1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

New issue, need assistance.

Discussion in 'Virus & Other Malware Removal' started by 2tru, Apr 28, 2010.

Thread Status:
Not open for further replies.
  1. 2tru

    2tru Thread Starter

    Joined:
    Apr 28, 2010
    Messages:
    2
    Edit 1) just had another trojan detected, Artemis!9D5331E229BB Location: C:\Windows\TEMP\yquu.tmp\svchost.exe

    Alright, i think i got all that is needed here. here are the issues that i have been having:

    1) Host processes have stopped window services- when this occurs it shuts down internet explorer. when i go to restart it asks if i want to continue my session or or start a new one.
    2) every couple of minutes i get audio ads that discuss different products including bank services, and also saying "Congratulations, you won"
    3) My McAfee pops-up (usually just before the audio ads) saying that it has quaranteed a file New Malware.J (Trojan) and it was from the windows\temp\ABCD.tmp\svchost.exe. everytime it pops up it is a different .tmp file and in the folder there are about 600 files and from what i can tell they are all empty.
    4) Just a few minutes ago a new trojan was found, Generic.dx!sei (trojan) location programdata\i5x2n344.exe
    5) i am not savvy with processes, but while trying to figure out the audio i noticed that one in particular kept popping up about the same time that the audio occured, it is ytbb.exe, which i found out was the yahoo toolbar. i tried to remove and delete all things yahoo, but it still comes back. I was able to find the yahoo stuff, and deleted all files, but even with admin rights there is one file i am being told i cannot delete and it is "C:\Program Files\Yahoo!\Companion\Installs\cpn1".
    6) every once in a while my computer will just shut down. has happened about 3 times in last week.

    pretty sure that is all, let me know what you can.

    thanks.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:22:02 PM, on 4/28/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal
    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
    C:\Program Files\Windows Live\Messenger\msnmsgr .exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe
    c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
    C:\Windows\system32\SearchFilterHost.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (file missing)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -scheduler
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent .exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr .exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\trujillo\appdata\local\temp\HSPERF~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\LMN4L359\SYNCME~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\X1491CGS\SYNCME~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\S1DG34C8\SYNCME~1.SH! c:\users\trujillo\appdata\local\temp\Low\HSPERF~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MOF20391\SMINST~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\3S1GM118\SMAPPD~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MOF20391\SMSYNC~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MOF20391\SMREGI~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RY1A6046\SMUICO~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\LWBQXAU6\SMSYST~1.SH! C:\Users\Tr
    O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\trujillo\appdata\local\temp\HSPERF~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\LMN4L359\SYNCME~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\X1491CGS\SYNCME~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\S1DG34C8\SYNCME~1.SH! c:\users\trujillo\appdata\local\temp\Low\HSPERF~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MOF20391\SMINST~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\3S1GM118\SMAPPD~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MOF20391\SMSYNC~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\MOF20391\SMREGI~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RY1A6046\SMUICO~1.SH! C:\Users\Trujillo\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\LWBQXAU6\SMSYST~1.SH! C:\Users\Tr
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
    O23 - Service: Google Update Service (gupdate1ca2ac235b97100) (gupdate1ca2ac235b97100) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe
    O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Sun Service Tag Discovery (stdiscover) - Unknown owner - C:\Program Files\Sun\servicetag\stdiscoverer.exe
    O23 - Service: Sun Service Tag Listener (stlisten) - Unknown owner - C:\Program Files\Sun\servicetag\stlisten.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    --
    End of file - 10875 bytes
     
  2. 2tru

    2tru Thread Starter

    Joined:
    Apr 28, 2010
    Messages:
    2
    OK, I think i may have solved this with some help from family members, but i wanted to put it on here in order to help everyone else.

    I downloaded a free trial version of AVAST anti-spyware from this site: http://www.avast.com/free-antivirus-download once you download this they have a cpouple of different scan options, one of them being a boot scan. I did it twice, the first time there was an error, which i ended up having to ignore (all the other things were giving errors too). After it runs, it will take you to your desktop. I didnt experience any of the issues that i had been, but i wanted to make sure and i ran it again, this time i had no errors. I hope this helps someone.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/919812

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice