Many thanks for all the times that you have indirectly helped me in the past via reading your forums. Unfortunately, this time I am in need of your valuable time and specific assistance.
The affected Laptop is a HP Pavilion ZV5000 Series, P4, 3.2GHz using XP SP3.
History of symptoms and events leading up to this request:
1. Approx. 2-3 weeks ago my hotmail account was hijacked and was sending spam to all of my contacts. I also noticed that my laptop was not performing well (i.e., running slow after an hour or two of use, touchpad would resist movement commands, etc.).
- I deleted all of my contacts on that email account and opened a gmail account for all of my contacts and personal email.
- I opened and 1st tried to update the Mbam (Malwarebytes) database before scanning. Every scan attempt failed with an "Error: .... 732 (0,0)" Message, even in Safe-Mode. Sorry but I did not log down this error but clearly remember the error code was 732 (0,0).
- Avast AV scans were/are of no help.
3. Then, Mbam would lock-up after 4 minutes of scanning. At this stage each scan would freeze when scanning this file c\windows\system32\msiexec.exe. I ran multiple Mbam scans and it always locked up at this file/point after the same amount of scan time.
3a. This error would read, Malwarebytes Anti-Malware has encountered a problem and needs to close. Etc.
3b. After sending the error report to MS the frozen Mbam window would remain on my desktop then I would get a similar error stating, DrWatson Postmortem Debugger has encountered a problem and needs to close.
After sending that error report to MS I was still left with the frozen Mbam window.
4. The only way that I could close the frozen Mbam window was to open the taskmanager and end 1 of the 2 drwtsn32.exe processes. Any attempt to end the mbam.exe process directly (or if I picked the wrong drwtsn32.exe process), was a non-result.
I apologize in advance if my next actions were stupid. They were done out of mix of desperation, ignorance and hope.
5. 2 days ago I ran ComboFix, following instructions laid out by your staff for another member. I no longer have that link. I only ran Combofix and did not attempt to remove, modify or repair any other files. I just let ComboFix do its thing. The results were inconclusive.
6. This evening I ran across your article on using rkill to exorcise the Antivirus 2010/Security Tool scareware/malware at http://download.bleepingcomputer.com/grinler/rkill.com and ran it per the step-by-step instructions provided. However, when I attempted step 12.,
12. Once the file has been downloaded, open the C:\program files\Malwarebytes' Anti-Malware\ folder and double-click on the file you downloaded in step 14*. MBAM will now start and you will be at the main program screen as shown below.
[ *Member Side Note: I believe that step 12 should state, Once the file has been downloaded, open the C:\program files\Malwarebytes' Anti-Malware\ folder and double-click on the file you downloaded in step 11*. MBAM will now start and you will be at the main program screen as shown below.]
MBAM would not start and I would get this error:
The setup files are corrupted. Please obtain a new copy of the program.
I repeated this process twice with the same results.
7. Having failed step 12 of the rkill process I went ahead and ran Mbam using the default mbam.exe file also installed in the C:\program files\Malwarebytes' Anti-Malware\ folder.
After sucessfully updating, Mbam now runs over 6 minutes and consistently locks up on this file:
I have run Mbam 3 more times and the results are the same.
I have also kept all combofix, hijackthis and rkill logs if you need them.
Any help or enlightenment would be greatly appreciated.