Jump to content

MalwareBytes blocking Inbound and Outbound requests.


Recommended Posts

  • Replies 94
  • Created
  • Last Reply

Top Posters In This Topic

UNinstall the following program:

 

Skype Quote Creator

 

Next,

 

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Post that log in your reply.. Also monitor your system see if the block alerts happen again, if they do try to take a screenshot of the alert, post that and any fresh Protection logs...

 

Thank you,

 

Kevin
 

 

Fixlist.txt

Link to post
Share on other sites

Skype Quote Creator does show in the Installed Programs list of FRST

 

 

Skype Quote Creator (HKU\S-1-5-21-2251632056-896844064-4208290491-1001\...\ad08ab58bc77059a) (Version: 1.0.6.0 - MKing)

 

Usually the installation folder would be either C:\Program Files (X86)\Skype Quote Creator  or C:\Program Files\Skype Quote Creator or maybe an adendum of the main Skype folder at mother folder Program Files (X86) or Program Files

 

If not found at any of those locations use the following scanner:

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe     <<-   64 bit….

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe   <<-  32 bit

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :folderfindSkype Quote CreatorSkype:regfind*Skype*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.



Note: The log can also be found on your Desktop entitled SystemLook.txt

 

Let me see that log, also did you run FRST fix from my last reply.... did it make any difference?

 

Thank you,

 

Kevin
 

Link to post
Share on other sites

Yes you can reinstall Skype, also make sure any/all passwords related to your PC are changed... Still need to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:



  •    
  • Remove disinfection tools
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings



Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…
 

Next,

 

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif
 

Link to post
Share on other sites

I just got another request :(

To svchost.exe in my System32 folder;

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 3/15/2016 4:13:54 PM, SYSTEM, XOLBSTUDIOS, Protection, Malware Protection, Starting, 
Protection, 3/15/2016 4:13:54 PM, SYSTEM, XOLBSTUDIOS, Protection, Malware Protection, Started, 
Protection, 3/15/2016 4:13:55 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, Starting, 
Protection, 3/15/2016 4:13:56 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, Started, 
Update, 3/15/2016 6:28:48 PM, SYSTEM, XOLBSTUDIOS, Manual, Rootkit Database, 2016.2.27.1, 2016.3.12.1, 
Update, 3/15/2016 6:28:48 PM, SYSTEM, XOLBSTUDIOS, Manual, Remediation Database, 2016.3.5.1, 2016.3.10.1, 
Update, 3/15/2016 6:28:48 PM, SYSTEM, XOLBSTUDIOS, Manual, IP Database, 2016.3.3.1, 2016.3.14.1, 
Update, 3/15/2016 6:28:53 PM, SYSTEM, XOLBSTUDIOS, Manual, Domain Database, 2016.3.8.9, 2016.3.15.6, 
Update, 3/15/2016 6:29:01 PM, SYSTEM, XOLBSTUDIOS, Manual, Malware Database, 2016.3.8.8, 2016.3.15.7, 
Protection, 3/15/2016 6:29:01 PM, SYSTEM, XOLBSTUDIOS, Protection, Refresh, Starting, 
Protection, 3/15/2016 6:29:01 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, Stopping, 
Protection, 3/15/2016 6:29:01 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, Stopped, 
Protection, 3/15/2016 6:29:06 PM, SYSTEM, XOLBSTUDIOS, Protection, Refresh, Success, 
Protection, 3/15/2016 6:29:06 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, Starting, 
Protection, 3/15/2016 6:29:07 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, Started, 
Detection, 3/15/2016 8:30:37 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 185.130.5.73, 19, Inbound, C:\Windows\System32\svchost.exe, 
Detection, 3/15/2016 8:30:37 PM, SYSTEM, XOLBSTUDIOS, Protection, Malicious Website Protection, IP, 185.130.5.73, 19, Inbound, C:\Windows\System32\svchost.exe, 

(end)

 

Edited by Ben01
Link to post
Share on other sites

Those are inbound threats, your security (Malwarebytes) is just doing its job. This does not mean your system is infected, lets run an indepth scan for another check.

dr_web_cureit_zpse80d87bf.jpg
Download Dr Web Cureit from here http://www.freedrweb.com/cureit save to your desktop. (Scroll to bottom of page)


  • The file will be randomly named
  • Reboot to safe mode <<<<<------------ http://www.computerhope.com/issues/chsafe.htm
  • Run Dr Web
  • Tick the I agree box and select continue
  • Click select objects for scanning
    drwebselect.JPG
  • Tick all boxes as shown
  • Click the wrench and select automatically apply actions to threats
    drwebfolders.JPG
  • Press start scan
  • The scan will now commence
    drwebscan.JPG
  • Once the scan has finished click open report <<<--- Do not miss this step
    drwebscancomplete.JPG
  • A notepad will open
  • Select File > Save as..
  • Save it to your desktop

This log will be excessive,  Please attach it to your next reply…


Thank you,

 

Kevin

Link to post
Share on other sites

Not only am I unable to play games on my computer, but I was just forced to restart my computer because the programs were unresponsive.

