Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Antivirus programs, Malwarebytes, SpyBot, AVG, RKill, etc. will not st

Started by carolinachris , Aug 28 2015 12:14 PM

Page 7 of 11
5
6
7
8
9

This topic is locked

#91
carolinachris

Posted 08 September 2015 - 12:58 PM

Member

Topic Starter
Member
80 posts

Brian,

D:\Windows\erdnt\Hiv-backup>attrib -s-h C:\Boot\BCD

Output:

Invalid switch - -s-h

D:\Windows\erdnt\Hiv-backup>attrib c:\boot\bcd

Output:

A SH C:\boot\BCD

Edited by carolinachris, 08 September 2015 - 01:00 PM.

#92
BrianDrab

Posted 08 September 2015 - 01:03 PM

Trusted Helper

Malware Removal
3,591 posts

attrib -s -h C:\Boot\BCD

When you type it, it's attrib followed by a space and then a dash and then the letter s followed by another space and then a dash followed by the letter h and then a space and then the rest of it.

#93
carolinachris

Posted 08 September 2015 - 03:06 PM

Member

Topic Starter
Member
80 posts

Brian,

I made a mistake in the syntax. I had NO space between the "s" and the "-".

D:\Windows\erdnt\Hiv-backup>attrib -s -h C:\Boot\BCD

D:\Windows\erdnt\Hiv-backup>attrib c:\boot\bcd

A C:\boot\BCD

#94
BrianDrab

Posted 08 September 2015 - 03:10 PM

Trusted Helper

Malware Removal
3,591 posts

OK good. Let's validate one more thing before we do another fix.

Generate Needed Log
1. Please type the word notepad in the black command prompt window and hit Enter on the keyboard.
2. Under the File menu of notepad, please select Open.
3. Double-click on Computer and then identify which driver letter represents your USB drive. It should be the one labeled Repair disc Windows 7 64-bit.
4. Click Cancel on the Open Dialog from notepad and close notepad.
5. In the Command Prompt window, please type F:\FRST64.exe and press enter on the keyboard. Note: Replace F with the Drive Letter you identified in bullet#3.
6. The tool will start to run.
7. If a disclaimer comes up, Please answer Yes.
8. Under the Optional Scan section, please check List BCD.
9. Click the Scan button. It will create a log file named FRST.txt on the USB Drive. It will also open in Notepad when finished. You can simply close Notepad.
10. Please plug the USB Drive into your Good computer and post the contents of this log file.

11. You may keep the sick computer at the command-prompt as there are a few other things we will do.

#95
carolinachris

Posted 08 September 2015 - 03:25 PM

Member

Topic Starter
Member
80 posts

Brian,

For future reference:

System (C:)

61.8 MB free of 99.9 MB

Local Disk (D:)

22.6 GB free of 99.9 GB

Local Disk (E:)

350 GB free of 350 GB

Recovery (F:)

1.75 GB free of 14.9 GB

Boot (X:)

29.0 MB free of 31.5 MB

(H:)

Repair disc Windows 7 64-bit

Okay, ran FRST and attached the text file...

Attached Files

FRST.txt 155.68KB 186 downloads

#96
BrianDrab

Posted 08 September 2015 - 03:42 PM

Trusted Helper

Malware Removal
3,591 posts

Hmmm, that's interesting. FRST shows the following.

Drive c: () (Fixed) (Total:100 GB) (Free:22.65 GB) NTFS
Drive e: () (Fixed) (Total:350.66 GB) (Free:350.55 GB) NTFS
Drive f: (RECOVERY) (Fixed) (Total:15 GB) (Free:1.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive h: (Repair disc Windows 7 64-bit) (Removable) (Total:3.73 GB) (Free:3.55 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Continue with bullet#6 from my previous post. See if it goes through this time.

#97
carolinachris

Posted 08 September 2015 - 05:23 PM

Member

Topic Starter
Member
80 posts

Brian,

D:\Windows\erdnt\Hiv-backup>copy BCD c:\boot\bcd

Output:

The system cannot find the path specified.

(I tried this twice and double checked the syntax)...

#98
BrianDrab

Posted 08 September 2015 - 05:31 PM

Trusted Helper

Malware Removal
3,591 posts

I think your drive letters may have changed. It looks like you are at the following prompt.

D:\Windows\erdnt\Hiv-backup>

What happens when you type dir and hit enter?

#99
carolinachris

Posted 08 September 2015 - 06:04 PM

Member

Topic Starter
Member
80 posts

Brian

I think your drive letters may have changed. It looks like you are at the following prompt.

D:\Windows\erdnt\Hiv-backup>

What happens when you type dir and hit enter?

Brian,

D:\Windows\erdnt\Hiv-backup>dir

Output:

The system cannot find the path specified.

#100
BrianDrab

Posted 08 September 2015 - 06:07 PM

Trusted Helper

Malware Removal
3,591 posts

That's what I suspected. It looks like on this boot it's actually the C: drive.

Type c: and hit enter. That's a c and a colon.

Then type cd windows\erdnt\hiv-backup and hit enter.

Let me know if this brings you to...

C:\Windows\erdnt\Hiv-backup>

#101
carolinachris

Posted 08 September 2015 - 07:10 PM

Member

Topic Starter
Member
80 posts

That's what I suspected. It looks like on this boot it's actually the C: drive.

Type c: and hit enter. That's a c and a colon.

Then type cd windows\erdnt\hiv-backup and hit enter.

Let me know if this brings you to...

C:\Windows\erdnt\Hiv-backup>

Brian,

After entering:

C:\>cd windows\erdnt\hiv-backup

I received output:

C:\Windows\erdnt\Hiv-backup>

#102
BrianDrab

Posted 08 September 2015 - 07:59 PM

Trusted Helper

Malware Removal
3,591 posts

Good. The drive letters did change. So now type copy BCD y:\boot\bcd and hit enter. If asked to overwrite go ahead.

Let me know if this is successful.

#103
carolinachris

Posted 09 September 2015 - 06:51 AM

Member

Topic Starter
Member
80 posts

Good. The drive letters did change. So now type copy BCD y:\boot\bcd and hit enter. If asked to overwrite go ahead.

Let me know if this is successful.

Brian,

Yes, it was successful.

The overwrite completed:

1 file(s) copied.

#104
BrianDrab

Posted 09 September 2015 - 06:56 AM

Trusted Helper

Malware Removal
3,591 posts

Let's finish the rest of the steps.

7. Type copy security c:\windows\system32\config\security and hit enter on the keyboard. Answer Yes to the overwrite message and hit enter. It should say 1 file copied.

8. Type copy default c:\windows\system32\config\default and hit enter on the keyboard. Answer Yes to the overwrite message and hit enter. It should say 1 file copied.

9. Type copy SAM c:\windows\system32\config\SAM and hit enter on the keyboard. Answer Yes to the overwrite message and hit enter. It should say 1 file copied.

10. Type exit and hit enter on the keyboard. Remove the USB drive and click the Restart button.

Let me know if your computer boots up.

#105
carolinachris

Posted 09 September 2015 - 07:26 AM

Member

Topic Starter
Member
80 posts

Let's finish the rest of the steps.

7. Type copy security c:\windows\system32\config\security and hit enter on the keyboard. Answer Yes to the overwrite message and hit enter. It should say 1 file copied.

8. Type copy default c:\windows\system32\config\default and hit enter on the keyboard. Answer Yes to the overwrite message and hit enter. It should say 1 file copied.

9. Type copy SAM c:\windows\system32\config\SAM and hit enter on the keyboard. Answer Yes to the overwrite message and hit enter. It should say 1 file copied.

10. Type exit and hit enter on the keyboard. Remove the USB drive and click the Restart button.

Let me know if your computer boots up.