Jump to content

risotto73

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Ah ok, well as long as my computer is clean and Malwarebytes is doing its job, that's good. Thanks for the assistance!
  2. I'll get this one running now and update you in a couple hours once it is complete. Once again Kevin, thank you for your help, even if we are having trouble finding something.
  3. Pasting the fix logs below; however, it has not stopped the website blocking. Fix result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018 Ran by mcc89 (17-09-2018 19:09:25) Run:1 Running from C:\Users\mcc89\Downloads Loaded Profiles: mcc89 & SQLTELEMETRY$SQLEXPRESS (Available Profiles: mcc89 & SQLTELEMETRY$SQLEXPRESS & MSSQL$SQLEXPRESS) Boot Mode: Normal ============================================== fixlist content: ***************** start CloseProcesses: CreateRestorePoint: cmd: ipconfig /flushDNS cmd: netsh winsock reset cmd: netsh int ip reset cmd: ipconfig /release cmd: ipconfig /renew reboot: end ***************** Processes closed successfully. Restore point was successfully created. ========= ipconfig /flushDNS ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= netsh winsock reset ========= Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= ========= netsh int ip reset ========= Resetting Compartment Forwarding, OK! Resetting Compartment, OK! Resetting Control Protocol, OK! Resetting Echo Sequence Request, OK! Resetting Global, OK! Resetting Interface, OK! Resetting Anycast Address, OK! Resetting Multicast Address, OK! Resetting Unicast Address, OK! Resetting Neighbor, OK! Resetting Path, OK! Resetting Potential, OK! Resetting Prefix Policy, OK! Resetting Proxy Neighbor, OK! Resetting Route, OK! Resetting Site Prefix, OK! Resetting Subinterface, OK! Resetting Wakeup Pattern, OK! Resetting Resolve Neighbor, OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , failed. Access is denied. Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Resetting , OK! Restart the computer to complete this action. ========= End of CMD: ========= ========= ipconfig /release ========= Windows IP Configuration No operation can be performed on Local Area Connection* 1 while it has its media disconnected. No operation can be performed on Local Area Connection* 2 while it has its media disconnected. Wireless LAN adapter Local Area Connection* 1: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Local Area Connection* 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::c8b8:3ef3:d157:9582%4 Default Gateway . . . . . . . . . : ========= End of CMD: ========= ========= ipconfig /renew ========= Windows IP Configuration No operation can be performed on Local Area Connection* 1 while it has its media disconnected. No operation can be performed on Local Area Connection* 2 while it has its media disconnected. Wireless LAN adapter Local Area Connection* 1: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Local Area Connection* 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::c8b8:3ef3:d157:9582%4 IPv4 Address. . . . . . . . . . . : 10.215.149.17 Subnet Mask . . . . . . . . . . . : 255.255.252.0 Default Gateway . . . . . . . . . : 10.215.151.254 ========= End of CMD: ========= The system needed a reboot. ==== End of Fixlog 19:09:43 ====
  4. I asked my flatmates earlier and none of them use Malwarebytes unfortunately. I can attempt connecting to a different wifi or phone hotspot to see if the problem persists, but I'm not sure what would help if the problem is in my IP.
  5. I followed the instructions on Microsoft Support for a clean boot with only Windows services and Malwarebytes allowed to run, but there are still continuous blocked connections. I can format my drive and install windows again if that will fix the issue, but I'm not sure what to do if the issue is with the router.
  6. I deleted the extension and restarted my computer, but unfortunately that did stop the blocked connections. Could it have anything to do with svchost.exe? I don't think I can restart the router (I live in an apartment complex with shared internet throughout the building), but I am willing to boot a clean install of windows if you think that might help (I have my important files backed up to the cloud).
  7. I might've added it to my chrome profile a few years ago and had it just auto-install on my most recent download of Chrome alongside other add-ons; however, I did not actively look for it and install it recently, and I did not know it was there. Should I remove it?
  8. Hey Kevin, Thank you for offering your assistance. I have pasted my Rougekiller log below. RogueKiller V12.13.1.0 (x64) [Sep 17 2018] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.17134) 64 bits version Started in : Normal mode User : mcc89 [Administrator] Started from : C:\Users\mcc89\Downloads\RogueKiller_portable64.exe Mode : Scan -- Date : 09/17/2018 16:27:19 (Duration : 00:24:40) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 2 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 23.252.205.6 23.252.205.7 ([-][United States]) -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{22306bd7-6a56-4365-8d1d-706598eed0ef} | DhcpNameServer : 23.252.205.6 23.252.205.7 ([-][United States]) -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 3 ¤¤¤ [PUP.Gen0][Chrome:Addon] Default : PriceBlink Coupons and Price Comparison [aoiidodopnnhiflaflbfeblnojefhigh] -> Found [PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [http://www.reddit.com/r/worldnews] -> Found [PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : session.startup_urls [https://mail.google.com/mail/u/0/#inbox|https://calendar.google.com/calendar/r?tab=mc] -> Found ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Crucial_CT250MX200SSD4 +++++ --- User --- [MBR] 4441e9188f7ee0bcfcad848eccbda8ca [BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 499 MB 1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1024000 | Size: 100 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1228800 | Size: 16 MB 3 - Basic data partition | Offset (sectors): 1261568 | Size: 237859 MB User = LL1 ... OK User = LL2 ... OK
  9. Receiving a constant stream of popups from Malwarebytes about a riskware website being blocked. There is no domain given, and it continues even if I am not accessing my browser. It is referencing System32\svchost.exe. This file also exists in SysWOW64 once and WinSxS twice. The IP address is 123.123.123.123. A malwarebytes scan does not find anything, and I've run adwcleaner. I've uploaded an export of one of the event logs, and I can upload whatever other log data is needed. Would like help in identifying if this is a stream of false positives, or if some other malicious file is causing the popups. Thank you. report_log.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.