0

hi i've been having a problem on my gateway laptop it blue screens when i try to start windows vista, i've tried using the vista recovery cd but that didn't help eventually i was able to boot into safe mode using the bootrec command, i ran malwarebytes antimalware while in safe mode and found a few infection that i removed but i'm still unable to boot windows normaly any help would be appreciated. from what i can tell it seems theres a problem with svchost.exe

2
Contributors
6
Replies
7
Views
6 Years
Discussion Span
Last Post by j2130
0

Can you do a Hijackthis log on it? If so, post it here and we will take a look to see if there any nasties left over that could be causing your problem.

0

hi i've been having a problem on my gateway laptop it blue screens when i try to start windows vista, i've tried using the vista recovery cd but that didn't help eventually i was able to boot into safe mode using the bootrec command, i ran malwarebytes antimalware while in safe mode and found a few infection that i removed but i'm still unable to boot windows normaly any help would be appreciated. from what i can tell it seems theres a problem with svchost.exe

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:57:42 AM, on 1/12/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/index.php?eu=JnnfCG-JqCdKT8klQQ0nnQ
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.97
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4404 bytes

0

Have HJT fix the following entries (if there) by placing a tick in the box next to each entry.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.97

Once done, click the fixed checked button and see if it will boot into normal mode.

If it still won't, boot into safe mode with networking and download Mbam from here - http://www.malwarebytes.org/mbam.php

Make sure you allow it to update then get it to do a FULL scan and REMOVE all it finds. Then see if it will boot into normal mode.


Let me know how you get on and please remember that there may well be more things that need to be done.

Edited by Rik_: n/a

0

Have HJT fix the following entries (if there) by placing a tick in the box next to each entry.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.97
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.125 85.255.112.97

Once done, click the fixed checked button and see if it will boot into normal mode.

If it still won't, boot into safe mode with networking and download Mbam from here - http://www.malwarebytes.org/mbam.php

Make sure you allow it to update then get it to do a FULL scan and REMOVE all it finds. Then see if it will boot into normal mode.


Let me know how you get on and please remember that there may well be more things that need to be done.

well i scanned it with malwarebytes still wont boot into normal mode found like 24 infecttions

0

decided to just install win xp since i can't figure out what's causing the bsod in vista

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.