Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Boot Menu

Do you have BIOS questions or issues? Want to discuss Linux or other non-Microsoft operating systems? Ask your computer related questions that don't quite fit in any other sub-forum here.

Boot Menu

Unread postby Slim Nelson » July 11th, 2013, 2:54 pm

I have had my computer set up to dual boot Ubuntu alongside Windows Vista for about a month or so now. I used the Wubi Installer.

And just recently, I downloaded a program called EasyBCD, which is like an easy to use boot menu editor.

I used it to rename both the boot menu OS names and also switch the order around. Then I restarted my system to check out the changes. It ended up changing both of the boot menu OS system names to the name of the Windows Vista option and either one I select, it takes me to Windows Vista.

I can no longer select Ubuntu now. So I figured since I used the Wubi installer for Ubuntu, I would just uninstall it and the boot menu would go back to only the Windows Vista option again and I can install Ubuntu again after, but it's still the same with two options to select Windows Vista. I uninstalled and reinstalled EasyBCD to see if I can fix it within the program but no luck. I just want my boot menu back to normal where it doesn't even show up and goes straight to Windows Vista, then I can reinstall Ubuntu.

I haven't tried installing Ubuntu again, figured I should first see if anyone has any professional help. Any suggestions?

Anyone's help will be greatly appreciated.
User avatar
Slim Nelson
Regular Member
 
Posts: 135
Joined: June 18th, 2013, 2:17 pm
Location: Nul
Advertisement
Register to Remove

Re: Boot Menu

Unread postby Slim Nelson » July 16th, 2013, 7:30 pm

Anybody? :sad1:
User avatar
Slim Nelson
Regular Member
 
Posts: 135
Joined: June 18th, 2013, 2:17 pm
Location: Nul

Re: Boot Menu

Unread postby Gary R » July 17th, 2013, 1:54 am

Personally I'm not in favour of dual booting, in my experience it causes way too many problems. I don't know whether I can help any, but let's take a look at your BCD and see if that can tell us something as to why you're having the problems you're having.

  • Download either FRST or FRST64 to your Desktop. (depending on whether you have a 32 bit or 64 bit OS)
  • Double click Frst.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Check the List BCD option.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post just the FRST.txt in your next reply.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Boot Menu

Unread postby Slim Nelson » July 17th, 2013, 2:23 am

Whether you can or can't, your help is greatly appreciated. Thank you.


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-07-2013
Ran by Brett Sjoholm (administrator) on 17-07-2013 02:21:23
Running from C:\Users\Brett Sjoholm\Desktop
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(TuneUp Software) C:\Windows\System32\TUProgSt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA) C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
(Tordex) C:\Program Files\StartKiller\StartKiller.exe
(xwidget.com) C:\Program Files\XWidget\xwidget.exe
(Team XBMC) C:\Program Files\XBMC\XBMC.exe
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - RtHDVCpl.exe [x]
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2219184 2010-11-04] (ESET)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [TOSCDSPD] - TOSCDSPD.EXE [x]
HKCU\...\Run: [xwidget] - C:\Program Files\XWidget\xwidget.exe [1770496 2012-12-04] (xwidget.com)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
MountPoints2: {1f36164f-4c62-11e2-9a43-005056c00008} - E:\ToolLauncher-Bootstrap.exe
MountPoints2: {569c7d08-0e3a-11e2-ae3a-005056c00008} - F:\Autorun.exe /s
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Start Killer.lnk
ShortcutTarget: Start Killer.lnk -> C:\Program Files\StartKiller\StartKiller.exe (Tordex)
Startup: C:\ProgramData\Start Menu\Programs\Startup\XWidget.lnk
ShortcutTarget: XWidget.lnk -> C:\Program Files\XWidget\xwidget.exe (xwidget.com)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
URLSearchHook: (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_06\bin\jp2ssv.dll No File
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default
FF user.js: detected! => C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\user.js
FF Homepage: chrome://foxtab/content/homepage.html
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
FF Extension: No Name - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
FF Extension: Ghostery - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\firefox@ghostery.com
FF Extension: HTTPS-Everywhere - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\https-everywhere@eff.org
FF Extension: FEBE - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF Extension: FT DeepDark - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
FF Extension: WOT - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: facebook - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\facebook@disconnect.me.xpi
FF Extension: google - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\google@disconnect.me.xpi
FF Extension: jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\jid0-GjwrPchS3Ugt7xydvqVK4DQk8Ls@jetpack.xpi
FF Extension: jid0-irAmugmQgdURBSCIFZAcjR8ZQMg - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\jid0-irAmugmQgdURBSCIFZAcjR8ZQMg@jetpack.xpi
FF Extension: jid1-F9UJ2thwoAm5gQ - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi
FF Extension: john - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\john@velvetcache.org.xpi
FF Extension: twitter - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\twitter@disconnect.me.xpi
FF Extension: No Name - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
FF Extension: No Name - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF Extension: No Name - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF Extension: No Name - C:\Users\Brett Sjoholm\AppData\Roaming\Mozilla\Firefox\Profiles\6ebwe66s.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com)
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-11-04] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-11-04] (ESET)
S3 jswpsapi; C:\Program Files\Jumpstart\jswpsapi.exe [954368 2008-04-16] (Atheros Communications, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 TuneUp.Defrag; C:\Windows\System32\TuneUpDefragService.exe [360192 2011-08-14] (TuneUp Software)
R2 TuneUp.ProgramStatisticsSvc; C:\Windows\System32\TUProgSt.exe [603904 2011-08-14] (TuneUp Software)
S3 wbengine; "%systemroot%\system32\wbengine.exe" [x]

==================== Drivers (Whitelisted) ====================

R2 DigiNet; C:\Windows\System32\DRIVERS\diginet.sys [16400 2007-10-31] (Digidesign, A Division of Avid Technology, Inc.)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [137144 2010-09-03] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET)
S3 MAYA44; C:\Windows\System32\Drivers\Maya44.sys [363728 2013-01-10] (Audiotrack)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 pgusbmme; C:\Windows\System32\drivers\pgusbmm3.sys [44752 2013-01-10] (usb-audio.de)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2004-02-04] (Texas Instruments Incorporated)
R0 TPkd; C:\Windows\System32\Drivers\TPkd.sys [86016 2009-12-23] (PACE Anti-Piracy, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MAUSBFASTTRACK; system32\DRIVERS\MAudioFastTrack.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-17 02:21 - 2013-07-17 02:21 - 00000000 ____D C:\FRST
2013-07-17 02:20 - 2013-07-17 02:20 - 01218600 _____ (Farbar) C:\Users\Brett Sjoholm\Desktop\FRST.exe
2013-07-17 01:42 - 2013-07-17 01:43 - 00000000 ____D C:\Users\Brett Sjoholm\Desktop\No Doubt - Tragic Kingdom[mp3 320 Kbps][The Raven]
2013-07-17 01:38 - 2013-07-17 01:40 - 00000000 ____D C:\Users\Brett Sjoholm\Desktop\No Doubt - Push And Shove [2012]
2013-07-17 01:19 - 2013-07-17 01:23 - 00000135 _____ C:\Users\Brett Sjoholm\Desktop\.bat
2013-07-17 01:15 - 2013-07-17 01:15 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\Microsoft_Corporation
2013-07-13 18:03 - 2013-07-15 08:24 - 228005726 _____ C:\Users\Brett Sjoholm\Desktop\Scamper The Penguin.mp4
2013-07-13 17:49 - 2013-07-16 20:46 - 00000000 ____D C:\Users\Brett Sjoholm\Desktop\Greys Anatomy
2013-07-12 14:05 - 2013-07-12 14:05 - 00145656 _____ C:\Windows\Minidump\Mini071213-01.dmp
2013-07-10 19:24 - 2013-07-10 19:29 - 00000000 ____D C:\Intel
2013-07-10 13:47 - 2013-07-10 13:50 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 13:14 - 2013-05-08 00:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-10 00:38 - 2013-07-10 00:38 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-07-10 00:32 - 2013-07-10 19:09 - 00000000 ____D C:\Program Files\Driver Fusion
2013-07-09 23:37 - 2013-06-03 21:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-09 23:37 - 2013-06-01 00:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-09 23:37 - 2013-04-17 07:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-09 23:37 - 2013-04-17 07:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-09 23:37 - 2013-04-17 07:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-09 23:37 - 2013-04-17 07:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-09 23:37 - 2013-04-17 06:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-09 23:37 - 2013-04-17 06:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-09 23:37 - 2013-04-17 06:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-09 23:37 - 2013-04-17 06:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 23:37 - 2013-04-17 06:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-08 19:16 - 2013-07-08 19:58 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-07-08 13:12 - 2013-07-08 13:03 - 00000763 _____ C:\Users\Brett Sjoholm\Documents\Speccy.lnk
2013-07-08 13:04 - 2013-07-08 13:04 - 00000000 _____ C:\Windows\setuperr.log
2013-07-08 13:04 - 2013-07-08 13:04 - 00000000 _____ C:\Windows\setupact.log
2013-07-08 13:03 - 2013-07-08 13:03 - 00000000 ____D C:\Program Files\Speccy
2013-07-05 07:34 - 2013-07-05 07:34 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\noahdfear_tools
2013-07-03 16:08 - 2013-07-03 16:12 - 00000000 ____D C:\Users\Brett Sjoholm\dwhelper
2013-07-03 16:08 - 2013-07-03 16:12 - 00000000 ____D C:\Users\Brett Sjoholm\dwhelper
2013-07-03 14:43 - 2013-07-03 14:43 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\NeoSmart_Technologies
2013-07-03 14:36 - 2013-07-08 21:28 - 00000000 ____D C:\Program Files\NeoSmart Technologies
2013-07-02 18:52 - 2013-07-03 14:45 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\TypingMaster7
2013-07-02 18:52 - 2013-07-02 18:52 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\Thinstall
2013-06-26 12:48 - 2013-06-26 12:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-19 13:11 - 2013-07-12 14:05 - 323243125 _____ C:\Windows\MEMORY.DMP
2013-06-19 13:11 - 2013-06-19 13:11 - 00143288 _____ C:\Windows\Minidump\Mini061913-01.dmp
2013-06-17 23:28 - 2013-06-17 23:28 - 00000000 ____D C:\Users\Brett Sjoholm\New Folder
2013-06-17 23:28 - 2013-06-17 23:28 - 00000000 ____D C:\Users\Brett Sjoholm\New Folder
2013-06-17 21:10 - 2013-06-17 21:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-17 21:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-06-17 20:46 - 2013-07-10 19:27 - 00005806 _____ C:\Windows\PFRO.log
2013-06-17 20:02 - 2010-02-19 10:01 - 00035280 _____ (NTWind Software) C:\Program Files\CloseAll x86.exe

==================== One Month Modified Files and Folders =======

2013-07-17 02:21 - 2013-07-17 02:21 - 00000000 ____D C:\FRST
2013-07-17 02:20 - 2013-07-17 02:20 - 01218600 _____ (Farbar) C:\Users\Brett Sjoholm\Desktop\FRST.exe
2013-07-17 02:20 - 2011-08-17 17:40 - 00000000 ___RD C:\Users\Brett Sjoholm\Desktop
2013-07-17 02:20 - 2011-08-17 17:40 - 00000000 ___RD C:\Users\Brett Sjoholm\Desktop
2013-07-17 02:16 - 2011-08-17 00:12 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\uTorrent
2013-07-17 02:14 - 2011-08-14 07:05 - 01066156 _____ C:\Windows\WindowsUpdate.log
2013-07-17 02:04 - 2012-07-21 23:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-17 02:00 - 2013-05-18 01:28 - 00000502 _____ C:\Windows\Tasks\1-Click Maintenance.job
2013-07-17 01:43 - 2013-07-17 01:42 - 00000000 ____D C:\Users\Brett Sjoholm\Desktop\No Doubt - Tragic Kingdom[mp3 320 Kbps][The Raven]
2013-07-17 01:40 - 2013-07-17 01:38 - 00000000 ____D C:\Users\Brett Sjoholm\Desktop\No Doubt - Push And Shove [2012]
2013-07-17 01:28 - 2013-05-29 20:48 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\XBMC
2013-07-17 01:25 - 2006-11-02 08:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-17 01:25 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 01:25 - 2006-11-02 08:45 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 01:24 - 2006-11-02 08:58 - 00032646 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-17 01:23 - 2013-07-17 01:19 - 00000135 _____ C:\Users\Brett Sjoholm\Desktop\.bat
2013-07-17 01:15 - 2013-07-17 01:15 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\Microsoft_Corporation
2013-07-16 23:45 - 2011-09-02 20:19 - 00000000 ___RD C:\Users\Brett Sjoholm\Documents\Malware Removal University
2013-07-16 22:33 - 2011-08-14 08:08 - 00012288 _____ C:\Users\BRETTS~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-16 20:46 - 2013-07-13 17:49 - 00000000 ____D C:\Users\Brett Sjoholm\Desktop\Greys Anatomy
2013-07-15 15:22 - 2011-08-29 16:02 - 00000000 ___RD C:\Users\Brett Sjoholm\Documents\Files
2013-07-15 08:24 - 2013-07-13 18:03 - 228005726 _____ C:\Users\Brett Sjoholm\Desktop\Scamper The Penguin.mp4
2013-07-13 22:09 - 2011-08-17 14:54 - 00001044 _____ C:\Users\Brett Sjoholm\AppData\Roaming\vso_ts_preview.xml
2013-07-13 22:09 - 2011-08-17 14:52 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\Vso
2013-07-13 22:00 - 2011-08-19 05:02 - 00000000 ___RD C:\Users\Brett Sjoholm\Documents\ConvertXtoDVD
2013-07-12 14:05 - 2013-07-12 14:05 - 00145656 _____ C:\Windows\Minidump\Mini071213-01.dmp
2013-07-12 14:05 - 2013-06-19 13:11 - 323243125 _____ C:\Windows\MEMORY.DMP
2013-07-12 14:05 - 2011-08-19 04:58 - 00000000 ____D C:\Windows\Minidump
2013-07-10 19:30 - 2008-09-30 14:56 - 00000000 ____D C:\Program Files\Intel
2013-07-10 19:29 - 2013-07-10 19:24 - 00000000 ____D C:\Intel
2013-07-10 19:29 - 2011-08-14 07:56 - 00000000 ___RD C:\Users\Brett Sjoholm
2013-07-10 19:27 - 2013-06-17 20:46 - 00005806 _____ C:\Windows\PFRO.log
2013-07-10 19:27 - 2011-08-14 07:20 - 00000000 ____D C:\Windows\system32\Lang
2013-07-10 19:09 - 2013-07-10 00:32 - 00000000 ____D C:\Program Files\Driver Fusion
2013-07-10 18:51 - 2008-09-30 15:28 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-10 13:50 - 2013-07-10 13:47 - 00000000 ____D C:\Windows\system32\MRT
2013-07-10 00:38 - 2013-07-10 00:38 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-07-10 00:20 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-09 23:55 - 2006-11-02 08:44 - 02347056 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-09 23:52 - 2006-11-02 08:35 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-09 23:30 - 2006-11-02 07:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-08 21:34 - 2006-11-02 02:25 - 00000010 __RSH C:\config.sys
2013-07-08 21:28 - 2013-07-03 14:36 - 00000000 ____D C:\Program Files\NeoSmart Technologies
2013-07-08 20:01 - 2011-08-14 07:57 - 00125672 _____ C:\Users\BRETTS~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-08 19:58 - 2013-07-08 19:16 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2013-07-08 13:12 - 2012-12-15 07:05 - 00000000 ___RD C:\Users\Brett Sjoholm\Documents\Launcher
2013-07-08 13:04 - 2013-07-08 13:04 - 00000000 _____ C:\Windows\setuperr.log
2013-07-08 13:04 - 2013-07-08 13:04 - 00000000 _____ C:\Windows\setupact.log
2013-07-08 13:03 - 2013-07-08 13:12 - 00000763 _____ C:\Users\Brett Sjoholm\Documents\Speccy.lnk
2013-07-08 13:03 - 2013-07-08 13:03 - 00000000 ____D C:\Program Files\Speccy
2013-07-06 22:35 - 2013-05-31 19:32 - 00000000 ___RD C:\Users\Brett Sjoholm\Documents\XBMC
2013-07-06 22:35 - 2011-12-09 02:13 - 00000000 ___RD C:\Users\Brett Sjoholm\Documents\xwidget
2013-07-05 07:34 - 2013-07-05 07:34 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\noahdfear_tools
2013-07-03 16:12 - 2013-07-03 16:08 - 00000000 ____D C:\Users\Brett Sjoholm\dwhelper
2013-07-03 16:12 - 2013-07-03 16:08 - 00000000 ____D C:\Users\Brett Sjoholm\dwhelper
2013-07-03 15:58 - 2011-08-14 07:57 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\Google
2013-07-03 15:58 - 2008-09-30 15:33 - 00000000 ____D C:\Program Files\Google
2013-07-03 14:45 - 2013-07-02 18:52 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\TypingMaster7
2013-07-03 14:43 - 2013-07-03 14:43 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\NeoSmart_Technologies
2013-07-02 18:52 - 2013-07-02 18:52 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\Thinstall
2013-06-29 00:10 - 2012-05-04 16:08 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-26 12:48 - 2013-06-26 12:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-24 00:37 - 2006-11-02 06:24 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-06-19 13:11 - 2013-06-19 13:11 - 00143288 _____ C:\Windows\Minidump\Mini061913-01.dmp
2013-06-18 17:16 - 2011-08-14 14:07 - 00000000 ____D C:\Program Files\StartKiller
2013-06-18 13:46 - 2013-06-06 18:03 - 00000000 ____D C:\Program Files\Audio Convert Toolbox
2013-06-17 23:28 - 2013-06-17 23:28 - 00000000 ____D C:\Users\Brett Sjoholm\New Folder
2013-06-17 23:28 - 2013-06-17 23:28 - 00000000 ____D C:\Users\Brett Sjoholm\New Folder
2013-06-17 22:14 - 2011-12-09 02:13 - 00000000 ____D C:\Program Files\XWidget
2013-06-17 21:10 - 2013-06-17 21:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-17 20:46 - 2008-09-30 13:56 - 00000000 ____D C:\Program Files\Toshiba
2013-06-17 20:17 - 2013-05-29 20:45 - 00000000 ____D C:\Program Files\XBMC
2013-06-17 19:38 - 2008-09-30 14:58 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-17 19:30 - 2013-06-16 00:04 - 00000000 ____D C:\Users\Brett Sjoholm\AppData\Roaming\toshiba
2013-06-17 17:57 - 2011-08-14 07:57 - 00000000 ____D C:\Users\BRETTS~1\AppData\Local\Toshiba

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {c3083f8b-8f1e-11dd-ab96-001e33463af1}
displayorder {current}
{current}
toolsdisplayorder {572bcd56-ffa7-11d9-aae0-0007e994107d}
{memdiag}
timeout 10
resume No
customactions 0x1000000720001
0x54000001
custom:54000001 {572bcd56-ffa7-11d9-aae0-0007e994107d}

Windows Boot Loader
-------------------
identifier {572bcd56-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[\Device\HarddiskVolume1]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path \windows\system32\boot\winload.exe
description Windows Recovery Environment
osdevice ramdisk=[\Device\HarddiskVolume1]\Sources\boot.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows Vista
locale en-US
inherit {bootloadersettings}
recoverysequence {572bcd56-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c3083f8b-8f1e-11dd-ab96-001e33463af1}
nx OptIn

Resume from Hibernate
---------------------
identifier {c3083f8b-8f1e-11dd-ab96-001e33463af1}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

Windows Legacy OS Loader
------------------------
identifier {ntldr}
device unknown
path \ntldr
description Earlier Version of Windows

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Ramdisk Device Options
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \boot.sdi



LastRegBack: 2013-07-17 01:33

==================== End Of Log ============================
User avatar
Slim Nelson
Regular Member
 
Posts: 135
Joined: June 18th, 2013, 2:17 pm
Location: Nul

Re: Boot Menu

Unread postby Gary R » July 17th, 2013, 8:29 am

OK, there's a couple of "inconsistencies" in your BCD settings, but it's not clear at this point exactly what they're doing.

Please do the following ....

Open a Command prompt with Administrator level privileges (right click on cmd.exe and select Run as administrator)

Copy paste the following command into the command prompt ... bcdedit /v > "%userprofile%\desktop\bcdexport.txt" ... and hit Enter

A file bcdexport.txt should appear on your Desktop. Please post me the contents.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Boot Menu

Unread postby Slim Nelson » July 17th, 2013, 2:32 pm

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {c3083f8a-8f1e-11dd-ab96-001e33463af1}
resumeobject {c3083f8b-8f1e-11dd-ab96-001e33463af1}
displayorder {c3083f8a-8f1e-11dd-ab96-001e33463af1}
{c3083f8a-8f1e-11dd-ab96-001e33463af1}
toolsdisplayorder {572bcd56-ffa7-11d9-aae0-0007e994107d}
{b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 10
resume No
customactions 0x1000000720001
0x54000001
custom:54000001 {572bcd56-ffa7-11d9-aae0-0007e994107d}

Windows Boot Loader
-------------------
identifier {c3083f8a-8f1e-11dd-ab96-001e33463af1}
device partition=C:
path \Windows\system32\winload.exe
description Windows Vista
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {572bcd56-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c3083f8b-8f1e-11dd-ab96-001e33463af1}
nx OptIn
User avatar
Slim Nelson
Regular Member
 
Posts: 135
Joined: June 18th, 2013, 2:17 pm
Location: Nul

Re: Boot Menu

Unread postby Gary R » July 17th, 2013, 4:01 pm

OK, the reason you're getting Vista listed twice in your boot menu is because of the following entry ....

displayorder {c3083f8a-8f1e-11dd-ab96-001e33463af1}
{c3083f8a-8f1e-11dd-ab96-001e33463af1}

It may be possible for you to remove one of the entries using the info on the following page .... http://sourcedaddy.com/windows-7/how-to ... entry.html

Please note ... I have not tried this personally, so I can give no guarantee of its effectiveness or safety. Altering your BCD settings is risky at any time, so you should be aware of that fact.

If you decide to make the change, before making any changes I strongly recommend you backup your BCD to an external device .... http://www.nextofwindows.com/how-to-bac ... n-windows/
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Boot Menu

Unread postby Slim Nelson » July 17th, 2013, 5:04 pm

Just one question before I proceed. So far, I have created the backup file and put it on my jump drive.

Although, could I instead just create a restore point?

Because whether I can boot up or not after my BCD changes fail, I will always have the option to go to the Advanced Boot Options Menu by pressing F8 to select Repair Your Computer and then from there, it will take me to the System Recovery Options Screen, where I can use System Restore.
User avatar
Slim Nelson
Regular Member
 
Posts: 135
Joined: June 18th, 2013, 2:17 pm
Location: Nul

Re: Boot Menu

Unread postby Gary R » July 17th, 2013, 6:41 pm

There's certainly no harm in creating a System Restore point. I'm not sure whether Windows actually backs up BCD when it creates a RP or whether it just rebuilds it when you perform a restore. Having a BCD backup just ensures that if the worst happens then you should be able to recover the situation.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Boot Menu

Unread postby Slim Nelson » July 19th, 2013, 7:54 am

I found out that a restore point does not cover the BCD.

And also, I was looking into a few alternatives than having to use the run command. I came across a program called Visual BCD Editor, it seemed legit after searching it through Nortorn Safe Web and others so I downloaded it. After install and running it, I have noticed it's a lot more informational than EasyBCD was. I located the doubled displayorder id's right away and they are highlighted in this screenshot.

The program let me delete one of them and the problem has been fixed! Thanks for your help on this issue Gary. I appreciate it. :)
User avatar
Slim Nelson
Regular Member
 
Posts: 135
Joined: June 18th, 2013, 2:17 pm
Location: Nul
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Other Computer Issues



Who is online

Users browsing this forum: No registered users and 6 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware