Jump to content

Oroko

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Posts posted by Oroko

    Stuck in boot loop - "mbamswissarmy.sys"

    in Resolved Malware Removal Logs

    Posted

    On 1/10/2018 at 5:58 PM, kevinf80 said:

    The best way forward is to REFRESH your system, https://www.tenforums.com/tutorials/4090-refresh-windows-10-a.html

    Let me know the outcome...

    FINALLY!!!!! I've booted successfully :D AHH!

    Sorry for the delay but it took a few attempts. The REFRESH option wasn't workable so I used the REPAIR INSTALL option instead, booting via usb. Regardless, I'm back in.

    Thanks for all your help!

    Stuck in boot loop - "mbamswissarmy.sys"

    in Resolved Malware Removal Logs

    Posted

    1 hour ago, kevinf80 said:

    From your spare PC Save the attached file fixlist.txt to your flash drive, same place as FRST.

    Plug Flashdrive back into Sick PC, Run System Recovery Options as you did to get the log.

    Run FRST and press the Fix button just once and wait.

    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. Does your PC boot ok now...?

    Thank you,

    Kevin...

    fixlist.txt

    Hello again. Unfortunately, the PC is still booting to a black screen :( Here's the log:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
    Ran by SYSTEM (10-01-2018 17:44:19) Run:3
    Running from h:\
    Boot Mode: Recovery
    ==============================================

    fixlist content:
    *****************
    Start
    S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-11-23] ()
    C:\Windows\System32\Drivers\mbamswissarmy.sys
    End
    *****************

    "HKLM\System\ControlSet001\Services\MBAMSwissArmy" => removed successfully
    MBAMSwissArmy => service removed successfully
    C:\Windows\System32\Drivers\mbamswissarmy.sys => moved successfully

    ==== End of Fixlog 17:44:19 ====

    Stuck in boot loop - "mbamswissarmy.sys"

    in Resolved Malware Removal Logs

    Posted

    7 hours ago, kevinf80 said:

    From your spare PC Save the attached file fixlist.txt to your flash drive, same place as FRST.

    Plug Flashdrive back into Sick PC, Run System Recovery Options as you did to get the log.

    Run FRST and press the Fix button just once and wait.

    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. Does your PC boot ok now...?

    Thank you,

    Kevin...

    fixlist.txt

    So, I've gotten past the blue error screen but I still can't boot completely. I'm able to get to the Windows loading screen (with the dotted circle animation) but after a few seconds, the animation disappears and I'm left with a black screen instead of the Welcome screen.

    Here is the txt log:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
    Ran by SYSTEM (10-01-2018 04:04:22) Run:2
    Running from h:\
    Boot Mode: Recovery
    ==============================================

    fixlist content:
    *****************
    Start
    LastRegBack: 2017-11-18 20:47 
    End
    *****************

    DEFAULT => copied successfully to System32\config\HiveBackup
    DEFAULT => restored successfully from registry back up
    SAM => copied successfully to System32\config\HiveBackup
    SAM => restored successfully from registry back up
    SECURITY => copied successfully to System32\config\HiveBackup
    SECURITY => restored successfully from registry back up
    SOFTWARE => copied successfully to System32\config\HiveBackup
    SOFTWARE => restored successfully from registry back up
    SYSTEM => copied successfully to System32\config\HiveBackup
    SYSTEM => restored successfully from registry back up

    ==== End of Fixlog 04:04:31 ====

     

    Stuck in boot loop - "mbamswissarmy.sys"

    in Resolved Malware Removal Logs

    Posted

    28 minutes ago, kevinf80 said:

    Hello Oroko and welcome to Malwarebytes....

    From your spare PC Save the attached file fixlist.txt to your flash drive, same place as FRST.

    Plug Flashdrive back into Sick PC, Run System Recovery Options as you did to get the log.

    Run FRST and press the Fix button just once and wait.

    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. Does your PC boot ok now...?

    Thank you,

    Kevin...

     

    fixlist.txt

    Hello Kevin,

    Unfortunately I'm still getting the same boot error:unsure:. Here are my fixlog.txt results:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
    Ran by SYSTEM (10-01-2018 01:36:39) Run:1
    Running from h:\
    Boot Mode: Recovery
    ==============================================

    fixlist content:
    *****************
    Start
    HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe [268288 2016-07-16] (Microsoft Corporation)
    End
    *****************

    "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore" => removed successfully

    ==== End of Fixlog 01:36:39 ====

    Stuck in boot loop - "mbamswissarmy.sys"

    in Resolved Malware Removal Logs

    Posted

    FRST txt gave me the following:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
    Ran by SYSTEM on MININT-D5FPF6M (09-01-2018 21:47:23)
    Running from d:\
    Platform: Windows 10 Home Version 1607 14393.1884 (X64) Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Recovery
    Default: ControlSet001
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2009-11-14] (Sun Microsystems, Inc.)
    HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2017-04-27] (Microsoft Corporation)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1814312 2009-08-14] (Synaptics Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-10-19] (Apple Inc.)
    HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2009-11-14] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
    HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)
    HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-13] (Dropbox, Inc.)
    HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe [268288 2016-07-16] (Microsoft Corporation)
    HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
    HKU\Vonnie\...\Run: [GoogleChromeAutoLaunch_4A359349AB278D655DA937C97D6C241B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-11-10] (Google Inc.)

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-10-11] (Apple Inc.)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-09-08] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-09-08] (Dropbox, Inc.)
    S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51016 2017-11-13] (Dropbox, Inc.)
    S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
    S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-07] (Malwarebytes)
    S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-07-06] ()
    S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)
    S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-03-30] (Synaptics Incorporated)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
    S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103704 2017-10-08] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
    S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [252232 2017-11-23] ()
    S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    S3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-01-09 21:47 - 2018-01-09 21:47 - 000000000 ____D C:\FRST

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-01-09 21:42 - 2017-11-23 03:10 - 000000000 _____ C:\Recovery.txt

    Some files in TEMP:
    ====================
    2017-08-04 21:34 - 2017-09-14 13:21 - 000079904 _____ () C:\Users\Vonnie\AppData\Local\Temp\i4jdel0.exe
    2017-11-19 15:57 - 2017-10-17 11:01 - 000927784 _____ () C:\Users\Vonnie\AppData\Local\Temp\TAInstaller.exe
    2016-10-12 04:08 - 2016-10-12 04:09 - 030533688 _____ () C:\Users\Vonnie\AppData\Local\Temp\vlc-2.2.4-win32.exe
    2017-06-06 10:46 - 2017-06-06 10:51 - 030950664 _____ () C:\Users\Vonnie\AppData\Local\Temp\vlc-2.2.6-win32.exe

    ==================== Known DLLs (Whitelisted) =========================


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe
    [2017-07-12 15:44] - [2017-06-20 22:39] - 000673792 _____ (Microsoft Corporation) CB440E1C4EC9C369EC9DD07B48A83F36

    C:\Windows\System32\wininit.exe
    [2017-11-14 16:05] - [2017-10-08 18:24] - 000304232 _____ (Microsoft Corporation) 5CB4612F106B3C69CE99335AEF034A2B

    C:\Windows\explorer.exe
    [2017-08-08 14:51] - [2017-07-11 21:55] - 004674872 _____ (Microsoft Corporation) 577119EC77525D3F80FFB03BFACC17D4

    C:\Windows\SysWOW64\explorer.exe
    [2017-08-08 14:54] - [2017-07-11 21:52] - 004312760 _____ (Microsoft Corporation) 54210509B3129D716D6C9C5775710598

    C:\Windows\System32\svchost.exe
    [2016-07-16 03:42] - [2016-07-16 03:42] - 000044496 _____ (Microsoft Corporation) 36F670D89040709013F6A460176767EC

    C:\Windows\SysWOW64\svchost.exe
    [2016-07-16 03:42] - [2016-07-16 03:42] - 000038792 _____ (Microsoft Corporation) 1F8434DD4907C832E6E90D6298EAB85B

    C:\Windows\System32\services.exe
    [2017-09-12 19:04] - [2017-08-07 21:45] - 000453544 _____ (Microsoft Corporation) 29C7C9F0FE9F048FB47DEE5F66134940

    C:\Windows\System32\User32.dll
    [2017-10-11 09:43] - [2017-09-17 18:57] - 001460696 _____ (Microsoft Corporation) BAB449E496892494C1E8152A25A1E867

    C:\Windows\SysWOW64\User32.dll
    [2017-10-11 09:58] - [2017-09-17 18:49] - 001435896 _____ (Microsoft Corporation) 99216EEF4FE75AB440C4168E5420BFBC

    C:\Windows\System32\userinit.exe
    [2016-07-16 03:42] - [2016-07-16 03:42] - 000033280 _____ (Microsoft Corporation) C1B1FFC800BE2F31EB2CF8CB40629C69

    C:\Windows\SysWOW64\userinit.exe
    [2016-07-16 03:42] - [2016-07-16 03:42] - 000027648 _____ (Microsoft Corporation) FA900E6CCCF0A429D5B720C6F0E2274B

    C:\Windows\System32\rpcss.dll
    [2017-05-10 03:43] - [2017-04-27 15:41] - 000890368 _____ (Microsoft Corporation) 4A7015195E49A3BA7DB967B277B21E9D

    C:\Windows\System32\dnsapi.dll
    [2017-10-11 09:40] - [2017-09-17 19:09] - 000646688 _____ (Microsoft Corporation) 2DA9DA17F0FE6C0A8598EBBB1E59E320

    C:\Windows\SysWOW64\dnsapi.dll
    [2017-10-11 09:56] - [2017-09-17 19:05] - 000497424 _____ (Microsoft Corporation) C1A05F68C92A8B9D4D5A3D4953427154

    C:\Windows\System32\Drivers\volsnap.sys
    [2017-11-14 16:05] - [2017-10-08 18:25] - 000392024 _____ (Microsoft Corporation) 8F8887440BC649ABEC29FACEE7B5389F


    BCD (recoveryenabled=No -> recoveryenabled=Yes) <==== restored successfully

    ==================== Association (Whitelisted) =============


    ==================== Restore Points  =========================

    Restore point date: 2017-11-14 16:19
    Restore point date: 2017-11-21 21:39
    Restore point date: 2017-11-22 22:57
    Restore point date: 2018-01-09 20:35

    ==================== Memory info =========================== 

    Percentage of memory in use: 25%
    Total physical RAM: 3836.2 MB
    Available physical RAM: 2850.48 MB
    Total Virtual: 3836.2 MB
    Available Virtual: 2889.72 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:451.54 GB) (Free:283 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT
    Drive f: (RECOVERY) (Fixed) (Total:13.92 GB) (Free:2.29 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
    Drive y: () (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8AE1E4AE)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=451.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=13.9 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ========================================================
    Disk: 1 (Size: 961 MB) (Disk ID: 698097FE)
    Partition 1: (Not Active) - (Size=961 MB) - (Type=06)

    LastRegBack: 2017-11-18 20:47

    ==================== End of FRST.txt ============================

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.