kingmob Posted December 22, 2010 ID:364107 Share Posted December 22, 2010 Hoping that a kind soul can get help me out here. I basically cannot boot up into Windows 7 partition, none of the recovery options work, cannot log in into Safe mode or do any type of system restores, and none of the bootrec commands helped with restoring MBR to a bootable condition. I know I have a TDL4 infection that might be responsible for this, as a few days earlier before getting to this point I attempted to clean it up with Combofix and MB and a few other cleaners, but it didn't take. Up to that point though, it was fairly harmless and simply gave me some slowdowns with google redirects and some crashes. One day it just crashed, and that was it.I do have access to Ubuntu, Win 7 disk or Hiren's boot cd(mini Win XP) from which I tried to do some work, but still unable to rectify the BSOD. Also ran Kaspersky recovery cd, and it didn't find anything. I have tried to rectify the registry as suggested by microsoft, tried changing the atapi.sys file(as I have suspected it might have been an atapi rootkit), and tried a few other things that have not worked. I'm running out of options that I can think or find, and I do not want to reinstall Windows just yet. Is there anything else that can be done to get past this damn 0x0000007B BSOD? I'm posting some logs of my Win 7 partition a few days before the lock out, may be that will help? Is it possible to load a hive from regedit somehow to get past this?Thanks in advance. DDS:DDS (Ver_10-11-27.01) - NTFSx86 Run by sam davydov at 17:18:10.14 on Thu 12/02/2010Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3582.2371 [GMT -5:00]AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}FW: Avira Firewall *disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\Explorer.EXEC:\Program Files\DellTPad\Apoint.exeC:\Program Files\Lexmark X1100 Series\LXBKbmgr.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Lexmark X1100 Series\lxbkbmon.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\aestsrv.exeC:\Program Files\DellTPad\HidFind.exeC:\Windows\System32\svchost.exe -k AkamaiC:\Program Files\DellTPad\Apntex.exeC:\Windows\system32\conhost.exeC:\Program Files\Avira\AntiVir Desktop\avguard.exec:\xampp\apache\bin\httpd.exeC:\Windows\system32\svchost.exe -k apphostC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\Windows\System32\svchost.exe -k ipripsvcc:\xampp\mysql\bin\mysqld.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\STacSV.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k iissvcsC:\Program Files\Softomotive\WinAutomation\WinAutomation.ServiceAgent.exeC:\xampp\apache\bin\httpd.exeC:\Windows\system32\DRIVERS\xaudio.exeC:\Program Files\Avira\AntiVir Desktop\avmailc.exeC:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXEC:\Program Files\Spybot - Search & Destroy\SDWinSec.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exeC:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Users\sam davydov\Desktop\dds.scrC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exe============== Pseudo HJT Report ===============uStart Page = hxxp://www.yahoo.com/BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dllBHO: Java Link to post Share on other sites More sharing options...
kahdah Posted December 24, 2010 ID:365006 Share Posted December 24, 2010 Hello kingmobWelcome to Malwarebytes.=====================Has there been any improvements with the machine?Have you tried to rewrite a new mbr from within the win 7 bootable disk? Link to post Share on other sites More sharing options...
LDTate Posted January 2, 2011 ID:368776 Share Posted January 2, 2011 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts