checkdsk error after using SmitfraudFix
Hi, greetings from the other side of the world
I recently detected that I had the Trojan SPM/LX and used SmitFraudFix to delete it . . . but like a bull in a china shop I probably rushed through the process without doing it properly . . . now I have got myself into big trouble
I'm running an Athlon 3200 AMD with Windows XP
I have an 80Gb drive with three partitions two of them boot C and D
I use C and my son uses D
we recently installed a 320Gb drive, but we have disconnected that for the moment
We are not running a floppy disk drive
After running SmithFraudFix I was unable to boot my C partition
it claimed that checkdisk not found skips checkdsk and proceeds
I cannot boot my C partition in safe mode
I can boot from the D partition but the windows system files seem to be in the root directory of the C partition
The D partition does not see the new hard drive at all and drive letters are different on the two boots
The computer had a problem not finding the ntldr file but I think I have fixed that, I was able to boot from a windows cd once or twice but not all of the time . . . I don't know why
I have made the cd/dvd the first boot device in the bios
I want to try and be able to boot from my C drive
I am a relatively old man and a noobie at the same time
I would be extremely grateful for any help
probably too late I have downloaded HiJackThis and done a scan but it only scans the D partition, the nasty files are on the C partition
look forward to seeing what anyone can make of this
thanks
Chris Loft
radiocurly.com
chrisloft.com
I recently detected that I had the Trojan SPM/LX and used SmitFraudFix to delete it . . . but like a bull in a china shop I probably rushed through the process without doing it properly . . . now I have got myself into big trouble
I'm running an Athlon 3200 AMD with Windows XP
I have an 80Gb drive with three partitions two of them boot C and D
I use C and my son uses D
we recently installed a 320Gb drive, but we have disconnected that for the moment
We are not running a floppy disk drive
After running SmithFraudFix I was unable to boot my C partition
it claimed that checkdisk not found skips checkdsk and proceeds
I cannot boot my C partition in safe mode
I can boot from the D partition but the windows system files seem to be in the root directory of the C partition
The D partition does not see the new hard drive at all and drive letters are different on the two boots
The computer had a problem not finding the ntldr file but I think I have fixed that, I was able to boot from a windows cd once or twice but not all of the time . . . I don't know why
I have made the cd/dvd the first boot device in the bios
I want to try and be able to boot from my C drive
I am a relatively old man and a noobie at the same time
I would be extremely grateful for any help
probably too late I have downloaded HiJackThis and done a scan but it only scans the D partition, the nasty files are on the C partition
look forward to seeing what anyone can make of this
thanks
Chris Loft
radiocurly.com
chrisloft.com
0
Comments
Please do the following:
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
thankyou for having a look at this for me Rahina Rescue. Here are the two files, let me know if there is any other information I need to give you:
Deckard's System Scanner v20070426.43
Run by tim on 2007-05-10 at 21:47:50
Computer is in Normal Mode.
-- System Restore
Successfully created a Deckard's System Scanner Restore Point.
-- Last 4 Restore Point(s) --
4: 2007-05-10 12:17:52 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2007-04-29 06:36:39 UTC - RP3 - System Checkpoint
2: 2007-04-25 15:08:11 UTC - RP2 - System Checkpoint
1: 2007-04-22 13:32:44 UTC - RP1 - System Checkpoint
Performed disk cleanup.
-- HijackThis (run as tim.exe)
Logfile of HijackThis v1.99.1
Scan saved at 9:47:58 PM, on 10/05/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\System32\DeltTray.exe
D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
D:\Program Files\iriver\iriver plus\iAgent.exe
D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
D:\Program Files\Common Files\Teleca Shared\Generic.exe
D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
D:\Documents and Settings\tim\Desktop\dss.exe
D:\PROGRA~1\HIJACK~1\tim.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/go/player_settings_en
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [H2O] D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R230 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE /P30 "EPSON Stylus Photo R230 Series" /O6 "USB001" /M "Stylus Photo R230"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [RegistrySmart] "C:\Program Files\RegistrySmart\RegistrySmart.exe" -boot
O4 - HKCU\..\Run: [iPlusAgent] D:\Program Files\iriver\iriver plus\iAgent.exe
O4 - Global Startup: BlueSoleil.lnk = D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
-- File Associations
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL %1,%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*
.reg - regfile - shell\open\command - "regedit.exe" "%1"
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R0 BTHidMgr (Bluetooth HID Manager Service) - d:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R1 AFS2K - d:\windows\system32\drivers\afs2k.sys <Not Verified; Oak Technology Inc.; AFS>
R1 Asapi - d:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R2 Nsynas32 - d:\windows\system32\drivers\nsynas32.sys <Not Verified; Syncrosoft Hard- und Software GmbH; Internet Protection Hardware Driver>
R3 BlueletAudio (Bluetooth Audio Service) - d:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - d:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - d:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - d:\windows\system32\drivers\vbtenum.sys
R3 CLEDX (Team H2O CLEDX service) - d:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
R3 DELTA (Service for Delta Driver (WDM)) - d:\windows\system32\drivers\delta.sys <Not Verified; Midiman/M-Audio; M-Audio Delta WDM Driver>
R3 VComm (Virtual Serial port driver) - d:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - d:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>
S1 NetworkX - d:\windows\system32\ckldrv.sys (file missing)
S3 BTNetFilter (Bluetooth Network Filter) - d:\windows\system32\drivers\btnetfilter.sys
S3 GMSIPCI - h:\install\gmsipci.sys (file missing)
S3 MSICPL - h:\install4\msicpl.sys (file missing)
S3 NTACCESS - h:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - h:\ntglm7x.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled
R2 BlueSoleil Hid Service - d:\program files\ivt corporation\bluesoleil\btntservice.exe
S2 Crypkey License - crypserv.exe (file missing)
-- Scheduled Tasks
2007-04-29 20:56:22 434 --a
D:\WINDOWS\Tasks\RegCure Program Check.job
2007-04-29 18:40:51 422 --a
D:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job
2007-04-26 03:43:15 368 --a
D:\WINDOWS\Tasks\RegCure.job
-- Files created between 2007-04-10 and 2007-05-10
2007-04-29 18:40:50 0 d
D:\Documents and Settings\tim\Application Data\RegistrySmart
2007-04-29 18:40:45 0 d
D:\Program Files\RegistrySmart
2007-04-26 00:06:12 0 d---s---- D:\WINDOWS\System32\Microsoft
2007-04-26 00:06:08 0 d
D:\Program Files\RegCure
2007-04-22 22:33:31 63 --a
D:\WINDOWS\system\SysSD.dll
2007-04-22 22:32:58 1011712 --a
D:\WINDOWS\System32\VchReg.dll <Not Verified; Max Secure Software; Voucher Registration>
2007-04-20 01:35:35 0 d
D:\Documents and Settings\Administrator\Application Data\Teleca
2007-04-20 01:35:32 0 d
D:\Documents and Settings\Administrator\Application Data\EPSON
2007-04-20 01:34:52 0 d
D:\Documents and Settings\Administrator\Application Data\Mozilla
2007-04-18 22:29:28 0 d--h
D:\WINDOWS\PIF
2007-04-18 15:13:58 0 d--h
D:\Documents and Settings\Administrator\Templates
2007-04-18 15:13:58 0 dr
D:\Documents and Settings\Administrator\Start Menu
2007-04-18 15:13:58 0 dr-h
D:\Documents and Settings\Administrator\SendTo
2007-04-18 15:13:58 0 d--h
D:\Documents and Settings\Administrator\Recent
2007-04-18 15:13:58 0 d--h
D:\Documents and Settings\Administrator\PrintHood
2007-04-18 15:13:58 0 d--h
D:\Documents and Settings\Administrator\NetHood
2007-04-18 15:13:58 0 d
D:\Documents and Settings\Administrator\My Documents
2007-04-18 15:13:58 0 d--h
D:\Documents and Settings\Administrator\Local Settings
2007-04-18 15:13:58 0 d
D:\Documents and Settings\Administrator\Favorites
2007-04-18 15:13:58 0 d
D:\Documents and Settings\Administrator\Desktop
2007-04-18 15:13:58 0 d---s---- D:\Documents and Settings\Administrator\Cookies
2007-04-18 15:13:58 0 dr-h
D:\Documents and Settings\Administrator\Application Data
2007-04-18 15:13:58 0 d---s---- D:\Documents and Settings\Administrator\Application Data\Microsoft
2007-04-18 15:13:58 0 d
D:\Documents and Settings\Administrator\All Users
2007-04-18 15:13:57 524288 --ah
D:\Documents and Settings\Administrator\NTUSER.DAT
2007-04-18 05:47:16 498333 --a
D:\Program Files\ptedit.exe
-- Find3M Report
2007-04-20 15:49:45 0 d
D:\Documents and Settings\tim\Application Data\Macromedia
-- Registry Dump
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="D:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"DeltTray"="DeltTray.exe"
"H2O"="D:\\Program Files\\SyncroSoft\\Pos\\H2O\\cledx.exe"
"EPSON Stylus Photo R230 Series"="D:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAIP.EXE /P30 \"EPSON Stylus Photo R230 Series\" /O6 \"USB001\" /M \"Stylus Photo R230\""
@=""
"Sony Ericsson PC Suite"="\"D:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions"
"RegistrySmart"="\"C:\\Program Files\\RegistrySmart\\RegistrySmart.exe\" -boot"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"iPlusAgent"="D:\\Program Files\\iriver\\iriver plus\\iAgent.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
-- End of Deckard's System Scanner: finished at 2007-05-10 at 21:48:10
and the extra text is:
Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
-- System Information
Microsoft Windows XP Professional (build 2600)
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) 64 Processor 3000+
Percentage of Memory in Use: 32%
Physical Memory (total/avail): 1023.48 MiB / 695.28 MiB
Pagefile Memory (total/avail): 926.61 MiB / 749 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1988.45 MiB
C: is Fixed (NTFS) - 39.16 GiB total, 10.26 GiB free.
D: is Fixed (NTFS) - 17.81 GiB total, 7.23 GiB free.
E: is Fixed (NTFS) - 9.53 GiB total, 4.69 GiB free.
F: is Fixed (NTFS) - 17.58 GiB total, 17.5 GiB free.
H: is CDROM (No Media)
-- Security Center
AUOptions is disabled.
AUState says computer has updates disabled.
Windows Internal Firewall is enabled.
-- Environment Variables
ALLUSERSPROFILE=D:\Documents and Settings\All Users
APPDATA=D:\Documents and Settings\tim\Application Data
CLIENTNAME=Console
CommonProgramFiles=D:\Program Files\Common Files
COMPUTERNAME=XPBOX
ComSpec=D:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
HOMEDRIVE=D:
HOMEPATH=\Documents and Settings\tim
LOGONSERVER=\\XPBOX
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=D:\WINDOWS\system32;D:\WINDOWS;D:\WINDOWS\System32\Wbem;D:\Program Files\ATI Technologies\ATI Control Panel;D:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=D:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=D:
SystemRoot=D:\WINDOWS
TEMP=D:\DOCUME~1\tim\LOCALS~1\Temp
TMP=D:\DOCUME~1\tim\LOCALS~1\Temp
USERDOMAIN=XPBOX
USERNAME=tim
USERPROFILE=D:\Documents and Settings\tim
windir=D:\WINDOWS
-- User Profiles
tim (admin)
Administrator (admin)
-- Add/Remove Programs
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
ASAPI Update --> D:\WINDOWS\System32\IWUNIN~1.EXE -uninstall D:\WINDOWS\ISUNINST.EXE -fD:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
ATI - Software Uninstall Utility --> D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 D:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
BlueSoleil --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9
Cakewalk VST Adapter 4 --> D:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE D:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Dolby Lake Controller v4.0 --> D:\WINDOWS\iun6002.exe "D:\Program Files\Dolby\Dolby Lake Controller v4.0\uninstall\irunin.ini"
DreamStation DXi2 --> D:\WINDOWS\DSDXIRMV.EXE D:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
Eminence Designer --> D:\WINDOWS\IsUninst.exe -f"D:\Program Files\Eminence\Uninstbl.isu"
EPSON Attach To Email --> D:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{1DF4AC80-F76B-42AE-A263-15D2313D4472}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
EPSON Print CD --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON Printer Software --> D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Web-To-Page --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
FL Studio 6 --> D:\Program Files\Image-Line\FL Studio 6\uninstall.exe
Hijackthis 1.99.1 --> "D:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> D:\Program Files\Hijackthis\HijackThis.exe /uninstall
IK Multimedia AmpliTube v1.3.1 --> D:\PROGRA~1\VSTPLU~2\AMPLIT~1\UNWISE.EXE D:\PROGRA~1\VSTPLU~2\AMPLIT~1\INSTALL.LOG
iriver plus (remove only) --> "D:\Program Files\iriver\iriver plus\uninstall.exe"
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
K-Lite Codec Pack 2.41 Full --> "D:\Program Files\K-Lite Codec Pack\unins000.exe"
LinPlug Albino VSTi v2.1.1 --> D:\PROGRA~1\VSTPLU~2\ALBINO~1\ALBINO~1\UNWISE.EXE D:\PROGRA~1\VSTPLU~2\ALBINO~1\ALBINO~1\INSTALL.LOG
Linplug SaxLab v1.01 --> D:\PROGRA~1\VSTPLU~2\LINPLU~1\SAXLAB~1\UNWISE.EXE D:\PROGRA~1\VSTPLU~2\LINPLU~1\SAXLAB~1\INSTALL.LOG
Mozilla Firefox (1.0.3) --> D:\WINDOWS\UninstallFirefox.exe /ua "1.0.3 (en-US)"
MYOB Accounting Plus v12 --> D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{21057832-D865-4049-BCA4-CEF3C55A394F}
N.I Pro-53 v3.0-OxYGeN --> D:\PROGRA~1\VSTPLU~2\UNWISE.EXE D:\PROGRA~1\VSTPLU~2\INSTALL.LOG
Native Instruments B4 Tone Wheels Bundle v1.11 --> D:\PROGRA~1\VSTPLU~2\UNWISE.EXE D:\PROGRA~1\VSTPLU~2\INSTALL.LOG
Native Instruments Guitar Rig 2 Demo --> D:\PROGRA~1\NATIVE~1\GUITAR~1\UNWISE.EXE D:\PROGRA~1\NATIVE~1\GUITAR~1\INSTALL.LOG
PIF DESIGNER --> RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x9 anything
RegCure 1.2.0.4 --> D:\Program Files\RegCure\uninst.exe
RegistrySmart 2.6 --> "D:\Program Files\RegistrySmart\unins000.exe"
Ronin VST plug-in --> D:\WINDOWS\Ronin VST plug-in Uninstaller.exe
SIA SmaartLive v5.4.0.0 --> D:\PROGRA~1\SIASMA~1\System\UNWISE.EXE D:\PROGRA~1\SIASMA~1\System\INSTALL.LOG
SONAR 5 Producer Edition --> D:\PROGRA~1\Cakewalk\SONAR5~1\UNWISE.EXE D:\PROGRA~1\Cakewalk\SONAR5~1\INSTALL.LOG
Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
Steinberg Cubase SX v3.0.2.623 --> D:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE D:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
Steinberg WaveLab 5.01b --> D:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE D:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG
Syncrosoft's License Control --> D:\PROGRA~1\SYNCRO~1\UNWISE.EXE D:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SyncroSoft Emu (Remove only) --> D:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
WinRAR archiver --> D:\Program Files\WinRAR\uninstall.exe
WinZip --> "D:\Program Files\WinZip\WINZIP32.EXE" /uninstall
-- End of Deckard's System Scanner: finished at 2007-05-10 at 21:48:10
Please open HiJackThis and scan. Check the boxes next to all the entries listed below
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Extended (if available otherwise Standard)
Scan Archives
Scan Mail Bases
[*]Click OK
[*]Now under select a target to scan:
Select
My Computer[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
[*]Save the file to your desktop.[*]Copy and paste that information in your next post.
I cannot boot from my C partition any more
I used to be able to boot from my D partition but that is now stuck in a loop with the windows installation disk trying to do a reinstall but coming up with an error because it cannot find a file from the disk
I have since 'discovered' another partition that I can boot from and seems to be using the windows system on my D Drive
Any scan or repair programs that I run are scanning the D drive . . . which has booted ok . . . none of the log files thus generated have nothing to do with the system files on my drive C
incidently Comuter Management - Disk Management shows D partition has having a healthy boot and C partition as having a healthy system . . . is it normal for the boot files to be on a different partition to the system files . . . my son (I have appropriated his computer) had three xp systems installed . . . one for me (C) one for him (D) . . . and one more (somewhere) looks like (d) as well
I do not have the pc in question connected to the internet so I cannot do an online scan . . . would an online scan only do the boot system (on D) (which is working) or could that look at the problem on (c)
thanks again for your time and help
chris loft
from Adelaide. sunny South Australia