Jump to content

MBAM causing BSOD


Recommended Posts

  • Replies 96
  • Created
  • Last Reply

Top Posters In This Topic

Good morning! Did you ever have Daemon tools or any Daemon products installed on your system at some time by chance?

Please download and run the tool found here . When you see the dialog box come up and if you are able to do so, press the Uninstall button. Once complete, close the program, reboot your system and then try to run a Quick Scan with Malwarebytes and let me know how things work for you.

Link to post
Share on other sites

Installed it, it wanted to update to version 1.83,so I updated it, rebooted, ran it again and it wanted to update again, updated it, rebooted....same thing. So I hit uninstall and got a warning that said.....This program will remove SCSI Pass Through Direct(SPTD) layer from yer computer. I hit uninstall, rebooted and then updated and ran MBAM for a Quick Scan and it worked :D The I tried to run MBAM in a Full Scan and it ran 2 and a half minutes. :angry2:

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.11.14.04

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Kenneth :: HOME-PC [administrator]

11/14/2012 1:10:51 PM

mbam-log-2012-11-14 (13-10-51).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 189864

Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

DDS (Ver_2012-11-05.02) - NTFS_x86

Internet Explorer: 9.0.8112.16450

Run by Kenneth at 12:56:42 on 2012-11-15

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.151 [GMT -6:00]

.

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\SLsvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Windows\system32\agrsmsvc.exe

C:\Acer\ALaunch\ALaunchSvc.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\system32\wbem\WmiPrvSE.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\mobsync.exe

C:\Users\Kenneth\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\AVAST Software\Avast\setup\avast.setup

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\WmiPrvSE.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://mail.google.com/

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://en.us.acer.yahoo.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\windows\system32\ActiveToolBand.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\windows\system32\eDStoolbar.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{8E28C7F8-15AB-45F2-8A8F-BB7E65AC0FEB} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{FBC7A79D-EB01-474E-8F43-C9A92D8CA7D1} : DHCPNameServer = 172.16.0.1

Notify: igfxcui - igfxdev.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

.

============= SERVICES / DRIVERS ===============

.

R?2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-8-3 21504]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-19 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-9-21 337880]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]

R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2007-7-31 50688]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-21 20696]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-21 57688]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-19 44768]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-31 179712]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-11-12 40776]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-11-12 23:25:43 40776 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-11-12 22:56:03 303616 -c--a-w- C:\SetACL.exe

2012-11-12 22:41:35 290304 -c--a-w- C:\subinacl.exe

2012-11-12 22:39:16 -------- dc----w- C:\RegBackup

2012-11-12 22:35:37 -------- dc----w- C:\Tweaking.com_Windows_Repair_Logs

2012-11-12 22:35:25 -------- dc----w- c:\program files\Tweaking.com

2012-11-12 17:53:26 -------- dc----w- c:\users\kenneth\appdata\local\temp

2012-11-12 17:51:39 -------- dcsh--w- C:\$RECYCLE.BIN

2012-11-09 22:42:13 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{86fe1d82-eb00-423e-bd2a-47d6774485d0}\mpengine.dll

2012-11-08 05:53:08 -------- dc----w- c:\users\kenneth\appdata\roaming\Malwarebytes

2012-11-08 05:52:56 -------- dc----w- c:\programdata\Malwarebytes

2012-11-08 05:52:33 22856 -c--a-w- c:\windows\system32\drivers\mbam.sys

2012-11-08 05:52:33 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware

2012-11-08 00:14:27 -------- dc----w- C:\FRST

2012-11-06 22:18:46 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll

2012-11-06 21:55:34 98816 -c--a-w- c:\windows\sed.exe

2012-11-06 21:55:34 256000 -c--a-w- c:\windows\PEV.exe

2012-11-06 21:55:34 208896 -c--a-w- c:\windows\MBR.exe

2012-11-06 18:14:16 388096 -c--a-r- c:\users\kenneth\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-11-06 18:14:13 -------- dc----w- c:\program files\Trend Micro

2012-11-04 01:49:37 -------- dc----w- c:\programdata\Spybot - Search & Destroy

2012-11-04 01:49:37 -------- dc----w- c:\program files\Spybot - Search & Destroy

2012-11-03 06:56:07 -------- dc----w- c:\program files\Eusing Free Registry Defrag

