TechSpot

Corrupt files, frequent BSOD, can't chkdsk

By kate2003
Mar 19, 2009
  1. I've been having problems with my laptop for a couple of months, and have been struggling with it myself, but it only gets worse. I get "corrupt .exe file, please run chkdsk" messages in the notification area when I run any program, though the programs usually run just fine. I haven't been able to run chkdsk without resorting to the Windows XP disk form the computer manufacturer, whether I do it through windows or the command line. Windows tells me that it can't run it because chkdsk is already scheduled to run; Command line tells me the volume is locked, do I want to schedule to run on next bootup, and then doesn't run on bootup. Yesterday I ran it twice from the boot disk, and it says it fixed one or more errors each time, and the only apparent affect was that it managed to get through phase two on a disk check through Windows before stalling, when previously it had stopped at phase one.
    And then I got the BSOD five times and had to power off and on again to get Windows to start (and it had never taken quite THAT long before). I was suspecting either a virus or a dying hard drive, but I ran the manufacturer's diagnostics on the harddrive about a week ago, and that indicated no problems with the hard drive. I have been focusing most of my efforts on malware removal, and have run through your suggested removal programs several times over the last couple of weeks ago and removed some viruses and malware in the early scans (though not many), but the problem appears to be getting worse, not better.
    I am running a Dell Inspiron 1520 with Windows XP/SP3
    I attach the latest logs from Malwarebytes Anti Malware, Super AntiSpyware and Hijack This.
     

    Attached Files:

  2. Spyder_1386

    Spyder_1386 TS Rookie Posts: 498

    hey kate2003

    The BSODs that your incurred - can you please give us the error code that it produces? The error is displayed at the top of the blue screen, in CAPITAL LETTERS. BSODs can occur through faulty hardware or software issues and I'm unsure at this stage which one it is. As an initial test, you could run Memtest on your RAM. You can get this at www.memtest.org

    Spyder_1386 :)
     
  3. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi Kate

    You had Malware and there is more.

    Run MBAM again to confirm removal. We need a clean log.

    Post the log and then do the below..

    Download ComboFix

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.
    =========================================

    Download SDFix to Desktop.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.

    Mike
     
  4. kate2003

    kate2003 TS Rookie Topic Starter Posts: 17

    new logs attached`

    I saw Spyder's suggestion to run Memtest, but the learning curve for that was a little steep for me tonight (I'll look at it again tomorrow). I will also find my note regarding the BSOD screen codes.
    I just focused on Mike's suggestion that I re-run MBAM, run ComboFix, run SDFix, I am attaching new logs.
     

    Attached Files:

  5. mflynn

    mflynn TS Rookie Posts: 2,655

    Hold off for now there is plenty of reason for your issues.

    They should have already improved some.

    Do these steps in this order..


    First uninstall ComboFix
    Start-Run
    type
    Combofix /u
    click OK

    Then redownload a new combofix to the Desktop.

    Then rename it from ComboFix.exe to 12cbf34.exe.

    Left Drag mouse and Copy for Pasting all text in the box below. Make sure the slider bar goes to bottom from the @ to the end of the second exit.

    Then paste to a notepad document and save to the Desktop .

    Code:
    @echo off
    cd\
    :: Fix associations
    ftype exefile="%1" %*
    ftype batfile="%1" %*
    ftype cmdfile="%1" %*
    ftype comfile="%1" %*
    ftype scrfile="%1" /S
    ftype regfile="regedit.exe" "%1"
    ftype piffile="%1" %*
    ftype inffile=%SystemRoot%\System32\NOTEPAD.EXE "%1"
    ftype vbsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    ftype jsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    
    assoc .exe=exefile
    assoc .bat=batfile
    assoc .cmd=cmdfile
    assoc .com=comfile
    assoc .scr=scrfile
    assoc .reg=regfile
    assoc .pif=piffile
    assoc .lnk=lnkfile
    assoc .inf=inffile
    assoc .vbs=VBSFile
    assoc .js=JSFile
    
    sc stop TDSSserv.sys
    sc delete TDSSserv.sys
    :: Above sc commands first stops then deletes service if it exists
    ::
    reg unload "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata"
    reg unload "HKEY_LOCAL_MACHINE\SOFTWARE\tdss"
    ::
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" /f
    ::The above reg commands first unloads the reg keys then deletes these keys.
    ::
    Attrib -h -s -r tdss*.* /s
    del /f /q /s tdss*.*
    :: The above two lines first clears protective attributes then 
    :: deletes all files on Drive beginning with the name tdss
    
    :: Remove AntiVirus2009
    attrib -h -s -r "%UserProfile%\Desktop\Antivirus 2009.lnk"
    attrib -h -s -r "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk"
    attrib -h -s -r "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll"
    attrib -h -s -r "%UserProfile%\Start Menu\Antivirus 2009\*.*"
    
    del /f /q "%UserProfile%\Desktop\Antivirus 2009.lnk"
    del /f /q  "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk"
    del /f /q "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll"
    del /f /q "%UserProfile%\Start Menu\Antivirus 2009\*.*"
    
    rd /s /q "%UserProfile%\Start Menu\Antivirus 2009"
    
    attrib -h -s -r "c:\Program Files\Antivirus 2009\*.*"
    rd /s/q "c:\Program Files\Antivirus 2009"
    
    attrib -h -s -r c:\WINDOWS\system32\ieupdates.exe
    attrib -h -s -r c:\WINDOWS\system32\scui.cpl
    attrib -h -s -r c:\WINDOWS\system32\winsrc.dll
    
    del /f /q c:\WINDOWS\system32\ieupdates.exe
    del /f /q c:\WINDOWS\system32\scui.cpl
    del /f /q c:\WINDOWS\system32\winsrc.dll
    
    attrib -h -s -r /s c:\xwdxqu.txt
    del /f /q /s c:\xwdxqu.txt
    
    attrib -h -s -r c:\windows\x
    del /f /q c:\windows\x
    
    attrib -h -s -r /s "c:\SxsCaPendDel*.*"
    del /f /q /s "c:\SxsCaPendDel*.*"
    
    attrib -h -s -r /s c:\h3s.sys
    del /f /q /s c:\qh3s.sys
    
    attrib -h -s -r /s c:\jsdpp32.sys
    del /f /q c:\jsdpp32.sys
    
    attrib -h -s -r /s c:\oxauau96.sys
    del /f /q /s c:\oxauau96.sys
    
    reg delete HKLM\SOFTWARE\swearware /f
    reg delete HKCU\Software\Wget /f
    reg delete HKLM\Software\Classes\CLSID\{CD363BEC-7150-B887-530D-F3E2E0424EA} /f
    
    :: rootkit gaopdxserv
    sc stop gaopdxserv.sys.sys
    sc delete gaopdxserv.sys.sys
    
    attrib -h -s -r /s c:\gaopdx*.*
    del /f /q /s c:\gaopdx*.*
    reg delete "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys" /f
    reg delete "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys" /f
    reg delete "HKEY_LOCAL_MACHINE\Software\Classes\gaopdxvx" /f
    
    sc stop WinSvchostManager
    sc delete WinSvchostManager
    
    attrib -h -s -r /s "C:\WinSvcHostmanager*.*"
    del /f /q /s "C:\WinSvcHostmanager*.*"
    
    sc stop ntndis
    sc delete ntndis
    
    attrib -h -s -r /s C:\ntndis.*
    del /f /q /s C:\ntndis.*
    
    sc stop u_lehj
    sc delete u_lehj
    
    attrib -h -s -r /s "c:\\u_lehj32*.*"
    del /f /q /s "c:\u_lehj32.*.*"
    
    attrib -h -s -r /s c:\svcprs32.exe
    del /f /q /s c:\svcprs32.exe
    
    attrib -h -s -r /s c:\wmdrtc32.dll
    del /f /q /s c:\wmdrtc32.dll
    
    attrib -h -s -r "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe"
    del /f /q "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe"
    
    attrib -h -s -r "C:\WINDOWS\system32\mdmcls32.exe"
    del /f /q "C:\WINDOWS\system32\mdmcls32.exe"
    
