davidbaldwin

PROBLEM SOLVED. I choose a simple route of solving this by watching and videoing the Scan Progress: It spent a lot of time then blue-screened when checking the file: C:\programdata\Playrix Entertainment\Fishdom2\Storage.xml.bak I assumed I could safely delete this backup file so i did, and emptied my recycle bin. When I scanned again, mbar 1016 ran to the end. I must say that simultaneously with deleting this file, MBAR 1011 prompted me to install the latest version, which had jumped from 1011 to 1016. I didn't think my version was that old. It's hard to tell, but either deleting that stalled file, or the new version of mbar, allowed mbar to run to the end - clean. So Good News. Case closed.

Ok I will check that out. I did say Yes to AppInit_Dlls removal and try again. Same result. It will crash when checking the "System". It doesn't crash when the target is only Drivers or Sectors. I still have options /u and /z to try, which I will before seeking someone to assist me.

I have a minidump mpointing to mbamswissarmy.sys as a component of module mbar.exe i.e. as the culprit for the BugCheck 3B, {c0000005, fffffa601737088a, fffffa6018028010, 0} SYSTEM_SERVICE_EXCEPTION (3b) An exception happened while executing a system service routine. FAULTING_IP: mbamswissarmy+688a fffffa60`1737088a ?? ??? DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT BUGCHECK_STR: 0x3B PROCESS_NAME: mbar.exe MODULE_NAME: mbamswissarmy IMAGE_NAME: mbamswissarmy.sys Loaded symbol image file: mbamswissarmy.sys Image path: \??\C:\Windows\system32\drivers\mbamswissarmy.sys Image name: mbamswissarmy.sys Timestamp: Tue Nov 06 20:10:52 2012 (5099B51C) CheckSum: 0003407B ImageSize: 00028000 Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4 I half expected this I guess because on running mbar, it quickly notifies me: PROBABLE ROOTKIT ACTIVITY DETECTED Registry value "AppInit_Dlls" has been found, which may be caused by rootkit activity. Then I have a Yes / No choice to remove it now or not. When I don't and continue, it appears that mbar crashes. Is this my clue that I should say Yes to remove AppInit_Dlls and run again? What's my risk.