Programs that had made my computer unresponsive (unusual)

Google Chrome, MalwareBytes, Task Manager

 

Link to post
Share on other sites

Download Portable Windows Repair (all in one) from one of the following:

http://www.tweaking.com/content/page/windows_repair_all_in_one.html
http://www.majorgeeks.com/Tweaking.com_-_Windows_Repair_Portable_d7222.html
http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/

Unzip the contents into a newly created folder on your desktop.

Open the folder, run the tool by right click on Repair_Windows (icon with red briefcase) select "Run as Administrator"

tweak1.jpg

From the main GUI do the following:

Select Tab 5 and Create System Restore Point

tweak4.jpg

Select Repairs tab => Click the Open repairs tab

tweak5.jpg

The repairs window will open, Check the boxes as indicated, also the "Restart" option, then select Start...

tweak6.jpg

DON'T use the computer while each scan is in progress.

Post the log, to access select "settings" tab > "open log folder" tab, log will be named _Windows_Repair_Log

tweak7.jpg

Let me see that log, Does that make any difference?

Link to post
Share on other sites

You mention the following a couple of replies back

Quote

Unsure of whether this is relevant or not, but games I was previously able to play without the slightest bit of freezing or lag, I experience freezing regularly.

(This may be the Windows 10 update)

Has the freezing issue started after an update?

Link to post
Share on other sites

Yes, the freezing issue only started after the Windows 10 update-

Tweaking.com - Windows Repair v3.8.4
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 10 Home
OS Architecture: 64-bit
OS Version: 10.0.10586
OS Service Pack: 
Computer Name: XOLBSTUDIOS
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Benjamin
Current Profile SID: S-1-5-21-2251632056-896844064-4208290491-1001
Current Profile Classes: S-1-5-21-2251632056-896844064-4208290491-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\Benjamin\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 01:42:38

Process Count: 139
Commit Total: 5.52 GB
Commit Limit: 18.77 GB
Commit Peak: 14.99 GB
Handle Count: 59323
Kernel Total: 951.10 MB
Kernel Paged: 587.42 MB
Kernel Non Paged: 363.68 MB
System Cache: 11.41 GB
Thread Count: 2198
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.89 GB
Memory Used: 4.65 GB(29.2803%)
Memory Avail.: 11.24 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 15.89 GB
Memory Used: 3.49 GB(21.9504%)
Memory Avail.: 12.40 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (3/16/2016 8:08:04 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 127
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (3/16/2016 8:08:07 PM)


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
Done,  0.28 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hklm.7z
Done,  1.8 seconds.

   Running Repair Under System Account
   Done (3/16/2016 8:14:19 PM)

Reset File Permissions: C:
   C: & Sub Folders
   Start (3/16/2016 8:14:19 PM)

   Running Repair Under Current User Account
   Done (3/16/2016 9:06:10 PM)

Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (3/16/2016 9:06:11 PM)


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\default.7z
Done,  0.21 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\profile.7z
Done,  0.24 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files.7z
Done,  0.51 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\program_files_x86.7z
Done,  0.17 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\programdata.7z
Done,  0.21 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\windows.7z
Done,  1.58 seconds.

   Running Repair Under Current User Account
   Done (3/16/2016 9:18:13 PM)

Reset File Permissions: E:
   E: & Sub Folders
   Start (3/16/2016 9:18:13 PM)

   Running Repair Under Current User Account
   Done (3/16/2016 9:18:14 PM)

Reset File Permissions: W:
   W: & Sub Folders
   Start (3/16/2016 9:18:14 PM)

   Running Repair Under Current User Account
   Done (3/16/2016 9:18:15 PM)

Reset File Permissions: X:
   X: & Sub Folders
   Start (3/16/2016 9:18:16 PM)

   Running Repair Under Current User Account
   Done (3/16/2016 9:18:17 PM)

Reset File Permissions: Z:
   Z: & Sub Folders
   Start (3/16/2016 9:18:17 PM)

   Running Repair Under Current User Account
   Done (3/16/2016 9:18:18 PM)

Reset File Permissions: Cleanup
   Repairing Restricted Folders Permissions To Avoid Infinite Loops
   Start (3/16/2016 9:18:18 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:18:22 PM)

03 - Reset Service Permissions
   Start (3/16/2016 9:18:22 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:18:54 PM)

04 - Register System Files
   Start (3/16/2016 9:18:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:20:16 PM)

05 - Repair WMI
   Start (3/16/2016 9:20:16 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Exporting 3rd Party Firewall Info...
   Running Repair Under Current User Account
   Done (3/16/2016 9:34:08 PM)

06 - Repair Windows Firewall
   Start (3/16/2016 9:34:08 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.19 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:34:28 PM)

07 - Repair Internet Explorer
   Start (3/16/2016 9:34:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:35:15 PM)

08 - Repair MDAC/MS Jet
   Start (3/16/2016 9:35:15 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:35:34 PM)

09 - Repair Hosts File
   Start (3/16/2016 9:35:34 PM)
   Running Repair Under System Account
   Done (3/16/2016 9:35:35 PM)

10 - Remove Policies Set By Infections
   Start (3/16/2016 9:35:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:35:40 PM)

11 - Repair Start Menu Icons Removed By Infections
   Start (3/16/2016 9:35:40 PM)
   Running Repair Under System Account
   Done (3/16/2016 9:35:41 PM)

12 - Repair Icons
   Start (3/16/2016 9:35:41 PM)
   Running Repair Under Current User Account
   Done (3/16/2016 9:35:42 PM)

13 - Repair Network
   Start (3/16/2016 9:35:42 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.2 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:36:02 PM)

14 - Remove Temp Files
   Start (3/16/2016 9:36:02 PM)
   Running Repair Under System Account
   Done (3/16/2016 9:36:05 PM)

15 - Repair Proxy Settings
   Start (3/16/2016 9:36:05 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:36:11 PM)

Unhide Non System Files
   Start (3/16/2016 9:36:11 PM)
   C:\ - Total Files Unhidden: 492 out of 820233 searched. - Check Unhidden_Files.txt for list of files unhidden
   E:\ - Total Files Unhidden: 0 out of 366 searched. - Check Unhidden_Files.txt for list of files unhidden
   W:\ - Total Files Unhidden: 0 out of 57 searched. - Check Unhidden_Files.txt for list of files unhidden
   X:\ - Total Files Unhidden: 2 out of 457 searched. - Check Unhidden_Files.txt for list of files unhidden
   Z:\ - Total Files Unhidden: 0 out of 228 searched. - Check Unhidden_Files.txt for list of files unhidden
   Done (3/16/2016 9:36:29 PM)

17 - Repair Windows Updates
   Start (3/16/2016 9:36:29 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.16 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (3/16/2016 9:37:08 PM)

18 - Repair CD/DVD Missing/Not Working
   Start (3/16/2016 9:37:08 PM)
   iTunes or GEARAspiWDM.sys not found, not applying UpperFilters iTunes Reg Key
   Done (3/16/2016 9:37:08 PM)

19 - Repair Volume Shadow Copy Service
   Start (3/16/2016 9:37:08 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.23 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:37:37 PM)

21 - Repair MSI (Windows Installer)
   Start (3/16/2016 9:37:37 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.18 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:37:49 PM)

23.01 - Repair bat Association
   Start (3/16/2016 9:37:49 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:37:52 PM)

23.02 - Repair cmd Association
   Start (3/16/2016 9:37:52 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:37:54 PM)

23.03 - Repair com Association
   Start (3/16/2016 9:37:54 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:37:57 PM)

23.04 - Repair Directory Association
   Start (3/16/2016 9:37:57 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:37:59 PM)

23.05 - Repair Drive Association
   Start (3/16/2016 9:37:59 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:38:01 PM)

23.06 - Repair exe Association
   Start (3/16/2016 9:38:01 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:38:04 PM)

23.07 - Repair Folder Association
   Start (3/16/2016 9:38:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:38:06 PM)

23.08 - Repair inf Association
   Start (3/16/2016 9:38:06 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:38:08 PM)

23.09 - Repair lnk (Shortcuts) Association
   Start (3/16/2016 9:38:08 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:38:11 PM)

23.10 - Repair msc Association
   Start (3/16/2016 9:38:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:38:13 PM)

23.11 - Repair reg Association
   Start (3/16/2016 9:38:13 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:38:15 PM)

23.12 - Repair scr Association
   Start (3/16/2016 9:38:15 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:38:18 PM)

24 - Repair Windows Safe Mode
   Start (3/16/2016 9:38:18 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:38:20 PM)

25 - Repair Print Spooler
   Start (3/16/2016 9:38:20 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.16 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:38:35 PM)

26 - Restore Important Windows Services
   Start (3/16/2016 9:38:35 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.21 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:38:45 PM)

27 - Set Windows Services To Default Startup
   Start (3/16/2016 9:38:45 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 9:38:51 PM)

   Skipping Repair.
   Due to a bug in the Windows 10 build 10586 the powershell command used to reinstall the apps and app store instead breaks them and deletes their install folders. Till Microsoft fixes this bug this repair is skipped for this version of Windows.
   Current version: 10.0.10586

29 - Repair Windows 8/10 Component Store
   Start (3/16/2016 9:38:51 PM)
   Running Repair Under Current User Account
   Done (3/16/2016 10:17:25 PM)

30 - Restore Windows 8/10 COM+ Unmarshalers
   Start (3/16/2016 10:17:25 PM)
   Running Repair Under System Account
[X] -----Job Complete-----      Items Done: 1      
   Done (3/16/2016 10:17:27 PM)

31 - Repair Windows 'New' Submenu
   Start (3/16/2016 10:17:27 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/16/2016 10:17:29 PM)

   Skipping Repair.
   Repair is for Windows v6 (Windows Vista & Newer) or higher.
   Current version: 10.0.10586

33 - Repair Performance Counters
   Start (3/16/2016 10:17:29 PM)
   Running Repair Under Current User Account
   Done (3/16/2016 10:17:35 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (3/16/2016 10:17:36 PM)
   Total Repair Time: 02:09:34


...YOU MUST RESTART YOUR SYSTEM...

 

Edited by Ben01
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.