The bootlog file didn't shed a lot of light on the blue screen problem. Normally if a system driver is causing the problem there will be a mimidump file created, so no minidump file is good on one hand and no help on the other. I want to check the boot options. TDSSKiller found and killed the rootkit, but we need to run TDSSKiller again and remove the TDSS File System.
When the machine blue screens does it give any error messages or stop codes?
Step-1.
TDSSKiller
Please read carefully and follow these steps. They are a little different from the last instructions.
Re-open TDSSKiller on the desktop.
- Click on Change parameters.
- Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
- Click the Start Scan button.
- If a suspicious object is detected, the default action will be Skip. Leave the default Skip action except for the following:
When you see TDSS File System on the Threats Detected page, click the down arrow beside Skip and click Delete. - Click on Continue.
- If malicious objects are found, they will show in the Scan results and offer three (3) options.
- Ensure Cure is selected, then click Continue
- If TDSSKiller needs the system rebooted a window will come up telling you to reboot. Click the Reboot Computer button to finish the cleaning process.
- Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Step-2.
Check Boot Options
Please restart your system and tap the F10 key repeatedly, until the Edit Boot Options screen appears.
Please DO NOT edit anything, just report back what you see.
You should see this:
Edit Windows boot options for: Windows 7
Path: \Windows\System32\winload.exe
Partition: 1
Hard Disk: {Some random looking numbers}
[ /NOEXECUTE=OPTIN <--This is the bit I am most interested in. Don't change anything, just tell me exactly what is shown after this statement.
Step-3.
Things For Your Next Post:
1. The TDSSKiller log
2. Tell me exectly what the [/NOEXECUTE=OPTIN line showed.
3. Do you get any error messages or Stop codes when the system blue screens?
Edited by godawgs, 13 April 2012 - 11:24 PM.