Problems remain after clean install

Goto the below link and follow the instructions for running TDSSKiller from Kaspersky

• TDSSkiller - How to run

Be sure to attach your log from TDSSKiller

 

You attached logs from Safe Boot Mode. You should be running in normal boot mode unless that is not possible.

What browser are you using when have popups and what are the popups for? What do they say? Are you have browser redirections when doing searches?


See if you can use the below to uninstall the old Java version.

Revo Uninstaller


QUOTE=axnxn;1639013]Oh, one more thing. Combofix said McAfee and Avira were both running. I had uninstalled McAfee, but found a process still running in the task manager, which I killed. Avira says it's not running and I didn't see any processes in the Task Manager. But Combofix still said they were running (but ran anyway).
[/QUOTE] Many things from McAfee still remain and we will fix them below.


Now we need to use ComboFix

• Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
  • If it is not on your Desktop, the below will not work.
• Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
• If ComboFix tells you it has expired or need to be updated to a new version, make sure you allow it to update.
• Open Notepad and copy/paste the text in the below quote box into it:

• Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
• At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
• You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
• Now use your mouse to drag CFscript.txt on top of ComboFix.exe
• Follow the prompts.
• When it finishes, a log will be produced named c:\combofix.txt
• I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

If after running Combofix you discover none of your programs will open up because you recieve the following error: Illegal operation attempted on a registry key that has been marked for deletion then you will need to reboot your computer which will normally fix this problem.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\ComboFix.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Power off your PC for a few minutes. Then start it up and see if you can run System Restore. If not, you may have to do a repair of Windows. Do youhave your Windows 7 DVD. Can you access the Windows 7 Recovery Environment? Sometimes this Environment is already installed on a PC and you can boot up to it.

 

It looks to me like your hard disk may have a factory recovery partition on it that you can restore to. However, do note that if you use this, you will lose any personal data save on your PC because it reimages the drive so that your PC will be in the same state it was when you took it out of the box.

If you cannot boot your PC at all, it is rather difficult to do backups now. You would need to use another PC to possibly create a special boot CD that allows network or USB access so that you could backup important data ( if you have not already been doing backups ). Or another choice would be to remove your hard disk and slave it to another PC where you could copy files.

Do you know what the name of the file was that TDSSKiller found and cure? It was most likely an important Windows file but it was infected.

 

Oh and yes I know that Dell DataSafe is supposed to be the below

But since it did not work, a full reimage may be the only choice.

 

It appears that no files were removed by TDSSKiller. It found an infection on your hard disk that was most likely in the Master Boot Record.

Do you have an option when you boot the PC to get into the Windows 7 System Recovery Environment? If you do, it may be possible to repair the boot record from there.

There is a good tutorial on the Recovery Environment in the below link:

http://www.bleepingcomputer.com/tutorials/tutorial161.html

 

See if you can enter the below command to repair the MBR. Not there is a space after bootrec:

bootrec /fixmbr

Then reboot and see if it helped or not.​

 

Hmmm! This is not good.

At the command prompt enter the below and tell me what happens:

bcdedit | find "osdevice"

 

Also I have a question. When you boot up, do you get a message like: "Bootmgr is missing"

 

You may want to consider waiting until you get that DVD from Dell and then call them to see if they can walk you though a possible repair for this. It just seems like it may be looking in the wrong place for an activated Windows partition. However, it could become necessary to reinstall and they should be able to help you with that too.

 

You're welcome. That's excellent news.

You should check out the below now:

How to Protect yourself from malware!