help can't boot even in safe mode

There is a strong possibility after running the below that you still will not be able to boot up. This is because a necessary Windows system file ( svchost.exe ) was missing and the new log produced below will look for a replacement we can use in a subsequent fix.
Download this >> View attachment fixlist.txt


Save fixlist.txt to your flash drive.

• You should now have both fixlist.txt and FRST.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now attach the Fixlog.txt file

 

Okay that fixed a few things but it did not give me the info on svchost.exe that I wanted. Please do the below.

Boot to System Recovery Options and run FRST again.
Type the below bolded text in the edit box after "Search:".

svchost.exe

Then click the Search button.

It will make a log (Search.txt) on the flash drive. Please attach this log to your next reply. (See How to attach)

 

Download this >> View attachment fixlist.txt ​

Save fixlist.txt to your flash drive.

• You should now have both fixlist.txt and FRST.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)​

Now see if you can boot into normal Windows. If you can then tell me how things are working?​

 

Okay let's make sure the svchost.exe file actually was copied in properly. Please rerun a scan with FRST like you did before posting your first message. Attach the new log.

 

Okay the svchost.exe file did not get copied. Let's try it again.

Download this >> View attachment fixlist.txt


Save fixlist.txt to your flash drive.

• You should now have both fixlist.txt and FRST.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now see if you can boot into normal Windows. If you can then tell me how things are working?​

 

I'm sorry, I had a typo in the last fixlist.txt which cause the FRST not to run properly. Could you please run the last fix again. I have corrected the fixlist.txt file. You will have to download it again.

Also not that in your first message you stated that your OS was XP, but what I see is Windows Vista (TM) Home Premium

 

Okay it still gives an unusally log saying the svchost.exe file is missing and then it states it successfully copied from the backup. But it did this last time too and a rescan with FRST still show the file to be missing.

If you boot up the PC to the command prompt ( like you would do to run FRST but do not run FRST ) and type the below, what happens:

dir C:\windows\system32\svchost.exe

Note the space after dir and note the direction of the slashes.​

 

What is the exact size and date on the one at x:\windows\system32

 

Okay that is the correct size. If you type in dir C:\windows\system32 does it display a bunch of files?

When you boot up your to the System Recovery Options, you should be seeing the below choices:

• Try selecting Startup Repair and tell me what happens.

 

What about in normal mode? If not, then try the below from the command prompt. Note the spaces befoe x: and before C:


copy x:\windows\system32\svchost.exe C:\windows\system32\svchost.exe


Did that give you a 1 file copied type message?
Does the below command now show results for svchost.exe on drive C

dir C:\windows\system32\svchost.exe

If this file is now on drive C, check to see if you can boot up normally.

 

When you get to this "black screen" , if you press CTRL-ALT-DEL, does task manager open up?

 

Download this >> View attachment fixlist.txt


Save fixlist.txt to your flash drive.

• You should now have both fixlist.txt and FRST.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now see if you can boot into normal Windows.

 

Running out of options.

During startup with System Recovery Options choose System Restore and see if you can restore to one of the older restore points from before when this problem began. I saw the below restore points listed

 

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

 

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: BHO_Startup - Disabled:{3134413B-49B4-425C-98A5-893C1F195601} - (no file)
O2 - BHO: (no name) - Disabled:{53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SkypeIEPluginBHO - Disabled:{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
O2 - BHO: (no name) - Disabled:{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll

After clicking Fix, exit HJT.

No uninstall the below program:
Inbox Toolbar

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Benchmarking is a topic for the Software Forum and there are way too many variables to compare PC to PC.

I suggest that you uninstall the below and reboot and see what effect they have:
a-squared Free 3.5
Spybot - Search & Destroy

They have the below services running:
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe

If that does not help then work thru the list of programs loading at startup they may not be necessary. Each user has to decide what they really need and do not need, but personally I would not have any of the below loading.

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ErrorTeck] C:\Program Files\ErrorTeck\ErrorTeck.exe /scan
O4 - HKCU\..\Run: [ehTray.exe] C:\windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


After that it comes down to a question of what is the performance hit occurring due to all the McAfee processes running.

 

You're welcome.

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
3. Go back to step 4 oof the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove, you can delete these files now.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!