2012-11-03 06:50:21 -------- dc----w- c:\program files\Eusing Free Registry Cleaner

2012-11-03 00:56:16 -------- dc----w- c:\users\kenneth\appdata\roaming\SUPERAntiSpyware.com

2012-11-03 00:55:50 -------- dc----w- c:\programdata\SUPERAntiSpyware.com

2012-11-03 00:55:50 -------- dc----w- c:\program files\SUPERAntiSpyware

2012-10-31 19:22:11 -------- dc----w- c:\programdata\D852ADD2F4338B3B0000D851D58690AD

.

==================== Find3M ====================

.

2012-10-09 21:35:34 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 21:35:34 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-13 13:28:08 2048 -c--a-w- c:\windows\system32\tzres.dll

2012-08-29 11:27:41 3602816 -c--a-w- c:\windows\system32\ntkrnlpa.exe

2012-08-29 11:27:41 3550080 -c--a-w- c:\windows\system32\ntoskrnl.exe

2012-08-24 15:53:29 172544 -c--a-w- c:\windows\system32\wintrust.dll

2012-08-24 06:59:17 1800704 -c--a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51:27 1129472 -c--a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51:02 1427968 -c--a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47:26 142848 -c--a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47:12 420864 -c--a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43:58 2382848 -c--a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 12:58:41.84 ===============

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-05.02)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 1/21/2008 2:49:45 PM

System Uptime: 11/15/2012 12:52:34 PM (0 hours ago)

.

Motherboard: Acer | | Acadia

Processor: Intel® Celeron® CPU 540 @ 1.86GHz | uPGA-478 | 1868/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 33 GiB total, 9.256 GiB free.

D: is FIXED (NTFS) - 32 GiB total, 32.127 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP562: 11/10/2012 11:42:03 AM - Scheduled Checkpoint

RP563: 11/12/2012 11:37:34 AM - ComboFix created restore point

RP564: 11/12/2012 4:38:50 PM - Tweaking.com - Windows Repair

RP566: 11/14/2012 12:41:42 PM - SPTD setup V1.83

RP568: 11/14/2012 12:50:01 PM - SPTD setup V1.83

RP570: 11/14/2012 12:57:06 PM - SPTD setup V1.83

.

==== Installed Programs ======================

.

Acer Arcade

Acer Assist

Acer eDataSecurity Management

Acer eLock Management

Acer Empowering Technology

Acer eNet Management

Acer ePower Management

Acer ePresentation Management

Acer eSettings Management

Acer Mobility Center Plug-In

Acer Registration

Acer ScreenSaver

Acer Tour

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.3

Agere Systems HDA Modem

ALPS Touch Pad Driver

AusLogics Disk Defrag

avast! Free Antivirus

Bejeweled 2 Deluxe

Canon MP280 series MP Drivers

CCleaner (remove only)

Eusing Free Registry Cleaner

Google Chrome

Google Update Helper

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Graphics Media Accelerator Driver

Java 6 Update 17

LightScribe 1.4.142.1

Malwarebytes Anti-Malware version 1.65.1.1000

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office Live Meeting 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PowerProducer 3.72

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Spybot - Search & Destroy

SpywareBlaster 4.3

SUPERAntiSpyware

TimeLineRemove 0.9

Tweaking.com - Windows Repair (All in One)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Office 2007 (KB934528)

Update for Office System 2007 Setup (KB929722)

VLC media player 1.1.0

Yahoo! BrowserPlus 2.9.8

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

11/8/2012 12:07:18 AM, Error: EventLog [6008] - The previous system shutdown at 11:56:47 PM on 11/7/2012 was unexpected.

11/15/2012 12:54:36 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

11/15/2012 12:54:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

11/15/2012 12:54:36 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/14/2012 1:36:15 PM, Error: EventLog [6008] - The previous system shutdown at 1:33:52 PM on 11/14/2012 was unexpected.

11/14/2012 1:28:03 PM, Error: EventLog [6008] - The previous system shutdown at 1:21:11 PM on 11/14/2012 was unexpected.

11/12/2012 7:33:44 PM, Error: EventLog [6008] - The previous system shutdown at 7:31:41 PM on 11/12/2012 was unexpected.

11/12/2012 5:42:58 PM, Error: EventLog [6008] - The previous system shutdown at 5:28:37 PM on 11/12/2012 was unexpected.

11/12/2012 5:09:45 PM, Error: EventLog [6008] - The previous system shutdown at 5:08:29 PM on 11/12/2012 was unexpected.

11/12/2012 11:49:32 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/12/2012 11:38:44 AM, Error: Service Control Manager [7034] - The MobilityService service terminated unexpectedly. It has done this 1 time(s).

11/12/2012 11:36:49 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).

11/12/2012 1:36:17 PM, Error: EventLog [6008] - The previous system shutdown at 1:32:52 PM on 11/12/2012 was unexpected.

11/12/2012 1:16:32 PM, Error: EventLog [6008] - The previous system shutdown at 1:14:21 PM on 11/12/2012 was unexpected.

11/11/2012 6:04:16 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.

.

==== End Of File ===========================

Link to post
Share on other sites

Hi,

I hope everything is going well....

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 5 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. WiNlOgOn.exe
  5. uSeRiNiT.exe

Do not reboot your computer after running rkill as the malware programs will start again.

----------

Now try to run a Full Scan with Malwarebytes. If a log is produced please post it.

If you have problems let me know what happens.

Link to post
Share on other sites

Surgery went well, and I'm back to slowley working on this computer. I downloaded rkill.exe onto my thunb drive just as I have done with everything else that I've downloaded from all these sites, I put it on the oriblem computer, ran it and will post that log at the bottom of this post. But I got the same results. It ran 5 minutes and then it blue screened. here is the rkill.exe file:

Rkill 2.4.5 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/23/2012 04:29:39 PM in x86 mode.

Windows Version: Windows Vista Home Basic Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Kenneth\AppData\Local\Temp\RtkBtMnt.exe (PID: 3300) [uP-HEUR]

* C:\Users\Kenneth\AppData\Local\Temp\RtkBtMnt.exe (PID: 3300) [T-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Manual

* msiserver => %systemroot%\system32\msiexec.exe /V [incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 11/23/2012 04:30:18 PM

Execution time: 0 hours(s), 0 minute(s), and 38 seconds(s)

Link to post
Share on other sites

Hi,

Take your time with your recovery. Your health is most important.

When you get a chance would you try the following...

Boot to Safe Mode

Open the Command Prompt and run chkdsk /r

Follow any prompts shown.

Reboot your system when complete and see if Malwarebytes will run through.

Link to post
Share on other sites

Hi,

I would recommend that you stop using or completely remove Eusing Free Registry Cleaner. Registry cleaners/optimizers normally cause more problems with the registry than they help when they accidentally remove a registry key that is needed.

----------

Delete this file >> C:\Users\Kenneth\Desktop\mbam-clean-1.60.2.0003.exe <==========

----------

Now please disable your antivirus program and then try to run Malwarebytes through using a Full Scan and let me know what happens.

Link to post
Share on other sites

Do this batch run and advise me after it is completed.

Windows services

This will be a batch-fix .

  • Press the Windows-key on keyboard.
  • In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    @Echo off
    sc stop msiserver
    sc config msiserver start= manual
    sc start msiserver
    sc config dcomlaunch start= auto
    sc config nsi start= auto
    sc config dhcp start= auto
    sc config rpcss start= auto
    sc config winmgmt start= auto
    sc config wscsvc start= delayed-auto
    sc config bits start= delayed-auto
    sc config wuauserv start= delayed-auto
    sc config sdrsvc start= manual
    sc config vss start= auto
    sc config eventlog start= auto
    sc config bfe start= auto
    sc start mpsdrv
    sc start mpssvc
    sc start bfe
    shutdown -r -t 1
    del %0


  • Select File -> Save As.
  • Press the Desktop button on the left side of the save dialog.
  • In the File Name box, type in Fix.bat.
  • Press Save
  • Close Notepad.
  • Right click Fix.bat on your desktop, and choose Run as Admin
  • Press Yes if prompted by User Account Control.

This procedure will do its tasks and then it will Restart Windows.

Once complete try to run through Malwarebytes again with a Full Scan.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.