Posts by gerbil

Delete services?
==Go Start, run, type services.msc -and press Enter. Maximise the window and at foot select Extended tab, scroll to the specific service, rclick it, select properties. Write down the exact Service Name. Press Stop if it is highlighted [you may have to set the service Startup Type to Disable first]. Close Services, now type this line into the run text box and press Enter:
sc delete "exact Service Name" - don't be silly now....

Yes, you can delete those two entries. They are malware. I guess I did not see them ion the ht log because you had them stopped.
And I modified my previous post... re Windows Desktop Search.

Good-oh, dilwar. don't worry about not finding the files, at least the starting emtries are now gone.
IE... I don't set any homepage [how often do you wish to go there?].In IE go Tools, Internet options, General, and click Use Blank.
You can uninstall Google Toolbar. Same with Vuze Remote toolbar, I imagine, although because I do not know it, there is a chance that it is a required add-on for some software you have installed.
Windows Desktop Search. You can uninstall that too... it a is a file indexer. For fast searching. Whoopee.
And that is about it for speeding things up. I don't run any antispyware service.... if I ever caught anything I would run it then as a cleaner.

Windows Repair... you keep most of your applications intact, but lose all you security updates. Ugh. A last resort.... I would not call it exactly non-destructive. Nothing happened? It takes 20mins or so... and your sys gets slung back to the stone ages [some of registry is reset back to the one stored in system32\repair, which is probably the one saved when you first installed], and sys files are replaced with oldies. The pain...
Anyway, is it "better"?

stone, the email bots will be closing in on the addy you posted. Enjoy their attentions.

Thanks, dilwar,
start hijackthis again, click Scan.
- place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [PersonalPC] C:\WINDOWS\DroModule.exe
O4 - HKLM\..\Run: [HKLM] C:\WINDOWS\system32\windupdates\windupdates.exe
O4 - HKCU\..\Run: [PersonalPC] C:\WINDOWS\DroModule.exe
O4 - HKCU\..\Run: [HKCU] C:\WINDOWS\system32\windupdates\windupdates.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\windupdates\windupdates.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\windupdates\windupdates.ex
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\uk.htm
O15 - Trusted Zone: http://download.windowsupdate.com

Good. Now delete these files:
C:\WINDOWS\DroModule.exe
C:\WINDOWS\system32\windupdates\windupdates.exe
C:\APPS\IE\offline\uk.htm

and this folder:
C:\APPS\IE\offline\

Run Hijackthis again. If any of the above entries exist please post the new log.

Hello, jemz, just load the OS you wish to keep, delete the files or the partition of the other OS, then modify your boot.ini to reflect the change. Let's say you decide to keep XP: rclick MyComputer > Properties > Advanced tab, Startup n Recovery Settings, press Edit. Make it something like this:
[boot loader]
timeout=4
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP-SP3 Home Edition" /noexecute=optin /fastdetect

Press Ctrl-S.
Done.

Or, instead of eavesdropping on your own mother, you might like to do this...
You can make a clone or an image of the base installation:
i-set up a clean base installation with all that you want on it in the way of settings and applications on a partition of say, 8GB. 10, if you really need the space. That will be C: Leave the remainder off the hdd unallocated.
ii-clone [partition copy] the base installation partition to the inside edge [rhs] of the unallocated space to an 8GB partition [in the clone wizard just lclick the target space and drag it across to the right]. Hide it.
iii-expand the base installation partition to take up the remainder of the unallocated space.
ii & iii can be achieved in the one run.
She blows Windows, just insert the bootable cd and copy the clone back into C:
It doesn't get much easier. And the software to enable you to do all that [incl the bootable cd] is Partition Wizard. Really wizard, cos it is free.
That copy [clone] of the initial installation is a sector by sector copy, hence the idea of initially making C: a small partition, and later expanding that partition to max.
Or you can do the same thing by making a compressed image of the initial base C: and put it onto dvds... [ but you will lose those... so the hidden clone is easiest]. Image it …

Hello, rohit... perhaps you could give us some sort of starting point...
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then...
-in that folder start HijackThis by dclicking the .exe
-CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.

We can use this tool to identify the actual startup entries and delete them:
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then...
-in that folder start HijackThis by dclicking the .exe
-CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.

I don't know what I was thinking... boot.ini is obv ok because you got windows up, somewhat. [DrWatson gave you a BSOD... :)]

For XP...
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Key Name: NoDriveTypeAutoRun
Set the value to 91 hex [dec 145]. Setting a bit disables the feature.
http://www.pctools.com/guides/registry/detail/1142/
That should enable AutoInsertNotification for CD-ROM drives, RAM disk drives,Removable drives (Floppy, ZIP), Hard disk drives and Unknown drives.

http://www.webtree.ca/windowsxp/tools/bootdiscs/xp_rec_con.zip
Unzip, and then burn the .iso [do not open the iso].

Hi. You've picked up some malware, all the way from Indonesia. Try this:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].
And do try to avoid registry repair software. They only remove some...some... orphaned entries. Anything "legitimately" there, ie keys linked to malware... won't be removed! The bulk of the entries they proudly remove are those which would be cycled out over time, such as pointers to recently used files, or data placed by M$ for links that you don't have the software for and so do not use.

Back up a bit. On that options screen [Safe mode, LKG....] cancel auto restart on error. Then restart and note the BSOD error number, and any faulting process... post them.
From what you have listed as discovered partitions... [you must have entered Setup to see those - whoops] the first is your recovery partition from Emachines, the second [unknown] - is that your drive [partition] where windows is? If so, your MBR's partition table is possibly damaged, and that would be why you cannot start Windows..
There are no RC commands that can fix that problem.
bootconfig [with the right options] can be used to search your disk for Windows installations and then to create a correct boot.ini file. But with the RC command "type" and a suitable path...
type c:\boot.ini
...you can quickly check if the original is okay. Also.
Anyway, if the partition table is corrupted then you would need to slave the drive to repair it, else have a bootable cd with the correct type of tool.
It's all fun, and we can help.

Looks like a good job. Teresa seems to be your other problem..., we don't have a solution for that. But Google, you never know. :)
As a final check you might do this...
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then...
-in that folder start HijackThis by dclicking the .exe
-CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.

" w/ original key on the tower". Well, grab an XP cd and reinstall with that key. There is no need at all to buy another XP licence.

"downloaded GMER and renamed the random name to GMER.EXE and run it. That stopped with an error almost instantly." Oh? Something was looking out for GMER.exe
Gmer gives you a good hint when it suspects a file - it redlines it and pops a warning window. You won't miss it. And if GMER locks up then it has hit a problematic file that is likely trying to protect itself.
Don't bother scanning pure data partitons... eg music, pics, docs. Rootkits are going to be in your boot drive with the OS, anywhere else -even an applications drive- and the file activity is a little obvious.

Now I'm starting to wonder if you have the licence for the Windows on that machine....
If you did, you'd simply reinstall.

" Does WIn32/Virut ring a bell."? consensus is that it of no use trying to repair any Virut infection - the damage it does is too great.
If anything gets into System Restore you can remove it simply by toggling Restore off then on again. That clears all Restore files.
Please don't confuse X:\Recycler [part of recycle bin] with X:\SysVolInf [restore points for that drive].
anything in the Recycle Bin is easy to deal with.
That was a deeeep dredge.. Sept 2004. But anyway....

don't fret too much, Avast seems to have saved you from much damage. Let's see what this does...
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].

That would be malware.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then...
-in that folder start HijackThis by dclicking the .exe
-CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.

One other thing occurs to me.... what happens if you copy a LARGE file to anywhere else on your disk... say 1GB or more? does it slow down?
Loading an app involves a lot of disk activity, reads, writes... which means a lot of data transfer through the disk controller and through the mb disk interface. On an Intel system that would be the Southbridge chip. Thinking temperature rising too high when very active... I know that you have run Sandra but that is a quick test... give your hdd some real work.

:), just do it.. takes mere seconds.
Just to clarify what you mean, could you post a screenshot of your explorer window?

Have you tried cleaning the malware? Cleaning is very often possible and successful.Will your OS run, even in Safe Mode? Do you have an active AV? Did it report a problem? Have you tried a malware scan? Cleaning is normally easier than reinstalling [it's not the reinstallation, but the resetting of your personal settiings, reloading all updates and software and drivers which takes days].
Here...
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].

I'd walk over hot coals before I embarked upon a raw reinstallation. Which is why I update a disk image occasionally.
If it coms down to it Dban is painfree. Apart from the empty disk you end up with, and what lies ahead.

"if the machine cant see a boot sector" then the MBR [there is one on the disk because he formatted it] will pop the relevent message.
Pull the graphics card... google tells me it has integrated graphics, so there is a means to test that card.

Mm, okay, just thought your AV may have gone haywire, taking too long to check opening files. You've done a rootkit scan? GMER, or Rootkit Unhooker [v3.8 if you can find it], Ice Sword, or RootkitRevealer from technet.
Right, you seem pretty forensic by nature judging from the services you have running. I suggest you get Process Explorer and Process Monitor from technet.
http://technet.microsoft.com/en-au/sysinternals/default.aspx
Best you close all other applications first to avoid clutter, then.....
PM... it starts up running, so stop the scan. Clear those events, then retart the scan and open an app. Stop the scan when the app is fully open, use the buttons to show only processes, then look for any which cause an inordinate jump in Relative time. Check also File System activity with the relevent button.
PE... search for dependancies which should not be linked to that app. Tricky. Under View > Update speed is a Pause option to stop data refresh.

Try using the Recovery Console on your installation cd. To enter it, start setup as usual but then choose the R option. If your hdd is faulty then it will not proceed far because the Recovery Console requires windows on the drive to be recognizable.
It may of course be the motherboard at fault, ie. the drive interface [which is the Southbridge if an Intel-based machine]. And unfixable save by the manufacturer. Simplest check of that is to plug in a different hdd and see if Setup can proceed.
So...If your machine is actually still bootable then do this [this procedure will burn a diagnostic program onto a cd which in turn may be used to boot your machine and check the hd] :
You'll need access to a computer with Internet connectivity and a CD burner, plus a blank CD-R or CD-RW.
Then go to this link: http://support.thetechguys.com/Uploads/%7Bb4d5f239-78d9-4bd8-8e7a-2de1983b4d7d%7D/DiagCD23.exe
Either Run the file download or Save diagcd23.exe to your computer and dclick it to run. The procedure is quite automatic: you will be asked to insert a blank CD for burning the file.
Once the disk is created, put it in your broken machine, then restart it. It should boot from the CD and then give you the opportunity to run a Long HDD (hard disk) test. The utility supports a wide range of disk manufacturers.
Say how you get on.

Hello, jemz, try this.... Go Start, and into the Run box type or paste...
regsvr32 mydocs.dll
...and press Enter.

Heya, euro. That sys has integrated graphics... ie. they are a part of the mb chipset, and not a plug-in card.
Yes, you should see the BIOS run, or try to.... it could be the power supply not providing correct voltages, mb, RAM, cpu, the display. Or a corrupted BIOS. If anything else was failing I think BIOS would at least run and indicate the problem.

Disconnect from the web [unplug, or use your firewall to block access temporarily], then turn off Avira. Try loading apps again.

Hello, Harriet, I use Syncback Free V3..... Backs up to any connected drive you choose, including removables. It's good, it's very configurable, it's here:
http://www.2brightsparks.com/downloads.html#freeware

For a start, Media Disconnected stops most things. On the failing sys neither LAN not Wireless are connected. It could be hardware, or... rclick your connection icon in the task bar on the failing sys, and uninstall it. Or do it via Network Connections in CP. Then either restart the sys and let Windows detect and auto-install the drivers or go to Add New Hardware in CP.
Good. Now this time, enter...
ipconfig /all
Do you now have a Def Gateway address? If not, try connecting to your router with a LAN cable, run ipconfig /all again.
-to save you typing what is in the cmd window, rclick in the top border, go Edit, Select all. Rclick again in border, go Edit, Copy. And paste here.
You should not consider the info as sensitive. It makes thing difficult for me if you don't show it, and your router firewall will prevent hacking.
I cannot see how you do not have a Default Gateway IP for even the working computer.!!??

Who set in the IPV6 addressing protocol? And why the Tunnel Adapter connections? Just wondering.

USB driver okay? Check Device Mgr.
Some motherboards have a couple of different chips that can handle USB ports. For example, one may be an expansion device, and only allow 1.1 to say, the front panel connectors. Weird, but on older boards that was how they got extra USB physical ports.
Good luck, anyway.

Ah, noted.... so the router is fine. No chance that the failing sys has lost the router configuration data for a wireless connection? ie the router's SSID and encryption key for that computer's Network no.?

The router IP address would likely be something like 192.168.0.1
To find it exactly, open a cmd window, enter..
ipconfig
The router address will be shown at Default Gateway. Type it into a browser address line on the failing computer. Ensure that the router is set to allow Active Scanning [unhide its Access Point].

Use this software and your XP installation cd to make a bootable flashdrive Recovery Console:
Go to this page and dl the file Mkrecovery.zip. Extract from it.
http://www.softpedia.com/get/System/System-Miscellaneous/USB-Recovery-Console.shtml

Use of mkrecovery.cmd
--------------------------------------------------
Right click over mkrecovery.cmd and click edit:

In _setting....
-change USBDRV value R: to the letter of your USB Drive.
-change XPSRC to the path of your Windows XP Setup folder. eg S:\i386
** MAKE SURE THE USB DRIVE LETTER IS CORRECT **
...else you risk erasing a drive's contents!!!!!

-Save the file, insert a blank flashdrive, and then dclick on mkrecovery.cmd.
When creation completes copy into the USB key folder $WIN_NT$.~BT the two files autochk.exe and autofmt.exe from the i386 source folder.
For some reason these two are excluded....

Done? Boot the failing sys from the USB drive [use the one-time BIOS boot menu... F2, F8, or F10..... the BIOS front page will tell you which], and then when the RC loads [it should recognise the Windows installation] run...
chkdsk /r

Nothing there... although you should use Hijackthis to fix this entry:
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
It is most likely an uninstalled remnant from AVG8...?
Repeat the Scan, check the above entry and press Fix Checked button.
I have to ask.... your ZA firewall is not set to turn off all net access [for temporary total protection]? There is a setting, prob on the taskbar rclick popup....
If you enter your router/modem setup GUI page and check its statistics, does it show as connected to your ISP?
If the problem persists we can take the next step.

John, just in case.... open a cmd window, and enter..
ipconfig /renew
Close the window.

If you go to that link I gave above you can dl the EXECUTABLE to any drive. You can copy it [or even dl directly] to a floppy or flashdrive, even run it from that medium... it does not have to be on any hdd to run successfully. Scan, then Save the log file and a notepad of it will pop. Post that.

Hello, John.
The Malwarebytes run.... you must do it this way [atm no deletion/removal of threats has occurred, at least as far as the information in your post tells me...]:
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification. To deal with this navigate to system32\drivers, find atapi.sys and rename to atapi.sys.bak. Lclick anther folder in system32, and then after 10secs or so go back into \drivers. Check that another atapi.sys has been copied there. Yes? Good, delete atapi.sys.bak. NO? Then Immediately RENAME atapi.sys.bak to atapi.sys, and tell me.

Delete these two files [check they stay deleted]:
c:\windows\system32\drivers\bzmfeolo.sys
c:\docume~1\alluse~1\applic~1\T0IPiByb0.dat

From http://free.antivirus.com/hijackthis/ dl Hijackthis v2.04 [the executable]. Copy to its own folder and dclick to run. Close all other applications, and press Scan. Save and post the log.

I hope that you are running only …

Hello, alison. The manufacturer you want is the motherboard manuf. A simple tool to give you all the info you want without removing the case sides is ...
CPU-Z http://www.cpuid.com/downloads/cpu-z/1.54-setup-en.exe
I would test your RAM next, and the simplest tool to do that with is Memtest86+, from http://www.memtest.org/
-choose the download type you want [they are beneath the screenshots] according to whether you wish to run the test from a floppy or flashdrive. Or a cd burn....
-the tool runs from the bootable medium; you let it run for as long as you can bear - a couple of hours should do. Just ONE error is a RAM failure....
CPU-Z : post screenshots from the CPU, Mb and Mem pages.
The bluescreen gives important info. The actual error code and failing subsystem [process?] would be handy. If you don't have time to read it, cancel the auto restart on the startup options page when it appears [What do you want to do... Safe mode, LKG, Normal... page].
We'll go from there.

Jemz, if you only have one OS in the boot.ini file, ie no choice, then it makes no difference at all - you could leave it at 30secs or 0 secs, but ntldr will ignore that timeout value and just proceed immediately to load the OS. A window showing the default OS will not appear.
If you have more than one OS then you leave no time to make a choice... and it is likely that the window showing the OS list would not have time to appear, anyway. I have two OSs installed, and 4secs is plenty of time to make a choice if I so wish, else after 4secs the default OS loads anyway.
Clear? :)

When you get the options screen turn off the automatic restart, then capture and post the BSOD msg.

Setup is weird. I somehow get the feeling [but do not exactly know] that if it discovers files, even on a formatted drive it may use them, not overwrite them. I have no idea how. Try using a disk wiper. This one is simple, use it to burn a CD-RW.
http://www.dban.org/download
This version runs from a flashdrive or floppy. http://sourceforge.net/projects/dban/files/dban/dban-1.0.7/dban-1.0.7_i386.exe/download
-just dclick that exe to install it to a floppy or flashdrive.

You have obviously removed MyWebSearch.... this is a remnant; it is easily fixed.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then...
-in that folder start HijackThis by dclicking the .exe
-CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.

Hello, jemz, one usually sets it as the hdd that you will install your OS to. When you enter BIOS [by pressing the Delete key] there will be a selection in there at the boot menu page. Your boot disk, if IDE, should be Primary. If you have been using the sys successfully and have not made any hardware changes then there should be no need to bother with this.
When starting your system in order to run Setup [installation pgm] it is best if you use the BIOS one time Boot Menu - it differs with machines but you generally enter it with F2 F8 or F11 key press [your BIOS front page should tell you which], select your cd drive and away you go.

You cannot do this from within Windows XP itself. Simplest is to get one of these free tools; they will allow you to delete the two partitions and then extend the C: partition so as to occupy fully the available space. All are quite straightforward to use.
GParted, a Linux tool which is a bootable cd package... http://sourceforge.net/projects/gparted/ - you want the LiveCD package; dl and BURN the .ISO. Directly.
Or there is Paragon Partition Manager. http://www.paragon-software.com/home/pm-express/download.html -the free version will suit your needs, make either a bootable cd or flashdrive.
Or EASUS Partition Master. http://www.partition-tool.com/personal.htm - does the lot.
good luck.

You have problems with a few entries there.

O2 - BHO: Street-Ads Browser Enhancer stsyfvxh - {B2A0D15F-32BB-4010-8C77-88E753FB2D13} - C:\WINDOWS\system32\stsyfvxh.dll
O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [MChk] C:\WINDOWS\system32\zliwqlsp.exe

May I suggest that you do this?...
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].

Cannot see much wrong, except that you might remove these entries with hijackthis...

O4 - HKUS\S-1-5-19\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'LOCAL SERVICE')
O20 - Winlogon Notify: RailNotification - C:\WINDOWS\

The first was for a government-mandated "advertisement/choice", the second has a null value.

Malware interfering with permissions on security-related processes?

You could try removing XP's identifier for that drive in case there are problems with it. [XP does not record hidden drives, by the way]. The key is HKEY_LOCAL_MACHINE\System\MountedDevices, and you can do it the hard way or the easy way, the latter being to export that key for safety reasons, then deleting the whole MountedDevices key.
The hard way is to identify the entries relating to your USB device by finding it at \DosDevice\... , then at \??\Volume{... and removing those entries.
If you follow the easy way XP will rebuild the key as it recalculate the identifiers for all drives actually connected when it next restarts, and then as any other drives are connected.
I suppose a third way would be to use MBRWhiskey to delete the Disk Signature of the USB drive. XP would then have to recalculate it plus the volume identifiers for partitions on that disk, and then the MounteDevices entries. But I have not tried that.

"Can I create a partition just for their User Account (so if they download bugs or catch something bad it won't affect me)?" No, a partition just for them won't change a thing, security-wise. But you can restrict the damage by only giving them a User account.
"will I be able to partition this late into the HDs' lifespans?" Why are you keeping the data that is on the hdds already? But yes, you can.. linux [GParted] will allow you to easily shrink a pre-existing partition as long as it has free space. Which you create by deleting rubbish.
"You can have two copies of windows on an System." That means two licenses. And a lot of bloat... two AVs [they will not greatly, mutually interfere in this case], two firewalls, ...2 of everything... a loss of precious disk space. And no extra security from a virus, as distinct from trojans, worms and other spyware...