We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Problems after re-install of XP
Comments
-
TICK and FIX this too ~
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file):idea:0 -
"" Richie: Why would you think I am part of my own problems ? ""
You could make the dongle, archive, re-install a sweet running uncluttered system and replace your ' can't afford to loose ' stuff in half an hour.
Because a couple of weeks ago we all went down this road
- you from the premise that your O/S & data could be saved
- me secure in the knowledge that even if it could be saved it would not be saved by you, and if I, or, a-n-other did the work it would not be cost effective for you .. .. .. the customer
Two or three weeks later we're still in the same boat, and you still have no puter. At that time you had a flash dongle big enough to run a USB boot and tools and leave sufficient room to archive off your ' can't afford to loose ' stuff.
You could make the dongle, archive, re-install a sweet running uncluttered system and replace your ' can't afford to loose ' stuff in half an hour.
"" Am I flogging a dead horse? "", probably the shop obeyed your instructions, didn't lose your data, and charged you for the privilege of giving you back the same bag of issues you took into the shop to have repaired ! The shop should be ashamed, not for the mess they have given back to you, but for taking your money and not insisting on a clean re-install & replacing your ' can't afford to loose ' stuff !
You could make the dongle, archive, re-install a sweet running uncluttered system and replace your ' can't afford to loose ' stuff in half an hour.
BTW if you are not the [ same person ] rmg1 as I'm describing above I'm a /=)Disclaimer : Everything I write on this forum is my opinion. I try to be an even-handed poster and accept that you at times may not agree with these opinions or how I choose to express them, this is not my problem. The Disabled : If years cannot be added to their lives, at least life can be added to their years - Alf Morris - ℜ0 -
ORIGIN
- of the rmg1 problem : http://forums.moneysavingexpert.com/showthread.html?t=2243471
Q&D SOLUTION
- have another go at creating the stick, everyone here will help !
- if your DVD is now working forget the stick use a ROM
- do you have a legal copy of Windows ? - and the original drivers CD / DVD for that motherboard ?
Lil306 and others have it right, help yourself, and others will get behind you. You don't need a shop, your lack of self confidence is unfounded, you can do-it-yourself. Re-install your windows after getting your ' important stuff ' off first.Disclaimer : Everything I write on this forum is my opinion. I try to be an even-handed poster and accept that you at times may not agree with these opinions or how I choose to express them, this is not my problem. The Disabled : If years cannot be added to their lives, at least life can be added to their years - Alf Morris - ℜ0 -
Richie - I made the stick (full Ubuntu on a 2GB stick) but the DVD drive wasn't working so I could save any data. It still isn't after they've "fixed" my machine. I can't install the printer or webcam software, the disc appears blank when I put it in the drive. I've tried uninstaling the drivers for the DVD-drive and rebooting so Windows picks it up again, but still no joy. Mine "was" a legal coy of windows (OEM version), what's on now appears to have the same registration key, but I can't be sure without finding the sticker.
AlienRik - Here's the log (I had to run the scan again as I closed the window with the original log on it and it had deleted two files, one was a registry backup from ages ago and the other was Autorun.inf from my backup drive)
ComboFix 10-02-12.01 - Richard 14/02/2010 9:40.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.613 [GMT 0:00]
Running from: c:\documents and settings\Richard\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: PC Tools Firewall Plus *enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
((((((((((((((((((((((((( Files Created from 2010-01-14 to 2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-13 09:49 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-02-13 01:13 . 2010-02-13 01:13
d
w- c:\program files\Microsoft Silverlight
2010-02-12 23:56 . 2010-02-12 23:56
d
w- c:\windows\Downloaded Installations
2010-02-12 23:55 . 2003-06-25 16:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-02-12 23:18 . 2010-02-13 00:47
d
w- c:\program files\ATI
2010-02-12 23:15 . 2010-02-12 23:15
d
w- c:\program files\Citrix
2010-02-12 23:06 . 2010-02-14 09:17
d
w- c:\documents and settings\Richard\Tracing
2010-02-12 23:00 . 2010-02-12 23:00
d
w- c:\program files\Microsoft
2010-02-12 22:59 . 2010-02-12 22:59
d
w- c:\program files\Windows Live SkyDrive
2010-02-12 22:58 . 2010-02-12 23:00
d
w- c:\program files\Windows Live
2010-02-12 22:49 . 2010-02-12 22:49
d
w- c:\program files\Common Files\Windows Live
2010-02-12 22:48 . 2010-02-12 22:48
d
w- c:\program files\Trend Micro
2010-02-12 22:04 . 2010-02-12 22:04
d
w- c:\documents and settings\Richard\Local Settings\Application Data\ATI
2010-02-12 22:04 . 2010-02-12 22:04
d
w- c:\documents and settings\Richard\Application Data\ATI
2010-02-12 22:04 . 2010-02-12 22:04 130 ----a-w- c:\documents and settings\Richard\Local Settings\Application Data\fusioncache.dat
2010-02-12 22:04 . 2010-02-13 16:26
d
w- c:\documents and settings\Richard\Local Settings\Application Data\ApplicationHistory
2010-02-12 21:54 . 2006-05-03 11:57 520192
w- c:\windows\system32\ati2sgag.exe
2010-02-12 21:53 . 2010-02-12 23:19
d
w- c:\program files\ATI Technologies
2010-02-12 21:52 . 2010-02-12 21:52
d
w- C:\ATI
2010-02-12 19:22 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-02-12 19:14 . 2010-02-12 19:14
d
w- c:\documents and settings\Richard\Local Settings\Application Data\Thunderbird
2010-02-12 19:14 . 2010-02-12 19:14
d
w- c:\documents and settings\Richard\Application Data\Thunderbird
2010-02-12 19:14 . 2010-02-12 19:14
d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-02-12 19:13 . 2010-02-13 16:56
d
w- c:\program files\Mozilla Thunderbird
2010-02-12 19:08 . 2010-02-12 19:08 52224 ----a-w- c:\documents and settings\Richard\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-12 19:08 . 2010-02-12 19:08 117760 ----a-w- c:\documents and settings\Richard\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-12 19:07 . 2010-02-12 19:07
d
w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-12 19:07 . 2010-02-12 19:07
d
w- c:\program files\SUPERAntiSpyware
2010-02-12 19:07 . 2010-02-12 19:07
d
w- c:\documents and settings\Richard\Application Data\SUPERAntiSpyware.com
2010-02-12 19:07 . 2010-02-12 19:07
d
w- c:\program files\Common Files\Wise Installation Wizard
2010-02-12 19:06 . 2010-02-12 19:06
d
w- c:\documents and settings\Richard\Application Data\Malwarebytes
2010-02-12 19:06 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-12 19:06 . 2010-02-12 19:06
d
w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-12 19:06 . 2010-02-12 19:06
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-02-12 19:06 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-12 19:05 . 2010-02-12 19:05
d
w- c:\program files\FileHippo.com
2010-02-12 19:05 . 2010-02-12 19:05
d
w- c:\program files\CCleaner
2010-02-12 19:00 . 2010-02-12 19:00
d
w- c:\program files\PowerISO
2010-02-12 18:56 . 2010-02-12 18:56
d
w- c:\windows\system32\XPSViewer
2010-02-12 18:55 . 2010-02-12 18:55
d
w- c:\program files\MSBuild
2010-02-12 18:55 . 2010-02-12 18:55
d
w- c:\program files\Reference Assemblies
2010-02-12 18:55 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-12 18:55 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-12 18:55 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-12 18:55 . 2008-07-06 12:06 575488
w- c:\windows\system32\xpsshhdr.dll
2010-02-12 18:55 . 2008-07-06 12:06 117760
w- c:\windows\system32\prntvpt.dll
2010-02-12 18:55 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-12 18:55 . 2008-07-06 10:50 597504
w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-12 18:55 . 2010-02-12 18:55
d
w- C:\999ae3c567bc3bdfe6cd
2010-02-12 18:55 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-12 18:55 . 2008-07-06 12:06 1676288
w- c:\windows\system32\xpssvcs.dll
2010-02-12 18:51 . 2010-02-12 18:51
d
w- c:\documents and settings\Richard\Local Settings\Application Data\Identities
2010-02-12 18:51 . 2010-02-12 18:51
d
w- c:\documents and settings\Richard\Application Data\Windows Desktop Search
2010-02-12 18:50 . 2010-02-13 09:47
d
w- c:\program files\Windows Desktop Search
2010-02-12 18:50 . 2010-02-12 18:50
d
w- c:\windows\system32\GroupPolicy
2010-02-12 18:49 . 2010-02-12 18:49
d
w- c:\program files\Windows Media Connect 2
2010-02-12 18:48 . 2010-02-14 09:35
d
w- c:\windows\system32\LogFiles
2010-02-12 18:48 . 2010-02-12 18:49
d
w- c:\windows\system32\drivers\UMDF
2010-02-12 18:46 . 2001-08-17 13:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-02-12 18:46 . 2001-08-17 13:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2010-02-12 18:44 . 2010-02-12 18:45
d
w- c:\windows\system32\URTTemp
2010-02-12 18:25 . 2010-02-12 18:26
d
w- c:\documents and settings\Richard\Application Data\PCToolsFirewallPlus
2010-02-12 18:22 . 2010-02-12 18:22
d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-12 18:21 . 2010-02-12 23:05 12912 ----a-w- c:\documents and settings\Richard\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-12 18:20 . 2010-02-12 18:23 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 18:20 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-12 18:20 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-12 18:20 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-12 18:20 . 2010-02-12 18:20
d
w- c:\program files\Avira
2010-02-12 18:20 . 2010-02-12 18:20
d
w- c:\documents and settings\All Users\Application Data\Avira
2010-02-12 18:16 . 2009-11-23 13:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-12 18:16 . 2009-11-09 11:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-12 18:15 . 2010-01-07 12:40 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-12 18:15 . 2010-02-14 09:23
d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-12 18:15 . 2010-02-12 18:16
d
w- c:\program files\Common Files\PC Tools
2010-02-12 18:15 . 2010-01-12 09:34 70664 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-02-12 18:15 . 2010-01-07 11:35 58816 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2010-02-12 18:15 . 2010-01-07 11:35 32680 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2010-02-12 18:15 . 2010-01-13 08:59 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-02-12 18:15 . 2010-02-12 18:26
d
w- c:\program files\PC Tools Firewall Plus
2010-02-12 17:49 . 2010-02-12 17:49
d
w- c:\documents and settings\Richard\Local Settings\Application Data\Mozilla
2010-02-12 17:46 . 2010-02-12 17:46
d
w- c:\program files\7-Zip
2010-02-12 17:45 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-12 17:45 . 2010-02-12 19:02
d
w- c:\windows\ie8updates
2010-02-12 17:44 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-12 17:44 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-12 17:44 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-12 17:44 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-12 17:44 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-12 17:44 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-12 17:43 . 2010-02-12 17:44
dc-h--w- c:\windows\ie8
2010-02-12 17:43 . 2010-02-12 17:43 0 ----a-w- c:\windows\nsreg.dat
2010-02-12 17:43 . 2010-02-12 17:43
d
w- c:\documents and settings\User\Local Settings\Application Data\Mozilla
2010-02-12 17:39 . 2008-04-14 00:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-02-12 17:39 . 2008-04-14 00:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-02-12 13:05 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-12 13:05 . 2008-06-13 11:05 272128
w- c:\windows\system32\drivers\bthport.sys
2010-02-12 13:03 . 2009-12-04 18:22 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-12 12:33 . 2009-05-12 15:12 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-02-12 12:33 . 2010-02-13 01:03
d--h--w- c:\windows\$hf_mig$
2010-02-12 12:33 . 2009-12-08 19:26 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-12 12:33 . 2009-12-08 18:43 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 12:33 . 2009-12-08 18:43 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-12 12:33 . 2008-05-03 11:55 2560
w- c:\windows\system32\xpsp4res.dll
2010-02-11 15:12 . 2006-11-01 23:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-02-11 15:12 . 2010-02-12 21:52
d
w- c:\program files\Common Files\InstallShield
2010-02-11 15:05 . 2010-02-11 15:05
d
w- c:\documents and settings\User\Application Data\Blitware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 21:54 . 2010-02-11 15:14
d--h--w- c:\program files\InstallShield Installation Information
2010-02-12 18:28 . 2010-02-11 14:55 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-11 15:14 . 2010-02-11 15:12
d
w- c:\program files\VIA
2010-02-11 14:56 . 2010-02-11 14:56
d
w- c:\program files\microsoft frontpage
2010-02-11 14:52 . 2010-02-11 14:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2008-04-14 12:00 916480
w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2010-02-11 14:51 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2008-04-14 12:00 2189184
w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2008-04-14 00:01 2066048
