Jump to content

Cannot start mbam or its services


Recommended Posts

  • Replies 58
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

It doesn't show in the deletion this time but go ahead and reinstall if needed.

 

Let me have you run the following please.

 

 

 

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

Link to post
Share on other sites

Did not have to reinstall Trackballworks. It was fine.

 

Ran mbar. It didn't say to disable security but I did anyhow, figuring they might interfere with mbar.

 

No malware found. Both logs pasted below.

 

After all this I tried again to schedule a threat scan and an update. Again windows says malwarebytes quit working and closed it. Restarted mbam and checked. Scan and update are not scheduled.

 

 

 

--system log--

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7600 Windows 7 x64

 

Account is Administrative

 

Internet Explorer version: 9.0.8112.16421

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED

CPU speed: 2.133000 GHz

Memory total: 4083888128, free: 2704142336

 

Initializing...

======================

This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.

=======================================

Initializing...

------------ Kernel report ------------

     11/21/2014 07:40:48

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\DRIVERS\ACPI.sys

\SystemRoot\system32\DRIVERS\WMILIB.SYS

\SystemRoot\system32\DRIVERS\msisadrv.sys

\SystemRoot\system32\DRIVERS\pci.sys

\SystemRoot\system32\DRIVERS\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\DRIVERS\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\DRIVERS\atapi.sys

\SystemRoot\system32\DRIVERS\ataport.SYS

\SystemRoot\system32\DRIVERS\msahci.sys

\SystemRoot\system32\DRIVERS\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\system32\DRIVERS\symsnap.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\System32\Drivers\aswVmm.sys

\SystemRoot\System32\Drivers\aswRvrt.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\drivers\aswSnx.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\SystemRoot\system32\drivers\aswSP.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\aswRdr2.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\L1C62x64.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\Impcd.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\GenericMount.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\system32\DRIVERS\portcls.sys

\SystemRoot\system32\DRIVERS\drmk.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\tbwkern.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\aswMonFlt.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\wdcsam64.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\nwvcomnet64.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\BthEnum.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\btwavdt.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\btwaudio.sys

\SystemRoot\system32\DRIVERS\btwl2cap.sys

\SystemRoot\system32\DRIVERS\btwrchid.sys

\SystemRoot\system32\drivers\aswHwid.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\BCM42RLY.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\clbcatq.dll

\Windows\System32\oleaut32.dll

\Windows\System32\setupapi.dll

\Windows\System32\shell32.dll

\Windows\System32\user32.dll

\Windows\System32\psapi.dll

\Windows\System32\shlwapi.dll

\Windows\System32\urlmon.dll

\Windows\System32\wininet.dll

\Windows\System32\lpk.dll

\Windows\System32\normaliz.dll

\Windows\System32\nsi.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\advapi32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\imagehlp.dll

\Windows\System32\ws2_32.dll

\Windows\System32\msctf.dll

\Windows\System32\kernel32.dll

\Windows\System32\iertutil.dll

\Windows\System32\gdi32.dll

\Windows\System32\sechost.dll

\Windows\System32\msvcrt.dll

\Windows\System32\usp10.dll

\Windows\System32\comdlg32.dll

\Windows\System32\imm32.dll

\Windows\System32\ole32.dll

\Windows\System32\difxapi.dll

\Windows\System32\crypt32.dll

\Windows\System32\wintrust.dll

\Windows\System32\comctl32.dll

\Windows\System32\devobj.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\msasn1.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa800838c060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000081\

Lower Device Object: 0xfffffa800838b570

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8007d9a790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007c\

Lower Device Object: 0xfffffa8007789b60

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8004a9f400

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa800491b050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8004a9f400, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8004aa0040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8004a9f400, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800491b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

Done!

Drive 0

This is a System drive

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 489DC50A

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 2048  Numsec = 30720000

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 30722048  Numsec = 594214912

    Partition file system is NTFS

    Partition is bootable

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 320072933376 bytes

Sector size: 512 bytes

 

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8007d9a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007784910, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007d9a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8007789b60, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 8D399BC0

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 976751937

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 500107862016 bytes

Sector size: 512 bytes

 

Done!

Physical Sector Size: 512

Drive: 2, DevicePointer: 0xfffffa800838c060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800838e040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800838c060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800838b570, DeviceName: \Device\00000081\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 2

Scanning MBR on drive 2...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 64002

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 2048  Numsec = 3906961408

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 2000365289472 bytes

Sector size: 512 bytes

 

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-30722048-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...

Removal finished

 

--mbar log--

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

www.malwarebytes.org

 

Database version: v2014.11.18.05

 

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Steve :: STEVEDELL [administrator]

 

11/21/2014 7:41:10 AM

mbar-log-2014-11-21 (07-41-10).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 368787

Time elapsed: 22 minute(s), 37 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

Link to post
Share on other sites

1. I believe it's fixed. After clean uninstall and reinstall when I checked the automated scheduling there were already two items there. Update and threat scan. Just changed some timings on the threat scan and mbam did not crash. Prior to this there was nothing showing in automated scheduling and creating a scheduled item crashed mbam. Also created a new custom scan, just to make sure it would accept it and not crash. That worked, then deleted the custom scan. So, it's fixed! Thank you very much!

2. Anti-virus is the most current version of Avast Free.

 

From what I can find on the mbam website the only things I need to tell avast to not scan related to mbam are 3 programs in the malwarebytes folder in program files (x86). Avast wouldn't let me select individual files so I chose the entire folder to not be scanned. Problem? 

 

I'll keep looking to see if I can exclude just the files suggested.

 

Thanks again!
Link to post
Share on other sites

Followup question.. During install I allowed the install to put a shortcut on my desktop for starting mbam. I want to delete that shortcut. When I try, it tells me I need permission of the Administrator to do that. What gives and how do I get rid of the shortcut?

Thanks.

Link to post
Share on other sites

  • Root Admin

That's because you have Self Protection enabled so it's preventing any of it's files from being removed or changed. You need to disable the Self Protection to remove the shortcut.

At this time there are no more signs of an infection on your system.

However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.

They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.

bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot
Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.

How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP

As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers

How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.

Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
Link to post
Share on other sites

Got the shortcut deleted. Thanks.

 

Ran delfix and did the other things suggested. DelFix log below

 

All seems to be fine now. Thanks for your help.

 

# DelFix v10.8 - Logfile created 22/11/2014 at 12:50:30

# Updated 29/07/2014 by Xplode

# Username : Steve - STEVEDELL

# Operating System : Windows 7 Home Premium  (64 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\Qoobox

Deleted : C:\FRST

Deleted : C:\ComboFix.txt

Deleted : C:\Windows\grep.exe

Deleted : C:\Windows\PEV.exe

Deleted : C:\Windows\NIRCMD.exe

Deleted : C:\Windows\MBR.exe

Deleted : C:\Windows\SED.exe

Deleted : C:\Windows\SWREG.exe

Deleted : C:\Windows\SWSC.exe

Deleted : C:\Windows\SWXCACLS.exe

Deleted : C:\Windows\Zip.exe

Deleted : HKLM\SOFTWARE\Swearware

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

 

########## - EOF - ##########

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.