[Malware cmd.exe sending request to 172.111.239.90]

Thank you very much. Everything seems to be working well now.

[Malware cmd.exe sending request to 172.111.239.90]

Not getting the persistent request to the IP, but still have two detections related to WR64.sys.

MWB scan postfix.txt

[Malware cmd.exe sending request to 172.111.239.90]

All done.

Fixlog.txt

[Malware cmd.exe sending request to 172.111.239.90]

Thanks for the reply. Here are those logs.

MWB scan quarantine.txt AdwCleaner[S00].txt

[Malware cmd.exe sending request to 172.111.239.90]

I have the same issue as the above poster. Every minute MWB is detecting cmd.exe being used to connect to 172.111.239.90. 

I've read other threads on this topic and so I've got my log file from the support tool attached, as well as the FRST log and addition txt.

mbst-grab-results.zip FRST.txt Addition.txt