Jump to content

BSOD after Malwarebytes

Recommended Posts

I used Malwarebytes to try and find a virus/trojan I had contracted via a website. Most of the info can be found in this thread here - http://forums.malwarebytes.org/index.php?s...p;p=296715&

After I ran a scan Malwarebytes found a few things and I continued with a quarantine or delete (can't remember which) followed by a reboot. The reboot however never occured as all I got was a blue screen of death and can nether start up in SAfe Mode or "Last Known Config".

Here's the log I got from the scan just before the removal of the infected files and reboot:

Malwarebytes' Anti-Malware 1.46


Database version: 4381

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

03/08/2010 02:04:10

mbam-log-2010-08-03 (02-04-10).txt

Scan type: Quick scan

Objects scanned: 157652

Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 16

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aae725f3-298b-4fef-82ee-faf909639409} (Password.Stealer) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\prh (Trojan.Banker) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\WINDOWS\system32\xmldm (Stolen.Data) -> Files: 998 -> No action taken.

Files Infected:

C:\Documents and Settings\User\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\hlp.dat (Malware.Trace) -> No action taken.

C:\Documents and Settings\All Users\Application Data\pragmamfeklnmal.dll (Rootkit.TDSS) -> No action taken.

C:\Documents and Settings\All Users\Favorites\_favdata.dat (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\krncode.dat (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\nsysd.ini (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\nsysk.ini (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\nsysp.ini (Trojan.Patched) -> No action taken.

C:\WINDOWS\system32\nsysw.ini (Trojan.Patched) -> No action taken.

C:\WINDOWS\system32\olsysk.dat (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\olsysp.dat (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\olsysw.dat (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\pwrcode.dat (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\shifld2.old (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\wincode.dat (Malware.Trace) -> No action taken.

C:\WINDOWS\system32\drivers\AtapiDrv.sys (Rootkit.Agent) -> No action taken.

I don't have my windows discs so can't do a reinstall. It's a Compaq Presario laptop with Windows XP Media Center.

Any help would be much appreciated.

Link to post
Share on other sites

Hello Butch Cassidy

Please DO NOT POST LOGS HERE unless requested.


Please note that it may take 48 hours or more for you to receive a response in the malware removal forum, as it is often busy at times. Please do not reply to your own post asking for help unless its been more than 48 hours since you originally posted, as this can make it appear as though you are being helped and take longer for you to get help. If no one has replied within 48 hours then please go ahead and either reply to your post or send a private message to a Moderator and let them know that you're still needing assistance.

Replying to your own posts changes the post count and will often cause helpers to think that you're already being helped and thus they won't open and look at your post.

Please DO NOT reply to another users post, create your own new post.

Prompt responses to instructions and performing the required fixes as soon as possible is always best.

During this scan and cleanup process you should not install any other software unless requested to do so.

Please be patient, Thanks :)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.