Trojan Removal Results in BSOD on startup

Hi,

I had a student bring me their computer which was basically logging them off once they logged on. I removed their drive and performed an offline scan with AMB and then Forefront Endpoint 2012, both off which picked up a combo of Trojans and malware which were successfully removed. Upon retunring the HDD to the laptop and starting it up it now BSODs when it gets to loading device drivers and gives me a 0x7E stop message referring to a problem with WDFLDR.SYS file.

I found a similar post here - http://www.bleepingcomputer.com/forums/topic468885.html - and reading through I ran the FRST application and performed a search for wdf01000.sys and wdfldr.sys which resulted in this;


================== Search: "wdf01000.sys;wdfldr.sys" ===================

C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7600.16385_none_76296e5d7f3fae5b\Wdf01000.sys
[2009-07-13 15:11] - [2012-10-08 19:19] - 0445008 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7600.16385_none_76296e5d7f3fae5b\WdfLdr.sys
[2009-07-13 15:11] - [2009-07-13 17:19] - 0038480 ____A (Microsoft Corporation) FE7A7675C26FE936226641EF32AE9BB5

C:\Windows\System32\drivers\WdfLdr.sys
[2009-07-13 15:11] - [2009-07-13 17:19] - 0038480 ____A (Microsoft Corporation) FE7A7675C26FE936226641EF32AE9BB5

=== End Of Search ===

Then, thinking I'd then be able to modify the "fixlist.txt" file myself, I would make the necessary modifications and apply the fix. Trouble is, I don't think I quite understand the syntax compared to the existing file I pinched from the other thread and I was hoping for some help! Then again, perhaps I'm WAY OFF and just need to be pointed in the right direction!

Cheers!

Nevermind, solved it, at least I was on the right track!

Basically just mounted a Windows 7 wim, extracted the files I needed to a USB stick, updated the fixlist.txt file to copy the files from the stick to their respective C: drive locations, ran the FRST tool and hit the Fix button and that was it. Booted on startup.

Now I'm just trying to remove the remaining bits of malware etc.,

Cheers!

Hi Schikitar, and welcome to BC!

Do you have any remaining issues with the computer that you'd like help with? Or have you got it sorted out?

Please let me know!

bloopie

Are you totally solved as of now?

I can only offer help for a few more days.

Let me know!

bloopie

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.