New
#41
so open notepad on the clean computer?
Used windows defender offline now windows won't start
-
-
New #42
empresssoul,
Please await my instructions before you do anything else!
Do not run the script above.
Thanks!
-
-
New #44
empresssoul,
On the clean computer, please open: Notepad
Copy/paste all the contents of the quote box below to Notepad (do not copy the word 'Quote').
Save it on the flash drive as: fixlist.txt
WARNING: This script is written specifically for empresssoul, for use on this particular computer.start
C:\Windows\svchost.exe
TDL4: custom:26000022
ATTENTION: Malware custom entry on BCD on drive e: detected.
cmd: bootrec /fixmbr
cmd: bootrec /fixboot
end
Running the script on another computer may cause damage to the Operating System.
Now, in the infected computer, plug in the USB flash drive, and enter System Recovery Options as you did before.
Run FRST again, but this time press the Fix button just once, and wait.
When done, the tool makes a log on the flash drive. This time it is called: Fixlog.txt
Try to boot the computer into normal mode and post back on what happens.
Also, please post Fixlog.txt in your reply.
If the computer still does not boot into Windows, just hang in there.
Last edited by cottonball; 29 Apr 2013 at 21:25.
-
-
New #46
It worked....I am on my desktop!
when I selected Internet explorer it won't open, but google chrome did, also my micro secur Essen is off and when attempting to turn on it comes back with an error message
-
New #47
Great job, empresssoul!!
You are very good at applying instructions.
My bad on: Malware custom entry on BCD on drive e: detected. (Your drive was not: y)
However, it does not matter, since that is not a crucial entry.
The rest of the entries is what matters.
Now, let's see where the damage is, and give it a whirl.
Please press on with Downloading Farbar Service Scanner
Save to the Desktop
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Press: Scan
- FSS creates a log, FSS.txt, on the Desktop.
- Make sure the following options are checked:
-
New #48
Farbar Service Scanner Version: 14-04-2013
Ran by Empress (administrator) on 29-04-2013 at 22:51:23
Running from "C:\Users\Empress\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
-
New #49
Not the results expected...
When you open IE, what happens? Does it just flash and close, or, does it give you an error message?
If so, describe.
On MSE, what is the error message you are getting?
-
New #50
Also, please go to the TDSSKiller Download
Select the .exe version
Double-click on TDSSKiller.exe to run the program.
When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK
Press: Start Scan
•If a suspicious object is detected by this program, the default action is Skip. Leave this action as is, and click on: Continue
•If malicious objects are found, they show in the Scan results.
Ensure Cure (the default action) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)
When done, the tool creates a log on the disk with the Windows Operating System, normally C:\
Logs have a name like:
C:\TDSSKiller.X.X.X_29.04.2013_15.31.43_log.txt
Please post or attach the TDSSKiller log in your reply.
Quote
Related Discussions