after windows defender offline, computer wont boot FRST.txt included

Discussion in 'Malware Help (A Specialist Will Reply)' started by speedyneon, Apr 3, 2014.

  1. speedyneon

    speedyneon Private E-2

    A friend had someone work on her laptop. They said they installed Microsoft Security Essentials and after it ran, it told them to run Windows Defender Offline. Now the laptop won't boot into windows. When it gets to the Windows loading screen, you catch a flash of BSOD and reboot. I have booted into Windows RE and ran system repair with no result. I have tried SFC /scannow but it says a repair is in progress and needs a reboot. I have ran FRST64 and included the FRST.txt file. Can anyone please lead me to the next step. Personally if it was mine, I would wipe it clean and reinstall windows but not everyone seems to make backups of their important stuff.
     

    Attached Files:

    speedyneon, Apr 3, 2014
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Attached is fixlist.txt
    • Save fixlist.txt to your flash drive.
    • You should now have both fixlist.txt and FRST64.exe on your flash drive.

    Now re-enter System Recovery Options.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt).
    Please attach this to your next message. (How to attach)


    =======

    Now see if you can boot into normal mode and follow these instructions:

    READ & RUN ME FIRST - Malware Removal Guide
     

    Attached Files:

    Kestrel13!, Apr 3, 2014
    #2
  3. speedyneon

    speedyneon Private E-2

    OMG Thank you! The laptop now boots. I have included the fixlog. I am now in the process of following the malware removal guide. I was wondering though, would me running bootrec /fixmbr and /fixboot have fixed this? That was going to be my next step but after running FRST64 the first time, I saw svchost.exe and some other files have zeroaccess so I came here. Also is zeroaccess malware or is that something windows does. Sorry for the questions. I'm always looking to expand my computer knowledge.
     

    Attached Files:

    speedyneon, Apr 3, 2014
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You are most welcome. :)
    Possibly not. I think performing the command using FRST would have been much more successful.
    It's malware. It's a kernal mode rootkit.

    Can you now continue with the other instructions I gave you then please? Thanks.
     
    Kestrel13!, Apr 3, 2014
    #4
  5. speedyneon

    speedyneon Private E-2

    I just completed the malware removal guide. I have included all the logs. The malwarebytes log came out as a .xml file amd wouldn't upload so i added .txt to the end. Thank you for all the help.
     

    Attached Files:

    speedyneon, Apr 3, 2014
    #5
  6. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Hi there.

    Are you deliberately set up to use a proxy?
     
    Kestrel13!, Apr 4, 2014
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds