Velexia
Posts: 34 +0
Current Situation: Power, On. F1 (Case Opened), F8. Disable Automatic Restart on System Failure.
This is a possibility, as I am dealing with viruses, and my computer uses an AMD CPU.
If this is the case, the following may work.. (I am going to try it after the CHKDSK /R completes...
Edit: No luck with "disable intelppm." This was not the cause.
What has been done thus far:
I have performed the Repair Install (after some fiddling to get Repair to be an option at all), I have gone into the Recovery Console and disabled several systems from the listsvc:
PDCOMP, PDFRAME, PDRELI, PDRFRAME, PnkBstrK (From America's Army Video Game), TDPIPE, and TDTCP.
Also, after exploring with Dir C:\ I have located and deleted the following files:
C:\dens.exe
C:\enhs.exe
C:\siuhb.exe
C:\WINDOWS\kgt2k.ini
C:\WINDOWS\ntbtlog.txt
C:\WINDOWS\ocgen.log
C:\WINDOWS\ocmsn.log
C:\WINDOWS\Registration\(All Suspicious Files modified in the last 3 days)
C:\WINDOWS\Security\(All Suspicious Files modified in the last 3 days)
C:\WINDOWS\setupact.log
C:\WINDOWS\setuplog.txt
C:\WINDOWS\system.ini
C:\WINDOWS\Tasks\(All Suspicious Files modified in the last 3 days)
C:\WINDOWS\Temp\Perflib_Perfdata_2a8.dat
C:\WINDOWS\Temp\Perflib_Perfdata_500.dat
C:\WINDOWS\Temp\Perflib_Perfdata_6c4.dat
C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat
C:\WINDOWS\Temp\Perflib_Perfdata_b4c.dat
C:\WINDOWS\Temp\Perflib_Perfdata_bd0.dat
C:\WINDOWS\Temp\Perflib_Perfdata_c2c.dat
C:\WINDOWS\Temp\WGANotify.settings
C:\WINDOWS\System32\critical_warning.html
C:\WINDOWS\System32\FNTCACHE.DAT
C:\WINDOWS\System32\GroupPolicy
C:\WINDOWS\System32\nmp.log
C:\WINDOWS\System32\nvapps.xml
C:\WINDOWS\System32\perfc009.dat
C:\WINDOWS\System32\perfh009.dat
C:\WINDOWS\System32\PerfStringBackup.ini
C:\WINDOWS\System32\sirenacm.dll
C:\WINDOWS\System32\wpa.bak
After deleting these files, I then performed another Repair Install (hoping to replace the deleted files such as sirenacm.dll and wpa.bak, otherwise, I have bookmarked websites where I can get fresh copies of those files).
I need to enable the SET command still, to investigate/deal with whatever is lurking in the following folders:
C:\My Web Sites
C:\Program Files
C:\System Volume Information
Also, this file has obviously been tampered with, but access is denied:
C:\config.msi
Edit: Config.Msi was a folder, and has been dealt with.
I have rebuilt the boot.ini, and downloaded a BIOS update onto this (EeePC Laptop) computer for my dead rig. I can put it into a Flash Drive, but I am unsure of the ability to update the BIOS via a flash drive without being able to get to the Welcome Screen (or past it).
I have attempted all forms of Safe Mode and every other option after F8. They all end in a Blue Screen of Death before the Welcome Screen.
I have been getting the BSOD ever since the boot.ini was rebuilt, the repair install was performed, and the CMOS was cleared.
Before those actions had been taken, when I would go to the Login Screen, only my Guest Account was visible "Droog." At that screen I would double crtl+alt+del to login as my Administrator Account, and the computer would start to load windows, then stop, and take me back to the Welcome Screen.
It's been doing this ever since Avast decided that "aec.sys" was a suspicious file, and wanted to do a boot-time scan (which found nothing).
Other symptoms of the virus army while I still had access to the desktop was the disabling of the System Restore function and the Task manager. I re-enabled both of those, but when Avast wanted to do another boot-time scan, upon restart they were both disabled again. I had Process Explorer, so I wasn't exceptionally worried about that.
I need assistance currently in getting past this Blue Screen of Death. I can then assess the situation with the Virus Army, and hopefully get into the Desktop again, where I can unleash hell =)
This is day 4 of the battle.
As a backup plan, I have ordered two new Hard Drives and a Copy of Windows 7, if all else fails. At which point I shall be doing recovery missions into my old Hard Drive for the numerous files which I am VERY attached to.
I may have left some things out (It's been 4 days...) So I will mention anything that I remember as it comes up =)
"A problem has been detected and windows has been shut down to prevent damage to your computer.
If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:
Check to be sure you have adequate disk space. If a driver is identified in the stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters.
Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.
Technical information:
*** STOP: 0x0000007E (0xC0000005, 0x3F3F3F3F, 0xF78F04FC, 0XF78F01F8)"
If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:
Check to be sure you have adequate disk space. If a driver is identified in the stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters.
Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.
Technical information:
*** STOP: 0x0000007E (0xC0000005, 0x3F3F3F3F, 0xF78F04FC, 0XF78F01F8)"
The SYSTEM_THREAD_EXCEPTION_NOT_HANDLED bug check has a value of 0x0000007E. This bug check indicates that a system thread generated an exception that the error handler did not catch.
1 The exception code that was not handled
2 The address where the exception occurred
3 The address of the exception record
4 The address of the context record
This problem occurs when a System Preparation (Sysprep) image is created on a computer that uses an Intel processor and is then deployed to a computer that does not use an Intel processor.
This is a possibility, as I am dealing with viruses, and my computer uses an AMD CPU.
If this is the case, the following may work.. (I am going to try it after the CHKDSK /R completes...
Method 2
To work around this issue, run the recovery console by using the Windows XP CD. Then, select the recovery option. To run the Recovery Console from the Windows XP startup disk or from the Windows XP CD, follow these steps:
1. Insert the Windows XP startup disk in the floppy disk drive. Or, insert the Windows XP CD in the CD drive. Then, restart the computer.
Note If you are prompted, click to select any options that are required to start the computer from the CD drive.
2. When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
3. If you have a dual-boot computer or a multiple-boot computer, select the installation that you want to access from the Recovery Console.
4. When you are prompted, type the administrator password.
Note Press ENTER if the administrator password is blank.
5. At the Recovery Console command prompt, type the following command, and then press ENTER:
disable intelppm
6. To exit the Recovery Console and to restart the computer, type exit at the Recovery Console command prompt, and then press ENTER.
Edit: No luck with "disable intelppm." This was not the cause.
What has been done thus far:
I have performed the Repair Install (after some fiddling to get Repair to be an option at all), I have gone into the Recovery Console and disabled several systems from the listsvc:
PDCOMP, PDFRAME, PDRELI, PDRFRAME, PnkBstrK (From America's Army Video Game), TDPIPE, and TDTCP.
Also, after exploring with Dir C:\ I have located and deleted the following files:
C:\dens.exe
C:\enhs.exe
C:\siuhb.exe
C:\WINDOWS\kgt2k.ini
C:\WINDOWS\ntbtlog.txt
C:\WINDOWS\ocgen.log
C:\WINDOWS\ocmsn.log
C:\WINDOWS\Registration\(All Suspicious Files modified in the last 3 days)
C:\WINDOWS\Security\(All Suspicious Files modified in the last 3 days)
C:\WINDOWS\setupact.log
C:\WINDOWS\setuplog.txt
C:\WINDOWS\system.ini
C:\WINDOWS\Tasks\(All Suspicious Files modified in the last 3 days)
C:\WINDOWS\Temp\Perflib_Perfdata_2a8.dat
C:\WINDOWS\Temp\Perflib_Perfdata_500.dat
C:\WINDOWS\Temp\Perflib_Perfdata_6c4.dat
C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat
C:\WINDOWS\Temp\Perflib_Perfdata_b4c.dat
C:\WINDOWS\Temp\Perflib_Perfdata_bd0.dat
C:\WINDOWS\Temp\Perflib_Perfdata_c2c.dat
C:\WINDOWS\Temp\WGANotify.settings
C:\WINDOWS\System32\critical_warning.html
C:\WINDOWS\System32\FNTCACHE.DAT
C:\WINDOWS\System32\GroupPolicy
C:\WINDOWS\System32\nmp.log
C:\WINDOWS\System32\nvapps.xml
C:\WINDOWS\System32\perfc009.dat
C:\WINDOWS\System32\perfh009.dat
C:\WINDOWS\System32\PerfStringBackup.ini
C:\WINDOWS\System32\sirenacm.dll
C:\WINDOWS\System32\wpa.bak
After deleting these files, I then performed another Repair Install (hoping to replace the deleted files such as sirenacm.dll and wpa.bak, otherwise, I have bookmarked websites where I can get fresh copies of those files).
I need to enable the SET command still, to investigate/deal with whatever is lurking in the following folders:
C:\My Web Sites
C:\Program Files
C:\System Volume Information
Also, this file has obviously been tampered with, but access is denied:
C:\config.msi
Edit: Config.Msi was a folder, and has been dealt with.
I have rebuilt the boot.ini, and downloaded a BIOS update onto this (EeePC Laptop) computer for my dead rig. I can put it into a Flash Drive, but I am unsure of the ability to update the BIOS via a flash drive without being able to get to the Welcome Screen (or past it).
I have attempted all forms of Safe Mode and every other option after F8. They all end in a Blue Screen of Death before the Welcome Screen.
I have been getting the BSOD ever since the boot.ini was rebuilt, the repair install was performed, and the CMOS was cleared.
Before those actions had been taken, when I would go to the Login Screen, only my Guest Account was visible "Droog." At that screen I would double crtl+alt+del to login as my Administrator Account, and the computer would start to load windows, then stop, and take me back to the Welcome Screen.
It's been doing this ever since Avast decided that "aec.sys" was a suspicious file, and wanted to do a boot-time scan (which found nothing).
Other symptoms of the virus army while I still had access to the desktop was the disabling of the System Restore function and the Task manager. I re-enabled both of those, but when Avast wanted to do another boot-time scan, upon restart they were both disabled again. I had Process Explorer, so I wasn't exceptionally worried about that.
I need assistance currently in getting past this Blue Screen of Death. I can then assess the situation with the Virus Army, and hopefully get into the Desktop again, where I can unleash hell =)
This is day 4 of the battle.
As a backup plan, I have ordered two new Hard Drives and a Copy of Windows 7, if all else fails. At which point I shall be doing recovery missions into my old Hard Drive for the numerous files which I am VERY attached to.
I may have left some things out (It's been 4 days...) So I will mention anything that I remember as it comes up =)