Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cleaned Viruses, BSOD 0x0000007e, Repair Install, Computer Not Autenticated, Blank Screen, Stuck


  • Please log in to reply
1 reply to this topic

#1 spaceman67

spaceman67

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 11 November 2009 - 06:48 PM

I have 2 computers both doing the same thing... Here's the story:
One is XP Home SP3 and the other is XP Pro SP3... both were infected via an infected USB drive with what started as Virut... I was able to log into them fine in the beginning, but they were infected... Also, system restore wasn't turned on with either system so that isn't an option...

I ran Malwarebytes, it found 235 infected files on one and only about 110 on the other, I told it to remove the infected files on both of them, Malwarebytes requested a reboot and after the reboot it came up to a BSOD 0x0000007e error screen on both machines (in safe mode and normal boot)...

I then concentrated on the Pro machine...

I booted to the recovery console, ran a chkdsk /r, no change...

Then tried fixboot and fixmbr and chkdsk /r, same thing...

I ran a scan using Avira's boot rescue disk and it clean a few more infected files, but still it came up to the 7e BSOD...

I tried a repair install of the OS, rebooted and it came up with "windows must be activated before logging on" box, if I hit the button to activate, it would go to a screen showing the background and cursor and nothing else and just hang there and if I cancel it goes back to let me pick a user...

From here I could get into the basic Safe Mode, but not Safe Mode with networking...

Then from safe mode I renamed wpa.dbl and wpa.bak to wpa_old.dbl and wpa_old.bak and rebooted...

this changed the popup box to say "A problem is preventing Windows from accurately checking the license for this computer" but again if I hit the button to try to continue it will just hang and if I cancel it goes back to the screen showing all the users...

So from here I found several things to try and none of them have changed anything... But here's what I did so far:
1. HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices. Click Mounted Devices. Look for \DosDevices\X:, where X is the letter of the system drive. If itís something other than C ***(everything looked normal here)
2. went to delete both HKEY_USERS\.DEFAULT\Software\Microsoft\Cryptography\Providers and HKEY_USERS\S-1-5-20\Software\Microsoft\Cryptography\Providers, but neither were there
3. Verified that Windows\System32\secupd.dat, Windows\System32\oembios.dat and Windows\System32\oembios.bin were all there and they appear to be the same as this computer in size and date...
4. From Safe Mode I ran:
regsvr32 licwmi.dll

regsvr32 regwizc.dll

regsvr32 licdll.dll

regsvr32 jscript.dll

regsvr32 vbscript.dll

regsvr32 msxml.dll

regsvr32 shdocvw.dll

regsvr32 softpub.dll

regsvr32 wintrust.dll

regsvr32 initpki.dll

regsvr32 dssenh.dll

regsvr32 rsaenh.dll

regsvr32 gpkcsp.dll

regsvr32 sccbase.dll

regsvr32 slbcsp.dll

regsvr32 cryptdlg.dll

Still the same thing...
5. I ran ren "C:Windows\system32\catroot2\Edb.log *.tst"
6. Search for Reset5.exe, .dll, .dat, .dt* and srvany.exe and found none of them to delete
7. I also did everything on this page Microsoft Info

I'm about out of ideas... Anyone have any more suggestions outside of the common reload everything?? I sort of remember reading some place once about replacing the security part of the registry, but I'm not sure if that applies to this or not and I didn't find anything while I was looking...

Thanks for reading this far and thanks in advance for any ideas...

BC AdBot (Login to Remove)

 


#2 spaceman67

spaceman67
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 11 November 2009 - 06:51 PM

I also tried to reinstall SP3 from safe mode too and that didn't change anything either...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users