History:
I was infected not too long ago and downloaded Malwarebytes trial to clean it up. Infections are quarantined and removed. Re-run the scan multiple times after, nothing found. There are still occasional pop up on website blocked. Here are the reports from Malwarebytes:
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 5/19/17
Protection Event Time: 9:25 AM
Log File:
Administrator: Yes
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1970
License: Trial
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Domain: d2buh1bf1g584w.cloudfront.net
IP Address: 52.85.133.135
Port: [52170]
Type: Outbound
File: C:\Windows\System32\msiexec.exe
(end)
Another instance:
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 5/20/17
Protection Event Time: 12:25 PM
Log File:
Administrator: Yes
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.1980
License: Trial
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Domain: d2buh1bf1g584w.cloudfront.net
IP Address: 54.230.141.44
Port: [54283]
Type: Outbound
File: C:\Windows\System32\msiexec.exe
(end)
It happens multiple times, about every 3-4 hours. The website blocked is always the same. Port and IP address varies.
Help would be much appreciated. On a side note, I really like Malwarebytes since it caught many things that my antivirus did not. Keep up the good job!
EDIT: uploaded the Farbar Recovery Scan Tool results
FRST.txt
Addition.txt