105 replies to this topic

[Alantb]

I downloaded Adobe Flash Player update from a reputable site. A short time later I started to get AVG messages repeating every few seconds telling me that Trojan Horse Patched_c.Jee (or Jed) was affecting the system and this was not removable "in a white area". I ran Malwarebytes and AVG, neither found anything. I removed all Adobe products using Windows. At the end of the process I was advised to restart. Since then the PC will not reboot even in Safe mode and it keeps retrying. I disabled the retry option and I get BSOD with a message C000021a 0xC0000034 Logon Process Error. How do I recover? Can I reboot from CD and get the system back or will I have to reboot from CD and format the hard disk etc. etc.

[oldman960]

Hi , welcome to the forum.

To make cleaning this machine easier

• Please do not uninstall/install any programs unless asked to
  It is more difficult when files/programs are appearing in/disappearing from the logs.
• Please do not run any scans other than those requested
• Please follow all instructions in the order posted
• All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
• Do not attach any logs/reports, etc.. unless specifically requested to do so.
• If you have problems with or do not understand the instructions, Please ask before continuing.
• Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

AVG may have been the cause of the problem.

There are a few things we can try to see if you can get windows to load.

The Windows CD you have what kind is it? Is it a retail copy of Windows and what is the operating system?

First we'll try the easy.

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Use the arrow key to highlight Last Known Good Configuration
• Press Enter.

Did windows load?

Thanks

[Alantb]

I downloaded Adobe Flash Player update from a reputable site. A short time later I started to get AVG messages repeating every few seconds telling me that Trojan Horse Patched_c.Jee (or Jed) was affecting the system and this was not removable "in a white area". I ran Malwarebytes and AVG, neither found anything. I removed all Adobe products using Windows. At the end of the process I was advised to restart. Since then the PC will not reboot even in Safe mode and it keeps retrying. I disabled the retry option and I get BSOD with a message C000021a 0xC0000034 Logon Process Error.
How do I recover? Can I reboot from CD and get the system back or will I have to reboot from CD and format the hard disk etc. etc.

I tried this already and it didn't work. I also tried F9 which told me to insert a recovery CD 'Gigabyte CD' which I haven't heard of and seems like another scam.

[Alantb]

I forgot to tell you that this is Windows XP Pro and it came with the PC. I don't seem to be able to find the CD, but I do have an older one of XP Pro 2003 which may help.

[oldman960]

Hi

You didn't mention you tried Last Known Good Configuration, you said you tried Safe Mode. Gigabyte is a legitamate company. The F9 menu on your computer could be the restore options.

It would be better if we had the CD that came with the computer. We can try the CD you have and see if we can access the Recovery Console and look for a file.

Do not make any changes or use any other options.

We'll need to use the Recovery Console that is on your CD. This will allow use to gain access to some areas of windows.

You computer must be able to boot from the CD.

Insert the Windows XP startup disk into the floppy disk drive, or insert the Windows XP CD-ROM into the CD-ROM drive, and then restart the computer.

1. Click to select any options that are required to start the computer from the CD-ROM drive if you are prompted.
2. When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
3. You should now see a list of installations and the prompt "Which Windows Installation would you like to log on to?"
Select the appropriate number for the Windows installation that you want to repair. If you only have one, press 1.
4. When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

You should now have a C:\windows> prompt

-From the prompt, type the following commands, one at a time, hitting enter after each:

cd system32
dir

Note in the first line there is a space after cd

Use the space bar to scroll down the list and look for the presence of this file winlogon.exe

Let me know if it's there and the file size and date.

See if you can find your CD as you may need it to do a reinstall if it comes that. The CD that you can't find, is it a full retail version of XP or an OEM such as Dell, HP etc?

Thanks

[Alantb]

Thanks, I'll try that tomorrow - it's bedtime over here!

[oldman960]

Hi Alantb,

[Alantb]

I've been into the BIOS and set the PC to boot from the CD and ignore all errors and when I try to boot it turns on the CD but still gets the same error as described. Also, if I hit f12 for the Boot Menu and, hopefully, select the CD, the HDD still keeps a + next to it as if this were impossible to alter. Can something have infiltrated the BIOS or is this parameter immovable? There isn't a floppy on the box by the way so that alternative isn't available. Looks GRIM!

[oldman960]

Hi Alantb,

I get BSOD with a message C000021a 0xC0000034 Logon Process Error.

This is the message you are recieving?

Or

insert a recovery CD 'Gigabyte CD'

Does Bios recognize that the CD drive is installed?

[Alantb]

Yes, that's the error message on the BSOD top left. But that's a good point about recognising the CD drive. The CMOS sees two maxtor drives (correct, I have two) and Drive A (options only, not fitted) but doesn't mention a DVD/CD. That's odd because I've used it!

[oldman960]

Hi Alantb,

Given the BSOD you received it sounds like your computer is still trying to boot to Windows and not the CD.

Possible problem could be loose cable, have you been in the computer recently doing some cleaning?

Possible that the drive has died. Did the drive actually spin up or just have a power light briefly?

Not being recognized in the bios may very well explain why you can't change the boot order in F12, there isn't anything to change it to.

Please post your computer specs. Brand, model, motherboard if possible, etc.

I've been into the BIOS and set the PC to boot from the CD and ignore all errors

Is it possible to set it to boot from CD but report the errors?

[Alantb]

Hi Oldman (I'm 78, how you?), well I haven't been into the box at all but I'll have a look (tomorrow, one's wife is complaining). The CD drive doesn't have a light unless it's in some obscure place. I got fed up with trying things in the CMOS/BIOS setup and set it back to 'failsafe' combination with the Hard disk first and CDROM second. Of course this doesn't work. I can't get my head round the fact that the box may think it hasn't a CDROM, surely that's hard-wired and can't have happened via a virus - or can it? I will look at the BIOS setup on the PC I'm using, which is similar but older and slower and see what that looks like. Thanks for trying

Edited by Alantb, 14 October 2010 - 01:34 PM.

[oldman960]

Hi Alantb,



Not quite that old but getting there.

If the drive is indeed dead the bios won't see it as there would be no communication between them. Have a look in the older computer's bios and see what you can find out, just don't make any changes. If we knew the brand of computer we may be able to guide you to the area of the bios to look in.

The CD roms usually have a small light on the front that will flash on and off as the unit is being read or powered up. They are usually fairly noisy when running, kind of like a fan.

[Alantb]

AHA! ........ Found the little light, this box has a shutter at the front and this was down so that I could plug into a USB socket. and it obscures the lamp. Well it flashes and appears to read - the disk is very quiet but audible - just. However I still get the same error. The box is by Maple Systems, which I take to be connected with Acer (Acer is the latin name for that group of trees . . .) and the Operating system is (was???) a legit XP Pro. Can't say much more; I looked at the old system's BIOS and it doesn't have a CDROM entry although it has two working. It's looking as though I'm going to have to find someone to take the hard disk out and reformat it. Fortunately most things are backed up externally, but where I can get another XP Pro may be a struggle.

[oldman960]

Hi Alantb, The error you are receiving is a Windows error which would indicate the computer is not booting from the CD. Remeber, in the bios, the CD must be set to first in the boot order. If anything is ahead of it, including a HD, that has bootable media in it, it will attempt to boot there first. You can also make sure are not any USB storage devices connected to the computer. Some bootable CD's such as the Microsoft Windows XP CD will actually prompt a user to press a key to boot from the CD. If no key is pressed then the computer will continue to boot normal and not load the CD. Make sure to pay close attention to the screen as the computer is starting and press a key if prompted. Did you receive such a prompt?