E-786AB323A05E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {3E647D8C-9B6D-4AFA-B243-AD7C23AAB7F8} - System32\Tasks\GPUpdateCheck => C:\Program Files (x86)\GetPrivate\gpup.exe <==== ATTENTION
    Task: {3FBF4831-5399-4D5D-835A-F60688808619} - \ConfigFree Startup Programs -> No File <==== ATTENTION
    Task: {5405F162-916C-42C7-BD83-E72FAFD129FD} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {5C9BF4FB-1254-44F6-8651-14E7BDCD3EF6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {75565697-7719-41DC-991D-668D4A5DA0FB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {89B137EB-E78C-4A7F-AFFE-93B96CFFAB42} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {8FBB6CFC-9AE0-4317-AAC3-F1C01313089E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {B958B373-B742-46A5-B577-0EE76540D6E3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {BEE555F5-CC84-4EFA-8D52-A87C7C449C45} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {E5B0101D-519B-44FA-9BC9-358C509108AF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {E8FEC769-1ED4-4F43-9F6A-0435EE3574E7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {FCE6FC99-ACC9-4C61-B884-3BF4121D04B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    C:\Windows\Temp\*.*
    End::

    Start FRST (FRST64) with Administrator privileges
    Press the Fix button. FRST will process the lines copied above from the clipboard.
    When finished, a log file Fixlog.txt will pop up and saved in the same location the tool was ran from.

    Please copy and paste its contents in your next reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    AdwCleaner - Fix Mode
    • Download AdwCleaner and move it to your Desktop
    • Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Accept the EULA (I accept), then click on Scan
    • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button. This will kill all the active processes
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
    • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply



    ~~~~~~~~~~~`
    RogueKiller
    • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
    • Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
    • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
    • Wait for the scan to complete
    • On completion, the results will be displayed
    • Check every single entry (threat found), and click on the Remove Selected button
    • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
    • This will open the report in Notepad. Copy/paste its content in your next reply
    created by Aura

    Please post these 3 logs when finished.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Junior Member
    Join Date
    Dec 2015
    Posts
    17

    Default

    Here are the latest logs
    Attached Files Attached Files

  7. #7
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Hope the computer is running better now.

    Let's check for remnants

    Please download the Malwarebytes Anti-Malware setup file to your Desktop.

    OR from this location Here
    • Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
    • Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"
    • After the installation IS complete let it update if it asks.
    • Under SETTINGS.....APPLICATIONS leave everything at default
    • Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
    • Then go to the Dashboard and click on SCAN NOW
    • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
      Upon completion of the scan (or after the reboot), click the Reports tab.
      Double-click the Scan Log.
      At the bottom click Export and choose Text file.

      Save the file to your desktop and include its content in your next reply.

      You can access the logs by going in the "Reports" tab, clicking on the latest "Scan" entry (the one with detections), then clicking on the "Export" button in the bottom-left corner and select "Copy to clipboard". After that, all you have to do is paste it here
    • Then click on POST
    • Exit Malwarebytes

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Emsisoft Emergency Kit - Fix Mode
    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it. From there, click on the Install button to extract the program in the EEK folder;
    • Once the extraction is complete, the EEK folder will open. Right-click on start emergency kit scanner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
    • EEK will suggest that you run an online update before using the program. Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let EEK detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on the Quarantine selected button;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, open EEK again (in the C:\EEK folder);
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

    Please post these 2 logs when finished.

    Also, tell me how the computer is now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Junior Member
    Join Date
    Dec 2015
    Posts
    17

    Default

    PC seems to be running better, my web browser is still a little glitchy but better.


    Emsisoft Log

    Emsisoft Emergency Kit 2018.6.0.8742 stable [en-us]
    OS: Windows 10 (Version 10.0, Build 17134, 64-bit Edition)

    Forensics log

    Date Component Action Details
    5/15/2019 2:17:24 AM Scanner Scan finished Scanned 56614 objects and found nothing.
    5/15/2019 1:07:28 AM User MARTINAT-PC\Martinat Scan started Malware Scan
    5/15/2019 1:07:22 AM User MARTINAT-PC\Martinat Setting modified "Detect PUPs" has been changed to "Enabled".
    5/15/2019 1:05:53 AM User MARTINAT-PC\Martinat Setting modified "Recommended readings & news" has been changed to "Enabled".
    5/15/2019 1:05:52 AM User Update Downloaded and installed 45 files (2800 kb) (50 sec.).
    5/15/2019 1:05:11 AM User MARTINAT-PC\Martinat Setting modified "Recommended readings & news" has been changed to "Disabled".
    5/15/2019 1:05:02 AM Core Notification "Recommended Reading:There is no malware on my PC, so why does Google redirect me to dodgy websites?".
    5/15/2019 1:04:56 AM User Update Failed with error "Server returned error" (0 sec.).
    Attached Files Attached Files

  9. #9
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Which browser do you mainly use. Could be we can reset all browsers back to default and it would help.

    As for finding malware, not really.

    Sometimes just using the machine for a bit helps with a few glitches.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Junior Member
    Join Date
    Dec 2015
    Posts
    17

    Default

    Using Microsoft Edge, cleared the history again & a little better. Its seems to double load sometimes, loads them instantly does a refresh & loads again?


    Rest to default might help?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •