svchost.ext hollow process

[archellhen]

Hello, I have recently got 2 hollow processes. Like the others mentioned, I ran zemana and it only detected it without fixing it. MalwareBytes helped removing it but when i restarted the pc it was back again. I ended task manually and ran scan to get rid of it. But I keep getting reports from malware bytes about blocking websites.
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/26/18
Protection Event Time: 3:11 AM
Log File: 03c8ca80-d8bc-11e8-86fb-708bcd564023.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7533
License: Premium

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: work.a-poster.info
IP Address: 37.1.206.139
Port: [51397]
Type: Outbound
File: C:\Windows\SysWOW64\svchost.exe



(end)

 

[TwinHeadedEagle]

Hello,

Do you still require help?

 

[archellhen]

Hello,

Do you still require help?

Yes. Still didn’t solve it.

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[archellhen]

Here.

Also I noticed whenever I restart my PC the default apps change back to the original as if I just reset the PC. Why is that happening?

 

[TwinHeadedEagle]

Not sure why is that happening.

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[archellhen]

Here is the fixlog
Also I got notified by malware bytes that it blocked another website
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/26/18
Protection Event Time: 3:11 AM
Log File: 03c8ca80-d8bc-11e8-86fb-708bcd564023.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7533
License: Premium

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: work.a-poster.info
IP Address: 37.1.206.139
Port: [51397]
Type: Outbound
File: C:\Windows\SysWOW64\svchost.exe



(end)

 

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition.txt option is checked.
  
  
  
  
  
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please attach report into your next reply.

 

[archellhen]

Done

 

[archellhen]

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/30/18
Protection Event Time: 2:51 AM
Log File: fc731428-dbdd-11e8-8dd3-708bcd564023.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.7599
License: Premium

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: PUP
Domain: laserveradedomaina.com
IP Address: 176.31.115.114
Port: [57609]
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe



(end)

 

[TwinHeadedEagle]

I don't see malware on your computer. Do you still have these blocks?

 

[archellhen]

I don't see malware on your computer. Do you still have these blocks?

Last block was last night as i sent above

 

[TwinHeadedEagle]

Were you using Firefox when that happened or not?