Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirector causing issues in IE7 in XP


  • Please log in to reply
46 replies to this topic

#1 PART TIME IT DUDE

PART TIME IT DUDE

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 10 August 2009 - 03:39 PM

My name is John, and as my login states, I am a part time IT dude at the company I work at. I know enough to be dangerous but I could use some help from time to time, like now.

I have a newer computer that just started acting weird. It is an XP Pro SP3, quad core, 4gb, IE7. I started to get mixed results when surfing the web and I think I am being redirected to other sites. This has worsened over the past week and every once in a while I get a small popup windows that says:

Windows Internet Security

Your browser is under the threat of infection. Windows requires your permission to install online protection tool.Your browser is run in unsafe mode. Running the protection mode will help you to keep your computer safe. Staying at the suspicious website in unsafe mode may lead to the loss of personal data and computer breakage. To run the web browser in protected mode Windows requires installing the certified antivirus scanner software and online protection tool.
name: Online Protection Tool
publisher: Microsoft Windows


The above is in a Windows like window, with an orange header, and contains an orange sheild with ! in the middle.

My computer is running Mcafee total protection service, and I never saw this before, so I am not sure if it is part of it. If it was, I would think that McAfee would have their name in it, or use their shield logo, which it isnt.

Also, sometimes I actually see the word "redirecting" on the explorer tab. When I go to a new website from a search page, it shows "redirect" in the tab of IE, and then sometimes a huge page saying "waiting" with a clear see through arrow going around in circles, then it redirects me to something totally off the wall. So far, it hasn't been x rated, usually it is to Ebay, or a video in Utube, or some other regular dumb site.

So, I started to look around.
I didn't notice anything different in the start up files that shouldn't be there.
I performed my usual tasks of cleaming up the system, all to no avail.

I ran a virus scan, found nothing.

I installed and ran Adaware, it only found a few cookies, nothing else.

I tried running windows update, and it wouldnt access the site, a known issue I have seen with other malware and viruses.

I ran HJT and in it I found a few items under O1, and 4 items under O17. The ones under O1 seemed incorrect and useless, and the ones under O17 had the wrong DNS server numbers on it. I deleted the O1's and the O17. I thought for sure that would help. I rebooted, and I had to readd my DNS server numbers, and once I did it seemed to work, for a while. I was now able to access windwos update.

I ran HJT again, and this time only 2 O17's showed up, but they were the correct DNS numbers. I periodically ran the report and shortly I founf a third O17 show up, but it stll had the proper DNS numbers.

I tried to download SPYBOY S&D but it would redirect me elsewhere.

I downloaded the install file to another computer, and installed it on the problem one. It installed fine, but wouldn't run.

I rebooted and had issues going into windows, then I shut it down, rebooted into safemode, and had issues going into safemode. It never completely went into either, so I shut it down and rebooted into last known and it came up, but I had to add my DNS numbers again.

I uninstalled the Spybot, and reinstalled. The reason I did this is because when I first installed spybot, I checked the selection to install updates, which I never did before, and I thought that messed things up. Anyway, I reinstalled, and I still cant get spybot to run.

I can now at least get to windows update, but I cant seem to get rid of whatever it is.

BC AdBot (Login to Remove)

 


#2 Protoid

Protoid

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 10 August 2009 - 03:51 PM

you're getting the same popups I was
this might help you

EDIT: forgot to say good luck with the rootkit

Edited by Protoid, 10 August 2009 - 03:56 PM.


#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 10 August 2009 - 03:59 PM

hello and welcome. This may make it easier.
Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


Next:
We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive.
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 PART TIME IT DUDE

PART TIME IT DUDE
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 10 August 2009 - 04:25 PM

I did as you asked, I downloaded the files, and I renamed the Mbam to zztoy. I restarted my computer, and turned off all the anivirus and other tools from starting prior to installing. I installed it as you asked, but it did not autostart. I tried to start it by double clicking on it, but it didnt start. I remembered from another time they said to change the file name of the mbam.exe to something else before double clicking on it, so I did that, and it still wont run. What should I do? I havent ran or tried the rootkits.

Edit
I rebooted, and with the renamed file, it opened. I will contnue and go from there.

Edit
I started it, it didnt go to update by iteself, so I went to update it, and got an error 732 (0,0).
I went to download the link above you gave me in case the update didnt work, and the link is no good.
Should I run it without the update, or what for the link or a workaround?

Edit
Database info is from 8-3, so it is pretty current, so I am proceeding to run the test as instructed.

Edited by PART TIME IT DUDE, 10 August 2009 - 04:36 PM.


#5 PART TIME IT DUDE

PART TIME IT DUDE
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 10 August 2009 - 05:04 PM

I ran the anti-malware, the report follows, it found 3 items.

I tried to run the rootkit, and I got numerous errors.
the main one states: "Could not read the boot sector, try adjusting the disk access level in the options dialog"
I tried it, on all 4 levels, and got the same results. As it goes to run, I get the above error a few more times, then I get"Error, attempt to read from address 0X00000000" Not sure I got the amount of 0's correct. Then it the final error states "could not read system registry, please contact the author", then it bombs out on me. I cant get a report before it closes.

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/10/2009 4:39:40 PM
mbam-log-2009-08-10 (16-39-40).txt

Scan type: Quick Scan
Objects scanned: 100170
Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\WINTAB32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\WINTAB32.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 10 August 2009 - 08:19 PM

Ok, we'll use anther tool. First Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 PART TIME IT DUDE

PART TIME IT DUDE
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 11 August 2009 - 07:02 AM

BTW . . . Thanks for your help.
I reran the scan as you asked. Your description sounded like I was supposed to do it in safe mode, but said to do it in normal mode, so I did it in nirmal mode. The update feature still did not work, it errored out like I stated above, and the scan found nothing, scan attached below.

Also ran the root kit, also attached below.

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/11/2009 6:37:34 AM
mbam-log-2009-08-11 (06-37-34).txt

Scan type: Quick Scan
Objects scanned: 100180
Time elapsed: 2 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


[b]The scan found nothing to remove, but here is the scan log.[/b

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 8/11/2009 at 6:42:46 AM
User "CK1 user" on computer "CK1"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\ESQUL
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESQULserv.sys
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ESQULserv.sys
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ESQULserv.sys
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\WINDOWS\system32\drivers\ESQULkisxnwiijwvddpugkdpuxmuogukhmafe.sys
Hidden: file C:\WINDOWS\system32\ESQULxjkalkusfavfblybraijibyqohfxdhir.dll
Hidden: file C:\WINDOWS\system32\ESQULoqmhfdcaxrpsfrektcbfntaopociyegs.dll
Hidden: file C:\WINDOWS\system32\ESQULzxspectrum
Stopped logging on 8/11/2009 at 6:57:24 AM

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:44 PM

Posted 11 August 2009 - 07:09 AM

Hidden: file C:\WINDOWS\system32\drivers\ESQULkisxnwiijwvddpugkdpuxmuogukhmafe.sys
Hidden: file C:\WINDOWS\system32\ESQULxjkalkusfavfblybraijibyqohfxdhir.dll
Hidden: file C:\WINDOWS\system32\ESQULoqmhfdcaxrpsfrektcbfntaopociyegs.dll
Hidden: file C:\WINDOWS\system32\ESQULzxspectrum


Have sophos delete these, reboot and then MBAM should update
Chewy

No. Try not. Do... or do not. There is no try.

#9 PART TIME IT DUDE

PART TIME IT DUDE
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 11 August 2009 - 08:31 AM

I deleted those files, see the sarscan and sarclean logs below.

I then rebooted again and tried to update MBAM, and it still failed.

Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 8/11/2009 at 6:42:46 AM
User "CK1 user" on computer "CK1"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\ESQUL
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESQULserv.sys
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ESQULserv.sys
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ESQULserv.sys
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\WINDOWS\system32\drivers\ESQULkisxnwiijwvddpugkdpuxmuogukhmafe.sys
Hidden: file C:\WINDOWS\system32\ESQULxjkalkusfavfblybraijibyqohfxdhir.dll
Hidden: file C:\WINDOWS\system32\ESQULoqmhfdcaxrpsfrektcbfntaopociyegs.dll
Hidden: file C:\WINDOWS\system32\ESQULzxspectrum
Stopped logging on 8/11/2009 at 6:57:24 AM


Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 8/11/2009 at 7:43:18 AM
User "CK1 user" on computer "CK1"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Hidden: registry item \HKEY_LOCAL_MACHINE\SOFTWARE\ESQUL
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESQULserv.sys
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ESQULserv.sys
Hidden: registry item \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ESQULserv.sys
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\WINDOWS\system32\drivers\ESQULkisxnwiijwvddpugkdpuxmuogukhmafe.sys
Hidden: file C:\WINDOWS\system32\ESQULxjkalkusfavfblybraijibyqohfxdhir.dll
Hidden: file C:\WINDOWS\system32\ESQULoqmhfdcaxrpsfrektcbfntaopociyegs.dll
Hidden: file C:\WINDOWS\system32\ESQULzxspectrum
Stopped logging on 8/11/2009 at 7:57:53 AM


SophosBootTasks version 1.5.0 initialising
Processing tasks
Reading information for task 0
Deleting file \Device\HarddiskVolume2\WINDOWS\system32\drivers\ESQULkisxnwiijwvddpugkdpuxmuogukhmafe.sys
Reading information for task 1
Deleting file \Device\HarddiskVolume2\WINDOWS\system32\ESQULxjkalkusfavfblybraijibyqohfxdhir.dll
Reading information for task 2
Deleting file \Device\HarddiskVolume2\WINDOWS\system32\ESQULoqmhfdcaxrpsfrektcbfntaopociyegs.dll
Reading information for task 3
Deleting file \Device\HarddiskVolume2\WINDOWS\system32\ESQULzxspectrum
ActionBootTasks completed
SophosBootTasks completed

#10 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:44 PM

Posted 11 August 2009 - 08:38 AM

Go ahead and run a quick scan with MBAM
Chewy

No. Try not. Do... or do not. There is no try.

#11 PART TIME IT DUDE

PART TIME IT DUDE
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 11 August 2009 - 09:05 AM

I am rerunning the ARK again, I missed the step to empty list and click continue to rerun. It is rerunning now, and it is finding allot of stuff, but looks all safe stuff anyway. I will post that when done, and will rerun MBAM

#12 PART TIME IT DUDE

PART TIME IT DUDE
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 11 August 2009 - 09:18 AM

I am rerunning the ARK again, I missed the step to empty list and click continue to rerun. It is rerunning now, and it is finding allot of stuff, but looks all safe stuff anyway. I also reran MBAM and it didnt find anything, and it still wont update.


Sophos Anti-Rootkit Version 1.5.0 © 2009 Sophos Plc
Started logging on 8/11/2009 at 8:33:43 AM
User "CK1 user" on computer "CK1"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Program Files\CyberLink\PowerDVD DX\Kernel\Movie\CLDShowX.dll
Hidden: file C:\Program Files\CyberLink\PowerDVD DX\Kernel\Movie\Claud.ax
Hidden: file C:\Program Files\CyberLink\PowerDVD DX\Kernel\Movie\CLAudFx.ax
Hidden: file C:\Program Files\CyberLink\PowerDVD DX\Kernel\Movie\CLNavX.ax
Hidden: file C:\Program Files\CyberLink\PowerDVD DX\Kernel\Movie\CLVSD.ax
Hidden: file C:\Documents and Settings\All Users\Application Data\Autodesk\RME 2009\training\imperial\Revit_MEP_Imperial_Datasets_6.exe
Hidden: file C:\Program Files\Intuit\QuickBooks 2007\GoogleDesktopSetup.exe
Hidden: file C:\Program Files\Intuit\QuickBooks 2007\Components\ShippingManager\ZRush_ShipRush4_QB.ocx
Hidden: file C:\Documents and Settings\All Users\Application Data\Autodesk\RME 2009\training\imperial\Revit_MEP_Imperial_Datasets_1.exe
Hidden: file C:\Documents and Settings\All Users\Application Data\Autodesk\RME 2009\training\imperial\Revit_MEP_Imperial_Datasets_2.exe
Hidden: file C:\Documents and Settings\All Users\Application Data\Autodesk\RME 2009\training\imperial\Revit_MEP_Imperial_Datasets_3.exe
Hidden: file C:\Documents and Settings\All Users\Application Data\Autodesk\RME 2009\training\imperial\Revit_MEP_Imperial_Datasets_4.exe
Hidden: file C:\Documents and Settings\All Users\Application Data\Autodesk\RME 2009\training\imperial\Revit_MEP_Imperial_Datasets_5.exe
Hidden: file C:\Documents and Settings\All Users\Application Data\Autodesk\RME 2009\training\imperial\Revit_MEP_Imperial_Datasets_7.exe
Hidden: file C:\Documents and Settings\CK1 user\Desktop\RootRepeal.exe
Hidden: file C:\Documents and Settings\CK1 user\Local Settings\Application Data\Citrix\GoToAssist\GoToAssist_chat2way_service_570_en.exe
Hidden: file C:\keith files\keith disk 1\Compute-A-Fan9Full.exe
Hidden: file C:\keith files\keith disk 1\FlaRes2008Beta02.exe
Stopped logging on 8/11/2009 at 9:05:54 AM


Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/11/2009 9:14:58 AM
mbam-log-2009-08-11 (09-14-58).txt

Scan type: Quick Scan
Objects scanned: 100120
Time elapsed: 3 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:44 PM

Posted 11 August 2009 - 09:24 AM

Will MBAM update?
Chewy

No. Try not. Do... or do not. There is no try.

#14 PART TIME IT DUDE

PART TIME IT DUDE
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 11 August 2009 - 09:56 AM

No, It wont. It gets an error 732 (0,0).

#15 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:03:44 PM

Posted 11 August 2009 - 10:03 AM

Are other online functions working?
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users