Possible infection at my computer

[Victor2K]

I will copy the problem I had from the other thread I've posted since it explains better than I can give it right now

 

"Sometimes, at night, my CPU usage goes somehow high and I went to see what's going on. Usually, would be Chrome but I noticed something weird....

 

Two of the processes were named 'iexplore.exe' and I wasn't using it at any time (using Chrome and Firefox). Also there was something named Adblock.exe (which I found out it was from a software I installed and it ended up installing that too). I always terminate them and they didn't came back the other nights, but now and yesterday found them

 

Is that something messing with my IE (and not my AV nor MBAM can find) or is just something crappy with one of the extensions?"

 

Here are the requested logs

 

 

 

Addition.txt

FRST.txt

[LiquidTension]

Hello Victor2K, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

• Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
• If you are unable to copy/paste your logs directly into your post, please attach the file. 
• Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
• Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
• If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
• Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
• Ensure you are following this topic. Click  at the top of the page. 
   

======================================================
 
STEP 1
 TDSSKiller Scan

• Please download TDSSKiller and save the file to your Desktop.
• Right-Click TDSSKiller.exe and select  Run as administrator to run the programme.
• Click Change parameters. Place a checkmark next to:
  • Loaded Modules
  • Detect TDLFS file system
  • Verify file digital signatures
• Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
• ​Click Start Scan. Do not use the computer during the scan.
• If objects are found, change the action to skip.
• Click Continue and close the window.
• A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
   

STEP 2
 aswMBR

• Please download aswMBR and save the file to your Desktop. 
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Right-Click aswMBR.exe and select  Run as administrator to run the programme.
• Click Yes when prompted to download avast! virus definitions. Wait until AVAST engine defs: ### appears. 
• If you are prompted to enable the use of "Virtualization Technology", click Yes.
• Click the AV Scan: drop down box and click C:\.
• Click Scan. 
• Upon completion, you will see Scan finished successfully. Click Save log. Save the log to your Desktop. 
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.

Note: Do NOT click Fix or FixMBR.
Note: A file (MBR.dat) will be created on your Desktop. Do NOT click or delete it.
 
 
======================================================
 
STEP 3
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• TDSSKiller log (attached!)
• aswMBR log

[Victor2K]

I did TDSSKiller but can't attach the log and asMBR crashed during scan

[LiquidTension]

Why can't you attach the log?

[Victor2K]

It appears undefined after I press to attach the log (even renamed it without no avail and even copy the entire log to the thread but again no)

[LiquidTension]

Please open the log and scroll to the bottom.

You should see: Scan finished

Copy everything under and including this line, and paste in your next post.

If you are unable to copy/paste in Internet Explorer, please use an alternative browser.

[Victor2K]

Got it! Posting the piece right now... still need the aswMBR as well?

 

17:05:19.0475 0x14ec  Detected object count: 3

17:05:19.0475 0x14ec  Actual detected object count: 3

17:06:32.0369 0x14ec  Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user

17:06:32.0369 0x14ec  Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:06:32.0369 0x14ec  Intel® Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - skipped by user

17:06:32.0369 0x14ec  Intel® Capability Licensing Service Interface ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:06:32.0369 0x14ec  sesvc ( UnsignedFile.Multi.Generic ) - skipped by user

17:06:32.0369 0x14ec  sesvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:12:35.0093 0x102c  Deinitialize success

[LiquidTension]

If aswMBR created a log, please include in your next reply. 

 

Otherwise, I'd like you to try running aswMBR one more time. 

[Victor2K]

Tried to run aswMBR again but it stuck into a file and didn't wanted to go after 1h or more there. I tried to create a log adn even that mbr.dat file, but dunno if it could be useful.

 

Well, also tried MBAR and it came out clean as well

[LiquidTension]

OK. 
I don't think your machine is infected, but it is bloated with security software that may be interfering with aswMBR.
 

Is your AVG the free of paid-for version?

[Victor2K]

The free one

[LiquidTension]

I'd like you to do the following please. 
Let me know how you get on. 
 
STEP 1
 Revo Uninstaller

• Please download and install Revo Uninstaller Free.
• Double-click Revo Uninstaller to run the programme. 
• From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
  • Spybot - Search and Destroy 
  • IObit Malware Fighter
  • IObit Uninstaller
  • MV RegClean 6.9
• ​Double-click the programme. 
• When prompted if you want to uninstall click Yes.
• Ensure the Moderate option is selected and click Next.
• The programme uninstaller will run. If prompted again click Yes.
• Work your way through the uninstaller, ensuring you read each page thoroughly.
• Note: Ensure you decline offers of additional software if applicable. 
• Once the built-in uninstaller is finished click Next.
• Once the programme has searched for leftovers click Next.
• Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
• When prompted click Yes, followed by Next.
• Click Select all, followed by Delete.
• When prompted click Yes, followed by Next.
• Once done click Finish.
   

STEP 2
 Uninstall AVG Anti-Virus

• Go to the AVG Removal Tool downloads page. Download AVG Remover(64bit) 2015 and save the file to your Desktop. Do not run the programme.
• Download the setup file for  Microsoft Security Essentials and save the file to your Desktop. 
• Disconnect from the Internet. 
• Press the Windows Key  + r on your keyboard at the same time. Type appwiz.cpl and click OK.
• Search for any AVG programmes, right-click and click Uninstall.
• Follow the prompts, and reboot. 
• Run the AVG Removal Tool and reboot upon completion. 
• Run the Microsoft Security Essentials (MSE) setup file downloaded earlier. Follow the prompts to install, reconnect to the Internet upon completion and update the programme. 

[Victor2K]

I am doing the Revo part right now. I might take a while to do the AVG one since I need to do stuff from work and cannot 'afford' be without an antivirus logged (won't go to places where I can get viruses, just as security measure)

[LiquidTension]

The steps listed in replacing AVG will not result in your machine being connected to the Internet without an Anti-Virus.

There's nothing to be concerned about.

[Victor2K]

The steps listed in replacing AVG will not result in your machine being connected to the Internet without an Anti-Virus.

There's nothing to be concerned about.

I see... will do it asap and will tell you when done

[LiquidTension]

OK, sounds good. 

[Victor2K]

Uninstalled AVG and installed MSE as you told me. Should I run aswMBR again or try something else?

[LiquidTension]

Hello, 

 

We can come back to aswMBR. For now, please do the following. 

 

STEP 1
 AdwCleaner

• Please download AdwCleaner and save the file to your Desktop.
• Right-Click AdwCleaner.exe and select  Run as administrator to run the programme.
• Follow the prompts. 
• Click Scan. 
• Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
• Ensure anything you know to be legitimate does not have a checkmark, and click Clean. 
• Follow the prompts and allow your computer to reboot. 
• After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 2
 Junkware Removal Tool (JRT)

• Please download Junkware Removal Tool and save the file to your Desktop.
• Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Right-Click JRT.exe and select  Run as administrator to run the programme.
• Follow the prompts and allow the scan to run uninterrupted. 
• Upon completion, a log (JRT.txt) will open on your desktop.
• Re-enable your anti-virus software.
• Copy the contents of JRT.txt and paste in your next reply.
   

STEP 3
 Farbar Recovery Scan Tool (FRST) Scan

• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
   

======================================================

STEP 4
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• AdwCleaner[s0].txt
• JRT.txt
• FRST.txt
• Addition.txt

[Victor2K]

Will try aswMBR and then the other ones as following...

[LiquidTension]

Please run the scans in my previous post when you're ready.

[Victor2K]

Here are the scans you ask. will run aswMBR later

 

 

FRST.txt

JRT.txt

Addition.txt

AdwCleanerS0.txt

[LiquidTension]

Running IObit software will only cause more harm than good, and is owned by a company found to have stolen the defintion database from Malwarebytes. 

 

Please let me know how your PC is performing after completing the steps below.
 
STEP 1
 Malwarebytes Anti-Malware (MBAM)

• Open Malwarebytes Anti-Malware and click Update Now.
• Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
• Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
• Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• Click Copy to Clipboard and paste the log in your next reply. 
   

STEP 2
 ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

• Please download ESET Online Scan and save the file to your Desktop.
• Temporarily disable your anti-virus software. For instructions, please refer to the following link.
• Double-click esetsmartinstaller_enu.exe to run the programme. 
• Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
• Agree to the Terms of Use once more and click Start. Allow components to download.
• Place a checkmark next to Enable detection of potentially unwanted applications.
• Click Hide advanced settings. Place a checkmark next to:
  • Scan archives
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Ensure Remove found threats is unchecked.
• Click Start.
• Wait for the scan to finish. Please be patient as this can take some time.
• Upon completion, click . If no threats were found, skip the next two bullet points. 
• Click  and save the file to your Desktop, naming it something such as "MyEsetScan".
• Push the Back button.
• Place a checkmark next to  and click .
• Re-enable your anti-virus software.
• Copy the contents of the log and paste in your next reply.
   

======================================================
 
STEP 3
 Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

• MBAM Scan log
• ESET Online Scan log

[Victor2K]

Should I uninstall it? I can do it if needed...

 

Well, I can do MBAM and ESET tomorrow, albeit will try to do the latter before I can get into doing stuff from my job

[LiquidTension]

Yes, I would advise removing any software owned by IObit. 
I should have included Advanced System Care and Surfing Protection in my Revo instructions earlier. 
 

Well, I can do MBAM and ESET tomorrow, albeit will try to do the latter before I can get into doing stuff from my job

OK, sounds good.

[Victor2K]

Yes, I would advise removing any software owned by IObit. 

I should have included Advanced System Care and Surfing Protection in my Revo instructions earlier. 

 

OK, sounds good.

 

Will delete them after I do the scans