Forgot your password?
Qu1ck, July 31 in Resolved Malware Removal Logs
Here it is.
The log looks good.
How is the computer running now?
Are there still any signs of an infection?
Well it kept connecting to 18.104.22.168 which is a suspicious IP according to the internet, so I blocked it through the firewall and now Windows is freezing for some time, and I see svchost.exe connecting to random IP addresses again.
It's connecting, or your being probed. Big difference
If you're having freezing then try undoing your Firewall change
Please download the following and let it run for a few. Then save, export the log and post back the results. You can send it to me in a private message
There you go.
The most concerning to me are svchost.exe and also gdcagent.exe.
After looking at the program itself, I think these have something to do with Chrome itself, the moment I close chrome, 2 svchost.exe connections dissappear. Really strange.
Domain ID: 197784869_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2019-05-07T20:21:36Z
Creation Date: 2005-08-18T02:10:45Z
Registry Expiry Date: 2024-01-16T04:59:59Z
Registrar: MarkMonitor Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: firstname.lastname@example.org
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited
Name Server: R1.AMAZONAWS.COM
Name Server: R2.AMAZONAWS.COM
Name Server: U1.AMAZONAWS.COM
Name Server: U2.AMAZONAWS.COM
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2019-08-01T02:41:40Z <<<
For more information on Whois status codes, please visit https://icann.org/epp
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
I've also found this after clicking on Whois on the GDCAgent.exe
Have you managed to find anything?
The genuine GDCAgent.exe file is a software component of GDCAgentSetupRed by Lenovo
The connections shown look rather normal. Let's go ahead though and run another antivirus scan to help ease your concerns
Please download and run the following Kaspersky antivirus scanner to remove any found threats
Kaspersky Virus Removal Tool
Let me know if it finds anything or not
Just did it, nothing was found.
Yes, I didn't think it would but I wanted you to see that as well.
Again, I think a good, better cleaning of your Google Chrome may help you feel better about how the system is working too.
ChromeReset Chrome back to defaults to completely clear out issues with Chrome.
Restart your computer now and make sure there are no longer any redirects or other browser issues and let me know the results
Browser is not the issue, anyway, when I leave my computer open for some time, the screen blacks out and then returns to normal in a matter of a second, now, this has been happening for some time now and I’m wondering what could have caused it.
Well not sure what issue you're having exactly then. None of the scans are finding any infection. We can run a couple of routines from Microsoft to verify OS files if you like.
Yes I'd like to, thanks for the help by the way.
I'd also like to add that for some reason Windows Defender is taking more CPU processing power and Memory than Chrome for some reason.
Here's the location of the file, it was changed 6 days ago I think C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe maybe that has to do something with anything?
Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.
Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.
Note: If the tool warned you about an outdated version please download and run the updated version.
Due to the lack of feedback, this topic is closed to prevent others from posting here.
If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.
This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.
No registered users viewing this page.