CPU usage 100% with multiple instances of cmd.exe, dllhost.exe, msiexec.exe, utorrentie.exe.
- Thread starter CheckMarc
- Start date
I tried running both ComboFix and TDSSKiller Safe Mode and the system wouldn't allow it. The message said that they couldn't be run in Safe Mode. I ran GMER 2.1.19357 and it showed problems in:
C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll.
I've attached the entire report.
These were high lighted in red:
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [916] 0x016C0000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\notepad.exe [2624] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\cmd.exe [3440] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\cmd.exe [3828] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\cmd.exe [4276] 0x04190000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\cmd.exe [456] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\cmd.exe [968] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [828] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\dllhost.exe [3516] 0x05F00000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\dllhost.exe [3632] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\msdtc.exe [3480] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\msiexec.exe [1968] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\msiexec.exe [5784] 0x05C10000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2144] 0x04150000
C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll.
I've attached the entire report.
These were high lighted in red:
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [916] 0x016C0000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\notepad.exe [2624] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\cmd.exe [3440] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\cmd.exe [3828] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\cmd.exe [4276] 0x04190000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\cmd.exe [456] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\cmd.exe [968] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [828] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\dllhost.exe [3516] 0x05F00000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\dllhost.exe [3632] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\msdtc.exe [3480] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\msiexec.exe [1968] 0x10000000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ C:\WINDOWS\system32\msiexec.exe [5784] 0x05C10000
Library C:\Documents and Settings\All Users\Application Data\{EBDDF8E9-4948-4EF2-9EBA-18B34523534F}\browser.dll (*** hidden *** ) @ D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2144] 0x04150000
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
Download
Malwarebytes Anti-Rootkit to your desktop.
- Double-click the icon to start the tool.
- It will ask you where to extract it, then it will start.
- Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
- Click in the introduction screen "next" to continue.
- Click in the following screen "Update" to obtain the latest malware definitions.
- Once the update is complete select "Next" and click "Scan".
- When the scan is finished and no malware has been found select "Exit".
- If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
- Open the MBAR folder and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"
You may also like...
-
McAfee Protection (Plus Plans, Total Protection, LiveSafe)- Started by Trident
- Replies: 413
-
-
-
Data Collection Core Principles (Security Software)
- Started by Trident
- Replies: 7
