Jump to content

Multiple infections, WinDefender offline and FRST both hang... what now?


Recommended Posts

I have a Vista basic laptop with 22 nasties on it.


It got 3/4 of the way through a MWB full scan when Security essentials forced a reboot, then windows was unusable after login.


Next up, ran a win defender offline scan - if found 22 different items but hung (22 hours waiting) while trying to clean them.


Now when I try to run FRST in recovery mode, it hangs while scanning HKU\UserName\Software\Microsoft\Windows NT\CurrentVersion\Winlogon- Shell


HDD has occasional activity.


Any ideas...  getting ready to format/re-install at this point, but would need to backup the data... I have linux based boot disk I can get access to the system with but don't want to pass on the infections to the backup drive.


cheers in advance - ellem

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool from here:                                                                  


save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bit


Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Plug the flash drive into the infected PC.


If you are using Vista or Windows 7 enter System Recovery Options.


Plug the flashdrive into the infected PC.


Enter System Recovery Options I give two methods, use whichever is convenient for you.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select Your Country as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

Startup Repair

System Restore

Windows Complete PC Restore

Windows Memory Diagnostic Tool

Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type  e:\frst64 or e:\frst depending on your version. Press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.



Link to post
Share on other sites

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.


Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Will your system boot ok into Normal mode now, if so continue;


Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.





  • Double click on AdwCleaner.exe to run the tool.



  • Vista/Windows 7/8 users right-click and select Run As Administrator



  • Click on the Scan button.



  • AdwCleaner will begin...be patient as the scan may take some time to complete.



  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.



  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.



  • Look over the log especially under Files/Folders for any program you want to save.



  • If there's a program you want to save, just uncheck it from AdwCleaner.



  • If you're not sure, post the log for review.



  • If you're ready to clean it all up.....click the Clean button.



  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.



  • Copy and paste the contents of that logfile in your next reply.



  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.



  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine



  • To restore an item that has been deleted (if necessary):



  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.







Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan

Make sure that everything is checked, and click Remove Selected on any found items.


Post the produced logs




Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.