    reg delete "HKEY_CURRENT_USER\Software\75319611769193918898704537500611" /f
    reg delete "HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}" /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" "75319611769193918898704537500611" /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" "ieupdate" /f
    echo Finshed ripping out Antivirus 2008-9
    :: Fix associations
    ftype exefile="%1" %*
    ftype batfile="%1" %*
    ftype cmdfile="%1" %*
    ftype comfile="%1" %*
    ftype scrfile="%1" /S
    ftype regfile="regedit.exe" "%1"
    ftype piffile="%1" %*
    ftype inffile=%SystemRoot%\System32\NOTEPAD.EXE "%1"
    ftype vbsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    ftype jsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    
    assoc .exe=exefile
    assoc .bat=batfile
    assoc .cmd=cmdfile
    assoc .com=comfile
    assoc .scr=scrfile
    assoc .reg=regfile
    assoc .pif=piffile
    assoc .lnk=lnkfile
    assoc .inf=inffile
    assoc .vbs=VBSFile
    assoc .js=JSFile
    exit
    exit
    Once saved to Desktop reboot to Safe Mode.

    Open the document and copy then paste to the black screen of an open command prompt.

    It will run and exit. It is a cover all so ignore errors.

    Then run the 12cbf34 file.

    When finished reboot to normal mode and post the 12cbf34 log.

    Mike
     
  6. kate2003

    kate2003 TS Rookie Topic Starter Posts: 17

    12cbf34 log

    OK, I followed the last set of directions and am attaching the 12cbf34 log.
    Lots of corrupt file notifications popped up in the process, but I just ignored them and let it run.

    when I booted up again in normal mode, I got the BSOD again:
    STOP: c0000145 {Application Error}
    The application failed to initialize properly (0xc0000005). Check OK to terminate the application.

    I look forward to further guidance/suggestions/instructions (and I really appreciate the help you've given so far).
     
  7. mflynn

    mflynn TS Rookie Posts: 2,655

  8. kate2003

    kate2003 TS Rookie Topic Starter Posts: 17

    broken stinger link

    the link you gave me for stinger is broken, so I did some searching and found this one: vil.nai.com/vil/stinger/
    Seems to be an updated version from January of this year. I've downloaded it, but will wait to run it and Dr. Web until I have time this afternoon. If there is some other version of Stinger that I should be running, let me know! The site recommends disabling System Restore. Should I do that too?
    Thanks, Mike. I hope you are having a nice weekend!
    Kate
     
  9. kritius

    kritius TS Guru Posts: 2,084

    Don't disable system restore, if anything happens you would have to reformat.

     
  10. kate2003

    kate2003 TS Rookie Topic Starter Posts: 17

    Ran Stinger and DrWeb

    You were right...it took awhile, but DrWeb seemed to find quite a bit. It did ask to "move" the infected content found by ComboFix (and one of the other programs I'd run), which I let it do.
    I'm attaching the Stinger log.
    The CureIt log is apparently too large (35 MB)--if you want to see it, maybe you can tell me how to attach it?
     
  11. mflynn

    mflynn TS Rookie Posts: 2,655

    Something is wrong with that are you sure it is not the Quarintine folder. A 3.5 meg text file would be extreme but 35 megs.

    How about opening the log and copy the header, the part before it starts listing files and the footer after it quits listing files and gives a recap.

    So how is it running now?

    Do this ..

    Another ComboFix log followed by a new HJT log.

    Then
    Start-Run
    type
    chkdsk c: /f /r
    click OK

    It will require a reboot and will do it on the way back up so turn it loose.

    But do the ComboFix and HJT first.

    Mike
     
  12. kate2003

    kate2003 TS Rookie Topic Starter Posts: 17

    DrWeb Cure It

    Yeah, it's a huge long list of each and every file checked, usually saying "OK" after it.

    I've attached a txt file trying to capture the first part and the summary.

    Next I'll do the repeat ComboFix, the HJT, and try Chkdsk--but that will probably be later today before I get back to you. Life keeps getting in the way!

    I will say that it does seem to be behaving better, though our interactions have been so limited that it's hard to say. We'll see if it can do the chkdsk....
     
