Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

please help , error during malwarebytes scan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: please help , error during malwarebytes scan

Unread postby tigerstale » August 25th, 2010, 7:17 am

wow your on this! thank you, i'm not the fastest computer guy so i appreciate your responses.

here's the log

All processes killed
========== FILES ==========
C:\Documents and Settings\KumiSean\Application Data\Sun\Java\Deployment\cache\6.0\1\4b40e541-3aa16aa5 moved successfully.
C:\Documents and Settings\KumiSean\Application Data\Sun\Java\Deployment\cache\6.0\14\12223b8e-598432e1 moved successfully.
C:\Documents and Settings\KumiSean\Application Data\Sun\Java\Deployment\cache\6.0\18\1b44c7d2-22771410 moved successfully.
C:\Documents and Settings\KumiSean\Application Data\Sun\Java\Deployment\cache\6.0\3\b3f2d83-31f3b5a2 moved successfully.
C:\Documents and Settings\KumiSean\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-39d2abbe moved successfully.
C:\Documents and Settings\KumiSean\Application Data\Sun\Java\Deployment\cache\6.0\4\5541aec4-50877d26 moved successfully.
C:\Documents and Settings\KumiSean\Application Data\Sun\Java\Deployment\cache\6.0\50\6bba7172-33df342c moved successfully.
C:\Documents and Settings\KumiSean\Application Data\Sun\Java\Deployment\cache\6.0\51\190c8233-433c08d0 moved successfully.
C:\Documents and Settings\KumiSean\Application Data\Sun\Java\Deployment\cache\6.0\52\31bba1f4-1a70011e moved successfully.
C:\Documents and Settings\KumiSean\Application Data\Sun\Java\Deployment\cache\6.0\54\57b0cf76-18f49490 moved successfully.
C:\Documents and Settings\KumiSean\Application Data\Sun\Java\Deployment\cache\6.0\55\48345e37-143c2af1 moved successfully.
C:\Documents and Settings\KumiSean\Application Data\Sun\Java\Deployment\cache\6.0\58\5340ebba-6de205b9 moved successfully.
C:\Documents and Settings\KumiSean\Application Data\Sun\Java\Deployment\cache\6.0\59\1fb73afb-2e76a3e1 moved successfully.
C:\Documents and Settings\KumiSean\Application Data\Sun\Java\Deployment\cache\6.0\60\e8267fc-4d1d319b moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: KumiSean
->Temp folder emptied: 18354837 bytes
->Temporary Internet Files folder emptied: 43017 bytes
->Java cache emptied: 50154132 bytes
->FireFox cache emptied: 37609950 bytes
->Flash cache emptied: 183241 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2238139 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10947884 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 50866 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 114.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 08252010_040647




computer seems to be working ok. its late so i can check your next instruction if any tomorrow.

thanks again,

sean
tigerstale
Regular Member
 
Posts: 18
Joined: August 17th, 2010, 8:20 am
Advertisement
Register to Remove

Re: please help , error during malwarebytes scan

Unread postby Cypher » August 25th, 2010, 7:27 am

Hi shean.
You're most welcome, lets see if MBAM will complete a scan now.

Run ATF Cleaner again it should still be on your desktop.

Next.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: please help , error during malwarebytes scan

Unread postby tigerstale » August 26th, 2010, 4:58 am

hi

i ran the atf cleaner, ran malwarebytes quick scan and it popped up with error during 11,000 mark


uh oh, now what?

sean
tigerstale
Regular Member
 
Posts: 18
Joined: August 17th, 2010, 8:20 am

Re: please help , error during malwarebytes scan

Unread postby Cypher » August 26th, 2010, 5:36 am

Hi sean.
Ok lets try this.

Please download Add Remove Program Cleaner to your desktop.

  • Double-click on addremovecleaner.
  • Locate Malwarebytes' Anti-Malware in the menu and click once on it to highlight.
  • Now click on Remove from add/remove programs list.
  • At the prompt click on Yes then Exit.
  • Now delete addremovecleaner from the desktop, empty the Recycle Bin and reboot the computer.

Next.

  • Download and run This utility
  • it will ask to restart your computer (please allow it to).

Next.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: please help , error during malwarebytes scan

Unread postby tigerstale » August 26th, 2010, 6:06 am

followed your instruction,

unfortunately the same thing happened... error during 11,000 files scanned(about 3-4 minutes in)


thanks for this effort to fix my comp,

sean
tigerstale
Regular Member
 
Posts: 18
Joined: August 17th, 2010, 8:20 am

Re: please help , error during malwarebytes scan

Unread postby Cypher » August 26th, 2010, 6:11 am

Hi sean.
Can you tell me exactly what the error is? does it give any details?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: please help , error during malwarebytes scan

Unread postby tigerstale » August 26th, 2010, 6:32 am

error says:

under a blue background heading - Malwarebytes' Anti-Malware

then under white background - Malwarebytes' Anti-Malware has encountered a problem and needs to close. We are sorry for the inconvenience. with a M logo to the right of it

then under that with gray background, it says: If you were in the middle of something, the information you were working on might be lost. then it says under that: For more information about this error click here.

then it has a "debug" click box and a "close" click box, left and right lower side

when i "click here" it says

error signature
appname: mbam.exe appver: 1.46.0.1 ModName: mbam.dll
ModVer: 1.46.0.0 Offset: 0001fffe

to view technical information about the error report, click here

that error report i believe goes into my C: and i will paste that below, hope you can help

<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="mbam.exe" FILTER="GRABMI_FILTER_PRIVACY">
<MATCHING_FILE NAME="mbam.dll" SIZE="350544" CHECKSUM="0xCBD2378B" BIN_FILE_VERSION="1.46.0.0" BIN_PRODUCT_VERSION="1.46.0.0" PRODUCT_VERSION="1.46.0.0000" FILE_DESCRIPTION="Malwarebytes' Anti-Malware" COMPANY_NAME="Malwarebytes Corporation" PRODUCT_NAME="Malwarebytes' Anti-Malware" FILE_VERSION="1.46.0.0000" ORIGINAL_FILENAME="mbam.dll" INTERNAL_NAME="mbam.dll" LEGAL_COPYRIGHT="© Malwarebytes Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x56977" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.46.0.0" UPTO_BIN_PRODUCT_VERSION="1.46.0.0" LINK_DATE="04/29/2010 16:59:24" UPTO_LINK_DATE="04/29/2010 16:59:24" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="mbam.exe" SIZE="1090952" CHECKSUM="0x3C0E7575" BIN_FILE_VERSION="1.46.0.1" BIN_PRODUCT_VERSION="1.46.0.1" PRODUCT_VERSION="1.46.0001" FILE_DESCRIPTION="Malwarebytes' Anti-Malware" COMPANY_NAME="Malwarebytes Corporation" PRODUCT_NAME="Malwarebytes' Anti-Malware" FILE_VERSION="1.46.0001" ORIGINAL_FILENAME="mbam.exe" INTERNAL_NAME="mbam" LEGAL_COPYRIGHT="© Malwarebytes Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x11240F" LINKER_VERSION="0x1002E" UPTO_BIN_FILE_VERSION="1.46.0.1" UPTO_BIN_PRODUCT_VERSION="1.46.0.1" LINK_DATE="04/29/2010 20:35:39" UPTO_LINK_DATE="04/29/2010 20:35:39" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="mbamext.dll" SIZE="85328" CHECKSUM="0xACEE7133" BIN_FILE_VERSION="1.4.5.0" BIN_PRODUCT_VERSION="1.4.5.0" PRODUCT_VERSION="1.45" FILE_DESCRIPTION="Malwarebytes' Anti-Malware" COMPANY_NAME="Malwarebytes Corporation" PRODUCT_NAME="Malwarebytes' Anti-Malware" FILE_VERSION="1.45" ORIGINAL_FILENAME="mbamext.dll" INTERNAL_NAME="mbamext.dll" LEGAL_COPYRIGHT="© Malwarebytes Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x17918" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.4.5.0" UPTO_BIN_PRODUCT_VERSION="1.4.5.0" LINK_DATE="03/01/2010 03:43:32" UPTO_LINK_DATE="03/01/2010 03:43:32" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="mbamgui.exe" SIZE="437584" CHECKSUM="0x2F99D91D" BIN_FILE_VERSION="1.46.0.0" BIN_PRODUCT_VERSION="1.46.0.0" PRODUCT_VERSION="1.46.0.0000" FILE_DESCRIPTION="Malwarebytes' Anti-Malware" COMPANY_NAME="Malwarebytes Corporation" PRODUCT_NAME="Malwarebytes' Anti-Malware" FILE_VERSION="1.46.0.0000" ORIGINAL_FILENAME="mbamgui.exe" INTERNAL_NAME="mbamgui.exe" LEGAL_COPYRIGHT="© Malwarebytes Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x0" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x79A44" LINKER_VERSION="0x10000" UPTO_BIN_FILE_VERSION="1.46.0.0" UPTO_BIN_PRODUCT_VERSION="1.46.0.0" LINK_DATE="04/29/2010 17:10:03" UPTO_LINK_DATE="04/29/2010 17:10:03" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="mbamservice.exe" SIZE="304464" CHECKSUM="0xDF1C6F31" BIN_FILE_VERSION="1.46.0.0" BIN_PRODUCT_VERSION="1.46.0.0" PRODUCT_VERSION="1.46.0.0000" FILE_DESCRIPTION="Malwarebytes' Anti-Malware" COMPANY_NAME="Malwarebytes Corporation" PRODUCT_NAME="Malwarebytes' Anti-Malware" FILE_VERSION="1.46.0.0000" ORIGINAL_FILENAME="MBAMService.exe" INTERNAL_NAME="MBAMService.exe" LEGAL_COPYRIGHT="© Malwarebytes Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x0" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4EE25" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.46.0.0" UPTO_BIN_PRODUCT_VERSION="1.46.0.0" LINK_DATE="04/29/2010 17:10:34" UPTO_LINK_DATE="04/29/2010 17:10:34" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ssubtmr6.dll" SIZE="46416" CHECKSUM="0x5F639061" BIN_FILE_VERSION="1.1.0.3" BIN_PRODUCT_VERSION="1.1.0.3" PRODUCT_VERSION="1.01.0003" FILE_DESCRIPTION="Subclassing and Timer Assistant, modified for configurable message response, multi control support and bug fixed for timer errors." COMPANY_NAME="vbAccelerator" PRODUCT_NAME="SSubTmr6" FILE_VERSION="1.01.0003" ORIGINAL_FILENAME="SSubTmr6.dll" INTERNAL_NAME="SSubTmr6" LEGAL_COPYRIGHT="&lt;none&gt;" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x155ED" LINKER_VERSION="0x10001" UPTO_BIN_FILE_VERSION="1.1.0.3" UPTO_BIN_PRODUCT_VERSION="1.1.0.3" LINK_DATE="01/26/2003 13:41:23" UPTO_LINK_DATE="01/26/2003 13:41:23" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="unins000.exe" SIZE="716624" CHECKSUM="0x2FE352AD" BIN_FILE_VERSION="51.52.0.0" BIN_PRODUCT_VERSION="0.0.0.0" FILE_DESCRIPTION="Setup/Uninstall" FILE_VERSION="51.52.0.0" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x1" MODULE_TYPE="WIN32" PE_CHECKSUM="0xB20AF" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="51.52.0.0" UPTO_BIN_PRODUCT_VERSION="0.0.0.0" LINK_DATE="06/19/1992 22:22:17" UPTO_LINK_DATE="06/19/1992 22:22:17" VER_LANGUAGE="Language Neutral [0x0]" />
<MATCHING_FILE NAME="zlib.dll" SIZE="79696" CHECKSUM="0x36BFD587" BIN_FILE_VERSION="1.2.3.0" BIN_PRODUCT_VERSION="1.2.3.0" FILE_DESCRIPTION="zlib data compression library" PRODUCT_NAME="ZLib.DLL" FILE_VERSION="1.2.3.0" ORIGINAL_FILENAME="zlib.dll" INTERNAL_NAME="zlib" LEGAL_COPYRIGHT="(C) 1995-2003 Jean-loup Gailly &amp; Mark Adler" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1AFFA" LINKER_VERSION="0x10017" UPTO_BIN_FILE_VERSION="1.2.3.0" UPTO_BIN_PRODUCT_VERSION="1.2.3.0" LINK_DATE="07/18/2005 15:46:08" UPTO_LINK_DATE="07/18/2005 15:46:08" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="mbam.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="mbam.dll" SIZE="350544" CHECKSUM="0xCBD2378B" BIN_FILE_VERSION="1.46.0.0" BIN_PRODUCT_VERSION="1.46.0.0" PRODUCT_VERSION="1.46.0.0000" FILE_DESCRIPTION="Malwarebytes' Anti-Malware" COMPANY_NAME="Malwarebytes Corporation" PRODUCT_NAME="Malwarebytes' Anti-Malware" FILE_VERSION="1.46.0.0000" ORIGINAL_FILENAME="mbam.dll" INTERNAL_NAME="mbam.dll" LEGAL_COPYRIGHT="© Malwarebytes Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x56977" LINKER_VERSION="0x0" UPTO_BIN_FILE_VERSION="1.46.0.0" UPTO_BIN_PRODUCT_VERSION="1.46.0.0" LINK_DATE="04/29/2010 16:59:24" UPTO_LINK_DATE="04/29/2010 16:59:24" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="989696" CHECKSUM="0x2D998938" BIN_FILE_VERSION="5.1.2600.5781" BIN_PRODUCT_VERSION="5.1.2600.5781" PRODUCT_VERSION="5.1.2600.5781" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFE572" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5781" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5781" LINK_DATE="03/21/2009 14:06:58" UPTO_LINK_DATE="03/21/2009 14:06:58" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>



thanks,

sean
tigerstale
Regular Member
 
Posts: 18
Joined: August 17th, 2010, 8:20 am

Re: please help , error during malwarebytes scan

Unread postby Cypher » August 26th, 2010, 7:02 am

Hi sean.
I have not seen that error before and my research is not finding anything on it either.
Ok lets try this.

Download/run Rkill:

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • When finished, Notepad will open with a log called, "rkill.log".
  • Please copy and paste the contents of the rkill.log in your next reply.
  • The file is automatically saved... located at C:\rkill.log.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Next.

Rename MBAM and Run Scan

  • Go to Start, Computer.
  • Double-click Local Disk C:.
  • Double-click Program Files.
  • Double-click Malwarebytes' Anti-Malware.
  • In the top menu, click Views, choose Detail.
  • Right-click the "application" named mbam, and choose Rename.
  • Type in the new name as winlogon.exe and hit <Enter>
  • At the "Access Denied" notice, click Continue.
  • Wait until the screen indicates completion. (grayed out area disappears)
  • Double-Right click on the new winlogon.exe.
  • Select Perform Quick Scan and Scan.
  • If any malware items are found, Check all items and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any log listed to open its contents.
  • Recent logs are named by time/date stamp in this format : mbam-log-2009-mm-dd(hour-min-sec).txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: please help , error during malwarebytes scan

Unread postby tigerstale » August 26th, 2010, 8:33 am

hi

i didn't see this part:

# At the "Access Denied" notice, click Continue.
# Wait until the screen indicates completion. (grayed out area disappears)

but i did rename application mbam.exe to winlogon.exe

here are the logs:



This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as KumiSean on 6/2010 Thu at 5:09:24.


Processes terminated by Rkill or while it was running:


C:\Documents and Settings\KumiSean\Desktop\rkill.scr


Rkill completed on 6/2010 Thu at 5:09:27.



and


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4482

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/26/2010 5:21:24 AM
mbam-log-2010-08-26 (05-21-24).txt

Scan type: Quick scan
Objects scanned: 1
Time elapsed: 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




then i ran the quick scan(after i restarted the computer, because once i open malwarebytes, it says its already running) and the scan error messaged again, about the same spot, this time i was watching what mbam was scanning when it errors and it was going through the C:\windows system 32 when it errors


oh boy, this is tough huh? thanks again for the continued effort

sean
tigerstale
Regular Member
 
Posts: 18
Joined: August 17th, 2010, 8:20 am

Re: please help , error during malwarebytes scan

Unread postby Cypher » August 26th, 2010, 8:53 am

Hi sean.
hanks again for the continued effort

You're welcome.
We need to run a few more scans, continue with the instructions below.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • * This can take a while. Please be patient *.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • Note: This log can be lengthy you may have to post it in separate replies.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: please help , error during malwarebytes scan

Unread postby tigerstale » August 27th, 2010, 1:50 am

hi

ok i ran the rkunhooker scan and here's the log:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xBF0C9000 C:\WINDOWS\System32\ati3duag.dll 2637824 bytes (ATI Technologies Inc. , ati3duag.dll)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF6B3B000 C:\WINDOWS\System32\DRIVERS\ati2mtag.sys 1560576 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF6985000 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF46A4000 C:\WINDOWS\system32\drivers\sthda.sys 1015808 bytes (SigmaTel, Inc., NDRC)
0xBF34D000 C:\WINDOWS\System32\ativvaxx.dll 864256 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF68DE000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF739F000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF438C000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6802000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF453E000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF1F30000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF44F0000 C:\WINDOWS\system32\drivers\SbFw.sys 319488 bytes (Sunbelt Software, Inc., Sunbelt Personal Firewall driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 270336 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF15FC000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF054000 C:\WINDOWS\System32\ati2cqag.dll 258048 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF093000 C:\WINDOWS\System32\atikvmag.dll 221184 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xF6AA7000 C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF4499000 C:\WINDOWS\system32\drivers\sbtis.sys 200704 bytes (Sunbelt Software, Inc., Sunbelt TDI Inspection System)
0xF6860000 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF74E3000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF1FD7000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7372000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF43FC000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6AFF000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xF4449000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF748D000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xF68B8000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xF44CA000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF4680000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6ADB000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6A84000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF4427000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7455000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF74B3000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7358000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7475000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF4374000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF742C000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF68A1000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF45CA000 C:\WINDOWS\system32\drivers\SBREdrv.sys 90112 bytes (Sunbelt Software, Anti-Rootkit Engine)
0xF1E2B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6B27000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF4597000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF7443000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF74D2000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6890000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF7732000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF77D2000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF45E0000 C:\WINDOWS\system32\drivers\sbapifs.sys 65536 bytes (Sunbelt Software, Sunbelt ActiveProtection Filter)
0xF7882000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF77E2000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF7842000 C:\WINDOWS\system32\DRIVERS\sbfwim.sys 61440 bytes (Sunbelt Software, Inc., Sunbelt Personal Firewall NDIS Intermediate driver)
0xF218C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7692000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7652000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF77F2000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7632000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7812000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76E2000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF77C2000 C:\WINDOWS\System32\Drivers\Imapi.SYS 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7622000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7802000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7612000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7852000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7832000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7642000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF76F2000 C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF77B2000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7822000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF76C2000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF14DC000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF76B2000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7A12000 C:\WINDOWS\system32\drivers\mbamswissarmy.sys 32768 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xF793A000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF79A2000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF798A000 C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7892000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF795A000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7962000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7932000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7992000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF799A000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF789A000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF794A000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7952000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7942000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF79B2000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7AAE000 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7B0E000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF2254000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A22000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF67DC000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7AEA000 C:\WINDOWS\system32\DRIVERS\fsvga.sys 12288 bytes (Microsoft Corporation, Full Screen Video Driver)
0xF6CBC000 C:\WINDOWS\System32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF2020000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7AB2000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7AEE000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6CDC000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7B3A000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B16000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7B44000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B38000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B12000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B3C000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B3E000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B40000 C:\WINDOWS\system32\drivers\sbaphd.sys 8192 bytes (Sunbelt Software, Sunbelt ActiveProtection hook driver)
0xF7B32000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B36000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B14000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7D53000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7D64000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7C75000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7BDA000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\FW History\FWNET{26697A5D-11F2-4C94-98B7-0ED7A203831F}.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\FW History\FWNET{6689F74B-0EBF-4A24-8254-ED145885B459}.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\FW History\FWNET{705BB9C8-C033-4A0F-AD64-1DE67E3DD9D2}.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\FW History\FWNET{A46D9F0D-AD92-41A5-922C-81C9EC93245C}.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\FW History\FWNET{AC6B5172-3363-4498-82BB-DC243004AD35}.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\FW History\FWNET{D005DDE4-319F-46C4-A9F6-36A79C566FA3}.xml
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\FW History\FWNET{ED4AC15D-6A7F-479A-9616-F50D6C1A414E}.xml
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006ECBE, Type: Inline - RelativeJump 0x80545CBE-->80545CC5 [ntkrnlpa.exe]
[2648]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [firefox.exe]
[3168]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[608]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[608]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[608]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[608]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[608]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[608]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[608]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]


