New issue, need assistance.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

2tru

Thread Starter
Joined
Apr 28, 2010
Messages
2
Edit 1) just had another trojan detected, Artemis!9D5331E229BB Location: C:\Windows\TEMP\yquu.tmp\svchost.exe

Alright, i think i got all that is needed here. here are the issues that i have been having:

1) Host processes have stopped window services- when this occurs it shuts down internet explorer. when i go to restart it asks if i want to continue my session or or start a new one.
2) every couple of minutes i get audio ads that discuss different products including bank services, and also saying "Congratulations, you won"
3) My McAfee pops-up (usually just before the audio ads) saying that it has quaranteed a file New Malware.J (Trojan) and it was from the windows\temp\ABCD.tmp\svchost.exe. everytime it pops up it is a different .tmp file and in the folder there are about 600 files and from what i can tell they are all empty.
4) Just a few minutes ago a new trojan was found, Generic.dx!sei (trojan) location programdata\i5x2n344.exe
5) i am not savvy with processes, but while trying to figure out the audio i noticed that one in particular kept popping up about the same time that the audio occured, it is ytbb.exe, which i found out was the yahoo toolbar. i tried to remove and delete all things yahoo, but it still comes back. I was able to find the yahoo stuff, and deleted all files, but even with admin rights there is one file i am being told i cannot delete and it is "C:\Program Files\Yahoo!\Companion\Installs\cpn1".
6) every once in a while my computer will just shut down. has happened about 3 times in last week.

pretty sure that is all, let me know what you can.

thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:02 PM, on 4/28/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
C:\Program Files\Windows Live\Messenger\msnmsgr .exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -scheduler
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent .exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\trujillo\appdata\local\temp\HSPERF~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\LMN4L359\SYNCME~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\X1491CGS\SYNCME~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\S1DG34C8\SYNCME~1.SH! c:\users\trujillo\appdata\local\temp\Low\HSPERF~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MOF20391\SMINST~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\3S1GM118\SMAPPD~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MOF20391\SMSYNC~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MOF20391\SMREGI~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RY1A6046\SMUICO~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\LWBQXAU6\SMSYST~1.SH! C:\Users\Tr
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\trujillo\appdata\local\temp\HSPERF~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\LMN4L359\SYNCME~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\X1491CGS\SYNCME~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\S1DG34C8\SYNCME~1.SH! c:\users\trujillo\appdata\local\temp\Low\HSPERF~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MOF20391\SMINST~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\3S1GM118\SMAPPD~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MOF20391\SMSYNC~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MOF20391\SMREGI~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RY1A6046\SMUICO~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\LWBQXAU6\SMSYST~1.SH! C:\Users\Tr
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Google Update Service (gupdate1ca2ac235b97100) (gupdate1ca2ac235b97100) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Sun Service Tag Discovery (stdiscover) - Unknown owner - C:\Program Files\Sun\servicetag\stdiscoverer.exe
O23 - Service: Sun Service Tag Listener (stlisten) - Unknown owner - C:\Program Files\Sun\servicetag\stlisten.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 10875 bytes
 

2tru

Thread Starter
Joined
Apr 28, 2010
Messages
2
OK, I think i may have solved this with some help from family members, but i wanted to put it on here in order to help everyone else.

I downloaded a free trial version of AVAST anti-spyware from this site: http://www.avast.com/free-antivirus-download once you download this they have a cpouple of different scan options, one of them being a boot scan. I did it twice, the first time there was an error, which i ended up having to ignore (all the other things were giving errors too). After it runs, it will take you to your desktop. I didnt experience any of the issues that i had been, but i wanted to make sure and i ran it again, this time i had no errors. I hope this helps someone.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top