Jump to content

My XP "BackdoorBot"


control_tps

Recommended Posts

Here is the first scan on my XP PC:

Malwarebytes' Anti-Malware 1.41

Database version: 3037

Windows 5.1.2600 Service Pack 3

10/26/2009 3:29:50 PM

mbam-log-2009-10-26 (15-29-50).txt

Scan type: Quick Scan

Objects scanned: 116806

Time elapsed: 6 minute(s), 22 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\EAL.EXE (Backdoor.Bot) -> Quarantined and deleted successfully.

Here is the second scan on my XP PC:

Malwarebytes' Anti-Malware 1.41

Database version: 3037

Windows 5.1.2600 Service Pack 3

10/26/2009 3:41:51 PM

mbam-log-2009-10-26 (15-41-51).txt

Scan type: Quick Scan

Objects scanned: 116701

Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

mbam_log_2009_10_26__15_41_51_.txt

Link to post
Share on other sites

I hope I did this correct.

Malwarebytes' Anti-Malware 1.41

Database version: 3037

Windows 6.0.6002 Service Pack 2

10/26/2009 11:02:12 PM

mbam-log-2009-10-26 (23-02-12).txt

Scan type: Quick Scan

Objects scanned: 99657

Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

mbam_log_2009_10_26__23_02_12_.txt

Link to post
Share on other sites

Please, let me know if I posted the correct developer log, Bruce. I noticed that there was new update. Here is the scan with new update.

Malwarebytes' Anti-Malware 1.41

Database version: 3038

Windows 6.0.6002 Service Pack 2

10/26/2009 11:25:37 PM

mbam-log-2009-10-26 (23-25-37).txt

Scan type: Quick Scan

Objects scanned: 99722

Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Here is the new scan with developer log.

Malwarebytes' Anti-Malware 1.41

Database version: 3038

Windows 6.0.6002 Service Pack 2

10/26/2009 11:34:24 PM

mbam-log-2009-10-26 (23-34-24).txt

Scan type: Quick Scan

Objects scanned: 99719

Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

mbam_log_2009_10_26__23_34_24_.txt

Link to post
Share on other sites

I did follow the step in how to save a log in developer mode. Sorry, I just don't understand how to do it, I guess.

Follow the steps 1 by 1 in the link I posted , you will get a log with additional information .

Without the file being detected or a developers log there is nothing I can do for you .

Link to post
Share on other sites

Here is my Vista PC Full System Scan result with developer log.

Malwarebytes' Anti-Malware 1.41

Database version: 3043

Windows 6.0.6002 Service Pack 2

10/27/2009 2:12:37 PM

mbam-log-2009-10-27 (14-12-37).txt

Scan type: Full Scan (C:\|)

Objects scanned: 252149

Time elapsed: 1 hour(s), 25 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\epson\PrinterDriverTemp\SCX6000\EAL.EXE (Backdoor.Bot) -> Quarantined and deleted successfully. [4948455830356668766980808315358085010707015538515242484730201301041504150415040

10707015253514247405230171301213722342217171717191717171717171721171717391717393

9

39391717171735251717171717171717171717171717211717171834171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717181717171735341817171717381839352117263637191835

2

51718213636371918261726172221232523262420191724172419233923242419231823371917233

7

24222420242119172319232219172419242223381917242223382321232224191917222423262338

2

02020191737173419212024171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

22172122171717172136171817251717182622382119193417171717171717171717171717171717

3

81717172538251817351718171918261717323232321717171732321717171717171717171717173

2

32323232321717171718171717171717173232323217171717171732323232171718171717171717

1

71719171717171718171717171717171717171717171717211717171717171717171717171717171

7

32323232171717171721171717171717171717171717171917171717171717171717323217171717

2

11717171717171717171817171717171817171717171717171717171717181717171717171717171

7

17171717171717171717171717171732323232171732323232171717171717323232321717171732

3

21717171717171717171717171717171717171717171717171717171717171717171717171717323

2

32321717323232321717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717173232323217171825171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717212021392121212217171717171717173232323232321717171718171717