thank you,

sean
tigerstale
Regular Member
 
Posts: 18
Joined: August 17th, 2010, 8:20 am

Re: please help , error during malwarebytes scan

Unread postby Cypher » August 27th, 2010, 4:46 am

Hi sean.
Apart from Malwarebytes stalling during the scan are you having any other problems with you're PC?
Let me know in you're next reply.


Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: please help , error during malwarebytes scan

Unread postby tigerstale » August 27th, 2010, 5:20 am

it was running pretty good after the atf clean, but right now its slow.. i guess its just slow at times and its not consistent. (i know that could be my internet, but all we do is web surf and sometimes its good and sometimes its terrible) i used to run malwarebytes but now it doesn't finish a scan, so i was concerned. i have been using vipre for the last year or so, just recently went to the vipre premium. vipre has a firewall, and before i was using windows firewall. if you think my computer is fine, then i can accept that.

here's the log:

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
Deleting index entry CHKDSK~1.PF in index $I30 of file 12608.
Deleting index entry FIND.EXE-0EC32F1E.pf in index $I30 of file 12608.
Deleting index entry FINDEX~1.PF in index $I30 of file 12608.

Errors found. CHKDSK cannot continue in read-only mode.


thanks for this,

sean
tigerstale
Regular Member
 
Posts: 18
Joined: August 17th, 2010, 8:20 am

Re: please help , error during malwarebytes scan

Unread postby Cypher » August 27th, 2010, 5:55 am

Hi sean.
Thanks for this

You're most welcome.
i used to run malwarebytes but now it doesn't finish a scan, so i was concerned. i have been using vipre for the last year or so, just recently went to the vipre premium.
Did the problem with MBAM only start after you installed vipre premium?

Please delete the checkhd.txt that was created on you're desktop.

Next.

Hard-Drive Maintenance/Repair:

Note: for the CHKDSK portion you may refer to this tutorial Here and follow the instructions for Graphical Mode if you so wish.

  • Click Start >> Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and hit the Enter/Return key.
  • Now type in DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmention run automatically.
  • This may take some time, when completed the Command Prommpt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:
CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)
  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Image

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be canceled and you computer will continue to boot-up as normal.


Next.

Check Hard Disk For Errors:

Press Start->Run, then copy/paste the following command into the box and press OK:
cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\checkhd.txt"
A blank command window will open on your desktop, then close in a few minutes. This is normal.
A file icon named checkhd.txt should appear on your Desktop. Please post the contents of this file.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: please help , error during malwarebytes scan

Unread postby tigerstale » August 27th, 2010, 11:04 pm

hi

followed your instruction, used graphical mode to run defrag. computer seems to be better after reboot. here is the contents of checkhd.txt

The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
CHKDSK is verifying indexes (stage 2 of 3)...
CHKDSK is verifying security descriptors (stage 3 of 3)...
Correcting errors in the Volume Bitmap.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

134206978 KB total disk space.
15849968 KB in 40652 files.
12880 KB in 4218 indexes.
0 KB in bad sectors.
125286 KB in use by the system.
65536 KB occupied by the log file.
118218844 KB available on disk.

4096 bytes in each allocation unit.
33551744 total allocation units on disk.
29554711 allocation units available on disk.


hope things are good,

sean
tigerstale
Regular Member
 
Posts: 18
Joined: August 17th, 2010, 8:20 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 496 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware