Author Topic: Pc is a mess and would appreciate help please.  (Read 8861 times)

0 Members and 1 Guest are viewing this topic.

December 09, 2014, 04:02:02 AM

sandymail

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Pc is a mess and would appreciate help please.
« on: December 09, 2014, 04:02:02 AM »
My computer was running slow, taking a long time to restart or shut down, when clicking on links I was being redirected, was having errors in outlook express.  I run xp sp 3 professional and had never been in safe mode, but managed to get there and run several scans.  Super anti spyware found 5 critical registry items called rogue.component/trace and my norton's found a trojan.gen.2.  After removing these I ended up with a computer with a LOT of problems.  After rebooting, my desktop files, folders, etc had disappeared ( and I had a lot of stuff on there), my menu bar at the bottom was all different, my desktop picture was not the same and I had lost EVERY BIT of email (which makes me sick to my stomach)............as a matter of fact outlook express is 100% totally empty like it was a new computer, no address book or anything (what a mess).  I've been reading a lot and running various scans since then including kaspersky TDSS Killer (anti-rootkit utility) which found -0-.  I then ran Comodo cleaning essentials which found 1 item ABNORMAL SYSTEM SETTINGS MODIFIED HOSTS which I DID NOT remove as they say Comodo gives fales positives so I was afraid to delete.  I'd like to know if I can remove that!!  I ran malwarebytes anti rootkit  and it's companion program fixdamage.exe   (which found -0-) .  I just finished running rogue killer.exe and it found a lot of stuff.  Not being knowlegeable to know what is what I'm posting the result of the scan and begging for help in determining what is good and should stay and what is nasty stuff.  I use my computer to earn money so after 5 full days of scanning and crying and praying I'm hoping to get this cleared up quickly.  Thank you so much for whoever takes on this task for me! :'( :'(

Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Administrator]
Mode : Scan -- Date : 12/08/2014  17:09:21

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} -> Found
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | CCE : "C:\Documents and Settings\TEMP\Desktop\CCE\CCE.exe" -showlog  -> Found
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:2883;https=127.0.0.1:2883;  -> Found
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:2883;https=127.0.0.1:2883;  -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-2423455794-1845874516-3463538204-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2423455794-1845874516-3463538204-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 44 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[12] : Unknown @ 0x8a071ae8
[SSDT:Addr(Hook.SSDT)] NtAlertThread[13] : Unknown @ 0x8a071b80
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[17] : Unknown @ 0x8a082290
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[19] : Unknown @ 0x8a0a2750
[SSDT:Addr(Hook.SSDT)] NtConnectPort[31] : Unknown @ 0x8a18ca48
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[43] : Unknown @ 0x8a0d2b10
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[52] : Unknown @ 0x8a0a2600
[SSDT:Addr(Hook.SSDT)] NtCreateThread[53] : Unknown @ 0x8a0832e8
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[57] : Unknown @ 0x8a0d47f0
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[68] : Unknown @ 0x8a144850
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[83] : Unknown @ 0x8a0cc2c8
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[89] : Unknown @ 0x8a0719f8
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[91] : Unknown @ 0x8a071a50
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[97] : Unknown @ 0x8a18d330
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[108] : Unknown @ 0x8a060c88
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[114] : Unknown @ 0x8a0d2a78
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[122] : Unknown @ 0x8a0a22f8
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[123] : Unknown @ 0x8a082338
[SSDT:Addr(Hook.SSDT)] NtOpenSection[125] : Unknown @ 0x8a0d4940
[SSDT:Addr(Hook.SSDT)] NtOpenThread[128] : Unknown @ 0x8a1448d8
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[137] : Unknown @ 0x8a0a26a8
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[180] : Unknown @ 0x8a050d58
[SSDT:Addr(Hook.SSDT)] NtResumeThread[206] : Unknown @ 0x8a144328
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[213] : Unknown @ 0x8a060af0
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[228] : Unknown @ 0x8a060b88
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[240] : Unknown @ 0x8a0d4888
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[253] : Unknown @ 0x8a0d49b8
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[254] : Unknown @ 0x8a1443c0
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[257] : Unknown @ 0x8a0a2220
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[258] : Unknown @ 0x8a144458
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[267] : Unknown @ 0x8a060c10
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[277] : Unknown @ 0x8a0cc350
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[307] : Unknown @ 0x8a0464e8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[383] : Unknown @ 0x8a6f4768
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[414] : Unknown @ 0x8a077260
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[416] : Unknown @ 0x8a050a80
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[428] : Unknown @ 0x8a050a38
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[460] : Unknown @ 0x8a0764c0
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[475] : Unknown @ 0x8a155370
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[476] : Unknown @ 0x8a0e6cc8
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0x8a084308
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[552] : Unknown @ 0x8a046410
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\pfc @ Unknown (\SystemRoot\system32\drivers\pfc.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \FileSystem\DLACDBHM @ Unknown (\SystemRoot\System32\Drivers\DLACDBHM.SYS)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-60YGA1 +++++
--- User ---
[MBR] c7c87535219689c94c1db173bbb61bec
[BSP] 5552c0dc4191488df4a64307c8144b31 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 466677 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 955771110 | Size: 10244 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Lexmark USB Mass Storage USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Reply #1December 09, 2014, 05:39:52 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Pc is a mess and would appreciate help please.
« Reply #1 on: December 09, 2014, 05:39:52 PM »
Hello
Could you tell me which version it is? (you've cut the header a little bit)

Also, for Outlook being empty, are you sure you are on the same user session?
What do you see in C:/Documents And Settings? How many users?

Reply #2December 09, 2014, 06:56:53 PM

sandymail

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: Pc is a mess and would appreciate help please.
« Reply #2 on: December 09, 2014, 06:56:53 PM »
Which version of what?  My operating system is windows xp sp 3 professional.  The version of roguekiller.exe was the one just downloaded and it says it's 10.0.9.0.

I am the only person that uses this computer so I am the only user.  My email program is outlook express v. 6.

OMG! I am so excited that you asked me about outlook express because I just realized I have my email back!!!  I've been so upset that it made me break out crying and it took me a few minutes to pull myself together.  Because I went into windows explorer and realized all the files were back the way they originally were.  My file system had become a jumbled up mess!  I was able to direct the path back where it should have been and got my emails and address book back!!  This must have happened after I ran malwarebytes anti rootkit (which found -0-) but then I ran fixdamage.exe and it must have straightened out my file system.  If I remember correctly I did not reboot, but just went right into installing roguekiller.exe and running it.  I've been having such a hard time rebooting............it takes like 2 hours to do so, so I've only been doing that when it tells me I have to.  I had downloaded malwarebytes anti rootkit and roguekiller on another computer and put them on a CD.  And I used the CD to put them on this desktop and run them.

Reply #3December 10, 2014, 07:04:19 PM

sandymail

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: Pc is a mess and would appreciate help please.
« Reply #3 on: December 10, 2014, 07:04:19 PM »
I'm going to reply to my own message since no one else is. :(  :'(

While it is true that I was able to find where my outlook express .dbx files are located my joy was very quickly taken away.  I tried to put outlook express back the way it should be.  But when I reboot, it all disappears again.  Some of my programs are opening quicker.......google chrome opens faster, but all my settings and favorites are gone in chrome.  When I try to fix chrome settings back the way i like it, again, when I reboot all my settings are gone again.  I put malwarebytes anti-rootkit and rogue killer on my desktop and ran then, but when I reboot, they disappear from my desktop.  I don't have any of my many many files, folders and shortcuts on my desktop.  I even had a text file with the results of the rogue killer scan on the desktop and it's gone!!!  The one here on the forum is the only list I have.  My taskbar at the bottom of my desktop is all different from the way it was.

Since no one has given me any advice I spent yesterday 1) re running malwarebytes, it found PUP optional.FTDownloader.A and I let it delete it. 2) i downloaded and ran HitmanPro and it found 12 items and I let it delete them.  I saved a .txt file with those results, but it disappeared also!.

So today I'm going to run comodo cleaning essentials and if it finds "Abnormal system settings - modified Hosts" again, I will just let it delete it.

I will run rogue killer again and just let it delete, quarantine, or whatever it does?  I've been without a fulling working computer for almost a week and I know you guys are probably busy, but I really need some help with this.  Please?!  Thank you!

I will come back in about an hr and if no one says anything I will do the scan with comodo cleaning essentials and and rogue killer again and just let the programs delete what they find. :-\ :-\

Reply #4December 11, 2014, 12:01:32 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Pc is a mess and would appreciate help please.
« Reply #4 on: December 11, 2014, 12:01:32 PM »
It's not a malware issue here, your operating system has been damaged.
You can spend hours trying to solve it, or back up everything and reinstall. That's what I'd do here :)

Reply #5December 11, 2014, 07:01:51 PM

sandymail

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: Pc is a mess and would appreciate help please.
« Reply #5 on: December 11, 2014, 07:01:51 PM »
Oh no!!  I wanted to tell you that I did run Comodo Cleaning Essentials and it again found "Abnormal system settings Modified Hosts" and I let it delete that, then I ran Malwarebyted Anti-Rootkit and it found -0- and I again ran Rogue Killer and I only let it remove 3 orange PUPs, but there were other orange things and under Antirootkit there's a lot, it's about 50/50 orange and green.  I did notice you can't delete anything and I wouldn't know what to delete anyway. 

I know this is bad but I've never learned how to back up everything or what should be backed up and I wouldn't know if it's possible to reinstall windows XP SP 3?  Wouldn't that take the system back to original and microsoft no longer updates it so how would I be able to update everything?  Not to mention that I have no idea how to do it. I don't really understand computers (I'm sure you've been able to figure that out) so I would have to get someone to do this for me.  Below I will give you the results of the new scan.  Maybe you can see something that can help.  I want you to know that I greatly appreciate the time that you are taking and have taken to try to help me.  I don't know why this says 12-8-14....I ran it yesterday 12-10-14 after I ran the other scans I told you about in the first paragraph.  Even the title of the log says RKreport_DEL_12102104_174638.txt.

RogueKiller V10.0.9.0 [Dec  8 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Administrator]
Mode : Delete -- Date : 12/10/2014  17:46:38

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52} -> Deleted
[PUP] HKEY_CLASSES_ROOT\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} -> Deleted
[PUP] HKEY_CLASSES_ROOT\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} -> Deleted
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HitmanPro37CrusaderBoot ("C:\Documents and Settings\TEMP\Desktop\HitmanPro.exe" /crusader:boot) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro37CrusaderBoot ("C:\Documents and Settings\TEMP\Desktop\HitmanPro.exe" /crusader:boot) -> Not selected
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HitmanPro37CrusaderBoot ("C:\Documents and Settings\TEMP\Desktop\HitmanPro.exe" /crusader:boot) -> Not selected
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Not selected
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Not selected
[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:2883;https=127.0.0.1:2883;  -> Not selected
[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:2883;https=127.0.0.1:2883;  -> Not selected
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com  -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com  -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com  -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-2423455794-1845874516-3463538204-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com  -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.hp.com  -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2423455794-1845874516-3463538204-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 2 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\WINDOWS\System32\drivers\etc\hosts] ::1             localhost

¤¤¤ Antirootkit : 44 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlertResumeThread[12] : Unknown @ 0x8a043a30
[SSDT:Addr(Hook.SSDT)] NtAlertThread[13] : Unknown @ 0x8a043ac8
[SSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[17] : Unknown @ 0x8a079948
[SSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[19] : Unknown @ 0x8a0abc90
[SSDT:Addr(Hook.SSDT)] NtConnectPort[31] : Unknown @ 0x8a13b218
[SSDT:Addr(Hook.SSDT)] NtCreateMutant[43] : Unknown @ 0x8a0aea40
[SSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[52] : Unknown @ 0x8a0abb40
[SSDT:Addr(Hook.SSDT)] NtCreateThread[53] : Unknown @ 0x8a047ba0
[SSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[57] : Unknown @ 0x8a0abd28
[SSDT:Addr(Hook.SSDT)] NtDuplicateObject[68] : Unknown @ 0x8a13bcb0
[SSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[83] : Unknown @ 0x8a0b1a78
[SSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[89] : Unknown @ 0x8a0aeae8
[SSDT:Addr(Hook.SSDT)] NtImpersonateThread[91] : Unknown @ 0x8a0aeb80
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[97] : Unknown @ 0x8a728e28
[SSDT:Addr(Hook.SSDT)] NtMapViewOfSection[108] : Unknown @ 0x8a0b19e0
[SSDT:Addr(Hook.SSDT)] NtOpenEvent[114] : Unknown @ 0x8a0b8840
[SSDT:Addr(Hook.SSDT)] NtOpenProcess[122] : Unknown @ 0x8a047af8
[SSDT:Addr(Hook.SSDT)] NtOpenProcessToken[123] : Unknown @ 0x8a13bc18
[SSDT:Addr(Hook.SSDT)] NtOpenSection[125] : Unknown @ 0x8a0b8730
[SSDT:Addr(Hook.SSDT)] NtOpenThread[128] : Unknown @ 0x8a13bd38
[SSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[137] : Unknown @ 0x8a0abbe8
[SSDT:Addr(Hook.SSDT)] NtQueueApcThread[180] : Unknown @ 0x8a0aba98
[SSDT:Addr(Hook.SSDT)] NtResumeThread[206] : Unknown @ 0x8a043b60
[SSDT:Addr(Hook.SSDT)] NtSetContextThread[213] : Unknown @ 0x8a09d918
[SSDT:Addr(Hook.SSDT)] NtSetInformationProcess[228] : Unknown @ 0x8a09d990
[SSDT:Addr(Hook.SSDT)] NtSetSystemInformation[240] : Unknown @ 0x8a0b86b8
[SSDT:Addr(Hook.SSDT)] NtSuspendProcess[253] : Unknown @ 0x8a0b87c8
[SSDT:Addr(Hook.SSDT)] NtSuspendThread[254] : Unknown @ 0x8a09d7e8
[SSDT:Addr(Hook.SSDT)] NtTerminateProcess[257] : Unknown @ 0x8a09c148
[SSDT:Addr(Hook.SSDT)] NtTerminateThread[258] : Unknown @ 0x8a09d880
[SSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[267] : Unknown @ 0x8a0b1948
[SSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[277] : Unknown @ 0x8a079880
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[307] : Unknown @ 0x89f11788
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[383] : Unknown @ 0x8a012dc8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[414] : Unknown @ 0x8a012d50
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[416] : Unknown @ 0x89f11688
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[428] : Unknown @ 0x89f11700
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[460] : Unknown @ 0x8a027db8
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[475] : Unknown @ 0x8a012cc8
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[476] : Unknown @ 0x8a012c40
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[549] : Unknown @ 0x89f131e0
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[552] : Unknown @ 0x89a8d708
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\pfc @ Unknown (\SystemRoot\system32\drivers\pfc.sys)
[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \FileSystem\DLACDBHM @ Unknown (\SystemRoot\System32\Drivers\DLACDBHM.SYS)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---

Reply #6December 12, 2014, 08:37:06 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Pc is a mess and would appreciate help please.
« Reply #6 on: December 12, 2014, 08:37:06 AM »
Quote
I know this is bad but I've never learned how to back up everything or what should be backed up and I wouldn't know if it's possible to reinstall windows XP SP 3?

Basically, just put what has value for you on either a USB key / USB Hard drive, or in the cloud (Google Drive/DropBox/...), like pictures, movies, documents, etc... Consider the system completely wiped off, and ask yourself what shall be kept.

Then, to reinstall you need your windows CD/DVD, you'll find some tutorials about that on Internet.
http://www.blackviper.com/os-install-guides/windows-xp-professional-install-guide/
http://www.wikihow.com/Install-Windows-XP

Reply #7December 12, 2014, 05:08:51 PM

sandymail

  • Newbie

  • Offline
  • *

  • 5
  • Reputation:
    0
    • View Profile
Re: Pc is a mess and would appreciate help please.
« Reply #7 on: December 12, 2014, 05:08:51 PM »
 :) ;D  I am so happy right now!  Yesterday as I was trying to figure out whether I could reinstall XP and somehow still have all the updates (since Microsoft doesn't support it any longer) or maybe should even update to Vista (I was given the CD to do so with my pc) it suddenly dawned on me that I had not done a scan disk or chk dsk as it's now called.  So I really didn't even know what that did, but I remember I used to do it with my Windows Me machine.  So I googled how to find it and do it and I set about doing it.  Low and behold last night I came back to check on the progress and ALL MY DESKTOP WAS BACK!!!!!  Needless to say I started crying like a baby!  Yes I'm emotional over my pc!  :P  I noticed every time I look at the scan dsk running that it was showing error after error.  There were literally thousands of them!  I am so happy and at the same time aggravated that I didn't think of this before.  But when you don't know much about how to take care of pc problems, you just don't know.  So I would tell anyone that removes malware, trojans or viruses that the first thing you should do afterwards is run a scan dsk!!!!!  I then got defrag going but even after going all night it only got to 47%.  I'm going to have to do it in safe mode (now that I know how to get it into safe mode, lol).  But being without a pc for over a week means I have a ton of email to catch up on first.

Thank you so much for spending your time trying to help me.  I've learned a good lesson.........that I have to remember to use the tools that are already on the pc to help me.  I also know that I need an extra hard drive to use for backing stuff up. 

Happy holidays to you and everyone that might be reading this post.   :)

Reply #8December 12, 2014, 05:32:40 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: Pc is a mess and would appreciate help please.
« Reply #8 on: December 12, 2014, 05:32:40 PM »
No problem, thanks :)
If I can tell you, whether you choose to upgrade go directly to Windows Seven, Vista has very poor user experience.