BSOD on start up, Error 0x0000007B

Kaktussoft · 02 Nov 2012

Kaktussoft said:

Code:

 
c:
cd \programdata
ren  "AVG Secure Search"  "AVG Secure Search.save" 
ren  AVG2012  AVG2012.save
cd  "\program files (x86)"
ren AVG  AVG.save
ren  "AVG Secure Search"  "AVG Secure Search.save"

All commands are succesfull? If so reboot and post results. Don't uninstall AVG yet!

sure you did all of this? (I editted post later). please look again

Kaktussoft · 02 Nov 2012

Don't reset bios. But do the following. Be sure to boot from DVD, so not from F8!!

BTW: what rootkit did you have? And how did you remove it?

TDSS rootkit?
If so:
C:\WINDOWS\system32\TDSSciou.dll - Win32/Agent.ODG trojan
C:\WINDOWS\system32\TDSSliqp.dll - Win32/Agent.OIK trojan
C:\WINDOWS\system32\TDSSnrse.dll - Win32/Agent.OIK trojan
C:\WINDOWS\system32\TDSSoeqh.dll - Win32/Agent.ODG trojan
C:\WINDOWS\system32\drivers\TDSSmhct.sys - Win32/Agent.ODG trojan

Code:

c:
cd \windows\system32
attrib  -h  -s  tdss*.*
del  tdss*.*
cd  drivers
attrib -h -s  tdss*.*
del  tdss*.*

All gone? Now just to be sure you have correct MBR bootcode:

Code:

bootrec/fixboot
bootrec/fixmbr

Code:

reg  query  HKLM\win7sys\Microsoft\Windows\CurrentVersion\Run
reg  query  HKLM\win7sys\Microsoft\Windows\CurrentVersion\Runonce

Any strange startup items?

Code:

reg  unload  hklm\win7sys

doiob · 02 Nov 2012

Going to double check tomorrow i need some sleep right about now. Thanks for all your help il be back

Kaktussoft · 02 Nov 2012

Or download Data Recovery | AVG Rescue CD | AVG Ireland . Download the ISO, burn it and boot from it. Scan for virusses. Anything found? Cleaned?

Golden · 02 Nov 2012

Kaktussoft said:

BTW: what rootkit did you have? And how did you remove it?

This is critical information to identify. Unless you can exactly identify it, you will often find that the best solution to get a 100% guarantee the system is clean, is to perform a clean install after running a DISKPART and CLEAN or CLEANALL.

I know its not ideal, but its the safest solution.

Regards,
Golden

doiob · 02 Nov 2012

Ok i will give you as much info on the rootkit as i can. I can not remember it name of exact location. I am 100% sure it was removed as all it stopped effecting my computer. It was a google redirect rootkit that made google chrome use 50+ cpu and would redirect many google links in both chrome and Firefox. I could not use TDSS as the process was killed on launch no matter what i renamed it. So i used PC tools root killer, im sorry i dont remember its exact name. I did try and run tdss but it was never running long enough to do anything.

I searched system 32 and drivers with "dir tdss*" found nothing. I will try and find the exact name of the rootkit remover i used.

doiob · 02 Nov 2012

All avg folder have been renamed with .save at the end.

Kaktussoft · 03 Nov 2012

Please do what has been asked in #12

doiob · 03 Nov 2012

Ok im doing the #12 now. Earlier today i was running the avg scan it took an incredible long time but that was to be expected however it ended at 54% on a java file with the message Scan ended with unknown return code!

doiob · 03 Nov 2012

#12 the first line worked but the others gave me "ERROR: The system was unable to find the specified registry key or value." Im going to try them again as i may have stuffed it up somewhere somehow.