Jump to content

Constant svchost.exe outgoing connections blocked with same IP


Recommended Posts

I get this error constantly:

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/25/17
Protection Event Time: 6:59 PM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2231
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain:
IP Address: 85.93.5.25
Port: [59127]
Type: Outbound
File: C:\Windows\System32\svchost.exe

 

(end)

 

 

6-25-2017 18-59-27.png

6-25-2017 18-59-44.png

Link to post
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

Hello @GSaint and :welcome:

Let's have you run the following scan and see what we can find.

 

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02

 

 

adwcleaner_new.png Fix with AdwCleaner

 

Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now.
  • After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Link to post
Share on other sites

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64
Ran by MAIN (Administrator) on Mon 06/26/2017 at 23:53:15.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 


File System: 8

Successfully deleted: C:\Users\MAIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8U22VJUI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MAIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8X6R6LG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MAIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YOA3XT9K (Temporary Internet Files Folder)
Successfully deleted: C:\Users\MAIN\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSGBRUTU (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8U22VJUI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I8X6R6LG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YOA3XT9K (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YSGBRUTU (Temporary Internet Files Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/26/2017 at 23:54:11.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner

# AdwCleaner v6.047 - Logfile created 26/06/2017 at 23:56:10
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-23.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : MAIN - PUGET-114298
# Running from : C:\Users\MAIN\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

 

***** [ Folders ] *****

 

***** [ Files ] *****

 

***** [ DLL ] *****

 

***** [ WMI ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Registry ] *****

 

***** [ Web browsers ] *****

 

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1221 Bytes] - [25/06/2017 12:47:24]
C:\AdwCleaner\AdwCleaner[C2].txt - [839 Bytes] - [26/06/2017 23:56:10]
C:\AdwCleaner\AdwCleaner[S0].txt - [1550 Bytes] - [25/06/2017 12:46:04]
C:\AdwCleaner\AdwCleaner[S1].txt - [1312 Bytes] - [25/06/2017 15:00:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [1377 Bytes] - [26/06/2017 23:56:03]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1130 Bytes] ##########

SophosVirusRemovalTool

2017-06-27 07:01:07.097    Sophos Virus Removal Tool version 2.6.0
2017-06-27 07:01:07.097    Copyright (c) 2009-2017 Sophos Limited. All rights reserved.

2017-06-27 07:01:07.097    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2017-06-27 07:01:07.097    Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2017-06-27 07:01:07.101    Checking for updates...
2017-06-27 07:01:07.175    Update progress: proxy server not available
2017-06-27 07:01:12.288    Option all = no
2017-06-27 07:01:12.288    Option recurse = yes
2017-06-27 07:01:12.288    Option archive = no
2017-06-27 07:01:12.288    Option service = yes
2017-06-27 07:01:12.288    Option confirm = yes
2017-06-27 07:01:12.288    Option sxl = yes
2017-06-27 07:01:12.289    Option max-data-age = 35
2017-06-27 07:01:12.289    Option vdl-logging = yes
2017-06-27 07:01:12.292    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-06-27 07:01:12.292    Machine ID:    b84d3e2277464146863ab0bfcc2014c6
2017-06-27 07:01:12.296    Component SVRTcli.exe version 2.6.0
2017-06-27 07:01:12.296    Component control.dll version 2.6.0
2017-06-27 07:01:12.296    Component SVRTservice.exe version 2.6.0
2017-06-27 07:01:12.296    Component engine\osdp.dll version 1.44.1.2285
2017-06-27 07:01:12.296    Component engine\veex.dll version 3.68.5.2285
2017-06-27 07:01:12.296    Component engine\savi.dll version 9.0.7.2285
2017-06-27 07:01:12.296    Component rkdisk.dll version 1.5.31.1
2017-06-27 07:01:12.296    Version info:    Product version    2.6.0
2017-06-27 07:01:12.297    Version info:    Detection engine    3.68.5
2017-06-27 07:01:12.297    Version info:    Detection data    5.39
2017-06-27 07:01:12.297    Version info:    Build date    5/2/2017
2017-06-27 07:01:12.297    Version info:    Data files added    363
2017-06-27 07:01:12.297    Version info:    Last successful update    (not yet updated)
2017-06-27 07:01:33.817    Downloading updates...
2017-06-27 07:01:33.819    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-06-27 07:01:33.819    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-27 07:01:33.819    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-27 07:01:33.819    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-06-27 07:01:33.819    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-06-27 07:01:33.819    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-06-27 07:01:33.819    Update progress: [I49502] sdds.data0910.xml: found supplement IDE540 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-06-27 07:01:33.819    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE540 LATEST path=
2017-06-27 07:01:33.819    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE540 LATEST path=
2017-06-27 07:01:33.819    Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product IDE540 LATEST path=]
2017-06-27 07:01:33.819    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-06-27 07:01:33.819    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-06-27 07:01:33.819    Update progress: [I49502] sdds.data0910.xml: found supplement IDE542 LATEST path= baseVersion= [included from product IDE541 LATEST path=]
2017-06-27 07:01:33.819    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE542 LATEST path=
2017-06-27 07:01:33.819    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE542 LATEST path=
2017-06-27 07:01:33.819    Update progress: [I49502] sdds.data0910.xml: found supplement IDE543 LATEST path= baseVersion= [included from product IDE542 LATEST path=]
2017-06-27 07:01:33.819    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE543 LATEST path=
2017-06-27 07:01:33.819    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE543 LATEST path=
2017-06-27 07:01:33.819    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-06-27 07:01:34.207    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-06-27 07:01:34.207    Update progress: [I19463] Product download size 165113825 bytes
2017-06-27 07:01:35.882    Update progress: [I19463] Syncing product IDE540 LATEST path=
2017-06-27 07:01:35.882    Update progress: [I19463] Product download size 1784068 bytes
2017-06-27 07:01:36.532    Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-06-27 07:01:36.532    Update progress: [I19463] Product download size 2265483 bytes
2017-06-27 07:01:36.772    Update progress: [I19463] Syncing product IDE542 LATEST path=
2017-06-27 07:01:36.772    Update progress: [I19463] Product download size 2005661 bytes
2017-06-27 07:01:39.015    Update progress: [I19463] Syncing product IDE543 LATEST path=
2017-06-27 07:01:39.049    Installing updates...
2017-06-27 07:01:39.651    Error level 1
2017-06-27 07:01:42.360    Update successful
2017-06-27 07:01:47.563    Option all = no
2017-06-27 07:01:47.563    Option recurse = yes
2017-06-27 07:01:47.563    Option archive = no
2017-06-27 07:01:47.563    Option service = yes
2017-06-27 07:01:47.563    Option confirm = yes
2017-06-27 07:01:47.563    Option sxl = yes
2017-06-27 07:01:47.563    Option max-data-age = 35
2017-06-27 07:01:47.563    Option vdl-logging = yes
2017-06-27 07:01:47.566    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2017-06-27 07:01:47.566    Machine ID:    b84d3e2277464146863ab0bfcc2014c6
2017-06-27 07:01:47.570    Component SVRTcli.exe version 2.6.0
2017-06-27 07:01:47.570    Component control.dll version 2.6.0
2017-06-27 07:01:47.570    Component SVRTservice.exe version 2.6.0
2017-06-27 07:01:47.570    Component engine\osdp.dll version 1.44.1.2285
2017-06-27 07:01:47.570    Component engine\veex.dll version 3.68.5.2285
2017-06-27 07:01:47.570    Component engine\savi.dll version 9.0.7.2285
2017-06-27 07:01:47.570    Component rkdisk.dll version 1.5.31.1
2017-06-27 07:01:47.570    Version info:    Product version    2.6.0
2017-06-27 07:01:47.571    Version info:    Detection engine    3.68.5
2017-06-27 07:01:47.571    Version info:    Detection data    5.39
2017-06-27 07:01:47.571    Version info:    Build date    5/2/2017
2017-06-27 07:01:47.571    Version info:    Data files added    398
2017-06-27 07:01:47.571    Version info:    Last successful update    6/27/2017 12:01:42 AM

2017-06-27 08:19:45.014    Could not open C:\ProgramData\Kaspersky Lab\AVP17.0.0\SysWHist\file_cache\meta
2017-06-27 08:20:09.280    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-06-27 08:20:09.280    Could not open C:\System Volume Information\{6ed8dc6b-5b04-11e7-934c-00268339d3cf}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-06-27 08:20:09.281    Could not open C:\System Volume Information\{a8c6b7b1-5a0c-11e7-91d7-00268339d3cf}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-06-27 08:20:09.281    Could not open C:\System Volume Information\{dcd434c8-5b05-11e7-ac2c-00268339d3cf}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-06-27 08:33:04.041    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2017-06-27 08:33:04.042    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-06-27 08:33:05.370    Could not open C:\Windows\System32\config\COMPONENTS
2017-06-27 08:33:05.397    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-06-27 08:33:05.397    Could not open C:\Windows\System32\config\RegBack\SAM
2017-06-27 08:33:05.398    Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-06-27 08:33:05.399    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-06-27 08:33:05.400    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-06-27 08:59:35.211    >>> Virus 'Mal/Behav-010' found in file D:\MQ\DSurface\DSurface.exe
2017-06-27 08:59:35.211    >>> Virus 'Mal/Behav-010' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2017-06-27 08:59:35.211    >>> Virus 'Mal/Behav-010' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
2017-06-27 08:59:35.211    >>> Virus 'Mal/Behav-010' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-06-27 08:59:35.211    >>> Virus 'Mal/Behav-010' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2017-06-27 08:59:35.211    >>> Virus 'Mal/Behav-010' found in file HKU\S-1-5-21-1391898163-577230469-798700961-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-06-27 08:59:35.211    >>> Virus 'Mal/Behav-010' found in file HKU\S-1-5-21-1391898163-577230469-798700961-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-06-27 08:59:35.211    >>> Virus 'Mal/Behav-010' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2017-06-27 09:11:27.599    Could not open LOGICAL:0004:00000000
2017-06-27 09:11:27.600    Could not open E:\
2017-06-27 09:11:49.384    Could not open PHYSICAL:0082:0000:0000:0001
2017-06-27 09:11:49.385    The following items will be cleaned up:
2017-06-27 09:11:49.385    Mal/Behav-010

 

FRST.txt

Addition.txt

Link to post
Share on other sites

C is my main drive, D is an internal backup. MQ is for EverQuest, so I trust DSurface.exe though it did delete it, it'll be downloaded on that next software update.

These were all ran in normal mode, should I be running them in safe mode?

 

Sophos took awhile. I ended up falling asleep last night waiting for it to finish, so this morning I did FRST64.exe to finish up.

 

I also cannot use UAC as it crashes some older games like EQ or GOG DosBox.

 

As of this time, the svchost.exe still persists, though doesn't seem as much. Not sure if it is tied to a time of day or multiple applications open. I have to turn the notifications off in Malwarebytes to make doing anything possible. If I am in fullscreen it will constantly bump me out. If I am in fullscreen windowed it will drop my focus of window. It does seem less frequent however than before. I normally run Skype, Bnet app and Steam. Everytime I launch something like FIrefox or one of those apps, it will prompt a notification.

Edited by GSaint
Link to post
Share on other sites

  • Root Admin

1. Click on the Start button and then click on the Run menu command, or type in CMD.EXE

2. In the Open: field type cmd and press enter.

3. You will now be presented with a console window. At the command prompt type tasklist /svc /fi "imagename eq svchost.exe" and press the enter key. You will see a list of the processes on your computer as well as the services that a SVCHOST.EXE process is managing.

Please send or show me what that says. We can use some other tools to get that information if you have trouble with this command.

 

EXAMPLE:

C:\>tasklist /svc /fi "imagename eq svchost.exe"

Image Name                     PID Services
========================= ======== ============================================
svchost.exe                    908 DcomLaunch, PlugPlay, Power
svchost.exe                    984 RpcEptMapper, RpcSs
svchost.exe                    440 Dhcp, eventlog, HomeGroupProvider, lmhosts,
                                   wscsvc
svchost.exe                    640 AudioEndpointBuilder, CscService, hidserv,
                                   Netman, PcaSvc, SysMain, TrkWks, UxSms,
                                   Wlansvc, wudfsvc
svchost.exe                    580 EventSystem, fdPHost, FontCache, netprofm,
                                   nsi, WdiServiceHost, WinHttpAutoProxySvc
svchost.exe                    844 Appinfo, BITS, EapHost, IKEEXT, iphlpsvc,
                                   LanmanServer, MMCSS, ProfSvc, Schedule,
                                   SENS, ShellHWDetection, Themes, Winmgmt,
                                   wuauserv
svchost.exe                   1052 AudioSrv
svchost.exe                   1116 gpsvc
svchost.exe                   1496 CryptSvc, Dnscache, LanmanWorkstation,
                                   NlaSvc
svchost.exe                   1824 BFE, DPS, MpsSvc
svchost.exe                   2448 DiagTrack
svchost.exe                   3048 stisvc
svchost.exe                   4548 FDResPub, SSDPSRV
svchost.exe                   5464 WinDefend
svchost.exe                   3148 PolicyAgent

 

Edited by AdvancedSetup
Link to post
Share on other sites

  • Root Admin

Please run the following. It probably will not help much but will clean a few more items.

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

Ron

 

Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/28/17
Protection Event Time: 2:02 AM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2247
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain:
IP Address: 85.93.5.25
Port: [49684]
Type: Outbound
File: C:\Windows\System32\svchost.exe

 

(end)

mwbLog.txt

Link to post
Share on other sites

I ran the tool and noticed some processes that I did not see in the normal task manager.

As a result, I ended up uninstalling Cyberlink PowerDVD 13, VMware Workstation and Tortoise SVN using Uninstall Tool.

It seemed to clear up a ton on the TCPView, but still the svchost.exe blocks persist. Not sure what else I am looking at.

 

The notifications seem to die down when I don't open anything for awhile. Once I open up Firefox or TCPView for instance, I'll start seeing the notifications pop. If I go double clicking the Malwarebytes icon in the system tray to bring up the window to check reports, the moment it shows on screen I get more notifications.

6-28-2017 02-37-04.png

Edited by GSaint
Link to post
Share on other sites

The amount of notifications has fewer this morning than before, progress I think. Still same IP, still same set of ports blocked, but not spamming like it has been.

 

I can actually do things between the notifications so I have left them on for now!

6-28-2017 10-18-14.png

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/28/17
Protection Event Time: 10:16 AM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2250
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain:
IP Address: 85.93.5.25
Port: [65531]
Type: Outbound
File: C:\Windows\System32\svchost.exe

 

(end)

Edited by GSaint
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.