Inactive Windows XP SP3 only boots to Safe Mode

RPTech

Posts: 8   +0
Good day!

My PC only boots to Safe Mode. Normal boot displays Windows splash screen; progress bar makes several passes then freezes. Attempting to load Windows to "Last Known Good Configuration" results in a freeze as well. I've not added any software nor hardware recently. I am running the latest Kaspersky AV (updated).

Here is my FRST dump:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-09-2013
Ran by SYSTEM on REATOGO on 21-09-2013 09:35:27
Running from F:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [] - [x]
HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
Winlogon\Notify\WgaLogon: C:\Windows\system32\WgaLogon.dll (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-01-19] (Kaspersky Lab ZAO)
S2 VRAID Log Service; C:\Program Files\VIA\RAID\vialogsv.exe [52888 2010-08-07] ()

==================== Drivers (Whitelisted) ====================

S3 ALCXSENS; C:\Windows\System32\drivers\ALCXSENS.SYS [401152 2003-10-04] (Sensaura Ltd)
S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [475788 2003-10-09] (Realtek Semiconductor Corp.)
S2 Aspi32; C:\Windows\System32\Drivers\Aspi32.sys [25244 1999-09-10] (Adaptec)
S2 BulkUsb; C:\Windows\System32\Drivers\usbscan.sys [15104 2008-04-14] (Microsoft Corporation)
S3 FETND5BV; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc. )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
S3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
S1 hwinterface; C:\Windows\System32\Drivers\hwinterface.sys [3026 2010-09-05] (Logix4u)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [591968 2013-04-24] (Kaspersky Lab ZAO)
S3 klim5; C:\Windows\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [24408 2013-01-19] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [24920 2013-01-19] (Kaspersky Lab)
S1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-04-24] (Kaspersky Lab ZAO)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [24832 2007-01-23] (http://libusb-win32.sourceforge.net)
S2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35088 2012-11-11] (CACE Technologies, Inc.)
S0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
S0 viamraid; C:\Windows\System32\DRIVERS\viamraid.sys [117248 2010-08-07] (VIA Technologies inc,.ltd)
S4 IntelIde; No ImagePath
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2013-04-24] (Kaspersky Lab ZAO)
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S1 StarPortLite; system32\DRIVERS\StarPortLite.sys [x]
S0 viasraid; system32\DRIVERS\viasraid.sys [x]
S1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-21 09:35 - 2013-09-21 09:35 - 00000000 ____D C:\FRST
2013-09-21 07:00 - 2013-09-21 07:10 - 00000000 ____D C:\Windows\pss
2013-09-21 07:00 - 2013-09-21 07:00 - 00000000 __SHD C:\Windows\CSC
2013-09-21 06:41 - 2013-09-21 06:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-09-21 06:30 - 2013-09-21 06:30 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-09-21 06:29 - 2013-09-21 06:42 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-09-21 06:29 - 2010-08-07 08:44 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2013-09-21 06:29 - 2010-08-07 08:38 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-09-19 01:28 - 2013-09-19 01:28 - 00000000 __SHD C:\found.000
2013-09-13 13:15 - 2013-09-13 13:15 - 04751752 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-09-12 03:09 - 2013-09-12 03:09 - 00014351 _____ C:\Windows\KB2870699-IE8.log
2013-09-12 03:07 - 2013-09-12 03:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2876315$
2013-09-12 03:07 - 2013-09-12 03:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2876217$
2013-09-12 03:06 - 2013-09-12 03:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2864063$
2013-09-12 03:00 - 2013-09-12 03:00 - 00053248 _____ C:\Windows\System32\config\seciruty
2013-09-11 04:17 - 2013-09-12 03:07 - 00013536 _____ C:\Windows\KB2876315.log
2013-09-11 04:17 - 2013-09-12 03:07 - 00012545 _____ C:\Windows\KB2876217.log
2013-09-11 04:17 - 2013-09-12 03:07 - 00012473 _____ C:\Windows\KB2864063.log
2013-08-28 03:00 - 2013-08-28 03:00 - 00005661 _____ C:\Windows\KB2834904-v2.log
2013-08-28 03:00 - 2013-08-28 03:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2834904-v2_WM11$
2013-08-28 03:00 - 2013-08-28 03:00 - 00000000 _____ C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2013-09-21 09:35 - 2013-09-21 09:35 - 00000000 ____D C:\FRST
2013-09-21 07:57 - 2010-08-06 20:31 - 00000278 ___SH C:\Documents and Settings\Dad\ntuser.ini
2013-09-21 07:57 - 2010-08-06 20:24 - 01113109 _____ C:\Windows\WindowsUpdate.log
2013-09-21 07:14 - 2006-02-28 08:00 - 00013646 _____ C:\Windows\System32\wpa.dbl
2013-09-21 07:10 - 2013-09-21 07:00 - 00000000 ____D C:\Windows\pss
2013-09-21 07:10 - 2010-08-06 18:04 - 00000211 ___SH C:\boot.ini
2013-09-21 07:10 - 2006-02-28 08:00 - 00000645 _____ C:\Windows\win.ini
2013-09-21 07:10 - 2006-02-28 08:00 - 00000243 _____ C:\Windows\system.ini
2013-09-21 07:04 - 2010-08-06 20:22 - 00000000 ____D C:\Windows\Registration
2013-09-21 07:00 - 2013-09-21 07:00 - 00000000 __SHD C:\Windows\CSC
2013-09-21 06:42 - 2013-09-21 06:29 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-09-21 06:41 - 2013-09-21 06:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-09-21 06:30 - 2013-09-21 06:30 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-09-20 18:21 - 2010-08-06 18:05 - 00181098 _____ C:\Windows\setupact.log
2013-09-20 13:57 - 2010-08-06 18:04 - 07077888 _____ C:\Windows\System32\config\system.bak
2013-09-19 06:06 - 2010-08-06 20:29 - 00032656 _____ C:\Windows\SchedLgU.Txt
2013-09-19 05:46 - 2013-01-19 09:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2013-09-19 05:31 - 2010-08-07 05:45 - 00001932 _____ C:\statusclient.log
2013-09-19 05:31 - 2010-08-06 21:05 - 00190661 _____ C:\Windows\System32\nvapps.xml
2013-09-19 01:28 - 2013-09-19 01:28 - 00000000 __SHD C:\found.000
2013-09-13 18:31 - 2013-05-05 09:54 - 00000000 ____D C:\Documents and Settings\Dad\My Documents\SEFOA 2013
2013-09-13 13:15 - 2013-09-13 13:15 - 04751752 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerInstaller.exe
2013-09-13 13:15 - 2012-05-11 06:32 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-09-13 13:15 - 2012-04-11 20:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-09-12 03:26 - 2012-03-17 15:59 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-12 03:26 - 2010-08-06 18:05 - 00326704 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-12 03:25 - 2010-08-06 18:08 - 00000456 _____ C:\Windows\wiadebug.log
2013-09-12 03:25 - 2010-08-06 18:08 - 00000049 _____ C:\Windows\wiaservc.log
2013-09-12 03:09 - 2013-09-12 03:09 - 00014351 _____ C:\Windows\KB2870699-IE8.log
2013-09-12 03:09 - 2010-08-07 05:28 - 00209782 _____ C:\Windows\updspapi.log
2013-09-12 03:09 - 2010-08-06 18:06 - 01810745 _____ C:\Windows\iis6.log
2013-09-12 03:09 - 2010-08-06 18:06 - 01671549 _____ C:\Windows\FaxSetup.log
2013-09-12 03:09 - 2010-08-06 18:06 - 00806264 _____ C:\Windows\ocgen.log
2013-09-12 03:09 - 2010-08-06 18:06 - 00763649 _____ C:\Windows\tsoc.log
2013-09-12 03:09 - 2010-08-06 18:06 - 00562625 _____ C:\Windows\comsetup.log
2013-09-12 03:09 - 2010-08-06 18:06 - 00509266 _____ C:\Windows\msmqinst.log
2013-09-12 03:09 - 2010-08-06 18:06 - 00339530 _____ C:\Windows\ntdtcsetup.log
2013-09-12 03:09 - 2010-08-06 18:06 - 00292708 _____ C:\Windows\netfxocm.log
2013-09-12 03:09 - 2010-08-06 18:06 - 00115781 _____ C:\Windows\MedCtrOC.log
2013-09-12 03:09 - 2010-08-06 18:06 - 00092360 _____ C:\Windows\ocmsn.log
2013-09-12 03:09 - 2010-08-06 18:06 - 00084484 _____ C:\Windows\tabletoc.log
2013-09-12 03:09 - 2010-08-06 18:06 - 00083499 _____ C:\Windows\msgsocm.log
2013-09-12 03:09 - 2010-08-06 18:06 - 00001374 _____ C:\Windows\imsins.log
2013-09-12 03:07 - 2013-09-12 03:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2876315$
2013-09-12 03:07 - 2013-09-12 03:07 - 00000000 __HDC C:\Windows\$NtUninstallKB2876217$
2013-09-12 03:07 - 2013-09-11 04:17 - 00013536 _____ C:\Windows\KB2876315.log
2013-09-12 03:07 - 2013-09-11 04:17 - 00012545 _____ C:\Windows\KB2876217.log
2013-09-12 03:07 - 2013-09-11 04:17 - 00012473 _____ C:\Windows\KB2864063.log
2013-09-12 03:07 - 2010-08-06 18:06 - 00001374 _____ C:\Windows\imsins.BAK
2013-09-12 03:06 - 2013-09-12 03:06 - 00000000 __HDC C:\Windows\$NtUninstallKB2864063$
2013-09-12 03:04 - 2013-07-13 03:00 - 00000000 ____D C:\Windows\System32\MRT
2013-09-12 03:01 - 2010-08-08 06:55 - 76725432 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-12 03:00 - 2013-09-12 03:00 - 00053248 _____ C:\Windows\System32\config\seciruty
2013-09-11 20:28 - 2013-08-10 07:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-05 16:51 - 2013-08-11 11:29 - 00020092 _____ C:\Documents and Settings\Dad\Desktop\Roster with numbers.xlsx
2013-09-03 16:35 - 2013-06-16 06:46 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-08-30 19:14 - 2013-07-12 17:41 - 00000000 ____D C:\Documents and Settings\Dad\Desktop\Harvey Littleton
2013-08-29 23:47 - 2011-08-01 20:17 - 00000000 ____D C:\Documents and Settings\Dad\Application Data\HpUpdate
2013-08-28 03:00 - 2013-08-28 03:00 - 00005661 _____ C:\Windows\KB2834904-v2.log
2013-08-28 03:00 - 2013-08-28 03:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2834904-v2_WM11$
2013-08-28 03:00 - 2013-08-28 03:00 - 00000000 _____ C:\Windows\setuperr.log
2013-08-23 06:12 - 2010-08-07 05:42 - 00000000 ____D C:\Program Files\Hewlett-Packard

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-08-18 14:37 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP999

RP: -> 2013-08-17 13:00 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP998

RP: -> 2013-08-16 07:27 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP997

RP: -> 2013-08-16 04:46 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP996

RP: -> 2013-08-15 03:00 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP995

RP: -> 2013-08-14 03:00 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP994

RP: -> 2013-08-13 21:23 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP993

RP: -> 2013-08-12 17:56 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP992

RP: -> 2013-08-11 11:13 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP991

RP: -> 2013-09-21 07:03 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1028

RP: -> 2013-09-19 05:39 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1027

RP: -> 2013-09-18 15:09 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1026

RP: -> 2013-09-17 14:05 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1025

RP: -> 2013-09-16 10:41 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1024

RP: -> 2013-09-15 09:54 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1023

RP: -> 2013-09-14 04:42 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1022

RP: -> 2013-09-13 03:00 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1021

RP: -> 2013-09-12 03:00 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1020

RP: -> 2013-09-10 22:49 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1019

RP: -> 2013-09-09 22:01 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1018

RP: -> 2013-09-08 06:45 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1017

RP: -> 2013-09-07 00:09 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1016

RP: -> 2013-09-05 23:26 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1015

RP: -> 2013-09-04 21:59 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1014

RP: -> 2013-09-03 19:21 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1013

RP: -> 2013-09-02 14:40 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1012

RP: -> 2013-09-01 13:22 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1011

RP: -> 2013-08-31 09:32 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1010

RP: -> 2013-08-30 08:10 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1009

RP: -> 2013-08-29 03:52 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1008

RP: -> 2013-08-28 03:00 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1007

RP: -> 2013-08-27 23:52 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1006

RP: -> 2013-08-26 23:30 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1005

RP: -> 2013-08-25 13:48 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1004

RP: -> 2013-08-24 12:27 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1003

RP: -> 2013-08-23 08:36 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1002

RP: -> 2013-08-21 18:53 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1001

RP: -> 2013-08-20 06:07 - 028672 _restore{2591FEA6-58F6-416C-AA70-D32E94B265EA}\RP1000


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 2047.48 MB
Available physical RAM: 1786.45 MB
Total Pagefile: 1878.14 MB
Available Pagefile: 1811.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.18 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:149.04 GB) (Free:86.11 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Removable) (Total:0.97 GB) (Free:0.59 GB) FAT
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 18492916)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 993 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=992 MB) - (Type=06)

==================== End Of Log ============================

And the Search results of FRST:
Farbar Recovery Scan Tool (x86) Version: 20-09-2013
Ran by SYSTEM at 2013-09-21 09:39:42
Running from F:\
Boot Mode: Recovery

================== Search: "services.exe" ===================

C:\WINDOWS\system32\services.exe
[2006-02-28 08:00] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\WINDOWS\system32\dllcache\services.exe
[2010-08-07 21:54] - [2009-02-06 07:11] - 0110592 ____C (Microsoft Corporation) 65df52f5b8b6e9bbd183505225c37315

C:\WINDOWS\ServicePackFiles\i386\services.exe
[2010-08-07 05:30] - [2008-04-14 05:42] - 0108544 ____C (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2010-08-08 06:54] - [2008-04-14 05:42] - 0108544 ____C (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2010-08-07 05:25] - [2006-02-28 08:00] - 0108032 ____C (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2010-08-07 21:54] - [2009-02-06 07:06] - 0110592 ___AC (Microsoft Corporation) 020ceaaedc8eb655b6506b8c70d53bb6

=== End Of Search ===

Any help genuinely appreciated. Thanks.

RP
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================

I don't see anything malicious there.

Do you remember when was the last time (date) when you were able to boot to normal mode?
 
Thank you for your reply.

The last time I was able to boot successfully was 3 or 4 days ago. Shutdown was normal. I've not had any indications of hardware issue, but that probably really amounts to nothing. Since I can get into Safe Mode repeatedly, I have taken the time to retrieve any files that cannot be duplicated. I'd rather not have to upgrade to a newer version at this time but that may not be an option here. Any related suggestions would be appreciated.
 
You will need a USB flash drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Next download rst.sh to your USB flash drive
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see rst.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash rst.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named enum.log
  • Remove the USB drive and insert it back in your working computer and navigate to enum.log

    Please note - all text entries are case sensitive
Copy and paste the enum.log for my review
 
Enum.log entries below:


32.4M Sep 21 16:12 /mnt/sda1/WINDOWS/system32/config/software
6.8M Sep 21 16:12 /mnt/sda1/WINDOWS/system32/config/system

32.4M Sep 8 10:45 /sda1/~/RP1017/~SOFTWARE
32.4M Sep 10 02:01 /sda1/~/RP1018/~SOFTWARE
32.4M Sep 11 02:49 /sda1/~/RP1019/~SOFTWARE
32.4M Sep 12 07:00 /sda1/~/RP1020/~SOFTWARE
32.4M Sep 13 07:00 /sda1/~/RP1021/~SOFTWARE
32.4M Sep 14 08:42 /sda1/~/RP1022/~SOFTWARE
32.4M Sep 15 13:54 /sda1/~/RP1023/~SOFTWARE
32.4M Sep 16 14:41 /sda1/~/RP1024/~SOFTWARE
32.4M Sep 17 18:05 /sda1/~/RP1025/~SOFTWARE
32.4M Sep 18 19:09 /sda1/~/RP1026/~SOFTWARE
32.4M Sep 19 09:39 /sda1/~/RP1027/~SOFTWARE
32.4M Sep 21 11:03 /sda1/~/RP1028/~SOFTWARE
32.2M Aug 11 15:13 /sda1/~/RP991/~SOFTWARE
32.2M Aug 12 21:56 /sda1/~/RP992/~SOFTWARE
32.2M Aug 14 01:23 /sda1/~/RP993/~SOFTWARE
32.2M Aug 14 07:00 /sda1/~/RP994/~SOFTWARE
32.2M Aug 15 07:00 /sda1/~/RP995/~SOFTWARE
32.4M Aug 16 08:46 /sda1/~/RP996/~SOFTWARE
32.4M Aug 16 11:27 /sda1/~/RP997/~SOFTWARE
32.4M Aug 17 17:00 /sda1/~/RP998/~SOFTWARE
32.4M Aug 18 18:37 /sda1/~/RP999/~SOFTWARE
32.4M Aug 20 10:07 /sda1/~/RP1000/~SOFTWARE
32.4M Aug 21 22:53 /sda1/~/RP1001/~SOFTWARE
32.4M Aug 23 12:36 /sda1/~/RP1002/~SOFTWARE
32.4M Aug 24 16:27 /sda1/~/RP1003/~SOFTWARE
32.4M Aug 25 17:48 /sda1/~/RP1004/~SOFTWARE
32.4M Aug 27 03:30 /sda1/~/RP1005/~SOFTWARE
32.4M Aug 28 03:52 /sda1/~/RP1006/~SOFTWARE
32.4M Aug 28 07:00 /sda1/~/RP1007/~SOFTWARE
32.4M Aug 29 07:52 /sda1/~/RP1008/~SOFTWARE
32.4M Aug 30 12:10 /sda1/~/RP1009/~SOFTWARE
32.4M Aug 31 13:32 /sda1/~/RP1010/~SOFTWARE
32.4M Sep 1 17:22 /sda1/~/RP1011/~SOFTWARE
32.4M Sep 2 18:40 /sda1/~/RP1012/~SOFTWARE
32.4M Sep 3 23:21 /sda1/~/RP1013/~SOFTWARE
32.4M Sep 5 01:59 /sda1/~/RP1014/~SOFTWARE
32.4M Sep 6 03:26 /sda1/~/RP1015/~SOFTWARE
32.4M Sep 7 04:09 /sda1/~/RP1016/~SOFTWARE
6.7M Sep 8 10:45 /sda1/~/RP1017/~SYSTEM
6.7M Sep 10 02:01 /sda1/~/RP1018/~SYSTEM
6.7M Sep 11 02:49 /sda1/~/RP1019/~SYSTEM
6.7M Sep 12 07:00 /sda1/~/RP1020/~SYSTEM
6.7M Sep 13 07:00 /sda1/~/RP1021/~SYSTEM
6.7M Sep 14 08:42 /sda1/~/RP1022/~SYSTEM
6.7M Sep 15 13:54 /sda1/~/RP1023/~SYSTEM
6.7M Sep 16 14:41 /sda1/~/RP1024/~SYSTEM
6.7M Sep 17 18:05 /sda1/~/RP1025/~SYSTEM
6.7M Sep 18 19:09 /sda1/~/RP1026/~SYSTEM
6.7M Sep 19 09:39 /sda1/~/RP1027/~SYSTEM
6.7M Sep 21 11:03 /sda1/~/RP1028/~SYSTEM
6.7M Aug 11 15:13 /sda1/~/RP991/~SYSTEM
6.7M Aug 12 21:56 /sda1/~/RP992/~SYSTEM
6.7M Aug 14 01:23 /sda1/~/RP993/~SYSTEM
6.7M Aug 14 07:00 /sda1/~/RP994/~SYSTEM
6.7M Aug 15 07:00 /sda1/~/RP995/~SYSTEM
6.7M Aug 16 08:46 /sda1/~/RP996/~SYSTEM
6.7M Aug 16 11:27 /sda1/~/RP997/~SYSTEM
6.7M Aug 17 17:00 /sda1/~/RP998/~SYSTEM
6.7M Aug 18 18:37 /sda1/~/RP999/~SYSTEM
6.7M Aug 20 10:07 /sda1/~/RP1000/~SYSTEM
6.7M Aug 21 22:53 /sda1/~/RP1001/~SYSTEM
6.7M Aug 23 12:36 /sda1/~/RP1002/~SYSTEM
6.7M Aug 24 16:27 /sda1/~/RP1003/~SYSTEM
6.7M Aug 25 17:48 /sda1/~/RP1004/~SYSTEM
6.7M Aug 27 03:30 /sda1/~/RP1005/~SYSTEM
6.7M Aug 28 03:52 /sda1/~/RP1006/~SYSTEM
6.7M Aug 28 07:00 /sda1/~/RP1007/~SYSTEM
6.7M Aug 29 07:52 /sda1/~/RP1008/~SYSTEM
6.7M Aug 30 12:10 /sda1/~/RP1009/~SYSTEM
6.7M Aug 31 13:32 /sda1/~/RP1010/~SYSTEM
6.7M Sep 1 17:22 /sda1/~/RP1011/~SYSTEM
6.7M Sep 2 18:40 /sda1/~/RP1012/~SYSTEM
6.7M Sep 3 23:21 /sda1/~/RP1013/~SYSTEM
6.7M Sep 5 01:59 /sda1/~/RP1014/~SYSTEM
6.7M Sep 6 03:26 /sda1/~/RP1015/~SYSTEM
6.7M Sep 7 04:09 /sda1/~/RP1016/~SYSTEM
 
Please open the terminal again from your USB device and type:

bash rst.sh -r

Press Enter

Type 1018 and press Enter.

When done restart your computer normally and see if you can successfully log on now.
 
Performed task as described above. PC does not boot normally, still freezes at the same point of the Windows splash screen progress bar. Can boot to Safe Mode as before.
 
Go Start>Run (Start Search in Vista/7), type in:
msconfig
Click OK (hit Enter in Vista/7).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?
 
Good morning Broni,

I fear I may actually have a hardware issue. PC will not boot to Safe Mode this morning. It attempts to but freezes when loading the MUP.sys file. The hard drive continues to have activity (hear it and see the light flashing) but it does not finish going to Safe Mode. It has been running this way for over an hour now.
 
More information. Apparently we had a power outage last night. PC is set to restart after power disruption. I believe it is running CHKDSK now because of that. That is why it is stopped at MUP.sys. Will wait it out and post what I find.
 
Ok, back to where I was. Can boot into Safe Mode. Completed tasks as you recommended. No change in outcome. PC freezes at same point in Windows splash screen showing progress bar.
 
Well, at this point since this is not malware related...

In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
 
Thank you Broni for all your support! I genuinely appreciate your time and effort. Enjoy the rest of you weekend!

Best regards,
RP
 
Back