RedZed69

Thanks for the clarification and thanks for your help. This thread can be closed.

Thanks. I have 3 more questions before this thread can be concluded. It's normal for svchost.exe to have an "established" connection and not a "listening" connection to 117.18.237.29 ? Are attempted facebook account intrusions common ? Combofix should only be used with expert supervision ?

Hi, I'm a customer of Emsisoft antimalware. Recently, I've received an email from facebookmail security about an attempted log in to my facebook account from an intruder. I verified that this mail was legitimate from facebook itself. Furthermore, I've noticed via TCPView that svchost.exe has an established connection to this IP Address 117.18.237.29 (apparently EdgeCast Networks Asia Pacific Network) which I closed. I added a custom rule into Emsisoft Antimalware to block connections to this IP address, and attempts to connect to 117.18.237.29 would be blocked every time I booted the desktop & successively after. I'm not tech-savvy and would like to seek expert help. Addition.txt FRST.txt scan_190311-100110.txt

Hi, I'm a little paranoid after accidentally visiting a recipe site in Firefox (latest ESR edition) private browsing sandbox mode. The specific URL is http://www. recipesbnb. com/sloppy-janes/107634 Virustotal says it's safe and Sucuri Sitecheck says the site uses an outdated wordpress. Emsisoft Antimalware was active at the time with no problems. I quickly closed Firefox and opened TCPView and noted these 3 lines - <non-existent> 5068 TCP 50466 172.217.26.129 https LAST_ACK <non-existent> 5068 TCP 50523 204.15.255.6 http CLOSING <non-existent> 5068 TCP 50523 xytio.com http CLOSING It seems like the site is safe, but I was wondering if I could get a 2nd opinion from the team here? The site looks suspicious with its collection of random images for food items.