Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cannot boot into XP drive in Win7/XP Dual Boot System


  • Please log in to reply

#1
Kerwin701

Kerwin701

    New Member

  • Member
  • Pip
  • 5 posts

I can't boot into my xp drive from my Dual boot system. Primary and default boot is Win7 Secondary boot is WinXP. Both OS's are on separate drives. When I try to boot into the XP drive My error msg says:

"Windows could not start because the following file is missing or corrupt: <Windows root>\system32\hal.dll. Please re-install a copy of the above file."

So far to repair this I have reinstalled a Norton Ghost 15 disk backup of Windows 7 and of Winxp. No Joy. I also tried to fix the boot sector from Windows 7 by using the repair function of the win7 disk. No Joy.

 

Then I installed BCD which I don't know very well, and selected 'repair' When I tried to enter my xp drive this is the message I got.

"Windows failed to start. A recent hardware of software change might be the cause. To fix the problem:"

1. Insert your Windows installation disc and restart your computer.
2. Choose your language settings, and then click "Next."
3. Click "Repair you computer."

If you do not have disc, contact the administrator or manufacturer for assistance.

File: \NST\NTDLR
Status: 0xc000000f
Info: The selected entry could not be loaded because application is missing or corrupt.

 

What do I do now? I have instalaltion disks of both os's and can download any tools I need. I don't know if I installed malware or added some new hardware.


  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts
Hello Kerwin701,
 
Welcome to Geekstogo.
 
Let's have a look in case it is a malware caused problem. If it isn't you may need to start a new topic in the XP forum.
 
Now
 
Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Plug the flashdrive into the infected PC.
 
 To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64)  and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will create a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#3
Kerwin701

Kerwin701

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi and thanks for your help.

 

I'm pretty sure you wanted me to scan my Win7 drive since the boot files are located there. However I also scanned the XP files. They're listed second. Here they are:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by SYSTEM on MININT-KAUREU1 on 29-03-2014 01:17:42
Running from H:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12005080 2013-08-28] (Realtek Semiconductor)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Norton Ghost 15.0] - C:\Program Files\Norton Ghost\Agent\VProTray.exe [2596712 2009-10-01] (Symantec Corporation)
HKLM\...\Run: [XFastUSB] - C:\Program Files\XFastUSB\XFastUsb.exe [5019360 2013-11-14] (FNet Co., Ltd.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\Private User\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-10-24] (Google Inc.)
HKU\Private User\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2217416 2007-02-22] ()
S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
S2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2012-02-20] (SEIKO EPSON CORPORATION)
S3 GenericMount Helper Service; C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1571336 2009-09-21] (Symantec)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4584288 2009-10-01] (Symantec Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [93848 2009-08-17] (SiSoftware)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
S3 SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [1964528 2009-09-21] (Symantec)
S2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

S0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
S3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [353096 2011-03-24] (BitDefender)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29760 2014-03-28] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2013-11-14] (FNet Co., Ltd.)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [31560 2013-10-26] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S1 MpKsl1dad47e9; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19185D92-86CF-40EA-B363-88C8B6CE6C96}\MpKsl1dad47e9.sys [39464 2014-03-28] ()
S1 MpKsl7c46071a; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19185D92-86CF-40EA-B363-88C8B6CE6C96}\MpKsl7c46071a.sys [39464 2014-03-29] (Microsoft Corporation)
S2 PfModNT; C:\Windows\system32\PfModNT.sys [10194 2002-09-06] (Creative Technology Ltd.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2012-01-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2012-01-18] ()
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 sbpci; C:\Windows\System32\drivers\sbpci.sys [668160 2002-10-22] (Creative Technology Ltd.)
S3 Si3132r5; C:\Windows\system32\DRIVERS\Si3132r5.sys [217128 2008-10-09] (Silicon Image, Inc)
S0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2008-10-09] (Silicon Image, Inc.)
S0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2008-10-09] (Silicon Image, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [12984 2012-01-23] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2014-03-12] (The OpenVPN Project)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [256904 2012-06-04] (Trend Micro Inc.)
S0 vidsflt58; C:\Windows\System32\DRIVERS\vsflt58.sys [84512 2012-05-10] (Acronis)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [15096 2009-09-21] (Symantec Corporation)
S2 V2iMount;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-29 01:03 - 2014-03-29 01:17 - 00000000 ____D () C:\FRST
2014-03-29 00:12 - 2014-03-29 01:06 - 00024936 _____ () C:\Users\Private User\Desktop\FRSTxp.txt
2014-03-28 23:43 - 2014-03-28 23:43 - 00003288 ____N () C:\bootsqm.dat
2014-03-28 23:16 - 2014-03-28 23:16 - 01145856 _____ (Farbar) C:\Users\Private User\Downloads\FRST.exe
2014-03-28 23:10 - 2014-03-28 23:10 - 00133581 _____ () C:\Users\Private User\Desktop\Cannot boot into XP drive in Win7_XP Dual Boot System - Computer Won't Boot - Malware Related.htm
2014-03-28 23:10 - 2014-03-28 23:10 - 00000000 ____D () C:\Users\Private User\Desktop\Cannot boot into XP drive in Win7_XP Dual Boot System - Computer Won't Boot - Malware Related_files
2014-03-28 18:48 - 2014-03-28 18:49 - 00000004 ____H () C:\Program Files\__iw3sp
2014-03-28 18:38 - 2014-03-26 01:32 - 1030228290 ____R () C:\Users\Private User\Desktop\Thief - Deadly Shadows.7z
2014-03-27 22:05 - 2014-03-27 22:05 - 00000249 _____ () C:\Users\Private User\Desktop\(14 unread) - jpeterb701 - Yahoo Mail.URL
2014-03-27 20:57 - 2014-03-27 21:05 - 00000468 _____ () C:\Users\Private User\Desktop\winxp loading problem.txt
2014-03-27 20:54 - 2014-03-27 20:54 - 00032768 _____ () C:\bcd_backup
2014-03-27 20:54 - 2014-03-27 20:54 - 00029696 ___SH () C:\bcd_backup.LOG
2014-03-27 20:53 - 2014-03-27 20:53 - 00000000 _____ () C:\Users\Private User\Desktop\New Text Document (2).txt
2014-03-27 20:01 - 2014-03-27 20:01 - 00000000 ____D () C:\NST
2014-03-27 19:22 - 2014-03-27 20:50 - 00000000 ____D () C:\Users\Private User\AppData\Local\NeoSmart_Technologies
2014-03-27 19:21 - 2014-03-27 19:21 - 00032768 _____ () C:\Users\Private User\Documents\EasyBCD Backup (2014-03-27) (2).bcd
2014-03-27 19:13 - 2014-03-27 19:13 - 00032768 _____ () C:\Users\Private User\Documents\EasyBCD Backup (2014-03-27).bcd
2014-03-27 19:13 - 2014-03-27 19:13 - 00001175 _____ () C:\Users\Public\Desktop\EasyBCD 2.2.lnk
2014-03-27 19:12 - 2014-03-27 19:12 - 01618440 _____ () C:\Users\Private User\Downloads\EasyBCD 2.2.exe
2014-03-27 19:12 - 2014-03-27 19:12 - 01618440 _____ () C:\Users\Private User\Desktop\EasyBCD 2.2.exe
2014-03-27 19:12 - 2014-03-27 19:12 - 00000000 ____D () C:\Program Files\NeoSmart Technologies
2014-03-25 23:39 - 2014-03-25 23:39 - 00000000 _____ () C:\Users\Private User\Desktop\New Text Document.txt
2014-03-25 18:07 - 2014-03-25 18:07 - 00000000 ____D () C:\ProgramData\Rockstar Games
2014-03-23 23:11 - 2014-03-23 23:22 - 00000000 ____D () C:\Users\Private User\Documents\S&M Lois
2014-03-23 17:46 - 2014-03-23 17:46 - 00000237 _____ () C:\Users\Private User\Desktop\Yahoo Mail.URL
2014-03-23 17:46 - 2014-03-23 17:46 - 00000109 _____ () C:\Users\Private User\Desktop\Yahoo!Mail.URL
2014-03-23 17:13 - 2014-03-23 17:13 - 00032819 _____ () C:\Users\Private User\Downloads\[kickass.to]max.payne.3.2012.pc.rip.torrent
2014-03-21 23:08 - 2014-03-21 23:08 - 00000000 ____D () C:\Users\Private User\AppData\Local\Chromium
2014-03-21 22:43 - 2008-10-15 05:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2014-03-21 22:43 - 2008-10-15 05:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2014-03-21 22:42 - 2008-10-15 05:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2014-03-21 14:57 - 2014-03-21 14:57 - 00025028 _____ () C:\Users\Private User\Desktop\brynmarapartments.com.htm
2014-03-21 14:57 - 2014-03-21 14:57 - 00000000 ____D () C:\Users\Private User\Desktop\brynmarapartments.com_files
2014-03-21 12:06 - 2014-03-23 23:49 - 00000115 _____ () C:\Users\Private User\Desktop\apt shopping list.txt
2014-03-14 22:16 - 2014-03-14 22:16 - 00000000 ____D () C:\fbb0c41fe0d5c57d0fa249a8
2014-03-13 14:56 - 2014-03-13 14:59 - 00000000 ____D () C:\Users\Private User\Documents\kerwin pics
2014-03-12 19:55 - 2014-02-28 20:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-12 19:55 - 2014-02-28 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-12 19:55 - 2014-02-28 20:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-03-12 19:55 - 2014-02-28 19:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-03-12 19:55 - 2014-02-28 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-03-12 19:55 - 2014-02-28 19:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-12 19:55 - 2014-02-28 19:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-12 19:55 - 2014-02-28 19:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-03-12 19:55 - 2014-02-28 19:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-12 19:55 - 2014-02-28 19:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-03-12 19:55 - 2014-02-28 19:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-03-12 19:55 - 2014-02-28 19:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-03-12 19:55 - 2014-02-28 19:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-12 19:55 - 2014-02-28 19:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-03-12 19:55 - 2014-02-28 19:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-03-12 19:55 - 2014-02-28 19:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-12 19:55 - 2014-02-28 19:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-12 19:55 - 2014-02-28 19:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-03-12 19:55 - 2014-02-28 18:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-12 19:55 - 2014-02-28 18:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-12 19:55 - 2014-02-28 18:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-12 19:55 - 2014-02-28 18:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-03-12 19:55 - 2014-02-03 18:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-12 19:54 - 2014-02-06 17:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-12 19:54 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 ____D () C:\Users\Private User\AppData\Roaming\Titanium
2014-03-12 17:04 - 2014-03-12 17:05 - 00000000 ____D () C:\Program Files\pia_manager
2014-03-12 17:04 - 2014-03-12 17:04 - 00026624 _____ (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2014-03-10 01:09 - 2014-03-12 17:04 - 00000000 ____D () C:\Users\Private User\Documents\vpn
2014-03-09 20:42 - 2014-03-10 16:15 - 00000000 ____D () C:\Users\Private User\Documents\insurance commissioner
2014-03-08 22:55 - 2014-03-08 22:55 - 00000165 _____ () C:\Users\Private User\Desktop\TV Listings.URL
2014-03-07 17:24 - 2014-03-07 17:24 - 00210903 _____ () C:\Users\Private User\Downloads\CenturyLink _ Customize.htm
2014-03-07 17:24 - 2014-03-07 17:24 - 00000000 ____D () C:\Users\Private User\Downloads\CenturyLink _ Customize_files
2014-03-04 18:16 - 2014-03-05 16:42 - 00013824 _____ () C:\Users\Private User\Documents\Peter's weight chart.xls

==================== One Month Modified Files and Folders =======

2014-03-29 01:17 - 2014-03-29 01:03 - 00000000 ____D () C:\FRST
2014-03-29 01:06 - 2014-03-29 00:12 - 00024936 _____ () C:\Users\Private User\Desktop\FRSTxp.txt
2014-03-29 00:12 - 2013-05-01 20:27 - 00000000 ____D () C:\Users\Private User\AppData\Roaming\ID Vault
2014-03-29 00:09 - 2009-07-13 20:39 - 12239408 ____C () C:\Windows\setupact.log
2014-03-29 00:08 - 2014-01-07 23:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-28 23:52 - 2014-01-07 23:21 - 01433708 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 23:52 - 2013-05-01 20:27 - 00000000 ____D () C:\Users\Private User\AppData\Local\ID Vault
2014-03-28 23:52 - 2009-07-13 20:34 - 00013760 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 23:52 - 2009-07-13 20:34 - 00013760 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 23:51 - 2014-01-08 00:19 - 00782470 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-28 23:49 - 2013-11-14 20:48 - 00029760 _____ (FNet Co., Ltd.) C:\Windows\System32\Drivers\FNETTBOH_305.SYS
2014-03-28 23:43 - 2014-03-28 23:43 - 00003288 ____N () C:\bootsqm.dat
2014-03-28 23:16 - 2014-03-28 23:16 - 01145856 _____ (Farbar) C:\Users\Private User\Downloads\FRST.exe
2014-03-28 23:10 - 2014-03-28 23:10 - 00133581 _____ () C:\Users\Private User\Desktop\Cannot boot into XP drive in Win7_XP Dual Boot System - Computer Won't Boot - Malware Related.htm
2014-03-28 23:10 - 2014-03-28 23:10 - 00000000 ____D () C:\Users\Private User\Desktop\Cannot boot into XP drive in Win7_XP Dual Boot System - Computer Won't Boot - Malware Related_files
2014-03-28 18:49 - 2014-03-28 18:48 - 00000004 ____H () C:\Program Files\__iw3sp
2014-03-27 22:05 - 2014-03-27 22:05 - 00000249 _____ () C:\Users\Private User\Desktop\(14 unread) - jpeterb701 - Yahoo Mail.URL
2014-03-27 21:51 - 2012-03-15 15:43 - 00000000 ____D () C:\Users\Private User\AppData\Local\Google
2014-03-27 21:05 - 2014-03-27 20:57 - 00000468 _____ () C:\Users\Private User\Desktop\winxp loading problem.txt
2014-03-27 20:54 - 2014-03-27 20:54 - 00032768 _____ () C:\bcd_backup
2014-03-27 20:54 - 2014-03-27 20:54 - 00029696 ___SH () C:\bcd_backup.LOG
2014-03-27 20:53 - 2014-03-27 20:53 - 00000000 _____ () C:\Users\Private User\Desktop\New Text Document (2).txt
2014-03-27 20:50 - 2014-03-27 19:22 - 00000000 ____D () C:\Users\Private User\AppData\Local\NeoSmart_Technologies
2014-03-27 20:50 - 2009-07-13 23:48 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-27 20:50 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\wfp
2014-03-27 20:50 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-27 20:30 - 2011-06-09 01:29 - 00000000 ____D () C:\Users\Private User\AppData\Roaming\uTorrent
2014-03-27 20:02 - 2009-07-13 20:57 - 00025600 ___SH () C:\Windows\System32\config\BCD-Template.LOG
2014-03-27 20:02 - 2009-07-13 20:52 - 00028672 _____ () C:\Windows\System32\config\BCD-Template
2014-03-27 20:01 - 2014-03-27 20:01 - 00000000 ____D () C:\NST
2014-03-27 20:01 - 2014-01-07 03:45 - 00000345 __RSH () C:\boot.ini
2014-03-27 20:01 - 2006-02-28 04:00 - 00297072 __RSH () C:\ntldr
2014-03-27 20:01 - 2006-02-28 04:00 - 00047772 __RSH () C:\NTDETECT.COM
2014-03-27 19:21 - 2014-03-27 19:21 - 00032768 _____ () C:\Users\Private User\Documents\EasyBCD Backup (2014-03-27) (2).bcd
2014-03-27 19:13 - 2014-03-27 19:13 - 00032768 _____ () C:\Users\Private User\Documents\EasyBCD Backup (2014-03-27).bcd
2014-03-27 19:13 - 2014-03-27 19:13 - 00001175 _____ () C:\Users\Public\Desktop\EasyBCD 2.2.lnk
2014-03-27 19:12 - 2014-03-27 19:12 - 01618440 _____ () C:\Users\Private User\Downloads\EasyBCD 2.2.exe
2014-03-27 19:12 - 2014-03-27 19:12 - 01618440 _____ () C:\Users\Private User\Desktop\EasyBCD 2.2.exe
2014-03-27 19:12 - 2014-03-27 19:12 - 00000000 ____D () C:\Program Files\NeoSmart Technologies
2014-03-26 01:32 - 2014-03-28 18:38 - 1030228290 ____R () C:\Users\Private User\Desktop\Thief - Deadly Shadows.7z
2014-03-25 23:41 - 2011-01-16 03:00 - 00000000 ____D () C:\!KillBox
2014-03-25 23:39 - 2014-03-25 23:39 - 00000000 _____ () C:\Users\Private User\Desktop\New Text Document.txt
2014-03-25 20:50 - 2014-01-08 17:30 - 00000000 ____D () C:\users\Administrator
2014-03-25 20:50 - 2014-01-07 23:23 - 00000000 ____D () C:\users\DefaultAppPool
2014-03-25 20:47 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-03-25 18:07 - 2014-03-25 18:07 - 00000000 ____D () C:\ProgramData\Rockstar Games
2014-03-25 18:07 - 2011-06-08 19:32 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-25 17:54 - 2012-06-26 16:21 - 00000000 ____D () C:\Users\Private User\Documents\Optional Tools
2014-03-23 23:49 - 2014-03-21 12:06 - 00000115 _____ () C:\Users\Private User\Desktop\apt shopping list.txt
2014-03-23 23:22 - 2014-03-23 23:11 - 00000000 ____D () C:\Users\Private User\Documents\S&M Lois
2014-03-23 18:15 - 2011-06-09 01:58 - 00000000 ____D () C:\Users\Private User\Downloads\eMule
2014-03-23 17:46 - 2014-03-23 17:46 - 00000237 _____ () C:\Users\Private User\Desktop\Yahoo Mail.URL
2014-03-23 17:46 - 2014-03-23 17:46 - 00000109 _____ () C:\Users\Private User\Desktop\Yahoo!Mail.URL
2014-03-23 17:21 - 2012-06-26 16:02 - 00000000 ____D () C:\Users\Private User\Documents\jpeg images
2014-03-23 17:20 - 2012-06-26 16:13 - 00000000 ____D () C:\Users\Private User\Documents\Notepad Docs
2014-03-23 17:13 - 2014-03-23 17:13 - 00032819 _____ () C:\Users\Private User\Downloads\[kickass.to]max.payne.3.2012.pc.rip.torrent
2014-03-21 23:48 - 2012-06-26 16:26 - 00000000 ____D () C:\Users\Private User\Documents\Rockstar Games
2014-03-21 23:08 - 2014-03-21 23:08 - 00000000 ____D () C:\Users\Private User\AppData\Local\Chromium
2014-03-21 15:27 - 2012-02-16 13:56 - 00000000 ____D () C:\ATI
2014-03-21 15:20 - 2011-06-09 02:37 - 00000000 ____D () C:\Windows\pss
2014-03-21 14:57 - 2014-03-21 14:57 - 00025028 _____ () C:\Users\Private User\Desktop\brynmarapartments.com.htm
2014-03-21 14:57 - 2014-03-21 14:57 - 00000000 ____D () C:\Users\Private User\Desktop\brynmarapartments.com_files
2014-03-20 19:20 - 2013-08-31 17:23 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-20 19:17 - 2014-01-08 16:47 - 87350280 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-03-14 22:16 - 2014-03-14 22:16 - 00000000 ____D () C:\fbb0c41fe0d5c57d0fa249a8
2014-03-14 19:44 - 2011-06-09 18:34 - 00000000 ____D () C:\Program Files\Descent
2014-03-14 17:09 - 2013-04-20 12:57 - 00000000 ___RD () C:\Program Files\Skype
2014-03-13 14:59 - 2014-03-13 14:56 - 00000000 ____D () C:\Users\Private User\Documents\kerwin pics
2014-03-13 14:55 - 2012-06-26 16:05 - 00000000 ____D () C:\Users\Private User\Documents\Kerwin
2014-03-13 02:18 - 2009-07-13 20:33 - 00288536 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-13 02:17 - 2011-06-09 03:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 ____D () C:\Users\Private User\AppData\Roaming\Titanium
2014-03-12 17:05 - 2014-03-12 17:04 - 00000000 ____D () C:\Program Files\pia_manager
2014-03-12 17:05 - 2012-07-30 21:03 - 00000000 ____D () C:\Users\Private User\AppData\Local\Apple Computer
2014-03-12 17:05 - 2011-12-05 22:49 - 00000000 ____D () C:\Users\Private User\AppData\Roaming\Apple Computer
2014-03-12 17:04 - 2014-03-12 17:04 - 00026624 _____ (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2014-03-12 17:04 - 2014-03-10 01:09 - 00000000 ____D () C:\Users\Private User\Documents\vpn
2014-03-12 03:45 - 2012-07-05 19:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-03-12 03:45 - 2011-07-03 19:11 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-03-10 16:15 - 2014-03-09 20:42 - 00000000 ____D () C:\Users\Private User\Documents\insurance commissioner
2014-03-08 22:55 - 2014-03-08 22:55 - 00000165 _____ () C:\Users\Private User\Desktop\TV Listings.URL
2014-03-07 17:24 - 2014-03-07 17:24 - 00210903 _____ () C:\Users\Private User\Downloads\CenturyLink _ Customize.htm
2014-03-07 17:24 - 2014-03-07 17:24 - 00000000 ____D () C:\Users\Private User\Downloads\CenturyLink _ Customize_files
2014-03-05 16:42 - 2014-03-04 18:16 - 00013824 _____ () C:\Users\Private User\Documents\Peter's weight chart.xls
2014-02-28 20:30 - 2014-03-12 19:55 - 17074688 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-28 20:11 - 2014-03-12 19:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-28 20:10 - 2014-03-12 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-28 19:52 - 2014-03-12 19:55 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-28 19:51 - 2014-03-12 19:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-28 19:47 - 2014-03-12 19:55 - 02168320 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-28 19:43 - 2014-03-12 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-28 19:43 - 2014-03-12 19:55 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-28 19:40 - 2014-03-12 19:55 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-28 19:38 - 2014-03-12 19:55 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-28 19:38 - 2014-03-12 19:55 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-28 19:37 - 2014-03-12 19:55 - 00553472 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-28 19:31 - 2014-03-12 19:55 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-02-28 19:25 - 2014-03-12 19:55 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-28 19:16 - 2014-03-12 19:55 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-28 19:14 - 2014-03-12 19:55 - 04244480 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-28 19:03 - 2014-03-12 19:55 - 00524288 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-28 19:00 - 2014-03-12 19:55 - 01964032 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-28 18:57 - 2014-03-12 19:55 - 11266048 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-28 18:32 - 2014-03-12 19:55 - 01820160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-28 18:27 - 2014-03-12 19:55 - 01156096 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-28 18:25 - 2014-03-12 19:55 - 00703488 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Private User\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Private User\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Private User\AppData\Local\Temp\flashinst.exe
C:\Users\Private User\AppData\Local\Temp\LTMSG.EXE
C:\Users\Private User\AppData\Local\Temp\LTREMOVE.EXE
C:\Users\Private User\AppData\Local\Temp\LTSETUP1.DLL
C:\Users\Private User\AppData\Local\Temp\LTSETUP2.DLL
C:\Users\Private User\AppData\Local\Temp\LTSETUP3.EXE
C:\Users\Private User\AppData\Local\Temp\MP3_Launcher_1_27_0_0.exe
C:\Users\Private User\AppData\Local\Temp\SETUP.EXE
C:\Users\Private User\AppData\Local\Temp\Uninst.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-03-24 21:06:13
Restore point made on: 2014-03-25 18:07:23
Restore point made on: 2014-03-28 17:26:59

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 4095.24 MB
Available physical RAM: 3575.68 MB
Total Pagefile: 4093.52 MB
Available Pagefile: 3581.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.38 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:232.88 GB) (Free:161.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (WinXP) (Fixed) (Total:100 GB) (Free:66.34 GB) NTFS
Drive e: (Downloads) (Fixed) (Total:198.09 GB) (Free:64.6 GB) NTFS
Drive g: (GRMCHPFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
Drive h: (USB20FD16gb) (Removable) (Total:14.76 GB) (Free:12.7 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 4AA5C423)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298 GB) (Disk ID: D49BF80A)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: AE410B24)

Partition: GPT Partition Type.


LastRegBack: 2014-03-21 14:17

==================== End Of Log ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by SYSTEM on MININT-GSEA22P on 29-03-2014 01:06:02
Running from H:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMCTray.dll [223008 2013-02-09] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - D:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
HKLM\...\Run: [EEventManager] - "D:\Program Files\Epson Software\Event Manager\EEventManager.exe"
HKLM\...\Run: [NUSB3MON] - "D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
HKLM\...\Run: [SunJavaUpdateSched] - "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\Run: [Bdagent] - "D:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
HKLM\...\Winlogon: [Userinit] D:\WINDOWS\system32\userinit.exe,
HKU\Administrator\...\RunOnce: [TSClientMSIUninstaller] - cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
HKU\Administrator\...\RunOnce: [TSClientAXDisabler] - cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
HKU\Peter Bowman\...\Run: [ctfmon.exe] - D:\WINDOWS\system32\ctfmon.exe
HKU\Peter Bowman\...\Run: [Bitdefender Wallet Agent] - "D:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\Peter Bowman\...\Run: [Bitdefender Wallet] - "D:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\Peter Bowman\...\Run: [Bitdefender Wallet Application Agent] - "D:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
HKU\Peter Bowman\...\Run: [eMuleAutoStart] - D:\Program Files\eMule\emule.exe -AutoStart
AppInit_DLLs: D:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLL => D:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLL File Not Found
Lsa: [Notification Packages] scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\WINDOWS\system32\webcheck.dll No File
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\system32\stobject.dll No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll No File

========================== Services (Whitelisted) =================

S2 MSFtpsvc; C:\Windows\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S2 AcrSch2Svc; "D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [X]
S2 afcdpsrv; D:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [X]
S4 BdDesktopParental; D:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [X]
S2 BITS; D:\WINDOWS\system32\qmgr.dll [X]
S4 C-DillaCdaC11BA; D:\WINDOWS\system32\drivers\CDAC11BA.EXE [X]
S2 cisvc; D:\WINDOWS\system32\cisvc.exe [X]
S4 clr_optimization_v2.0.50727_32; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_32; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S3 COMSysApp; D:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [X]
S2 EpsonCustomerParticipation; "D:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe" [X]
S2 EpsonScanSvc; D:\WINDOWS\system32\EscSvc.exe [X]
S3 EventSystem; D:\WINDOWS\system32\es.dll [X]
S2 FontCache3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [X]
S4 gupdate; "D:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "D:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 idsvc; "D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]
S2 IDVaultSvc; "D:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe" [X]
S2 IISADMIN; D:\WINDOWS\system32\inetsrv\inetinfo.exe [X]
S3 ImapiService; D:\WINDOWS\system32\imapi.exe [X]
S4 JavaQuickStarterService; "D:\Program Files\Java\jre7\bin\jqs.exe" -service -config "D:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S3 mnmsrvc; D:\WINDOWS\system32\mnmsrvc.exe [X]
S3 MozillaMaintenance; "D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 MSDTC; D:\WINDOWS\system32\msdtc.exe [X]
S2 Nero BackItUp Scheduler 4.0; D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 Net Driver HPZ12; D:\WINDOWS\system32\HPZinw12.dll [X]
S4 NetTcpPortSharing; "D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [X]
S2 nvUpdatusService; "D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [X]
S2 Pml Driver HPZ12; D:\WINDOWS\system32\HPZipm12.dll [X]
S4 PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [X]
S4 PnkBstrB; D:\WINDOWS\system32\PnkBstrB.exe [X]
S3 RDSessMgr; D:\WINDOWS\system32\sessmgr.exe [X]
S2 RPCQT; D:\WINDOWS\system32\Rpcqt.dll [X]
S4 SandraAgentSrv; D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [X]
S2 SeaPort; "D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [X]
S2 SHDSERV; No ImagePath
S2 ShieldClientService; D:\Program Files\Shield\shieldclnt.exe [X]
S2 Skype C2C Service; "D:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [X]
S2 SkypeUpdate; "D:\Program Files\Skype\Updater\Updater.exe" [X]
S2 srservice; D:\WINDOWS\system32\srsvc.dll [X]
S3 SwPrv; D:\WINDOWS\system32\dllhost.exe /Processid:{DA897ECD-9F3F-4EA2-AD59-888A5C804023} [X]
S4 TlntSvr; D:\WINDOWS\system32\tlntsvr.exe [X]
S2 UMVPFSrv; D:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [X]
S2 UPDATESRV; "D:\Program Files\Bitdefender\Bitdefender\updatesrv.exe" /service [X]
S2 VSSERV; "D:\Program Files\Bitdefender\Bitdefender\vsserv.exe" /service [X]
S2 W32Time; D:\WINDOWS\system32\w32time.dll [X]
S3 WmdmPmSN; D:\WINDOWS\system32\MsPMSNSv.dll [X]
S3 WmiApSrv; D:\WINDOWS\system32\wbem\wmiapsrv.exe [X]
S3 WMPNetworkSvc; "D:\Program Files\Windows Media Player\WMPNetwk.exe" [X]
S3 WPFFontCache_v0400; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
S2 wuauserv; D:\WINDOWS\system32\wuauserv.dll [X]

==================== Drivers (Whitelisted) ====================

S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [9096 2007-10-11] (Advanced Micro Devices)
S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [778032 2013-12-02] (BitDefender)
S3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [516936 2013-12-02] (BitDefender)
S1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2003-03-06] ()
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation)
S3 CXFALCON; C:\Windows\System32\drivers\cxfalcon.sys [80384 2006-02-09] (Conexant Systems, Inc.)
S3 dtscsi; C:\Windows\System32\Drivers\dtscsi.sys [223128 2011-01-20] (DT Soft Ltd.)
S3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [4608 2002-09-25] (Elaborate Bytes)
S2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [13896 2002-11-01] (Elaborate Bytes AG)
S3 es1371; C:\Windows\System32\drivers\es1371mp.sys [40704 2001-08-17] (Creative Technology Ltd.)
S3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)
S3 hcwPP2; C:\Windows\System32\DRIVERS\hcwPP2.sys [185728 2007-02-06] (Hauppauge Computer Works, Inc.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt32.sys [24760 2013-02-13] (Zemana Ltd.)
S3 ltmodem5; C:\Windows\System32\DRIVERS\ltmdmnt.sys [606684 2004-08-03] (LT)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-03] (Creative Technology Ltd.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)
S3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [128440 2012-12-18] (NVIDIA Corporation)
S1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation)
S3 sbpci; C:\Windows\System32\drivers\sbpci.sys [668160 2002-10-22] (Creative Technology Ltd.)
S0 Shdbus; C:\Windows\System32\Drivers\Shdbus.sys [7448 2010-03-04] ()
S0 Shield; C:\Windows\System32\Drivers\Shield.sys [104984 2010-03-04] ()
S0 Shieldf; C:\Windows\System32\Drivers\Shieldf.sys [26264 2010-03-04] ()
S0 Shieldm; C:\Windows\System32\Drivers\Shieldm.sys [32408 2010-03-04] ()
S0 Si3132r5; C:\Windows\System32\DRIVERS\Si3132r5.sys [217128 2008-10-09] (Silicon Image, Inc)
S0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2008-10-09] (Silicon Image, Inc.)
S0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2008-10-09] (Silicon Image, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [643072 2011-01-20] (Duplex Secure Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2014-03-16] (The OpenVPN Project)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [360376 2013-08-07] (BitDefender S.R.L.)
S0 viamraid; C:\Windows\System32\DRIVERS\viamraid.sys [117248 2008-07-09] (VIA Technologies inc,.ltd)
S1 AntiLog32; \??\D:\WINDOWS\system32\drivers\AntiLog32.sys [X]
S3 AsrCDDrv; \??\D:\WINDOWS\system32\Drivers\AsrCDDrv.sys [X]
S3 Bdfndisf; \??\D:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [X]
S1 bdftdif; \??\D:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [X]
S3 BDSandBox; \??\D:\WINDOWS\system32\drivers\bdsandbox.sys [X]
S1 bdselfpr; \??\D:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [X]
S2 CdaC15BA; \??\D:\WINDOWS\system32\drivers\CDAC15BA.SYS [X]
S4 IntelIde; No ImagePath
S2 PfModNT; \??\D:\WINDOWS\system32\PfModNT.sys [X]
S3 SANDRA; \??\D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\Sandra.sys [X]
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S2 V2iMount;
S1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVC: RPCQT -> C:\WINDOWS\system32\Rpcqt.dll (Lavasoft                                                                                                                                                                                                                                                                                                    )

==================== One Month Created Files and Folders ========

2014-03-29 01:05 - 2014-03-29 01:06 - 00000000 ____D () C:\FRST
2014-03-19 19:18 - 2014-03-19 19:18 - 00000092 _____ () C:\Documents and Settings\Peter Bowman\Desktop\apt shopping list.txt
2014-03-19 12:55 - 2014-03-19 12:55 - 00000000 _____ () C:\Documents and Settings\Peter Bowman\Desktop\New Text Document.txt
2014-03-17 04:21 - 2014-03-17 04:22 - 00012702 _____ () C:\Windows\KB2925418-IE8.log
2014-03-17 04:18 - 2014-03-17 04:18 - 00000000 __HDC () C:\Windows\$NtUninstallKB2930275$
2014-03-17 04:18 - 2014-03-17 04:18 - 00000000 __HDC () C:\Windows\$NtUninstallKB2929961$
2014-03-16 19:53 - 2014-03-16 19:54 - 00101616 _____ () C:\Windows\KB940157Uninst.log
2014-03-14 16:17 - 2014-03-14 16:29 - 00000242 _____ () C:\Documents and Settings\Peter Bowman\Desktop\Yahoo TV.URL
2014-03-14 15:28 - 2014-03-18 02:58 - 00000394 _____ () C:\Windows\System32\checkdnsid.xml
2014-03-14 15:23 - 2014-03-14 15:23 - 00072704 _____ (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2014-03-14 15:19 - 2014-03-14 15:19 - 00000007 _____ () C:\Documents and Settings\Peter Bowman\My Documents\bd activation key.txt
2014-03-14 15:19 - 2014-03-14 15:19 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\QuickScan
2014-03-14 15:18 - 2014-03-14 15:18 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-03-14 15:18 - 2013-12-02 10:57 - 00516936 _____ (BitDefender) C:\Windows\System32\Drivers\avckf.sys
2014-03-14 15:18 - 2013-12-02 10:55 - 00778032 _____ (BitDefender) C:\Windows\System32\Drivers\avc3.sys
2014-03-14 15:18 - 2013-11-04 14:47 - 00074512 _____ (BitDefender SRL) C:\Windows\System32\bdsandboxuiskin.dll
2014-03-14 15:18 - 2013-11-04 14:47 - 00066832 _____ (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys
2014-03-14 15:18 - 2013-11-04 14:46 - 00027168 _____ (BitDefender SRL) C:\Windows\System32\bdsandboxuh.dll
2014-03-14 15:18 - 2013-02-22 17:46 - 00116560 _____ (BitDefender LLC) C:\Windows\System32\Drivers\bdfndisf.sys
2014-03-14 15:18 - 2012-11-02 12:17 - 00242504 _____ (BitDefender) C:\Windows\System32\Drivers\avchv.sys
2014-03-14 15:18 - 2007-04-11 09:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-03-14 15:17 - 2014-03-14 15:17 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\Application Data\Bitdefender
2014-03-14 15:14 - 2014-03-14 15:14 - 00000000 ____D () C:\Program Files\Bitdefender
2014-03-14 15:14 - 2013-08-23 11:48 - 00165744 _____ (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys
2014-03-14 15:14 - 2013-08-07 11:46 - 00360376 _____ (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2014-03-14 15:12 - 2014-03-14 15:12 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\My Documents\bitdefender 2014
2014-03-12 17:12 - 2014-03-20 19:55 - 00000000 ____D () C:\Program Files\pia_manager
2014-03-12 17:12 - 2014-03-16 22:01 - 00026624 _____ (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\Application Data\Titanium
2014-03-12 17:11 - 2014-03-17 04:18 - 00009964 _____ () C:\Windows\KB2930275.log
2014-03-12 17:11 - 2014-03-17 04:18 - 00008585 _____ () C:\Windows\KB2929961.log
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\Windows\$NtUninstallKB963093$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\Windows\$NtUninstallKB2916036$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\My Documents\vpn
2014-03-12 17:10 - 2014-03-12 17:11 - 00010141 _____ () C:\Windows\KB963093.log

==================== One Month Modified Files and Folders =======

2014-03-29 01:06 - 2014-03-29 01:05 - 00000000 ____D () C:\FRST
2014-03-27 21:44 - 2012-11-12 22:52 - 00000000 ___RD () C:\Documents and Settings\Peter Bowman\Desktop\GAMES
2014-03-21 04:54 - 2011-01-14 23:57 - 01975361 ____C () C:\Windows\WindowsUpdate.log
2014-03-21 04:21 - 2011-01-16 21:40 - 00000000 ____D () C:\Program Files\eMule
2014-03-20 21:24 - 2013-08-16 13:13 - 00006202 ____C () C:\Windows\System32\nvAppTimestamps
2014-03-20 21:18 - 2011-01-14 15:48 - 00585372 ____C () C:\Windows\System32\PerfStringBackup.INI
2014-03-20 21:16 - 2011-01-14 15:40 - 00000000 ____D () C:\Windows\System32\inetsrv
2014-03-20 21:14 - 2011-01-14 15:50 - 00000159 ____C () C:\Windows\wiadebug.log
2014-03-20 21:14 - 2011-01-14 15:50 - 00000049 ____C () C:\Windows\wiaservc.log
2014-03-20 21:13 - 2006-02-28 04:00 - 00005240 ____C () C:\Windows\System32\wpa.dbl
2014-03-20 20:34 - 2011-09-24 18:34 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\My Documents\Optional Tools
2014-03-20 20:31 - 2011-01-27 01:04 - 00083456 ____C () C:\Documents and Settings\Peter Bowman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-20 19:55 - 2014-03-12 17:12 - 00000000 ____D () C:\Program Files\pia_manager
2014-03-20 19:55 - 2013-11-02 20:37 - 00225688 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-03-20 19:55 - 2011-01-15 00:33 - 00000178 __SHC () C:\Documents and Settings\Peter Bowman\ntuser.ini
2014-03-20 19:55 - 2011-01-15 00:28 - 00032594 _____ () C:\Windows\SchedLgU.Txt
2014-03-19 19:18 - 2014-03-19 19:18 - 00000092 _____ () C:\Documents and Settings\Peter Bowman\Desktop\apt shopping list.txt
2014-03-19 12:55 - 2014-03-19 12:55 - 00000000 _____ () C:\Documents and Settings\Peter Bowman\Desktop\New Text Document.txt
2014-03-18 20:05 - 2011-01-16 20:36 - 00000000 ____D () C:\Program Files\Adobe
2014-03-18 02:58 - 2014-03-14 15:28 - 00000394 _____ () C:\Windows\System32\checkdnsid.xml
2014-03-17 22:50 - 2011-01-16 05:42 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-17 21:56 - 2006-02-28 04:00 - 00000662 ____C () C:\Windows\win.ini
2014-03-17 21:56 - 2006-02-28 04:00 - 00000227 ____C () C:\Windows\system.ini
2014-03-17 17:12 - 2011-01-16 23:01 - 00000000 ____D () C:\Windows\pss
2014-03-17 11:57 - 2011-01-14 15:47 - 00121336 ____C () C:\Windows\System32\FNTCACHE.DAT
2014-03-17 04:22 - 2014-03-17 04:21 - 00012702 _____ () C:\Windows\KB2925418-IE8.log
2014-03-17 04:22 - 2013-05-25 17:33 - 00000000 ____D () C:\Windows\ie8updates
2014-03-17 04:22 - 2011-06-20 16:25 - 01570261 ____C () C:\Windows\iis6.log
2014-03-17 04:22 - 2011-06-20 16:25 - 01104278 ____C () C:\Windows\FaxSetup.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00579622 ____C () C:\Windows\ocgen.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00523681 ____C () C:\Windows\tsoc.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00370109 ____C () C:\Windows\comsetup.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00359638 ____C () C:\Windows\msmqinst.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00232606 ____C () C:\Windows\updspapi.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00229774 ____C () C:\Windows\ntdtcsetup.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00196382 ____C () C:\Windows\netfxocm.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00078973 ____C () C:\Windows\MedCtrOC.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00062810 ____C () C:\Windows\ocmsn.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00056756 ____C () C:\Windows\msgsocm.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00054425 ____C () C:\Windows\tabletoc.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00001374 _____ () C:\Windows\imsins.log
2014-03-17 04:18 - 2014-03-17 04:18 - 00000000 __HDC () C:\Windows\$NtUninstallKB2930275$
2014-03-17 04:18 - 2014-03-17 04:18 - 00000000 __HDC () C:\Windows\$NtUninstallKB2929961$
2014-03-17 04:18 - 2014-03-12 17:11 - 00009964 _____ () C:\Windows\KB2930275.log
2014-03-17 04:18 - 2014-03-12 17:11 - 00008585 _____ () C:\Windows\KB2929961.log
2014-03-17 04:18 - 2011-06-20 16:25 - 00001374 _____ () C:\Windows\imsins.BAK
2014-03-16 22:16 - 2014-02-07 12:53 - 00088901 _____ () C:\Windows\setupapi.log
2014-03-16 22:15 - 2014-02-05 19:04 - 00001163 _____ () C:\Windows\setupact.log
2014-03-16 22:01 - 2014-03-12 17:12 - 00026624 _____ (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2014-03-16 22:01 - 2013-03-19 11:39 - 00000000 ____D () C:\Program Files\Constant Guard Protection Suite
2014-03-16 21:36 - 2013-04-08 22:46 - 01079188 ____C () C:\Windows\System32\nvdrsdb0.bin
2014-03-16 21:36 - 2013-04-08 22:46 - 00000001 ____C () C:\Windows\System32\nvdrssel.bin
2014-03-16 21:35 - 2013-04-08 22:46 - 01079188 ____C () C:\Windows\System32\nvdrsdb1.bin
2014-03-16 20:12 - 2011-02-13 21:18 - 00000021 ____C () C:\Windows\System32\nvModes.dat
2014-03-16 19:55 - 2014-02-05 15:52 - 00000000 ____D () C:\Program Files\Windows Desktop Search
2014-03-16 19:55 - 2011-01-16 23:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 19:54 - 2014-03-16 19:53 - 00101616 _____ () C:\Windows\KB940157Uninst.log
2014-03-14 17:03 - 2011-01-16 21:29 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\Application Data\uTorrent
2014-03-14 16:29 - 2014-03-14 16:17 - 00000242 _____ () C:\Documents and Settings\Peter Bowman\Desktop\Yahoo TV.URL
2014-03-14 15:23 - 2014-03-14 15:23 - 00072704 _____ (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2014-03-14 15:19 - 2014-03-14 15:19 - 00000007 _____ () C:\Documents and Settings\Peter Bowman\My Documents\bd activation key.txt
2014-03-14 15:19 - 2014-03-14 15:19 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\QuickScan
2014-03-14 15:18 - 2014-03-14 15:18 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-03-14 15:17 - 2014-03-14 15:17 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\Application Data\Bitdefender
2014-03-14 15:14 - 2014-03-14 15:14 - 00000000 ____D () C:\Program Files\Bitdefender
2014-03-14 15:14 - 2011-01-16 06:07 - 00000000 ____D () C:\Program Files\Common Files\BitDefender
2014-03-14 15:12 - 2014-03-14 15:12 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\My Documents\bitdefender 2014
2014-03-14 15:12 - 2014-02-04 23:24 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\My Documents\bizarre books
2014-03-12 17:13 - 2012-03-19 17:05 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\Application Data\Apple Computer
2014-03-12 17:13 - 2012-03-16 22:37 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\Local Settings\Application Data\Apple Computer
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\Application Data\Titanium
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\Windows\$NtUninstallKB963093$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\Windows\$NtUninstallKB2916036$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\My Documents\vpn
2014-03-12 17:11 - 2014-03-12 17:10 - 00010141 _____ () C:\Windows\KB963093.log
2014-03-12 17:11 - 2014-02-12 16:07 - 00010046 _____ () C:\Windows\KB2916036.log
2014-03-12 17:11 - 2013-05-25 17:37 - 00007803 ____C () C:\Windows\System32\lvcoinst.log

Files to move or delete:
====================
C:\Documents and Settings\Peter Bowman\abr_cleanup.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 4095.24 MB
Available physical RAM: 3602.57 MB
Total Pagefile: 4093.52 MB
Available Pagefile: 3614.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.48 MB

==================== Drives ================================

Drive c: (WinXP) (Fixed) (Total:100 GB) (Free:66.34 GB) NTFS
Drive e: (Downloads) (Fixed) (Total:198.09 GB) (Free:64.6 GB) NTFS
Drive g: (GRMCHPFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
Drive h: (USB20FD16gb) (Removable) (Total:14.76 GB) (Free:12.7 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (WIN7) (Fixed) (Total:232.88 GB) (Free:161.17 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 4AA5C423)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 298 GB) (Disk ID: D49BF80A)

Partition: GPT Partition Type.

========================================================
Disk: 2 (Size: 15 GB) (Disk ID: AE410B24)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

What now?


  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

I'm pretty sure you wanted me to scan my Win7 drive since the boot files are located there. However I also scanned the XP files.


Doesn't really matter as far as the boot files were concerned both scans covered the Master Boot Record.

Can you run this one from your flash drive?

Please download and run ListParts by Farbar (for 32-bit system)

Click on Scan button.

Scan result will open in Notepad.

Post post the log (Result.txt) in your next reply.
  • 0

#5
Kerwin701

Kerwin701

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Okay, here you are:

 

ListParts by Farbar Version: 19-02-2014
Ran by SYSTEM (administrator) on 29-03-2014 at 20:22:08
Windows 7 (X86)
Running From: H:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 4095.24 MB
Available physical RAM: 3668.81 MB
Total Pagefile: 4093.52 MB
Available Pagefile: 3671.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.29 MB

======================= Partitions =========================

1 Drive c: (WIN7) (Fixed) (Total:232.88 GB) (Free:161.01 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (WinXP) (Fixed) (Total:100 GB) (Free:66.34 GB) NTFS
3 Drive e: (Downloads) (Fixed) (Total:198.09 GB) (Free:64.65 GB) NTFS
5 Drive g: (GRMCHPFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
6 Drive h: ( Sandisk 16g) (Removable) (Total:14.91 GB) (Free:13.86 GB) NTFS
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          232 GB     8 MB         
  Disk 1    Online          298 GB  2048 KB         
  Disk 2    Online           14 GB      0 B         

Partitions of Disk 0:
===============

Disk ID: 4AA5C423

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            232 GB  1024 KB

======================================================================================================

Disk: 0
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C   WIN7         NTFS   Partition    232 GB  Healthy            

======================================================================================================

Partitions of Disk 1:
===============

Disk ID: D49BF80A

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             99 GB  1024 KB
  Partition 2    Primary            198 GB   100 GB

======================================================================================================

Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     D   WinXP        NTFS   Partition     99 GB  Healthy            

======================================================================================================

Disk: 1
Partition 2
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     E   Downloads    NTFS   Partition    198 GB  Healthy            

======================================================================================================

Partitions of Disk 2:
===============

Disk ID: 88ED3419

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             14 GB    16 KB

======================================================================================================

Disk: 2
Partition 1
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5     H    Sandisk 16  NTFS   Removable     14 GB  Healthy            

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 4AA5C423
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

==============================
Partitions of Disk 1:
===============
Disk ID: D49BF80A

Partition: GPT Partition Type.

Partition: GPT Partition Type.

==============================
Partitions of Disk 2:
===============
Disk ID: 88ED3419
Partition 1: (Not Active) - (Size=15 GB) - (Type=07 NTFS)


****** End Of Log ******


  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

Hello Kerwin701,

 

Hmm... I am not a techie but nothing leaping out at me there. However, one or two anomalies in the FRST log.

Let's do this

Download the attached fixlist.txt file and save it to the flash drive.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

If you find you can now boot up normally or even in Safe Mode then:

Please download ESET's Service Repair Tool.
 

  • Save it to your desktop
  • Right click on it an run it as Administrator

Come back and tell me if there is any change in your machine.

Step 2

If you find you are still having problems booting up then:

Download Windows Repair (All In One) from here.

This tool allows you to use the program from a portable device such as a USB flash drive.

It will allow you to repair common issues with your computer such as firewall, file permission, and Windows Update problems.  When using this tool you can select the particular fixes you would like to launch and start the repair process.

Please download the tool to your flash drive.

It will probably come as a Zip file and you will need to right click on the Zip file and click Extract. The contents will then be extracted to a separate folder.   

Double click the folder (Tweaking dot.com - Windows Repair) then from the list that shows double click the file (about the 5th one down the list) Repair_Windows.exe to run the program.

When the program opens go to tab 3: Optional and click on the button Do it. System File Checker will run. Be interesting how it works on a dual boot system...lol, but worth the try I think.

When that has done its job click on the tab Start Repairs and the button Start

At the list that presents put a check (tick) in the following:

• Reset Registry Permissions
• Reset File Permissions
• Register System Files
• Repair WMI
• Repair Windows Firewall
• Repair Internet Explorer
• Repair MDAC & MS Jet
• Repair Hosts File
• Remove Policies Set By Infections
• Repair Icons
• Repair Winsock & DNS Cache
• Remove Temp Files
• Repair Proxy Settings
• Unhide Non System Files
• Repair Windows Updates

Also put a check in the Restart/Shutdown System When Finished (lower right) box.

and in Restart System

Then click on the Start button if it doesn't do it automatically

If it asks you to back up your system click No and continue

When it is finished come back and tell me if there is any change.
 

 


  • 0

#7
Kerwin701

Kerwin701

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Hi Emerald,

Nothing worked. I put frst and fixlist on the same pen drive pressed Fix and waited Nothing happened. I still couldn't boot. I have pasted a copy of the fixlog to this reply.

I then downloaded the Windows Repair, All in One and ran it according ot  your instructions and I am still having the same problems. However one thing struck me.

You said

"At the list that presents put a check (tick) in the following:

• Reset Registry Permissions
• Reset File Permissions
• Register System Files
• Repair WMI
• Repair Windows Firewall
• Repair Internet Explorer
• Repair MDAC & MS Jet
• Repair Hosts File
• Remove Policies Set By Infections
• Repair Icons
• Repair Winsock & DNS Cache
• Remove Temp Files
• Repair Proxy Settings
• Unhide Non System Files
• Repair Windows Updates

Also put a check in the Restart/Shutdown System When Finished (lower right) box.

and in Restart System"


The problem was that I was presented with NO SUCH LIST. It wasn't there. So I  just ran it as is. Did I miss a step?

Thank you very much for your help

Kerwin

Text of Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Private User at 2014-03-31 20:49:47 Run:1
Running from C:\Users\Private User\Desktop\xp file files master list
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Lsa: [Notification Packages] scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli
*****************

HKLM\System\CurrentControlSet\Control\Lsa\\Notification Packages => Value was restored successfully.

==== End of Fixlog ====


  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

I put frst and fixlist on the same pen drive pressed Fix and waited Nothing happened.


Actually that Fixlog you posted shows that FRST and fixlist.txt worked fine. It is incredibly quick so you might not have noticed.
 

The problem was that I was presented with NO SUCH LIST. It wasn't there. So I  just ran it as is.


Please tell me what you mean.

Are you saying that when you opened Repair Windows exe. and after tweaking.com Windows Repair console opened and you  went to the tab "Start Repairs" and then the button "Start" that nothing happened?


  • 0

#9
Kerwin701

Kerwin701

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

 

I put frst and fixlist on the same pen drive pressed Fix and waited Nothing happened.


Actually that Fixlog you posted shows that FRST and fixlist.txt worked fine. It is incredibly quick so you might not have noticed.
 

The problem was that I was presented with NO SUCH LIST. It wasn't there. So I  just ran it as is.


Please tell me what you mean.

Are you saying that when you opened Repair Windows exe. and after tweaking.com Windows Repair console opened and you  went to the tab "Start Repairs" and then the button "Start" that nothing happened?

 

Hi, Emerald

 

What I mean is that the list you posted was not present for me to check anything. It didn't come up. I never saw it. Good news though. I tried to boot again this morning and for some reason it DID WORK. Thanks very much for your help. I don't know what happened but it is fixed now.:D:D:D


  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,017 posts

 

I don't know what happened but it is fixed now.

 

That is good news. :)

 

Before I give you the instructions to clear away the tools we have been using we really should run an online anti-virus scan to make sure we have covered everything.

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

 If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

 

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
     then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, before you do that though, make sure you copy the logfile to notepad somewhere you can find it again
  • Then click on: Finish
  • Copy and paste that log as a reply to this topic.

 

 

 

 

 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP