Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection: One process of chrome.exe *32 has very high (50%) CPU usage


  • This topic is locked This topic is locked
5 replies to this topic

#1 bandzior88

bandzior88

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 08 March 2014 - 09:08 AM

AdwCleaner reports that file : C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\spxtbko2.default\prefs.js is infected. However I cannot remove it with this application and with Malwarebytes Anti-Malware (even when PUP is enabled for showing and removing in results) . 

 

When this one specific process of chrome32.exe *32 is active the whole system runs extremely slow. When I disable it it via windows task manager it runs normally and smoothly again. What is more, even when I unistalled Chrome the process still appeared as chrome.exe *32 in windows taks manager. Now I have reinstalled Chrome because the suspicious process also appeared when I was using only Firefox. 

 

P.S. The "potentially infected" process was terminated via windows task manager before I ran dds scan.

 

Please tell me what I need to do to remove this unwanted process from my computer.

 

Attached File  attach.txt   3.42KB   2 downloads

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Artur at 14:33:11 on 2014-03-08
Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1045.18.4094.2143 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\rundll32.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system\3DG4me.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\V0700Mon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
D:\Program Files (x86)\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [V0700Mon.exe] C:\Windows\V0700Mon.exe
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Artur\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - D:\Program Files (x86)\Evernote\EvernoteClipper.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Clip Image - D:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - D:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - D:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - D:\Program Files (x86)\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: E&xport to Microsoft Excel - D:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: New Note - D:\Program Files (x86)\Evernote\\EvernoteIERes\NewNote.html
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{9FEEB7BD-369B-4610-97B7-EC0EF4602992} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [V0700Pin.dll] RunDLL32.exe V0700Pin.dll,RunDLL32EP 514,/d:0
x64-Run: [3DG4me] C:\Windows\System\3DG4me.exe
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Artur\AppData\Roaming\Mozilla\Firefox\Profiles\spxtbko2.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-1-25 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-1-25 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-1-25 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-1-25 421704]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-1-25 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-1-25 50344]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2014-1-26 151648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-3-8 418376]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-3-7 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-3-7 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-3-7 411936]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-1-25 80184]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-1-27 283064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-3-8 25928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-3-7 39200]
R3 Razerlow;Razer Pro|Solutions;C:\Windows\System32\drivers\DB3G.sys [2014-2-7 21120]
R3 RTL8023x64;Sterownik Realtek 10/100 NIC Family NDIS x64;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
R3 V0700Vid;Creative Live! Cam Chat HD Driver;C:\Windows\System32\drivers\V0700Vid.sys [2011-9-6 393920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-3-8 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-3-8 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-8 56832]
S3 USBADVAU;Sennheiser 3D G4ME1 Interface;C:\Windows\System32\drivers\cm11264.sys [2013-5-30 1308160]
S3 WatAdminSvc;Usługa Technologie aktywacji systemu Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-1-25 1255736]
.
=============== File Associations ===============
.
ShellExec: BESTplayer.exe: napiprojekt="D:\Program Files (x86)\NapiProjekt\napisy.exe" "%1"
ShellExec: BESTplayer.exe: napiprojekt0="D:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang
.
=============== Created Last 30 ================
.
2014-03-08 13:12:46 -------- d-----w- C:\Users\Artur\AppData\Local\Google
2014-03-08 13:10:05 -------- d-sh--w- C:\$RECYCLE.BIN
2014-03-08 13:01:24 98816 ----a-w- C:\Windows\sed.exe
2014-03-08 13:01:24 256000 ----a-w- C:\Windows\PEV.exe
2014-03-08 13:01:24 208896 ----a-w- C:\Windows\MBR.exe
2014-03-08 13:01:22 -------- d-----w- C:\ComboFix
2014-03-08 12:04:24 -------- d-----w- C:\Windows\ERUNT
2014-03-08 11:22:55 -------- d-----w- C:\AdwCleaner
2014-03-08 10:43:28 -------- d-----w- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-03-08 09:49:55 -------- d-----w- C:\Users\Artur\AppData\Roaming\Malwarebytes
2014-03-08 09:49:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-08 09:49:46 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-08 09:49:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-08 09:40:43 -------- d-----w- C:\Users\Artur\AppData\Local\Macromedia
2014-03-08 09:04:56 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-03-08 09:04:56 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-03-08 09:04:53 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-03-08 09:04:53 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-03-07 15:11:45 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-03-07 14:21:31 -------- d-----w- C:\ProgramData\Oracle
2014-03-07 14:21:18 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-07 14:16:54 -------- d-----w- C:\Users\Artur\AppData\Local\NVIDIA
2014-03-07 14:16:50 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-03-07 14:16:50 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-03-07 14:13:43 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-03-07 14:13:43 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-03-07 14:13:43 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-03-07 13:01:09 1950204 ----a-w- C:\Windows\SysWow64\scrypt130511GeForce GTX 260glg2tc1728w256l4.bin
2014-03-07 08:53:06 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EBC94C52-948B-4503-9BDE-D8BF552A2177}\mpengine.dll
2014-03-02 13:09:48 -------- d-----w- C:\Users\Artur\AppData\Local\Mozilla
2014-03-01 11:07:58 -------- d-----w- C:\Users\Artur\AppData\Local\SKIDROW
2014-02-28 17:01:53 -------- d-----w- C:\Users\Artur\AppData\Local\Skyrim
2014-02-28 13:59:47 396800 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\w\a\l\m\a\r\t\dll\ISSkinExW.dll
2014-02-28 08:37:35 -------- d-----w- C:\Windows\System32\appmgmt
2014-02-27 21:04:09 -------- d-----w- C:\Users\Artur\AppData\Roaming\XRay Engine
2014-02-22 19:32:58 -------- d-----w- C:\Users\Artur\AppData\Roaming\Braid
2014-02-22 09:09:27 -------- d-----w- C:\Users\Artur\AppData\Roaming\foobar2000
2014-02-20 11:51:06 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-02-20 11:51:01 686416 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-02-12 18:01:28 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 18:01:28 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 09:14:56 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-12 09:14:56 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-12 09:14:56 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 09:14:56 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-12 09:01:00 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-12 09:01:00 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-12 09:01:00 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-12 09:01:00 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-11 20:02:48 -------- d-----w- C:\Users\Artur\AppData\Roaming\Crazy Viking Studios
2014-02-09 16:23:24 -------- d-----w- C:\Users\Artur\AppData\Local\MercurySteam
2014-02-09 16:23:24 -------- d-----w- C:\Users\Artur\AppData\Local\EMU
2014-02-08 17:44:55 -------- d-----w- C:\Users\Artur\AppData\Roaming\Zotero
2014-02-08 16:33:40 -------- d-----w- C:\Users\Artur\AppData\Local\EdgeOfReality
2014-02-07 10:43:22 85504 ----a-w- C:\Windows\SysWow64\diamondback.cpl
2014-02-07 10:43:21 21120 ----a-w- C:\Windows\System32\drivers\DB3G.sys
2014-02-06 20:24:42 -------- d-----w- C:\Users\Artur\AppData\Roaming\TheBannerSaga
.
==================== Find3M  ====================
.
2014-03-01 07:30:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-01 07:30:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-21 19:30:05 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-02-21 19:30:05 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-02-21 19:25:38 290184 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-02-08 17:42:36 6712608 ----a-w- C:\Windows\System32\nvcpl.dll
2014-02-08 17:42:36 3498272 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-02-08 17:42:33 923936 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-02-08 17:42:32 63776 ----a-w- C:\Windows\System32\nvshext.dll
2014-02-08 17:42:32 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-02-08 17:42:32 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 11:05:15 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2014-02-05 11:05:15 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2014-02-05 11:05:15 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2014-02-05 11:05:15 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2014-01-27 12:25:47 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2014-01-26 15:28:41 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-01-25 20:22:57 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2014-01-25 18:00:59 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-01-25 18:00:59 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-01-25 18:00:59 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-25 18:00:59 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-25 18:00:59 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-25 18:00:59 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-25 18:00:58 43152 ----a-w- C:\Windows\avastSS.scr
2014-01-25 12:45:58 175616 ----a-w- C:\Windows\System32\msclmd.dll
2014-01-25 12:45:58 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-12-19 20:33:31 1884448 ----a-w- C:\Windows\System32\nvdispco6433221.dll
2013-12-19 20:33:31 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433221.dll
2013-12-18 05:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 14:33:32,18 ===============
 


BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:55 AM

Posted 08 March 2014 - 01:47 PM

Hi bandzior88 and Welcome to BleepingComputer.

I am currently looking though your logs and will advice you on what to do in my next reply.

I would like you to post the Adwcleaner log that shows the infection.

The report will be saved in the C:\AdwCleaner folder.

Edited by seedy21, 08 March 2014 - 01:47 PM.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:55 AM

Posted 09 March 2014 - 03:19 AM

Hello bandzior88

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:

  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed

Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.

Combofix is a powerful tool intended by its creator to be used under the direction of an expert. It is NOT for private use. You should NOT use Combofix unless a Malware Removal Expert has told you to. Improper use of this tool can seriously damage your operating system and may even prevent it from starting again. Please read Combofix's Disclaimer.
Plus, if it is run without be asked for by a 'helper', the creator will offer no help if anything goes wrong.

As you have downloaded this I would also like to see the log it creates. Please post this in your next reply.

The log should be saved in C:\ComboFix.txt

Step 1

We need to Disable Demon Tools as it has been known to interfear with tools we run.

Please download Defogger and save it to your Desktop.
 

  • Double click Defogger.exe to run the program.
    Note Windows Vista /7 should right click and Run As Administrator
  • Click on Disable and then Yes. The Scan may take a while to complete

When this has completed you will get a new window open with the Finished box, click Continue and Close Defogger Down

Step 2

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Step 3

Download 51a612a8b27e2-Zoek.pngzoek.exe from here: http://hijackthis.nl/smeenk/ and save it to your Desktop.
 

  • Close/disable all anti virus and anti malware programs so they do not interfere with the download or execution of Zoek.exe
    You can find instructions how to disable your security applications >>Here<< or >>Here<<
  • Double click zoek.exe to start the program.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this users computer, do not use it on another computer even if the problems are similar :!:
    autoclean;
    emptyclsid;
    standardsearch;
    
    
  • Close any open browsers.
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive (normally C:\).
  • Please post the logfile for further review in your next reply

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#4 bandzior88

bandzior88
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:55 AM

Posted 09 March 2014 - 05:19 AM

Hi,

 

Thank you for your reply.

 

Before you posted your answer I run avast antivirus scan which lauches after system restart and before the windows starts. The scanner found out that one of the Roaming files of WinRar was infected with "in32:BitCoinMiner-FR [PUP]". The .exe with virus was named as chrome.exe and it launched the process that was supposed to looked like another process of Google Chrome browser. The scanner relocated the infected .exe to quarantine and I removed it from the system by using quaratine tools. After that no suspicious proceses appeared after several launches of the system.

 

So the moral of the story is: sometimes the simplest measures give the best results. :)

 

Sorry for bothering you guys. Hope I didn't steal you much of your time. 

 

I hope that information I provided here would be useful for you in the future.

 

P.S. I'm also sending you the latest adwcleaner log as you requested.

Attached Files


Edited by bandzior88, 09 March 2014 - 05:26 AM.


#5 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:02:55 AM

Posted 11 March 2014 - 04:10 PM

Hi bandzior88

Thank you for getting back to me. As your issue sounds to be resolved, I will get a Moderator to lock this topic.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:55 PM

Posted 11 March 2014 - 05:22 PM

As the issue appears to be resolved, this Topic is closed. Should you need it reopened, please contact a Forum Moderator or member of the Malware Response Team. Include the address of this thread in your request. If you have a new issue, please start a New Topic. This applies only to the original poster. Everyone else please begin a New Topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users