Hello anthm8 and Welcome.
The IP that you suspect as being a problem, is actually a Weather Wiget on your desktop.
If you are concerned about it, please follow these directions..........
First -Please download MiniToolBox to desktop to run it.
Checkmark the following boxes:
- List content of Hosts
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- Report FF Proxy Settings
- Reset FF Proxy Settings
- List last 10 Event Viewer log
- List Installed Programs
- List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy and Paste the result. (result.txt)
Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note 1:: If any security program requests permission to access the Internet, allow it to do (it is 100% safe)
NOTE 2. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! (or similar) message, restart computer and Security Check should run
- Download AdwCleaner by Xplode and save to your Desktop.
- Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
- Click on the Scan button (only once)
- AdwCleaner will begin...be patient as the scan may take some time to complete.
- After the scan has finished, click on the Report button only once for accuracy.
- A report (AdwCleaner[R0].txt) will open in Notepad for your review.
- Check the listed removals and see if you are OK with them.
- If you have questions, post the Report log back here.
- Click on the Clean button only once for accuracy
- Press OK when asked to close all programs and follow the onscreen prompts.
- Press OK finally to allow AdwCleaner to Restart the computer and complete the removal process.
- After rebooting, a log report (AdwCleaner[S0].txt) will open automatically.
- **Copy and Paste the contents of that log in your next reply.**
- To restore an item that has been deleted by accident : Open the program again,
- Go to Tools (top left) > Quarantine Manager > check what you want restored > now click on Restore.
Note: With most Adware / Junkware / PUPs it is strongly recommended to deal with it like a legitimate program and uninstall from Programs and Features or Add/Remove Programs in the Control Panel. In many cases, using the uninstaller of the adware not only removes the adware more effectively, but it also restores any changed configuration. After uninstallation, then you can run specialized tools like AdwCleaner and JRT to fix any remaining entries they may find.
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
Please download Malwarebytes Anti-Malware
- Follow the simple directions to install the program to desktop
- Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
- Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
- Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
- If you find malware and tick it to remove it, you may be asked to re-boot the computer to finish cleaning.
- Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
Download Malwarebytes Anti-Rootkit (A.K.A. MBAR) from HERE
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain.
- If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
When you post those logs, we will have a better idea if there is actually an infection involved ...
Thank You -