[MBAR crash dump]

PROBLEM SOLVED.

I choose a simple route of solving this by watching and videoing the Scan Progress:

It spent a lot of time then blue-screened when checking the file:

C:\programdata\Playrix Entertainment\Fishdom2\Storage.xml.bak

I assumed I could safely delete this backup file so i did, and emptied my recycle bin.

When I scanned again, mbar 1016 ran to the end.

I must say that simultaneously with deleting this file, MBAR 1011 prompted me to install the latest version, which had jumped from 1011 to 1016. I didn't think my version was that old.

It's hard to tell, but either deleting that stalled file, or the new version of mbar, allowed mbar to run to the end - clean.

So Good News. Case closed.

[MBAR crash dump]

Ok I will check that out. I did say Yes to AppInit_Dlls removal and try again. Same result. It will crash when checking the "System". It doesn't crash when the target is only Drivers or Sectors. I still have options /u and /z to try, which I will before seeking someone to assist me.

[MBAR crash dump]

I have a minidump mpointing to mbamswissarmy.sys as a component of module mbar.exe

i.e. as the culprit for the BugCheck 3B, {c0000005, fffffa601737088a, fffffa6018028010, 0}

SYSTEM_SERVICE_EXCEPTION (3b)

An exception happened while executing a system service routine.

FAULTING_IP:

mbamswissarmy+688a

fffffa60`1737088a ?? ???

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0x3B

PROCESS_NAME: mbar.exe

MODULE_NAME: mbamswissarmy

IMAGE_NAME: mbamswissarmy.sys

Loaded symbol image file: mbamswissarmy.sys

Image path: \??\C:\Windows\system32\drivers\mbamswissarmy.sys

Image name: mbamswissarmy.sys

Timestamp: Tue Nov 06 20:10:52 2012 (5099B51C)

CheckSum: 0003407B

ImageSize: 00028000

Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4

I half expected this I guess because on running mbar, it quickly notifies me:

PROBABLE ROOTKIT ACTIVITY DETECTED

Registry value "AppInit_Dlls" has been found, which may be caused by rootkit activity. Then I have a Yes / No choice to remove it now or not. When I don't and continue, it appears that mbar crashes. Is this my clue that I should say Yes to remove AppInit_Dlls and run again? What's my risk.