Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cleaned Viruses, BSOD 0x0000007e, Repair Install, Computer Not Autenti


  • Please log in to reply

#1
spaceman67

spaceman67

    New Member

  • Member
  • Pip
  • 2 posts
Hello all... I've come to you with issues :)

I have 2 computers both doing the same thing... Here's the story:
One is XP Home SP3 and the other is XP Pro SP3... both were infected via an infected USB drive with what started as Virut... I was able to log into them fine in the beginning, but they were infected... Also, system restore wasn't turned on with either system so that isn't an option...

I ran Malwarebytes, it found 235 infected files on one and only about 110 on the other, I told it to remove the infected files on both of them, Malwarebytes requested a reboot and after the reboot it came up to a BSOD 0x0000007e error screen on both machines (in safe mode and normal boot)...

I then concentrated on the Pro machine...

I booted to the recovery console, ran a chkdsk /r, no change...

Then tried fixboot and fixmbr and chkdsk /r, same thing...

I ran a scan using Avira's boot rescue disk and it clean a few more infected files, but still it came up to the 7e BSOD...

I tried a repair install of the OS, rebooted and it came up with "windows must be activated before logging on" box, if I hit the button to activate, it would go to a screen showing the background and cursor and nothing else and just hang there and if I cancel it goes back to let me pick a user...

From here I could get into the basic Safe Mode, but not Safe Mode with networking...

Then from safe mode I renamed wpa.dbl and wpa.bak to wpa_old.dbl and wpa_old.bak and rebooted...

this changed the popup box to say "A problem is preventing Windows from accurately checking the license for this computer" but again if I hit the button to try to continue it will just hang and if I cancel it goes back to the screen showing all the users...

From safe mode I reloaded SP3... No change...

So from there I found several things to try and none of them have changed anything... But here's what I did so far:
1. HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices. Click Mounted Devices. Look for \DosDevices\X:, where X is the letter of the system drive. If it’s something other than C ***(everything looked normal here)
2. went to delete both HKEY_USERS\.DEFAULT\Software\Microsoft\Cryptography\Providers and HKEY_USERS\S-1-5-20\Software\Microsoft\Cryptography\Providers, but neither were there
3. Verified that Windows\System32\secupd.dat, Windows\System32\oembios.dat and Windows\System32\oembios.bin were all there and they appear to be the same as this computer in size and date...
4. From Safe Mode I ran:
regsvr32 licwmi.dll

regsvr32 regwizc.dll

regsvr32 licdll.dll

regsvr32 jscript.dll

regsvr32 vbscript.dll

regsvr32 msxml.dll

regsvr32 shdocvw.dll

regsvr32 softpub.dll

regsvr32 wintrust.dll

regsvr32 initpki.dll

regsvr32 dssenh.dll

regsvr32 rsaenh.dll

regsvr32 gpkcsp.dll

regsvr32 sccbase.dll

regsvr32 slbcsp.dll

regsvr32 cryptdlg.dll

Still the same thing...
5. I ran ren "C:Windows\system32\catroot2\Edb.log *.tst"
6. Search for Reset5.exe, .dll, .dat, .dt* and srvany.exe and found none of them to delete
7. I also did everything on this page Microsoft Info

I'm about out of ideas... Anyone have any more suggestions outside of the common reload everything?? I sort of remember reading some place once about replacing the security part of the registry, but I'm not sure if that applies to this or not and I didn't find anything while I was looking...

Thanks for reading this far and thanks in advance for any ideas...
  • 0

Advertisements


#2
spaceman67

spaceman67

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
This is the microsoft link I mentioned above
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP