bouwew
Members-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by bouwew
-
Svchost trying to connect to gen.xyz at startup, infected?
bouwew replied to bouwew's topic in Resolved Malware Removal Logs
Thank you for all the help! Kind regards, bouwew -
Svchost trying to connect to gen.xyz at startup, infected?
bouwew replied to bouwew's topic in Resolved Malware Removal Logs
# DelFix v1.013 - Logfile created 08/07/2018 at 09:30:27 # Updated 17/04/2016 by Xplode # Username : bouwe - BOUWE-PC # Operating System : Windows 10 Enterprise (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\Users\bouwe\Downloads\Addition.txt Deleted : C:\Users\bouwe\Downloads\Fixlog.txt Deleted : C:\Users\bouwe\Downloads\FRST.txt Deleted : C:\Users\bouwe\Downloads\FRST64.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## -
Svchost trying to connect to gen.xyz at startup, infected?
bouwew replied to bouwew's topic in Resolved Malware Removal Logs
Ok, understood, thanks!! -
Svchost trying to connect to gen.xyz at startup, infected?
bouwew replied to bouwew's topic in Resolved Malware Removal Logs
First, thank you for your help, very much appreciated! Being a techie, I like to know details :) Do you have any idea what kind of infection was (maybe still is? because the popup was not showing itself anymore before the cleaning-action) present on my system? And how I picked it up? -
Svchost trying to connect to gen.xyz at startup, infected?
bouwew replied to bouwew's topic in Resolved Malware Removal Logs
Hi Aura, Yesterday, when I started my PC for the first time since arriving home, the popup was not there. Then I followed you advice: run FRST with fixlist.txt. After that I also did not see the popup anymore. 3 starts happened after the cleaning action. About how many times the popup showed during the start, only once at each start. -
Svchost trying to connect to gen.xyz at startup, infected?
bouwew replied to bouwew's topic in Resolved Malware Removal Logs
Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018 Ran by bouwe (28-06-2018 19:15:41) Run:1 Running from C:\Users\bouwe\Downloads Loaded Profiles: bouwe (Available Profiles: bouwe) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: VirusTotal: C:\Windows\system32\Windows.Management.Service.dll VirusTotal: C:\Windows\system32\MitigationClient.dll VirusTotal: C:\Windows\System32\NvAgent.dll VirusTotal: C:\Windows\System32\HostNetSvc.dll GroupPolicy: Restriction ? <==== ATTENTION BHO-x32: No Name -> {889D2FEB-5411-4565-8998-1DD2C5261283} -> No File CHR HKU\S-1-5-21-2300567208-3819779037-3924417142-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hcjjaajflhellmcfcecojihhmdbjmmlm] - hxxps://clients2.google.com/service/update2/crx Task: {00A0DF23-E096-48CC-89F2-29D09E6BCF4A} - \Microsoft\Windows\UNP\Campaigns\{3D2E6D6C-D655-43CB-B39B-D2B876D9E480}\ExperienceTargeted\Logon -> No File <==== ATTENTION Task: {71402D44-EE1D-45FB-8227-DECE09FAA70C} - \Microsoft\Windows\UNP\Campaigns\{3D2E6D6C-D655-43CB-B39B-D2B876D9E480}\ExperienceTargeted\Unlock -> No File <==== ATTENTION Task: {7485D0E9-727F-4B06-A1F8-701BAFB8D3D8} - \Microsoft\Windows\UNP\Campaigns\{3D2E6D6C-D655-43CB-B39B-D2B876D9E480}\ExperienceTargeted\OnIdle -> No File <==== ATTENTION Task: {8ECE3D46-EFDE-4AAA-9172-FEA72C3612D3} - \Microsoft\XblGameSave\XblGameSaveTask\Logon -> No File <==== ATTENTION Task: {E15D0692-401F-477B-A71E-D377FC1D0682} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {E7608BF9-5D90-4445-B224-54E6EAD718BC} - System32\Tasks\{D45CAAB9-6E26-4D1B-9366-F94FF9E25585} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Primal Pictures\Interactive Thorax and Abdomen\thorax.exe" -d "C:\Program Files (x86)\Primal Pictures\Interactive Thorax and Abdomen" FirewallRules: [{46CCD955-7D02-4812-A316-D7BB61DC7AA2}] => (Allow) C:\Users\bouwe\AppData\Local\Temp\nsj25A5.tmp\QQPCDetector.exe FirewallRules: [{73425C27-7EB3-4826-A2AB-5A785450D171}] => (Allow) C:\Users\bouwe\AppData\Local\Temp\nsj25A5.tmp\QQPCDetector.exe EmptyTemp: ***************** Processes closed successfully. Error: (0) Failed to create a restore point. VirusTotal: C:\Windows\system32\Windows.Management.Service.dll => https://www.virustotal.com/file/26c79610c914a17d85a834b90d524d1a37a8877af078af6390ffdc6caf83a6a1/analysis/1529178783/ VirusTotal: C:\Windows\system32\MitigationClient.dll => https://www.virustotal.com/file/4bcf6a6f16ecbe0c4a05bdba325a0f8d02042fc229079e7a7338835473d55970/analysis/1529262677/ VirusTotal: C:\Windows\System32\NvAgent.dll => https://www.virustotal.com/file/af274902db313367da5991fcfb383dbdcdd3d045cc7e32fb929fd66ecfb795f8/analysis/1529194982/ VirusTotal: C:\Windows\System32\HostNetSvc.dll => https://www.virustotal.com/file/3148f5342b758f483e7dbf6772ffd29c299cb7bf861b4c6b6c2be887b9b4cb8c/analysis/1530106623/ C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}" => removed successfully HKLM\Software\Wow6432Node\Classes\CLSID\{889D2FEB-5411-4565-8998-1DD2C5261283} => not found "HKU\S-1-5-21-2300567208-3819779037-3924417142-1001\SOFTWARE\Google\Chrome\Extensions\hcjjaajflhellmcfcecojihhmdbjmmlm" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{00A0DF23-E096-48CC-89F2-29D09E6BCF4A}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00A0DF23-E096-48CC-89F2-29D09E6BCF4A}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{3D2E6D6C-D655-43CB-B39B-D2B876D9E480}\ExperienceTargeted\Logon" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71402D44-EE1D-45FB-8227-DECE09FAA70C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71402D44-EE1D-45FB-8227-DECE09FAA70C}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{3D2E6D6C-D655-43CB-B39B-D2B876D9E480}\ExperienceTargeted\Unlock" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7485D0E9-727F-4B06-A1F8-701BAFB8D3D8}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7485D0E9-727F-4B06-A1F8-701BAFB8D3D8}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\Campaigns\{3D2E6D6C-D655-43CB-B39B-D2B876D9E480}\ExperienceTargeted\OnIdle" => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8ECE3D46-EFDE-4AAA-9172-FEA72C3612D3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ECE3D46-EFDE-4AAA-9172-FEA72C3612D3}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\XblGameSave\XblGameSaveTask\Logon" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E15D0692-401F-477B-A71E-D377FC1D0682}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E15D0692-401F-477B-A71E-D377FC1D0682}" => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7608BF9-5D90-4445-B224-54E6EAD718BC}" => removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7608BF9-5D90-4445-B224-54E6EAD718BC}" => removed successfully C:\WINDOWS\System32\Tasks\{D45CAAB9-6E26-4D1B-9366-F94FF9E25585} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D45CAAB9-6E26-4D1B-9366-F94FF9E25585}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46CCD955-7D02-4812-A316-D7BB61DC7AA2}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{73425C27-7EB3-4826-A2AB-5A785450D171}" => removed successfully =========== EmptyTemp: ========== BITS transfer queue => 8675328 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 59260315 B Java, Flash, Steam htmlcache => 43689 B Windows/system/drivers => 1257698 B Edge => 7501470 B Chrome => 21754373 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 7168 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 0 B LocalService => 0 B NetworkService => 44566 B NetworkService => 0 B bouwe => 8570801 B RecycleBin => 0 B EmptyTemp: => 102.2 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 19:20:14 ==== -
Svchost trying to connect to gen.xyz at startup, infected?
bouwew replied to bouwew's topic in Resolved Malware Removal Logs
Threat Scan report added. bouwew_TS_report.txt -
Svchost trying to connect to gen.xyz at startup, infected?
bouwew replied to bouwew's topic in Resolved Malware Removal Logs
After some more reading I realize I have not attached the MWB Threat Scan log. I will include it when I'm back at home. -
Svchost trying to connect to gen.xyz at startup, infected?
bouwew replied to bouwew's topic in Resolved Malware Removal Logs
Dear Aura, Yes, I am here :) I have been busy, now I finally have some free time, while I away from home, to check my topic. As I write this, I am away from home, I'm working too far away from home to travel back every day. For your information, I will be back at home on Friday or Saturday of this week, I don't know yet, it depends on my schedule. I will let you know when I know it for sure. I have read your post, I understand it and I will act accordingly. Sorry, I'm confused by your last remark; you are asking for my logs. But, these are attached to my initial post, correct? Or, am I missing something? -
Hi, Recently, during every startup of my PC, a message from Malwarebytes pops up. I have performed a system scan but no virus is found. I wonder, is my PC infected? This is the export: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/21/18 Protection Event Time: 7:35 PM Log File: 8080b34a-7579-11e8-8755-ac220b4cd7ab.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5530 License: Premium -System Information- OS: Windows 10 (Build 17692.1000) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: Phishing Domain: gen.xyz IP Address: 13.57.153.101 Port: [49732] Type: Outbound File: C:\Windows\System32\svchost.exe (end) Kind regards, Bouwe Westerdijk FRST.txt Addition.txt
-
MBAM 3.04 causing tcpip.sys BSOD
bouwew replied to reiichiroh's topic in Malwarebytes for Windows Support Forum
I can confirm this issue. I have encountered this issue repeatedly when running both Qbittorrent and Tixati (seperately). I was reading some posts on other forums describing the same issue before I arrived at this post in this forum. I've seen it happen when running 3.04 and now when running 3.05 (lifetime subscription).