Given ESET has helped me out in the past with virus removal tools I thought I'd post here first . 10 days ago I installed software from vttp://stereomixplus.com (replace v with h) to allow streaming my own internal PC audio online. After a few minutes I started noticing multiple background chrome processes making 200+ connections to different IPs. Initially hoping it was just an infection confined to Chrome I uninstalled, but then noticed exactly the same thing with background internet explorer processes in Kaspersky network monitor, so I blocked all connections, did numerous scans with various anti adware and malware scanners, and with Adwcleaner discovered numerous leftovers from Lavasoft Web Companion so I initially put it down to this. However, after a few days I unblocked internet explorer in Kaspersky, but required permission, I was then alerted when an encrypted connection was attempted to be made to vast.ssp.optimatic.com, so I blocked that and then checked Kaspersky Network Monitor.
Again, there were 200+ connections to different ips in a background Internet Explorer process, so I blocked all net access, and blocked internet explorer again in Kaspersky settings. However, I then looked at process explorer, and I could see the 2nd highest cpu usage was by interstatnogui.exe located at C:\Users\YOURUSERNAME\AppData\Roaming\Interstatnogui , and it turns out this file was installed as I installed the Stereo_Mix_Plus_Setup.exe
Looking at the strings of the exe in process explorer (attached as txt), I found quite a bit of data that links it to other malware, including the Weatherman trojan by the fact the programmer has put his user account name Ozrenko , the use of the Interstat theme, weather data in the strings, links to vttp://interstat.eu (replace v with h) classified as a malicious site by numerous providers:
https://www.virustotal.com/en/url/826307362cf601012c703e9510275310a2876fd55505b6618656d8732f0c7d02/analysis/
I summed most of this up, with virustotal and reasoncore links on tenforums in this post
hxxp://www.tenforums.com/antivirus-firewalls-system-security/63767-hundreds-hidden-chrome-now-ie-processes-after-installing-software-3.html#post820218
All the exes I think are variants
inetstat.exe interstat.exe speedtray.exe isup.exe UserMon.exe
inter_weather_v320.exe interstat.exe gpupd55f74af50.exe inter_weather2.exe
softwebbar.exe sftwbbr_v333.exe
NetworkMonitor.exe
BandwidthMon.exe bandwidthstat.exe speedmon.exe inter_bandwidth_v339.exe
interstatnogui.exe - Copy.txt