Stonewell.exe and svchost.exe

[SoundProblem]

I'm running Windows 7 Ultimate 64 and recently I've had some strange things happening. First I noticed that sometimes a generic icon would appear in my dock called svchost.exe. Clicking on it did not bring it to the front, but if I moved all my other windows out of the way I could see it. It's a small rectangular box, blue-green in colour with 'svchost' written in it. It has no border like most windows (like where the close and minimize buttons are). I could get rid of it through ctrl + alt + del and ending the process.

Later I would sometimes get Windows pop up a '...has stopped working' window for svchost.exe but also for something called 'stonewell.exe'. I've searched and I can fine no reference whatsoever to a stonewell.exe. There is some mention of a stonewAll.exe being a virus of some kind but nothing very concrete and certainly nothing about stonewEll.exe.

I've also noticed several svchost.exe instances appearing and using 80mb or so of memory, but my network usage is zero and CPU usage is at idle.

Does anyone know what's wrong or how I can fix it?

Thanks

 

[Bill2]

To start with, run a scan with MBAM.

Malwarebytes' Anti-Malware: Malwarebytes

As for the multiple svchost instances, thats normal. You can right click on each in task manager, then click "go to services" to identify anything suspicious.

 

[whs]

a generic icon would appear in my dock called svchost.exe

1. What "dock" are we talking about
2. can you find out whether this svchost.exe has a path to the windows32 folder

 

[SoundProblem]

Hi, thanks for your replies.

I installed Malwarebytes and ran a full scan. It found two infected svchost files which it cleaned, but the problem doesn't seem to have gone away. A new thing is appearing as well. Here's a screenshot of some of the issues:

http://img692.imageshack.us/img692/6827/svc4.jpg

The window in the top left is new, I have no idea what it is.

When I say dock, I mean the bar along the bottom of Windows that has shortcuts pinned to it. You can see it in the bottom of that screenshot and I have circled what I called a 'generic icon'. In this screenshot you can see I have right clicked the icon in the dock and it has an option that just says 'Stonewell'.

I right clicked this and hit 'properties' to get the window you see superimposed in the lower left showing the location of the file in my temp folder etc.

Also notice that in my taskmanager Google Chrome's name has been changed.

If I go to my temp folder and locate the offending file, here it is next to another suspicious looking file (topless girl icon, not exactly a hallmark of legitimate software developers!):

http://img37.imageshack.us/i/svc5.jpg/

And if I scroll down further there are another two files with the same icons and a long list of similarly named files:

http://img409.imageshack.us/i/svc6.jpg/

 

[Bill2]

Why are you not cleaning up your temp files instead of posting their pictures? Run CCleaner and do both a regular as well as registry cleanup. Do this first.

That left window (first snip) suggests a trojan is at work. Run mbam again a couple of times, make sure its definitions are updated. You can also try running a scan in safe mode. if you find the infection keeps coming back in mbam results list, you have a bit of a problem Houston.

What about your data? Is it backed up?