Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

svhost.exe > Dcom Server Process Launcher


  • Please log in to reply
4 replies to this topic

#1 Muggy

Muggy

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 25 March 2010 - 02:49 PM

I have recently been having problems with one of the svhost.exe processes first seen in Task Manager
which has been constantly running at 25% CPU usage.. I located it to the DCom Server Process Launcher
and did a scan (antivirus) with Zone Alarm.. which indeed did find several trojans and two viruses.. re
scanned and no more were found.. although I did have to uninstall .Net Framework and Windows Live
Messenger.. I have checked and scanned my PC with System Mechanic Professional which located
several registry errors and a few errors on my HDD.. which were fixed or so I hope however when
I start up my PC this svhost.exe is still running at 25% I have run Process Explorer and taken
a snapshot of the results

Posted Image

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 AM

Posted 25 March 2010 - 04:25 PM

It's possible that there is still Malware on the computer. Try this scan:

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Muggy

Muggy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 25 March 2010 - 05:46 PM

you were spot on there was indeed malware which had infected some trusted programs there were 166 infected files the log file as ask for is below, this was after
the selected files were being quaranteened and others removed on reboot.. btw thank you for your help :thumbsup:

Malwarebytes' Anti-Malware 1.44
Database version: 3914
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

25/03/2010 22:37:03
mbam-log-2010-03-25 (22-37-03).txt

Scan type: Quick Scan
Objects scanned: 114604
Time elapsed: 3 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 6
Files Infected: 144

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Quick Mode (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Safe Restart (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Safe Shutdown (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Evidence Eliminator Safe Recycle (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Help (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tim Collinson\Start Menu\Programs\Evidence Eliminator (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\linhdbd.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Ee.exe (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\EEShellExt.dll (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\INSTALL.LOG (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\License.txt (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\ReadMe.txt (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\UNWISE.EXE (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\UNWISE.INI (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Config.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Drives.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Files.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\FilesContents.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Folders.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\FolderScans.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\IECookiesKeep.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\IEDownloadedKeep.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\MozillaCookiesKeep.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\OE5ChoiceList.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\PlugInSelections.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\ScanMasks.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\TBChoiceList.dat (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\AbsoluteFTP.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\ACDSEE Photo Viewer v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adaptec Easy CD Creator v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v3.1.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v5.1.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v6.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat Reader v7.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Acrobat v6.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.0 LE.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v6.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v7.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v8.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Adobe Photoshop v9.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\ASPack.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Avant Browser.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Cabinet Manager.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Copernic 2000 Pro.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Copernic 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Copernic Agent.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Corel Paintshop Pro v10.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v3.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Cute FTP v7.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Delphi v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Delphi v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Delphi v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\DiskKeeper v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\DivXPlayer.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Download Accelerator.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Eudora Mail.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\EventLog.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\FTP Explorer.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GetRight ExplorerBar.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GetRight v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Google Chrome.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GoogleBar.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GoogleNavigation.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\GoZilla.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Helios TextPad v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\HelpWriter.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Icon Extractor.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\ICQ 2000a.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\InstallShield Express.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\J2 Messenger.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v6.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\JASC Paintshop Pro v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Jet PhotoShell v1.2.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Kazaa.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Limewire v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Macromedia Flash v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\MasterSplitter v2.1.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\McAfee Virus Scan v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microangelo 98.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Micrografx Picture Publisher v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage Express.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft FrontPage.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Help Workshop.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft HTML Help.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Office.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Publisher 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Send-To Extensions.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows Paint.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Microsoft Windows WordPad.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\My Network Places.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Napster Music Community.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\NEATO Labels.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\NeoPlanet v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton AntiVirus 2000 (v6).eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton Antivirus 2003.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton File Manager.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton Internet Security 2004.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton Personal Firewall.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Norton Utilities 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\NoteTab Pro.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Opera Browser.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\PackageForTheWeb.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Personal Ancestral File.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Quicktime.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Real Audio Player v6 v7 v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Real Download v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Real Player v10.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\RealOne Player.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\RemoteDesktop.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Roxio Easy CD Creator v6.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Safari Browser.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\SureThing CD Labeler.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Telnet.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead Gif Animator v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Explorer v4.2.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead Photo Viewer v4.0.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v10.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact v5.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Ulead PhotoImpact Viewer v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\UltraEdit v4.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\UltraEdit v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Web Ferret v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinOnCD.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinRar v2.6.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinRar v2.70.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinRar v3.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinZip v7.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\WinZip v8.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Wise Installer.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Yahoo Player.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\YahooMessenger.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\ZipMagic 2000.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Data\Plug-Ins\Zone Alarm.eep (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Program Files\Evidence Eliminator\Help\ee.chm (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tim Collinson\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Help.lnk (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tim Collinson\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator License Agreement.lnk (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tim Collinson\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Read Me.lnk (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tim Collinson\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator.lnk (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tim Collinson\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tim Collinson\Start Menu\Programs\Startup\syspck32.exe (Trojan.Downloader) -> Delete on reboot.



#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 AM

Posted 25 March 2010 - 05:48 PM

Reboot your computer, run the Malwarebytes scan again and post the new log.

Also, I am moving this topic to the "Am I Infected..." section of the forum.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Muggy

Muggy
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 25 March 2010 - 06:06 PM

Reboot your computer, run the Malwarebytes scan again and post the new log.

Also, I am moving this topic to the "Am I Infected..." section of the forum.


I thought I had better inform you that I was aware of Robinhood Software's rogue advertising and popups when I tried to use EE free
many years ago.. but I can assure you that this was not the culprit for the recent problem/s I had been trying to find an update to
a mod for a game and clicked on a link in google when I got a warning from zone alarm that a process wanted to start which I did
tick for deny yet it still had installed itself. As for EE I have used this since 2001 and have not ever had any problems.. the software
is registered to me.. and I have actually had good support from them.. and before you wonder no I do not work for them.. I will post
report from second scan in this reply I assume there is the option to edit a post :k

Malwarebytes' Anti-Malware 1.44
Database version: 3914
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

25/03/2010 23:24:15
mbam-log-2010-03-25 (23-24-15).txt

Scan type: Quick Scan
Objects scanned: 114406
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Edited by Muggy, 25 March 2010 - 06:26 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users