|29 Apr 2013||#44|
On the clean computer, please open: Notepad
Copy/paste all the contents of the quote box below to Notepad (do not copy the word 'Quote').
Save it on the flash drive as: fixlist.txt
ATTENTION: Malware custom entry on BCD on drive e: detected.
cmd: bootrec /fixmbr
cmd: bootrec /fixboot
Running the script on another computer may cause damage to the Operating System.
Now, in the infected computer, plug in the USB flash drive, and enter System Recovery Options as you did before.
Run FRST again, but this time press the Fix button just once, and wait.
When done, the tool makes a log on the flash drive. This time it is called: Fixlog.txt
Try to boot the computer into normal mode and post back on what happens.
Also, please post Fixlog.txt in your reply.
If the computer still does not boot into Windows, just hang in there.
|My System Specs|
|29 Apr 2013||#47|
Great job, empresssoul!!
You are very good at applying instructions.
My bad on: Malware custom entry on BCD on drive e: detected. (Your drive was not: y)
However, it does not matter, since that is not a crucial entry.
The rest of the entries is what matters.
Now, let's see where the damage is, and give it a whirl.
Please press on with Downloading Farbar Service Scanner
Save to the Desktop
|My System Specs|
|29 Apr 2013||#48|
Farbar Service Scanner Version: 14-04-2013
Ran by Empress (administrator) on 29-04-2013 at 22:51:23
Running from "C:\Users\Empress\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
Localhost is accessible.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
Firewall Disabled Policy:
System Restore Disabled Policy:
Windows Autoupdate Disabled Policy:
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
|My System Specs|
|29 Apr 2013||#50|
Also, please go to the TDSSKiller Download
Select the .exe version
Double-click on TDSSKiller.exe to run the program.
When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Press: Start Scan
•If a suspicious object is detected by this program, the default action is Skip. Leave this action as is, and click on: Continue
•If malicious objects are found, they show in the Scan results.
Ensure Cure (the default action) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)
When done, the tool creates a log on the disk with the Windows Operating System, normally C:\
Logs have a name like:
Please post or attach the TDSSKiller log in your reply.
|My System Specs|
|Thread Tools||Search this Thread|
|Similar help and support threads|
Windows Defender Offline
How to Use Windows Defender Offline The former Microsoft Standalone System Sweeper (MSSS) BETA has been rebranded and available as Windows Defender Offline now. Windows Defender Offline is a free standalone, bootable malware and virus remover from Microsoft that performs an offline scan...
cant reboot after windows defender offline
hello, i read another similar but not sure what will apply in my case.... After being notified my computer was infected I followed the suggestion to use Windows Defender Offline to remove the trojan. Once completed, and having cleaned the trojan, the computer would not reboot. It has a black...
I used Windows Defender Offline now Windows 7 Home Premuim won't load
I ran MSE on this computer and it picked up the Trojan Alureon. It said it couldn't completely unistall it and I had to use Windows Defender Offline. I installed WDO on my USB and ran it. Now I can't get windows to load and Startup Repair can't fix the problem. I've run it a few times and I've...
windows defender offline error
I'm trying to download and install windows defender offline to a flash drive for use on another computer. During the 4-step process, I get error 0007-8004DD1D "error formatting drive" when it tries to format the flash drive. I have tried several time using different flash drives. I manually...
© Designer Media Ltd
All times are GMT -5. The time now is 04:13.