svhost.exe outgoing connection blocked

[mindelan]

Hi,

I have no idea if this is anything or not, but I figured it's better to be safe then sorry.  On Feb 11, I had an outgoing connection blocked by malwarebytes for my svchost.exe.  It happened again, a few days ago on Feb 26.  Scans from Malwarebytes and Avast brought up no threats.   I'm not familiar enough with this stuff to know if this means there's a problem or not, and googling the issue left me equally baffled, so I'm here to consult the experts!

I appreciate any help.  I'm not sure if this is needed or not, but here's the info on the blocked instances:

-Log Details-
Protection Event Date: 2/11/19
Protection Event Time: 8:03 PM
Log File: 07ac94b4-2e62-11e9-a9f7-c49ded06b1ec.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.527
Update Package Version: 1.0.9202
License: Premium

-System Information-
OS: Windows 10 (Build 17134.523)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Fraud
Domain: 
IP Address: 40.136.60.10
Port: [55854]
Type: Outbound
File: C:\Windows\System32\svchost.exe

(end)

 

-Log Details-
Protection Event Date: 2/26/19
Protection Event Time: 9:11 PM
Log File: ee2f932c-3a34-11e9-95db-c49ded06b1ec.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.527
Update Package Version: 1.0.9422
License: Premium

-System Information-
OS: Windows 10 (Build 17134.590)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Fraud
Domain: 
IP Address: 40.136.60.10
Port: [54861]
Type: Outbound
File: C:\Windows\System32\svchost.exe

(end)

 

 

FRST.txt

Addition.txt

MalwarebytesScan20190228.txt

[nasdaq]

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Is AvastBrowser you permanent browser?
Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1"

Are you Syncing the browser with your other devices.

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

[mindelan]

Hi Nasdaq,

Thank you so much and I appreciate your help.

I believe I have done as you requested, downloading the the fixlist.txt file, and running the fix option.  

I don't really use the AvastBrowser as far as I am aware.  I mostly use Chrome or Firefox.  Neither is synced.  I have sync turned off in Chrome and firefox is not signed into with any profile.

I have not seen any more occurrences of the problem, but originally it happened very rarely.  Only twice, and 15 days apart.  I still wanted to check my system with the experts though since the blocked outgoing connection was from svchost.exe

Thank you and if there is anything else I need to do or provide, please just let me know.

 

Fixlog.txt

[nasdaq]

Hi,

May is suggest that you Set Chrome as your default browser.

https://support.google.com/chrome/answer/95417?co=GENIE.Platform%3DDesktop&hl=en

Stay safe.

 

[mindelan]

HI Nasdaq,

Thank you.  I went ahead and put chrome as my default browser per your suggestion.

Is there anything else I need to do?  Were the reports generally clean when you looked them over?  I just want to make sure that there is nothing further for me to do!

I appreciate your help!

[nasdaq]

Hi,

You are looking good.

This topic will be closed in 6 days, return if you need to.

[mindelan]

Thank you! I really appreciate your help and will return here if anything new happens.   Have a wonderful weekend

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks