Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Ran Windows Defender Offline, can't boot up computer. Help please!

21 Jan 2014   #11
bsever

Windows 7 64 bit
 
 

Quote   Quote: Originally Posted by Layback Bear View Post
Just a thought.
After WDO was the boot order set back to proper drive?
I will go back to watching.
Surprisingly, it was set back to the proper drive after WDO.


My System SpecsSystem Spec
.
21 Jan 2014   #12
ICIT2LOL

Desk1 7 Home Prem / Desk2 10 Pro / Main lap Asus ROG 10 Pro 2 laptop Toshiba 7 Pro Asus P2520 7 & 10
 
 

Yes bsever mate there is a huge amount of replies from wherever re this problem and I am guessing any one of the replies may well be right but it takes very little time to run the rescue and if nothing else eliminates some things.
There are in that list others too of which I have not used but I am sure if the Kaspersky does not pick anything up the others may or may not pick up malware as nothing is 100% foolproof. That goes for any security you are using really if you think about it until a malware is put out and it is recognised as such then it cannot be detected, the best you can do is to use a good program with a good reputation.

If you want to like Slartybart says use the TDSS Killer it is here Malware Removal Tools | Free Virus Removal | Kaspersky Lab scroll down to the TDSS and use it - again it takes only a very short time to run and eliminates yet another probable cause.
My System SpecsSystem Spec
21 Jan 2014   #13
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Jacee is one of the best around here - I copied a post from a similar thread that might get you booted.

I noticed a slight difference between the other thread and your thread.

Your specs state Win7 x64 - is that correct?
If you already have the 64 bit version, you can skip the download, if you aren't certain, please download.

Is the exe named FRST64 or FRST? You want FRST64.exe

So the first thing I'd like you to do is download the
64 bit version of Farbar: Downloading Farbar Recovery Scan Tool
[download prompt should offer Run, Safe, Cancel bar]

Then follow the instruction in the quote.

Quote   Quote: Originally Posted by Jacee View Post
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


Code:
start
TDL4: custom:26000022
end
Now please enter System Recovery Options as you did to get the log.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot and see if you can open windows normally..
The next steps Jacee asks OP to run AdwCleaner, but Cottonball (also one of the best) interjects wih something he sees in the FRST64 report. I'm not up on FARBR reports - so another member can take a look at it and determine if an additional script is required.

Given that those two are the best and there is some minor discussion about the order, the only thing I can safely say at this point is to follow the Jacee's quoted instructions above.

I'm sure the discussion was a minor detail - but they would be the ones who could answer if the order made a difference.
My System SpecsSystem Spec
.

21 Jan 2014   #14
bsever

Windows 7 64 bit
 
 

I am running the Kaspersky Rescue from USB as suggested earlier at the moment and will see what happens when that is over. The quoted text seems to be a fix that is unique to that case, but in the absence of further direction (and in deference to your expertise) I'll try the quoted fixlist text next if still necessary. I appreciate the guidance!

Edit: Kaspersky ran a quick scan of the disk boot sectors and hidden startup objects and didn't find anything, so I am having it run a scan of c drive and all other available objects/places to scan that it gave me. I have to leave for the night so I won't know the results of this scan until the morning, but if nothing turns up I guess I'll be at square one and will try the fix quoted by Slartybart. Thanks again.
My System SpecsSystem Spec
22 Jan 2014   #15
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

What you have is a 'Rootkit'. I don't even try to help folks with this problem. My best advice is to wipe and do a "clean" install. You can read what a rootkit is all about here: Rootkit - Wikipedia, the free encyclopedia


Quote:
There are experts who believe that the only reliable way to remove them is to re-install the operating system from trusted media.[82][83] This is because antivirus and malware removal tools running on an untrusted system may be ineffective against well-written kernel-mode rootkits.
I'm one of these 'experts'.
My System SpecsSystem Spec
22 Jan 2014   #16
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Jacee: Is there any hope for user data or is that also suspect?

bsever: Looks like we should have waited.
I was leaning on her posts anyway, so I'll lean her post# 15 above.
My System SpecsSystem Spec
22 Jan 2014   #17
cottonball

Windows 7 Home Premium
 
 

bsever,

Let's try this script...

Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy the entire contents of the code box below
Save it to the USB pen drive, and name it: fixlist.txt

start
HKLM-x32\...\Run: [] - [x]
C:\Windows\Installer\{3c1bccc7-061b-c6af-40d2-8b0efa244643}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{3c1bccc7-061b-c6af-40d2-8b0efa244643}
C:\Users\POSTAL\AppData\Local\{3c1bccc7-061b-c6af-40d2-8b0efa244643}
C:\Users\POSTAL\AppData\Local\Temp\APNStub.exe
C:\Users\POSTAL\AppData\Local\Temp\imagepackage64.exe
C:\Users\POSTAL\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\POSTAL\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\POSTAL\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\POSTAL\AppData\Local\Temp\lhi65wsr.dll
C:\Users\POSTAL\AppData\Local\Temp\mpam-fex64.exe
C:\Users\POSTAL\AppData\Local\Temp\qdg_ju8x.dll
C:\Users\POSTAL\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\POSTAL\AppData\Local\Temp\z6jjfaa1.dll
C:\Windows\svchost.exe
TDL4: custom:26000022
end

Once again, run FRST64 as you did before.
When the tool opens click Yes to disclaimer.

Now, press the Fix button, only once, and wait.

When done, FRST produces Fixlog.txt on the USB pen drive.

Please provide the content of Fixlog.txt on your reply.

Thanks!
My System SpecsSystem Spec
22 Jan 2014   #18
bsever

Windows 7 64 bit
 
 

Thanks, cottonball. I've attached the Fixlog as requested.


Attached Files
File Type: txt Fixlog.txt (2.4 KB, 7 views)
My System SpecsSystem Spec
22 Jan 2014   #19
cottonball

Windows 7 Home Premium
 
 

bsever,

The fixlog looks good, but, the big question is: Does the computer boot to Windows???
My System SpecsSystem Spec
22 Jan 2014   #20
bsever

Windows 7 64 bit
 
 

Yes! What a sweet relief to see the desktop come up, oh sweet beautiful desktop. I didn't even think to try to reboot after the fix.

Thank you!!!
My System SpecsSystem Spec
Reply

 Ran Windows Defender Offline, can't boot up computer. Help please!




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Computer wont start after removing alureon virus with defender offline
I used windows defender offline to remove the Trojan alureon virus and now my computer will not start up. as it is attempting to start, blue screen will flash and the loop will start over.
System Security
Computer won't boot after using Defender offline
Well, it seems this is a common problem. I'm mildly tech savvy, but this has me beat. Kid's college computer got Alureon, ran Defender Offline from a USB which appeared to work to remove the virus, but now it's in the start cycle of black and white Acer screen, a quick flash from a blue screen,...
System Security
Boot Failure after Windows Defender Offline
Got the Alureon.a trojan/rootkit. Downloaded the Windows Defender Offline and ran it successfully, but now I can not get past the "Verifying DMI pool data....". I've read countless posts about doing F8 or F10 to go into Advanced Boot Options, but neither of those respond. So I can not change...
Hardware & Devices
Windows Defender Offline crashed computer
Microsoft Security Essentials said I needed to run Windows Defender Offline to remove a trojan. I made the disk and ran it and it said it removed the trojan and to restart the computer. Only problem is it only goes to the Windows Error Recovery Screen. It will not repair or start normally. I...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:16.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App