I have 2 computers both doing the same thing... Here's the story:
One is XP Home SP3 and the other is XP Pro SP3... both were infected via an infected USB drive with what started as Virut... I was able to log into them fine in the beginning, but they were infected... Also, system restore wasn't turned on with either system so that isn't an option...
I ran Malwarebytes, it found 235 infected files on one and only about 110 on the other, I told it to remove the infected files on both of them, Malwarebytes requested a reboot and after the reboot it came up to a BSOD 0x0000007e error screen on both machines (in safe mode and normal boot)...
I then concentrated on the Pro machine...
I booted to the recovery console, ran a chkdsk /r, no change...
Then tried fixboot and fixmbr and chkdsk /r, same thing...
I ran a scan using Avira's boot rescue disk and it clean a few more infected files, but still it came up to the 7e BSOD...
I tried a repair install of the OS, rebooted and it came up with "windows must be activated before logging on" box, if I hit the button to activate, it would go to a screen showing the background and cursor and nothing else and just hang there and if I cancel it goes back to let me pick a user...
From here I could get into the basic Safe Mode, but not Safe Mode with networking...
Then from safe mode I renamed wpa.dbl and wpa.bak to wpa_old.dbl and wpa_old.bak and rebooted...
this changed the popup box to say "A problem is preventing Windows from accurately checking the license for this computer" but again if I hit the button to try to continue it will just hang and if I cancel it goes back to the screen showing all the users...
From safe mode I reloaded SP3... No change...
So from there I found several things to try and none of them have changed anything... But here's what I did so far:
1. HKEY_LOCAL_MACHINE\SYSTEM\MountedDevices. Click Mounted Devices. Look for \DosDevices\X:, where X is the letter of the system drive. If it’s something other than C ***(everything looked normal here)
2. went to delete both HKEY_USERS\.DEFAULT\Software\Microsoft\Cryptography\Providers and HKEY_USERS\S-1-5-20\Software\Microsoft\Cryptography\Providers, but neither were there
3. Verified that Windows\System32\secupd.dat, Windows\System32\oembios.dat and Windows\System32\oembios.bin were all there and they appear to be the same as this computer in size and date...
4. From Safe Mode I ran:
regsvr32 licwmi.dll
regsvr32 regwizc.dll
regsvr32 licdll.dll
regsvr32 jscript.dll
regsvr32 vbscript.dll
regsvr32 msxml.dll
regsvr32 shdocvw.dll
regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 dssenh.dll
regsvr32 rsaenh.dll
regsvr32 gpkcsp.dll
regsvr32 sccbase.dll
regsvr32 slbcsp.dll
regsvr32 cryptdlg.dll
Still the same thing...
5. I ran ren "C:Windows\system32\catroot2\Edb.log *.tst"
6. Search for Reset5.exe, .dll, .dat, .dt* and srvany.exe and found none of them to delete
7. I also did everything on this page Microsoft Info
I'm about out of ideas... Anyone have any more suggestions outside of the common reload everything?? I sort of remember reading some place once about replacing the security part of the registry, but I'm not sure if that applies to this or not and I didn't find anything while I was looking...
Thanks for reading this far and thanks in advance for any ideas...
Sign In
Create Account
