Hi, greetings from the other side of the world

I recently detected that I had the Trojan SPM/LX and used SmitFraudFix to delete it . . . but like a bull in a china shop I probably rushed through the process without doing it properly . . . now I have got myself into big trouble

I'm running an Athlon 3200 AMD with Windows XP
I have an 80Gb drive with three partitions two of them boot C and D
I use C and my son uses D
we recently installed a 320Gb drive, but we have disconnected that for the moment
We are not running a floppy disk drive

After running SmithFraudFix I was unable to boot my C partition
it claimed that checkdisk not found skips checkdsk and proceeds
I cannot boot my C partition in safe mode
I can boot from the D partition but the windows system files seem to be in the root directory of the C partition
The D partition does not see the new hard drive at all and drive letters are different on the two boots

The computer had a problem not finding the ntldr file but I think I have fixed that, I was able to boot from a windows cd once or twice but not all of the time . . . I don't know why
I have made the cd/dvd the first boot device in the bios

I want to try and be able to boot from my C drive

I am a relatively old man and a noobie at the same time
I would be extremely grateful for any help
probably too late I have downloaded HiJackThis and done a scan but it only scans the D partition, the nasty files are on the C partition

look forward to seeing what anyone can make of this
thanks
Chris Loft

radiocurly.com
chrisloft.com

No one loves you Lofty, guess you'll just have to throw that useless pc away

Hello, lofty sorry for the delay getting to you, forums have been extremely busy lately!

Please do the following:

Please download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) and save it to your Desktop.
Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, DSS will open two Notepads: main.txt and extra.txt
Use Save As to save both Notepad files to your Desktop and post them in your next reply.

Hello, lofty sorry for the delay getting to you, forums have been extremely busy lately!

Please do the following:

Please download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) and save it to your Desktop.
Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, DSS will open two Notepads: main.txt and extra.txt
Use Save As to save both Notepad files to your Desktop and post them in your next reply.

thankyou for having a look at this for me Rahina Rescue. Here are the two files, let me know if there is any other information I need to give you:


Deckard's System Scanner v20070426.43

Run by tim on 2007-05-10 at 21:47:50

Computer is in Normal Mode.

--------------------------------------------------------------------------------



-- System Restore --------------------------------------------------------------



Successfully created a Deckard's System Scanner Restore Point.





-- Last 4 Restore Point(s) --

4: 2007-05-10 12:17:52 UTC - RP4 - Deckard's System Scanner Restore Point

3: 2007-04-29 06:36:39 UTC - RP3 - System Checkpoint

2: 2007-04-25 15:08:11 UTC - RP2 - System Checkpoint

1: 2007-04-22 13:32:44 UTC - RP1 - System Checkpoint





Performed disk cleanup.





-- HijackThis (run as tim.exe) -------------------------------------------------



Logfile of HijackThis v1.99.1

Scan saved at 9:47:58 PM, on 10/05/2007

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)



Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\System32\Ati2evxx.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

D:\WINDOWS\System32\tcpsvcs.exe

D:\WINDOWS\System32\snmp.exe

D:\WINDOWS\system32\Ati2evxx.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

D:\WINDOWS\System32\DeltTray.exe

D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE

D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

D:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

D:\Program Files\iriver\iriver plus\iAgent.exe

D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

D:\Program Files\Common Files\Teleca Shared\Generic.exe

D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

D:\Documents and Settings\tim\Desktop\dss.exe

D:\PROGRA~1\HIJACK~1\tim.exe



R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/go/player_settings_en

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DeltTray] DeltTray.exe

O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"

O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot

O4 - HKCU\..\Run: D:\Program Files\iriver\iriver plus\iAgent.exe

O4 - Global Startup: BlueSoleil.lnk = D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)





-- File Associations -----------------------------------------------------------



.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL %1,%*

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*

.reg - regfile - shell\open\command - "regedit.exe" "%1"





-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------



R0 BTHidMgr (Bluetooth HID Manager Service) - d:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>

R1 AFS2K - d:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>

R1 Asapi - d:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>

R2 Nsynas32 - d:\windows\system32\drivers\nsynas32.sys <Not Verified; Syncrosoft Hard- und Software GmbH; Internet Protection Hardware Driver>

R3 BlueletAudio (Bluetooth Audio Service) - d:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>

R3 BT (Bluetooth PAN Network Adapter) - d:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>

R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - d:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>

R3 BTHidEnum (Bluetooth HID Enumerator) - d:\windows\system32\drivers\vbtenum.sys

R3 CLEDX (Team H2O CLEDX service) - d:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>

R3 DELTA (Service for Delta Driver (WDM)) - d:\windows\system32\drivers\delta.sys <Not Verified; Midiman/M-Audio; M-Audio Delta WDM Driver>

R3 VComm (Virtual Serial port driver) - d:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>

R3 VcommMgr (Bluetooth VComm Manager Service) - d:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>



S1 NetworkX - d:\windows\system32\ckldrv.sys (file missing)

S3 BTNetFilter (Bluetooth Network Filter) - d:\windows\system32\drivers\btnetfilter.sys

S3 GMSIPCI - h:\install\gmsipci.sys (file missing)

S3 MSICPL - h:\install4\msicpl.sys (file missing)

S3 NTACCESS - h:\ntaccess.sys (file missing)

S3 SetupNTGLM7X - h:\ntglm7x.sys (file missing)





-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------



R2 BlueSoleil Hid Service - d:\program files\ivt corporation\bluesoleil\btntservice.exe



S2 Crypkey License - crypserv.exe (file missing)





-- Scheduled Tasks -------------------------------------------------------------



2007-04-29 20:56:22 434 --a------ D:\WINDOWS\Tasks\RegCure Program Check.job

2007-04-29 18:40:51 422 --a------ D:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job

2007-04-26 03:43:15 368 --a------ D:\WINDOWS\Tasks\RegCure.job





-- Files created between 2007-04-10 and 2007-05-10 -----------------------------



2007-04-29 18:40:50 0 d-------- D:\Documents and Settings\tim\Application Data\RegistrySmart

2007-04-29 18:40:45 0 d-------- D:\Program Files\RegistrySmart

2007-04-26 00:06:12 0 d---s---- D:\WINDOWS\System32\Microsoft

2007-04-26 00:06:08 0 d-------- D:\Program Files\RegCure

2007-04-22 22:33:31 63 --a------ D:\WINDOWS\system\SysSD.dll

2007-04-22 22:32:58 1011712 --a------ D:\WINDOWS\System32\VchReg.dll <Not Verified; Max Secure Software; Voucher Registration>

2007-04-20 01:35:35 0 d-------- D:\Documents and Settings\Administrator\Application Data\Teleca

2007-04-20 01:35:32 0 d-------- D:\Documents and Settings\Administrator\Application Data\EPSON

2007-04-20 01:34:52 0 d-------- D:\Documents and Settings\Administrator\Application Data\Mozilla

2007-04-18 22:29:28 0 d--h----- D:\WINDOWS\PIF

2007-04-18 15:13:58 0 d--h----- D:\Documents and Settings\Administrator\Templates

2007-04-18 15:13:58 0 dr------- D:\Documents and Settings\Administrator\Start Menu

2007-04-18 15:13:58 0 dr-h----- D:\Documents and Settings\Administrator\SendTo

2007-04-18 15:13:58 0 d--h----- D:\Documents and Settings\Administrator\Recent

2007-04-18 15:13:58 0 d--h----- D:\Documents and Settings\Administrator\PrintHood

2007-04-18 15:13:58 0 d--h----- D:\Documents and Settings\Administrator\NetHood

2007-04-18 15:13:58 0 d-------- D:\Documents and Settings\Administrator\My Documents

2007-04-18 15:13:58 0 d--h----- D:\Documents and Settings\Administrator\Local Settings

2007-04-18 15:13:58 0 d-------- D:\Documents and Settings\Administrator\Favorites

2007-04-18 15:13:58 0 d-------- D:\Documents and Settings\Administrator\Desktop

2007-04-18 15:13:58 0 d---s---- D:\Documents and Settings\Administrator\Cookies

2007-04-18 15:13:58 0 dr-h----- D:\Documents and Settings\Administrator\Application Data

2007-04-18 15:13:58 0 d---s---- D:\Documents and Settings\Administrator\Application Data\Microsoft

2007-04-18 15:13:58 0 d-------- D:\Documents and Settings\Administrator\All Users

2007-04-18 15:13:57 524288 --ah----- D:\Documents and Settings\Administrator\NTUSER.DAT

2007-04-18 05:47:16 498333 --a------ D:\Program Files\ptedit.exe





-- Find3M Report ---------------------------------------------------------------



2007-04-20 15:49:45 0 d-------- D:\Documents and Settings\tim\Application Data\Macromedia





-- Registry Dump ---------------------------------------------------------------



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"ATIPTA"="D:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"

"DeltTray"="DeltTray.exe"

"H2O"="D:\\Program Files\\SyncroSoft\\Pos\\H2O\\cledx.exe"

"EPSON Stylus Photo R230 Series"="D:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAIP.EXE /P30 \"EPSON Stylus Photo R230 Series\" /O6 \"USB001\" /M \"Stylus Photo R230\""

@=""

"Sony Ericsson PC Suite"="\"D:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"

"RegistrySmart"="\"C:\\Program Files\\RegistrySmart\\RegistrySmart.exe\" -boot"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"iPlusAgent"="D:\\Program Files\\iriver\\iriver plus\\iAgent.exe"



[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]

"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"



HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa

Authentication Packages REG_MULTI_SZ msv1_0\0\0

Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0

Notification Packages REG_MULTI_SZ scecli\0\0





[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]

LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0

NetworkService REG_MULTI_SZ DnsCache\0\0

rpcss REG_MULTI_SZ RpcSs\0\0

imgsvc REG_MULTI_SZ StiSvc\0\0

termsvcs REG_MULTI_SZ TermService\0\0







-- End of Deckard's System Scanner: finished at 2007-05-10 at 21:48:10 ---------



and the extra text is:



Deckard's System Scanner v20070426.43

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------



-- System Information ----------------------------------------------------------



Microsoft Windows XP Professional (build 2600)

Architecture: X86; Language: English



CPU 0: AMD Athlon(tm) 64 Processor 3000+

Percentage of Memory in Use: 32%

Physical Memory (total/avail): 1023.48 MiB / 695.28 MiB

Pagefile Memory (total/avail): 926.61 MiB / 749 MiB

Virtual Memory (total/avail): 2047.88 MiB / 1988.45 MiB



C: is Fixed (NTFS) - 39.16 GiB total, 10.26 GiB free.

D: is Fixed (NTFS) - 17.81 GiB total, 7.23 GiB free.

E: is Fixed (NTFS) - 9.53 GiB total, 4.69 GiB free.

F: is Fixed (NTFS) - 17.58 GiB total, 17.5 GiB free.

H: is CDROM (No Media)





-- Security Center -------------------------------------------------------------



AUOptions is disabled.

AUState says computer has updates disabled.

Windows Internal Firewall is enabled.





-- Environment Variables -------------------------------------------------------



ALLUSERSPROFILE=D:\Documents and Settings\All Users

APPDATA=D:\Documents and Settings\tim\Application Data

CLIENTNAME=Console

CommonProgramFiles=D:\Program Files\Common Files

COMPUTERNAME=XPBOX

ComSpec=D:\WINDOWS\system32\cmd.exe

DEFAULT_CA_NR=CA6

HOMEDRIVE=D:

HOMEPATH=\Documents and Settings\tim

LOGONSERVER=\\XPBOX

NUMBER_OF_PROCESSORS=1

OS=Windows_NT

Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem;D:\Program Files\ATI Technologies\ATI Control Panel;D:\Program Files\Common Files\Teleca Shared

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

PROCESSOR_ARCHITECTURE=x86

PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD

PROCESSOR_LEVEL=15

PROCESSOR_REVISION=0c00

ProgramFiles=D:\Program Files

PROMPT=$P$G

SESSIONNAME=Console

SystemDrive=D:

SystemRoot=D:\WINDOWS

TEMP=D:\DOCUME~1\tim\LOCALS~1\Temp

TMP=D:\DOCUME~1\tim\LOCALS~1\Temp

USERDOMAIN=XPBOX

USERNAME=tim

USERPROFILE=D:\Documents and Settings\tim

windir=D:\WINDOWS





-- User Profiles ---------------------------------------------------------------



tim [I](admin)

Administrator (admin)





-- Add/Remove Programs ---------------------------------------------------------



--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf

ASAPI Update --> D:\WINDOWS\System32\IWUNIN~1.EXE -uninstall D:\WINDOWS\ISUNINST.EXE -fD:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu

ATI - Software Uninstall Utility --> D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Control Panel --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver --> rundll32 D:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI HYDRAVISION --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"

BlueSoleil --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9

Cakewalk VST Adapter 4 --> D:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE D:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG

Dolby Lake Controller v4.0 --> D:\WINDOWS\iun6002.exe "D:\Program Files\Dolby\Dolby Lake Controller v4.0\uninstall\irunin.ini"

DreamStation DXi2 --> D:\WINDOWS\DSDXIRMV.EXE D:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2

Eminence Designer --> D:\WINDOWS\IsUninst.exe -f"D:\Program Files\Eminence\Uninstbl.isu"

EPSON Attach To Email --> D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG

EPSON Easy Photo Print --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{1DF4AC80-F76B-42AE-A263-15D2313D4472}\SETUP.EXE" -l0x9 UNINST

EPSON File Manager --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST

EPSON Print CD --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM

EPSON Printer Software --> D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

EPSON Scan Assistant --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u

EPSON Web-To-Page --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything

FL Studio 6 --> D:\Program Files\Image-Line\FL Studio 6\uninstall.exe

Hijackthis 1.99.1 --> "D:\Program Files\Hijackthis\unins000.exe"

HijackThis 1.99.1 --> D:\Program Files\Hijackthis\HijackThis.exe /uninstall

IK Multimedia AmpliTube v1.3.1 --> D:\PROGRA~1\VSTPLU~2\AMPLIT~1\UNWISE.EXE D:\PROGRA~1\VSTPLU~2\AMPLIT~1\INSTALL.LOG

iriver plus (remove only) --> "D:\Program Files\iriver\iriver plus\uninstall.exe"

Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}

K-Lite Codec Pack 2.41 Full --> "D:\Program Files\K-Lite Codec Pack\unins000.exe"

LinPlug Albino VSTi v2.1.1 --> D:\PROGRA~1\VSTPLU~2\ALBINO~1\ALBINO~1\UNWISE.EXE D:\PROGRA~1\VSTPLU~2\ALBINO~1\ALBINO~1\INSTALL.LOG

Linplug SaxLab v1.01 --> D:\PROGRA~1\VSTPLU~2\LINPLU~1\SAXLAB~1\UNWISE.EXE D:\PROGRA~1\VSTPLU~2\LINPLU~1\SAXLAB~1\INSTALL.LOG

Mozilla Firefox (1.0.3) --> D:\WINDOWS\UninstallFirefox.exe /ua "1.0.3 (en-US)"

MYOB Accounting Plus v12 --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{21057832-D865-4049-BCA4-CEF3C55A394F}

N.I Pro-53 v3.0-OxYGeN --> D:\PROGRA~1\VSTPLU~2\UNWISE.EXE D:\PROGRA~1\VSTPLU~2\INSTALL.LOG

Native Instruments B4 Tone Wheels Bundle v1.11 --> D:\PROGRA~1\VSTPLU~2\UNWISE.EXE D:\PROGRA~1\VSTPLU~2\INSTALL.LOG

Native Instruments Guitar Rig 2 Demo --> D:\PROGRA~1\NATIVE~1\GUITAR~1\UNWISE.EXE D:\PROGRA~1\NATIVE~1\GUITAR~1\INSTALL.LOG

PIF DESIGNER --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything

RegCure 1.2.0.4 --> D:\Program Files\RegCure\uninst.exe

RegistrySmart 2.6 --> "D:\Program Files\RegistrySmart\unins000.exe"

Ronin VST plug-in --> D:\WINDOWS\Ronin VST plug-in Uninstaller.exe

SIA SmaartLive v5.4.0.0 --> D:\PROGRA~1\SIASMA~1\System\UNWISE.EXE D:\PROGRA~1\SIASMA~1\System\INSTALL.LOG

SONAR 5 Producer Edition --> D:\PROGRA~1\Cakewalk\SONAR5~1\UNWISE.EXE D:\PROGRA~1\Cakewalk\SONAR5~1\INSTALL.LOG

Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}

Steinberg Cubase SX v3.0.2.623 --> D:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE D:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG

Steinberg WaveLab 5.01b --> D:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE D:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG

Syncrosoft's License Control --> D:\PROGRA~1\SYNCRO~1\UNWISE.EXE D:\PROGRA~1\SYNCRO~1\INSTALL.LOG

SyncroSoft Emu (Remove only) --> D:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe

WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe

WinZip --> "D:\Program Files\WinZip\WINZIP32.EXE" /uninstall





-- End of Deckard's System Scanner: finished at 2007-05-10 at 21:48:10 ---------

I can not see anything critical in your logfile.

Please open HiJackThis and scan. Check the boxes next to all the entries listed below

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis

Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:

Save the file to your desktop.
Copy and paste that information in your next post.

I can not see anything critical in your logfile.

Please open HiJackThis and scan. Check the boxes next to all the entries listed below

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis

Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

None of these programs are actually scanning the drive where the problem is . . .

I cannot boot from my C partition any more
I used to be able to boot from my D partition but that is now stuck in a loop with the windows installation disk trying to do a reinstall but coming up with an error because it cannot find a file from the disk
I have since 'discovered' another partition that I can boot from and seems to be using the windows system on my D Drive

Any scan or repair programs that I run are scanning the D drive . . . which has booted ok . . . none of the log files thus generated have nothing to do with the system files on my drive C

incidently Comuter Management - Disk Management shows D partition has having a healthy boot and C partition as having a healthy system . . . is it normal for the boot files to be on a different partition to the system files . . . my son (I have appropriated his computer) had three xp systems installed . . . one for me (C) one for him (D) . . . and one more (somewhere) looks like (d) as well

I do not have the pc in question connected to the internet so I cannot do an online scan . . . would an online scan only do the boot system (on D) (which is working) or could that look at the problem on (c)

thanks again for your time and help
chris loft
from Adelaide. sunny South Australia

Well, it seems like your problems are not related to Viruses or spyware, let us move this topic.