  13. kate2003

    kate2003 TS Rookie Topic Starter Posts: 17

    ComboFix & HJT logs

    attached are the new ComboFix & HJT logs
    It would not run chkdsk on bootup--I tried with both chkdsk /f /r and with just a /f
     
  14. mflynn

    mflynn TS Rookie Posts: 2,655

    Ok do the Copy/Paste operation in Post #5 again as I have edited it and added to it.

    Then try to Defrag the HD if it works let it complete, but what I am interested in is if it has any error message. Defrag will not run if there are disk errors and will require a chkdsk which will not run.

    A successful Defrag will indicate there are no disk errors.

    Then do the below...

    Download Dial-A-Fix (DAF)
    http://wiki.djlizard.net/Dial-a-fix#...C_and_articles
    http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip

    Have XP CD available in case DAF needs a file.

    Check all boxes on the screen (clear any restrictions if it shows any)
    Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

    Here 1 at a time do the below

    Repair Permissions
    SFC Purge
    SFC scan

    Watch for any File not found or other errors and make note as this may lead to the fix!

    Reboot retest for Chkdsk!

    If it still fails to chkdsk and you chose to install Recovery console when you ran ComboFix, then chose the Recovery console on boot and do chkdsk c: /f /r from there. Type exit when finished to exit Recovery console.

    Get back to us.

    Mike
     
  15. kate2003

    kate2003 TS Rookie Topic Starter Posts: 17

    latest

    OK--ran the copy/paste operation in #5 again.
    Ran ComboFix (renamed as in #5)
    Attaching log below.

    Rebooted into normal mode again and got the same BSOD again. Tried again and
    tried to defrag: got this error message:
    Disk Deframenter has detected that chkdsk is scheduled to run on the volume (C:) Please run chkdsk /f.
    Tried that, and, of course, it didn't run.
    Then downloaded DAF and ran that. It indicated no errors, no missing or corrupted files, and did not ask for the XP boot CD.

    Rebooted and got the same BSOD.
    Couldn't get it to run chkdsk, so tried it in Recovery Console and got this message: "The drive could not be checked."

    so booted from XP boot CD and went into Recovery Console and ran chkdsk from there, and it ran, taking a nice long time, finally saying it had fixed one or more errors. I then exited the console and rebooted, getting another BSOD (always the same stop error code), and decided to try defrag again, and it actually did it. But then, just for kicks, I asked it to do a disk check (without checking boxes to fix errors), and it behaved as always: goes through phase 2 and then says "windows cannot complete disk check".
     
  16. mflynn

    mflynn TS Rookie Posts: 2,655

    Kate I think we are clean of Malware. Your problem is either a system misconfiguration or a hardware issue. Most likely misconfiguration.

    Lets do a deep clean of Windows temps and a gentle Registry clean.

    Run CCleaner run twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

    Download and run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

    KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
    Fantastic cleaner. (When installing uncheck Relevant Knowledge do not install) Click Analyze then clean.
    -------------------------------------------------------------------------------------
    The issues can and are likely found is in System Restore so do the below

    Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "Cleanup at TechSpot".

    Then Start-Programs-Accessories-System Tools-Disk Cleanup
    Click OK to accept C:
    Select all Boxes
    Then click More Options
    Here click System Restore and OK to "Are you sure" and the OK to Run.

    As this runs it clears all but the most recent Restore Point but it does one other thing that can contain infested files and a huge amount of disk space.

    It clears what is known as Shadow copies which are used by specialized back up programs.
    ----------------------------------------------------------------------------------------------------------------------

    So I noticed this earlier but wanted some confidence you had no Malware. I see signs of Panda, Trend and Norton. What are you using?

    So in prep of moving on to addressing a misconfiguration answer the below.

    1. Would you consider uninstalling them all (Virus Scanners) as this could be it. And installing Avira which the majority of us believe to be better than most even if free.

    2. I noticed you had your XP CD, is it SP3? And with my guidance would you burn a slipstream CD (installs SP3 into you SP2 etc cd) so that repairs and future installs would be up to date. For a Repair install of XP later if needed. (A repair install repairs Windows but keeps all else programs and data).

    3. Just to be double sure because of the experience with Drweb finding so much go here http://majorgeeks.com/Kaspersky_Virus_Removal_Tool_d4515.html and get KAV Virus removal toll and run it, I may be paranoid here but lets be sure.

    Mike
     
  17. kate2003

    kate2003 TS Rookie Topic Starter Posts: 17

    OK!

    Ran the cleaners until they came up clean.
    Cleaned up the System Restore as you suggested.
    Ran Kaspersky Virus Removal tool--it found absolutely nothing!

    Now to your questions:
    1. My primary security software is Norton Internet Security. I am more than a little disenchanted with it--while it is comparatively unobtrusive, I have never had this kind of trouble in the past (and I'm talking YEARS), and I think it's just been a little over a year since I switched form Norton Anti-Virus to Norton Internet Security, so I am not feeling very secure with it.
    The Panda is probably Panda Active Scan which I probably downloaded in one of my earlier attempts to deal with this problem. I'm not sure about the Trend, but I vaguely recall that one of the things I downloaded to scan for viruses came from Trend.
    The upshot is....I'm not married to any particular program, and would be happy to uninstall anything in favor of one that would work. I will be happy to have your guidance on this issue.

    2. My XP CD is actually SP1. I have read about slipstreaming SP3 and know it would be a good idea, but the learning curve seemed a little steep. I'm sure you could help me with it, and it would be great to have it.
     
  18. mflynn

    mflynn TS Rookie Posts: 2,655

    OK its easy to Slipstream so here are the steps.

    1. Download the SP3 full standalone Installer http://www.microsoft.com/downloads/...a8-5e76-401f-be08-1e1555d4f3d4&displayLang=en

    2 . Download and install AutoStreamer http://majorgeeks.com/download4444.html

    3. Put SP1 XP cd in drive

    4. Run Autostreamer it will ask for the location (drive) of the XP cd and the location of the SP3. Once you tell it it will produce an ISO file.

    5. Download and install ImageBurn http://www.imgburn.com/index.php?act=download

    6. Put a writable CD in drive and run Imgburn chose Burn Image browse to the ISO file and burn it! Wah la! A full XP SP3 XP install CD.

    Now for the virus scanners:
    --------------------------------------------------------------------------------------------------------
    Norton is hard to remove fully and properly and can cause non apparent issues and performance issues until properly cleaned.

    In prep download but do not run any of these tools yet!

    Norton removal tool (use this to cleanup after a normal uninstall or if it will not uninstall)
    http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

    Then SymRegFix ftp://ftp.symantec.com/public/english_us_canada/tutorials/SymRegFix.exe

    To download using Internet Explorer. Click the following link to download the file:

    SYMMSICLEANUP.reg (ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SYMMSICLEANUP.reg)

    Save the file to the Windows desktop.

    To download using Firefox. Right-click the following link and then click Save Link As to download the file:

    SYMMSICLEANUP.reg (ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/SYMMSICLEANUP.reg)

    then
    Use same instructions for IE or FF to get the below.

    IE: MSIFIX.bat (ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/MSIFIX.bat)

    FF: MSIFIX.bat (ftp://ftp.symantec.com/public/english_us_canada/linked_files/tsgen/MSIFIX.bat)

    Then Disable/turn off all of Norton/Symantec that you can and reboot. When back up use Add/Remove programs to uninstall all norton symantec including liveupdate.

    After uninstall reboot and then run all the removers/cleaners you downloaded.

    -------------------------------------------------------------------------------------------------------
    Uninstall the Panda and Trend via add/remove. These can be downloaded again if needed!

    Reboot again after these, and run CCleaner temp and registry clean 2 or more times on each until no more found.

    -------------------------------------------------------------------------------------------------------

    Then go to the 8 Steps and get Avira, Install update and do a full scan. Post log!

    Mike.
     
  19. kate2003

    kate2003 TS Rookie Topic Starter Posts: 17

    Avira log

    OK, I did everything--made slipstreamed the new XP SP3 CD; uninstalled Norton and used the clean up tools afterward, uninstalled Trend (turned out to be Housecall) and Panda, did a few more runs of the cleaner until it came out clean (must be squeaky clean by now!), and then downloaded Avira, updated and ran a scan.
    Report is attached. Note the warnings--the four files that couldn't be opened to be scanned. Anything to be worried about?
    The good news is no recent BSODs in the booting and rebooting, and I did a quick disk check (not a fix and repair, just a check), and it was able to do that pretty quickly.
    I am going to post this Avira log, and then try to get it to do a full chkdsk while I am out this evening. I'll check back in with you later.
    Now that I'm giving up Norton, can you suggest what I should use, in addition to Avira to keep this from happening again?
     
  20. mflynn

    mflynn TS Rookie Posts: 2,655

    Fantastic you do good work. We may not need the SP3 for a repair install after all.

    And it was easy wasn't it?

    I thought it may be Norton/Symantec that was causing all the problems.

    Now not only have we fixed the BSODs and fixed the Chkdsk problem. But when you start to use it you will notice the speed you have gained.

    When I post my closing it will answer your questions on what else to use.

    Mike
     
  21. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi Kate

    Hope the chkdsk went well and all else is well. Here is a final couple of cleanups for Norton/Symantec.

    To clean even more Norton paste the text inside the box below to an open command prompt.
    Code:
    cd\
    attrib /s c:\norton*.* >"%USERPROFILE%"\Desktop\Norton.log
    attrib -h -s -r  /s c:\norton*.* 
    attrib /s c:\syman*.* >"%USERPROFILE%"\Desktop\symantec.log
    attrib -h -s -r  /s c:\syman*.*
    del /f /q /s c:\norton*.*
    del /f /q /s c:\syman*.*
    pause
    exit
    exit
    Now look at the 2 new files on Desktop to see what was left on the HDD!

    To get the rest D/L Regseeker http://www.hoverdesk.net/freeware.htm
    Click its find in registry and search for norton then symantec. Then a general Regseeker clean.

    Mike
     
  22. kate2003

    kate2003 TS Rookie Topic Starter Posts: 17

    well......

    First, I couldn't get chkdsk to run on bootup. It would check the disk through windows, and schedule a chkdsk with repair on bootup, but wouldn't run it on bootup. (welcome to my world).
    then I might have gotten a little aggressive with RegSeeker--I ran it several times, deleting everything it found--and then it wouldn't load windows on bootup.

    Not to worry.....I was prepared with my newly created bootup disk with SP3, and so I did a repair install, which went smoothly.
    BTW...it's amazing how fast the system runs without all that clutter.
    But now I can't get it to complete a disk check through windows, and it won't run a scheduled chkdsk on bootup.
    I was pretty sure a repair install of XP would fix this particular problem, and it hasn't, so I'm quite confused.
     
  23. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

  24. mflynn

    mflynn TS Rookie Posts: 2,655

    Yes that is too aggressive with Regseeker run twice and never back to back. Run it reboot and run again.

    And that is why we had the XP SP3!

    But did you do the Norton and Symantec search?

    The speed is mostly the removal of Norton Symantec.

    Did the copy/paste operation above find much in the norton and symatec logs to the desktop?

    You may run it again to recheck then delete those logs.

    Condensed in Kims post above.

    1. Open CMD prompt
    2. Type
    chkntfs /d
    then
    chkdsk /c c:
    type
    exit

    reboot.

    Mike
     
  25. kate2003

    kate2003 TS Rookie Topic Starter Posts: 17

    latest

    OK--first, I did try to run your norton/symantec copy/paste thing at the open cmd prompt, and no files appeared on my desktop. I figured I had misunderstood and continued on with the RegSeeker, which did find a good bit of norton/symantec garbage and removed it. (it was on the general regseeker clean that I got carried away).
    I just tried to do the copy/paste thing again, and still no files. Tried to do a search for a norton.log or a symantec.log and no such files found. So I'm not sure what went wrong....

    Still working on the chkdsk problem--I even uninstalled Spybots after noting the reference in Kim's post, but still having no luck. I'll try your boiled down version and get back to you.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...