Vista KSOD

Hey guys,

First of all, I'd like to thank all of you for the help over the years. I just decided to join the forum after I have come to a dead end in fixing my black screen of death. I have read a lot on the topic, have found a lot of solutions, and none have worked. I have a Vista 64-bit Home Premium OS, Dell Studio XPS 1640 Laptop that is about 1 year old. My problem is that after I type in my password to log in to my account, I get a black screen with only a white cursor. I know this has come up before on the forums but I am looking for a new solution before I reformat.
Specific details:
When I type run>explorer.exe in the task manager, nothing happens. I can type run>c: and get to the folder version of my desktop and use my computer fine from there. In fact, everything on my computer runs fine except for the desktop/start menu bar/background.
Safe mode gives me the same problem.
I have tried:
Repair function from the OS disk - nothing found to repair
Hardware test - everything works fine
Cleared event viewer logs
Checked RPC in the registry - value was normal
Of course the "read and run me first" checklist
-SAS found a trojan(SAS automatically deleted it during the scan and didn't save a log of it), MWBytes found malware.trace, and lavasoft adaware found win32.trojandownloader.Pher/B. after cleaning, nothing changed.
Shell WinLogon - registry value was normal.
I copied explorer.exe, renamed it, changed the shell winlogin to the renamed explorer1.exe, nothing worked, so i changed it back and deleted the copied explorer1.exe.
UAC is already disabled.
I tried making a new user account. Again, to no avail.
I have attached the mgtools log.
If you guys can help me out, I would really appreciate it! Thanks for reading!

 

Have you tried a system restore to a date before the problem started? Have you tried replacing the userinit.exe file and the winlogon.exe file? You'd copy the files from a known healthy PC running the same OS (if the Vista is 32bit, the files should still work, but keep copies of the original files on your PC just to be safe; it doesn't have to be the exact same version of Vista; if you have Home Premium, and the healthy PC has Home Basic or Ultimate, the files can be copied over w/o issues).

 

I went thru your HijackThis log just for the hell of it, and found some disturbing entries that show numerous missing files, some of them are VERY important system files (like the Application Layer Gateway, or alg.exe, the file lsass.exe is the Local Security Authentication Server and is also crucial to Windows running correctly).

The 2nd O23 item in the edited list I posted above is an ATI video driver file which might explain why you get no real desktop..... however, since I'm FAR from any type of HJT log reading guru, I could be wrong, so hopefully someone else will read this and shed some light on everything....

...... and Welcome to Major Geeks!!! :wave :major

 

Thanks for the quick response. System restore did not solve the problem. I just put a copy of userinit.exe and winlogon.exe onto a flash drive from another vista computer, but when I try to replace them on my computer, it says I need permission to do so. should I save the files as a slightly different name and change the registry values? From the looks of that log, it seems my computer is pretty messed up huh? Weird, because just a day ago it was running perfectly. Also, another thing I tried earlier was to install new video card drivers from ATI, as someone along the line mentioned that could be a problem. And thanks for the welcome!

 

YES! Welcome.

If you can backup your data - and it sounds like you can, I would get a new hard drive and go install Win 7. You can eventually repair your Vista install, but need to decide if it is worth the time.

My 2 cents..

 

@Dave8 and dlb,

FYI, it's my understanding that HijackThis doesn't run properly on 64-bit PCs and gives bogus information about missing files...and yes, it caught me out once before, too...oops. A cursory look on TrendMicro's site, though, didn't say anything one way or the other. One would think they would have a version for 64-bit and one for 32-bit.

Also, there are various solutions on the web for fixing winlogin and userinit. I can't vouch for any of them because I've never had the problem. If you can get to regedit, though, you might search for userinit and when found make sure that it points to the proper folder. Malware is known for substituting its own userinit and winlogon info, so be careful. Also, if possible, find the pertinent files on the disk and check their properties and see if their dates are the same as other Windows files. A later date could mean malware, and a very recent date almost certainly means malware...just letting you know just in case but it doesn't like a malware problem.

Good luck.