w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-04-14 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2008-04-14 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2008-04-14 05:42 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2008-04-14 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2008-04-14 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2008-04-14 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2008-04-14 05:41 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2007-11-09 16:10 . 2007-11-09 16:10 30288 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 16:10 . 2007-11-09 16:10 79440 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 16:10 . 2007-11-09 16:10 75344 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 16:10 . 2007-11-09 16:10 140880 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 16:10 . 2007-11-09 16:10 42576 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 16:10 . 2007-11-09 16:10 50768 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 16:10 . 2007-11-09 16:10 34384 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 16:11 . 2007-11-09 16:11 685648 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 16:11 . 2007-11-09 16:11 30288 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"CARPService"="carpserv.exe" [2003-05-21 4608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 16:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
2007-08-09 15:48 528384 ----a-r- c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [12/02/2010 18:15 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/02/2010 18:20 108289]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [12/02/2010 18:16 88040]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [12/02/2010 18:15 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [12/02/2010 18:15 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [12/02/2010 18:15 115216]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
.
.
Supplementary Scan
.
FF - ProfilePath - c:\documents and settings\Richard\Application Data\Mozilla\Firefox\Profiles\qye3m1fh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tiscali.co.uk
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 09:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
DLLs Loaded Under Running Processes
- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(27628)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-14 09:45:47
ComboFix-quarantined-files.txt 2010-02-14 09:45
ComboFix2.txt 2010-02-14 09:33
Pre-Run: 43,085,733,888 bytes free
Post-Run: 43,075,698,688 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 392A78BAA3449C4336E77FACFD3FA4BB:wall: Flagellation, necrophilia and bestiality - Am I flogging a dead horse? :wall:
Any posts are my opinion and only that. Please read at your own risk.0 -
I dont see anything wrong
Personally id borrow somone elses computer and another hardrive, backup whatever you need by plugging YOUR hardrive through a USB then wipe the computer and start afresh:idea:0 -
If only.... Can't get the DVD drive to read discs so I can't use my wipe-disc to reinstall my copy of Windows.:wall: Flagellation, necrophilia and bestiality - Am I flogging a dead horse? :wall:
Any posts are my opinion and only that. Please read at your own risk.0 -
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{db2e2d5d-d74a-4a88-822e-c6928f59e4df} (Password.Stealer) -> Quarantined and deleted successfully.
Looking back through the thread it looks to me like the place youve taken it to has stolen all your private passwords!:idea:0 -
Originally Posted by rmg1Looking back through the thread it looks to me like the place youve taken it to has stolen all your private passwords!
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{db2e2d5d-d74a-4a88-822e-c6928f59e4df} (Password.Stealer) -> Quarantined and deleted successfully.
Looking back through the thread it looks to me like the place youve taken it to has stolen all your private passwords!
:shocked: Nasty!0 -
Are you sure the place you took it to formatted your HDD and did a clean install?0
-
Nice(!)
I didn't realise that I stored passwords on here.
Everything I use always asks me for my password whenever I do anything (banking, e-mails, etc)
Looks like I'll phoning them tomorrow with some fairly specific instructions.
And I'll want some of my £70 back!
::edit::
Still can't install printer/webcam software, discs till being classed as blank (and after I was assured everything was OK by the 12 year old in the shop):wall: Flagellation, necrophilia and bestiality - Am I flogging a dead horse? :wall:
Any posts are my opinion and only that. Please read at your own risk.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.3K Banking & Borrowing
- 253.7K Reduce Debt & Boost Income
- 454.4K Spending & Discounts
- 245.3K Work, Benefits & Business
- 601.1K Mortgages, Homes & Bills
- 177.6K Life & Family
- 259.2K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards