Question

Locked

HELP - Vista will only boot in safe mode

By june1203 ·
Hello,
My pc crashed and after I have spent at least five hours scouring forums for a solution., i finally used the install disk to reformat and reinstall. It did it and saved the current settings as "windows old"
Everything went well, it rebooted while i had the disc in it after installing. I then removed the disk, and after it updated, rebooted to install windows updates.
Now it will only boot in safe mode again!
Can a virus get so far into the hard drive that it can prevent itself gettng wiped????
Anyway, im now downloading some malware programs, to see if i can find anything. The pc wouldnt load avg, so hopefully i can do get something to download.


PLEASE HELP!!!!!

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Crashing?

by seanferd In reply to HELP - Vista will only bo ...

Well, what are the error messages? have you checked the event logs?

Have you considered that it might be an update that is causing the problem?

"Can a virus get so far into the hard drive that it can prevent itself gettng wiped????"

There is no such thing as "so far in", it's either on the disk or not. Formatting does not wipe the drive. If you suspect malware, and your AV or Malwarebytes in Safe Mode can't fix it, wipe the drive with DBAN or Killdisk before re-installing.

Malware could also be on a removable device that you had re-connected, re-infecting the system.

On rare occasions, malware may also reside in firmware, including on a modem/router.

Unless you say what the errors are, we can't guess as to what is causing the crash. Could be anything.

Collapse -

details of errors

by june1203 In reply to Crashing?

thanks for the reply

i ran superantispyware this moring, and it found a trojan dropper win-nv. Unfortunately pc will still not boot in normal mode. Am running malware antibytes now to see what that will find.

The error logs are as follows


Description:
DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="4**52">10005</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-12-09T22:29:08.000Z" />
<EventRecordID>1646</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>home-pc</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">1068</Data>
<Data Name="param2">fdPHost</Data>
<Data Name="param3">
</Data>
<Data Name="param4">{145B4335-FE2A-4927-A040-7C35AD3180EF}</Data>
</EventData>
</Event>

---------------------------------------

Log Name: Application
Source: Microsoft-Windows-EventSystem
Date: 12/10/2010 9:29:07 AM
Event I 4609
Task Category: Event System
Level: Error
Keywords: Classic
User: N/A
Computer: home-pc
Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vistartm\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" />
<EventID Qualifiers="4**52">4609</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>16</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-12-09T22:29:07.000Z" />
<EventRecordID>265</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>home-pc</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">d:\vistartm\com\complus\src\events\tier1\eventsystemobj.cpp</Data>
<Data Name="param2">45</Data>
<Data Name="param3">8007043c</Data>
</EventData>
</Event>

--------------------------------------
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 12/10/2010 9:29:08 AM
Event I 10005
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: home-pc
Description:
DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="4**52">10005</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2010-12-09T22:29:08.000Z" />
<EventRecordID>1646</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>home-pc</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">1068</Data>
<Data Name="param2">fdPHost</Data>
<Data Name="param3">
</Data>
<Data Name="param4">{145B4335-FE2A-4927-A040-7C35AD3180EF}</Data>
</EventData>
</Event>

------------------------------

those are the two main ones, there are a few others and lots of warnings.

Any more help would be great, and I will look into the killdisk also.

thanks muchly

Collapse -

OK.

by seanferd In reply to details of errors

Go ahead and run Malwarebytes in Safe Mode. Turn off System Restore first. Any time MBAM finds something, let it clean the infection, then run MBAM again until you get nor results.

It is possible that you cannot boot normally because the malware or removal thereof has broken something.

I find it odd that the fdPHost service failing (LAN networking discovery) would crash the system with an an empty argument. (And bugger the Event System as well. :^0 )

You can try going to the services console (Type: services.msc in the Run box) and disable this service for now (possibly named "WS Discovery Service").

What happens, though, when you attempt to boot normally? When does the procedure fail?

If Windows is automatically rebooting after failure, you are probably missing an error message. Turn this behavior off.
http://pcsupport.about.com/od/windowsvista/ht/arestartvista.htm

If you then get a BSOD or other error, tell us what it is. (For BSOD, give the leading error code and description.)

Further, once your scans come up clean, have your Vista disk handy, and type: sfc /scannow in the Run box. This may fix the problem withthe fdPHost files. (Just for reference: http://technet.microsoft.com/en-us/library/cc735**9(WS.10).aspx )

Interesting:
I don't know if these vulnerabilities are patched or not: http://www.pc1news.com/files/583832-fdphost-dll.html

Collapse -

now its really screwed

by june1203 In reply to OK.

pc will not boot in safe mode anymore. it loads files then just reboots. I am checking out killdisk as I speak.

Just to keep you up to date. Hopefully i dont throw it through the window

Collapse -

automatic reboot disabled

by june1203 In reply to OK.

I managed to disable the automatic reboot. The error i get says
pc shut down etc etc

technical information
***stop:0x00000024 (0x00190445,0x8401AA90,0xC0000102,0x000000000)

does that tell you anything???

---when life gives you a jeffrey, stroke the furry wall----

Collapse -

Still in trouble

by june1203 In reply to HELP - Vista will only bo ...

HI

I ended up running killdisk. I then reinstalled Vista. It worked ok a couple of times, then went back to not booting in normal, and rebooting, even though i have disabled the automatic reboot.

Any ideas?

thanks

June

Back to Malware Forum
6 total posts (Page 1 of 1)  

Related Forums