1

71717173232323217171717172117171717171717171717171717171717171717171717171717171

7

17191717171717231721212118222121181717171717171717323232321717171717173232323217

1

71717323217171717171732323232171717171717171717171717171717171717171717171717171

7

21171717171736172119222022201717171717171717171732323232171717171717323232321717

1

71717171717171717173232323217171717171717171717171717171717171717171717171717171

7

17171717173617193823262321231824212318171717173232323217171717171732323232171717

1

73232171717171717323232321717171717171717171717171717171717171717171717171717211

7

17171717361719382421233624201717171717171717323217171717171717173232323217171717

1

71717171717171732323232171717171717171717171717171717171717171717171717171717171

7

17171736171938241923212318242123181717171718251717171717171717323232321717171717

1

91717171717173232323217171717171717171717171717171717171717171717171717172117171

7

17172217193824192322233623392320171717173232323217171717171732323232171717173232

1

71717171717323232321717171717171717171717171717171717171717171717171717211717171

7

17221719382419242024192320171717171717171732321717171717173232323217171717323217

1

71717171732323232171717171717171717171717171717171717171717171717171721171717171

7

22171717171717171717171717171717171717171717171717171717323232321717171717171717

1

71717173232323217171717171717171717171717171717171717171717171717172117171717172

2

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717211

8

1732323232173417232220242124192326233823242225]

mbam_log_2009_10_27__14_10_04_.txt

Link to post
Share on other sites

Here is my XP PC Full System Scan result with developer log.

Malwarebytes' Anti-Malware 1.41

Database version: 3042

Windows 5.1.2600 Service Pack 3

10/27/2009 2:37:59 PM

mbam-log-2009-10-27 (14-37-48).txt

Scan type: Full Scan (C:\|)

Objects scanned: 290325

Time elapsed: 1 hour(s), 46 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Program Files\epson\PrinterDriverTemp\SCX6000\EAL.EXE (Backdoor.Bot) -> No action taken. [5253514247405230356668766980808315358085130117130121372234221717171719171717171

71717211717173917173939393917171717352517171717171717171717171717172117171718341

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171817171717353418171717173

8

18393521172636371918352517182136363719182617261722212325232624201917241724192339

2

32424192318233719172337242224202421191723192322191724192422233819172422233823212

3

22241919172224232623382020201917371734192120241717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717221721221717171721361718172517171826223821191934171717171

7

17171717171717171717173817171725382518173517181719182617173232323217171717323217

1

71717171717171717171732323232323217171717181717171717171732323232171717171717323

2

32321717181717171717171717191717171717181717171717171717171717171717172117171717

1

71717171717171717171717323232321717171717211717171717171717171717171719171717171

7

17171717173232171717172117171717171717171718171717171718171717171717171717171717

1

71817171717171717171717171717171717171717171717171717323232321717323232321717171

7

17173232323217171717323217171717171717171717171717171717171717171717171717171717

1

71717171717171717173232323217173232323217171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171732323232171718

2

51717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717172120213921212122171717171717171732323

2

32323217171717181717171717171732323232171717171721171717171717171717171717171717

1

71717171717171717171717171917171717172317212121182221211817171717171717173232323

2

17171717171732323232171717173232171717171717323232321717171717171717171717171717

1

71717171717171717171717211717171717361721192220222017171717171717171717323232321

7

17171717173232323217171717171717171717171732323232171717171717171717171717171717

1

71717171717171717171717171717171736171938232623212318242123181717171732323232171

7

17171717323232321717171732321717171717173232323217171717171717171717171717171717

1

71717171717171717172117171717173617193824212336242017171717171717173232171717171

7

17171732323232171717171717171717171717323232321717171717171717171717171717171717

1

71717171717171717171717171717361719382419232123182421231817171717182517171717171

7

17173232323217171717171917171717171732323232171717171717171717171717171717171717

1

71717171717171721171717171722171938241923222336233923201717171732323232171717171

7

17323232321717171732321717171717173232323217171717171717171717171717171717171717

1

71717171717172117171717172217193824192420241923201717171717171717323217171717171

7

32323232171717173232171717171717323232321717171717171717171717171717171717171717

1

71717171717211717171717221717171717171717171717171717171717171717171717171717173

2

32323217171717171717171717171732323232171717171717171717171717171717171717171717

1

71717171721171717171722171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

717171717171717171721181732323232173417232220242124192326233823242225]

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP370\A0095123.EXE (Backdoor.Bot) -> No action taken. [5253514247405230356668766980808315358085130117130121372234221717171719171717171

71717211717173917173939393917171717352517171717171717171717171717172117171718341

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171817171717353418171717173

8

18393521172636371918352517182136363719182617261722212325232624201917241724192339

2

32424192318233719172337242224202421191723192322191724192422233819172422233823212

3

22241919172224232623382020201917371734192120241717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717221721221717171721361718172517171826223821191934171717171

7

17171717171717171717173817171725382518173517181719182617173232323217171717323217

1

71717171717171717171732323232323217171717181717171717171732323232171717171717323

2

32321717181717171717171717191717171717181717171717171717171717171717172117171717

1

71717171717171717171717323232321717171717211717171717171717171717171719171717171

7

17171717173232171717172117171717171717171718171717171718171717171717171717171717

1

71817171717171717171717171717171717171717171717171717323232321717323232321717171

7

17173232323217171717323217171717171717171717171717171717171717171717171717171717

1

71717171717171717173232323217173232323217171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171732323232171718

2

51717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717172120213921212122171717171717171732323

2

32323217171717181717171717171732323232171717171721171717171717171717171717171717

1

71717171717171717171717171917171717172317212121182221211817171717171717173232323

2

17171717171732323232171717173232171717171717323232321717171717171717171717171717

1

71717171717171717171717211717171717361721192220222017171717171717171717323232321

7

17171717173232323217171717171717171717171732323232171717171717171717171717171717

1

71717171717171717171717171717171736171938232623212318242123181717171732323232171

7

17171717323232321717171732321717171717173232323217171717171717171717171717171717

1

71717171717171717172117171717173617193824212336242017171717171717173232171717171

7

17171732323232171717171717171717171717323232321717171717171717171717171717171717

1

71717171717171717171717171717361719382419232123182421231817171717182517171717171

7

17173232323217171717171917171717171732323232171717171717171717171717171717171717

1

71717171717171721171717171722171938241923222336233923201717171732323232171717171

7

17323232321717171732321717171717173232323217171717171717171717171717171717171717

1

71717171717172117171717172217193824192420241923201717171717171717323217171717171

7

32323232171717173232171717171717323232321717171717171717171717171717171717171717

1

71717171717211717171717221717171717171717171717171717171717171717171717171717173

2

32323217171717171717171717171732323232171717171717171717171717171717171717171717

1

71717171721171717171722171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

717171717171717171721181732323232173417232220242124192326233823242225]

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP370\A0095215.EXE (Backdoor.Bot) -> No action taken. [5253514247405230356668766980808315358085130117130121372234221717171719171717171

71717211717173917173939393917171717352517171717171717171717171717172117171718341

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171817171717353418171717173

8

18393521172636371918352517182136363719182617261722212325232624201917241724192339

2

32424192318233719172337242224202421191723192322191724192422233819172422233823212

3

22241919172224232623382020201917371734192120241717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717221721221717171721361718172517171826223821191934171717171

7

17171717171717171717173817171725382518173517181719182617173232323217171717323217

1

71717171717171717171732323232323217171717181717171717171732323232171717171717323

2

32321717181717171717171717191717171717181717171717171717171717171717172117171717

1

71717171717171717171717323232321717171717211717171717171717171717171719171717171

7

17171717173232171717172117171717171717171718171717171718171717171717171717171717

1

71817171717171717171717171717171717171717171717171717323232321717323232321717171

7

17173232323217171717323217171717171717171717171717171717171717171717171717171717

1

71717171717171717173232323217173232323217171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171732323232171718

2

51717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717172120213921212122171717171717171732323

2

32323217171717181717171717171732323232171717171721171717171717171717171717171717

1

71717171717171717171717171917171717172317212121182221211817171717171717173232323

2

17171717171732323232171717173232171717171717323232321717171717171717171717171717

1

71717171717171717171717211717171717361721192220222017171717171717171717323232321

7

17171717173232323217171717171717171717171732323232171717171717171717171717171717

1

71717171717171717171717171717171736171938232623212318242123181717171732323232171

7

17171717323232321717171732321717171717173232323217171717171717171717171717171717

1

71717171717171717172117171717173617193824212336242017171717171717173232171717171

7

17171732323232171717171717171717171717323232321717171717171717171717171717171717

1

71717171717171717171717171717361719382419232123182421231817171717182517171717171

7

17173232323217171717171917171717171732323232171717171717171717171717171717171717

1

71717171717171721171717171722171938241923222336233923201717171732323232171717171

7

17323232321717171732321717171717173232323217171717171717171717171717171717171717

1

71717171717172117171717172217193824192420241923201717171717171717323217171717171

7

32323232171717173232171717171717323232321717171717171717171717171717171717171717

1

71717171717211717171717221717171717171717171717171717171717171717171717171717173

2

32323217171717171717171717171732323232171717171717171717171717171717171717171717

1

71717171721171717171722171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

717171717171717171721181732323232173417232220242124192326233823242225]

C:\WINDOWS\system32\EAL.EXE (Backdoor.Bot) -> No action taken. [5253514247405230356668766980808315358085130117130121372234221717171719171717171

71717211717173917173939393917171717352517171717171717171717171717172117171718341

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171817171717353418171717173

8

18393521172636371918352517182136363719182617261722212325232624201917241724192339

2

32424192318233719172337242224202421191723192322191724192422233819172422233823212

3

22241919172224232623382020201917371734192120241717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717221721221717171721361718172517171826223821191934171717171

7

17171717171717171717173817171725382518173517181719182617173232323217171717323217

1

71717171717171717171732323232323217171717181717171717171732323232171717171717323

2

32321717181717171717171717191717171717181717171717171717171717171717172117171717

1

71717171717171717171717323232321717171717211717171717171717171717171719171717171

7

17171717173232171717172117171717171717171718171717171718171717171717171717171717

1

71817171717171717171717171717171717171717171717171717323232321717323232321717171

7

17173232323217171717323217171717171717171717171717171717171717171717171717171717

1

71717171717171717173232323217173232323217171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171732323232171718

2

51717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717172120213921212122171717171717171732323

2

32323217171717181717171717171732323232171717171721171717171717171717171717171717

1

71717171717171717171717171917171717172317212121182221211817171717171717173232323

2

17171717171732323232171717173232171717171717323232321717171717171717171717171717

1

71717171717171717171717211717171717361721192220222017171717171717171717323232321

7

17171717173232323217171717171717171717171732323232171717171717171717171717171717

1

71717171717171717171717171717171736171938232623212318242123181717171732323232171

7

17171717323232321717171732321717171717173232323217171717171717171717171717171717

1

71717171717171717172117171717173617193824212336242017171717171717173232171717171

7

17171732323232171717171717171717171717323232321717171717171717171717171717171717

1

71717171717171717171717171717361719382419232123182421231817171717182517171717171

7

17173232323217171717171917171717171732323232171717171717171717171717171717171717

1

71717171717171721171717171722171938241923222336233923201717171732323232171717171

7

17323232321717171732321717171717173232323217171717171717171717171717171717171717

1

71717171717172117171717172217193824192420241923201717171717171717323217171717171

7

32323232171717173232171717171717323232321717171717171717171717171717171717171717

1

71717171717211717171717221717171717171717171717171717171717171717171717171717173

2

32323217171717171717171717171732323232171717171717171717171717171717171717171717

1

71717171721171717171722171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

71717171717171717171717171717171717171717171717171717171717171717171717171717171

7

17171717171717171717171717171717171717171717171717171717171717171717171717171717

1

717171717171717171721181732323232173417232220242124192326233823242225]

mbam_log_2009_10_27__14_37_48_.txt

Link to post
Share on other sites

Please zip and attach EAL.EXE to your next post , this should be fixed so I am going to need the file to see what is wrong here .

I'm sorry Bruce, but can you please provide a step by step instruction in how to do this. Because, I can't do it. Maybe, next time I can get it right. Also, did I post the developer log correctly? :) Thanks for all your help. :)

Link to post
Share on other sites

Show Hidden Files and Folders:

  • Click Start and select My Computer
  • Click the Tools item from the menu at the top of the window (if you don't see Tools press the Alt key on your keyboard and it will appear)
  • Select Folder Options
  • Click the View tab and make sure Show hidden files and folders is selected under Hidden files and folders
  • Next, uncheck the box next to Hide protected operating system files (Recommended)
  • Then, uncheck the box next to Hide extensions for known filetypes
  • Click Apply then click OK

Create a batch file to grab the file and upload it:

  • Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):
    copy %windir%\system32\EAL.EXE "%userprofile\desktop"


  • Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file grab eal.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • The file should now be sitting on your desktop, right click on it and hover your mouse over Sent To and select Compressed (zipped) Folder
  • Attach the EAL.zip file to your next post for analysis by Mr Harrison

Link to post
Share on other sites

@nosirrah - Confirm fixed. You're welcome, Bruce; happy to help.

@control_tps - The last log you posted showed the file had been quarantined and deleted. Hard to make a zipped copy after it's deleted! :) Uncheck the file the results window so you don't accidentally do that.

To get a detected file, all I do is right-click on the detected item in the results and select "Go to location" (I think that's the wording). I make a zipped copy with 7-zip (use whatever you've got) and move the .zip file to My Documents, where I can find it quicker. Then I attach it to my post here.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.