> > Unfortunately, that's no guarantee that your system isn't harbouring a
> >zero day threat or rootkit.

> Oh, I know that.  It's why I said I was a little worried.

> > It probably isn't if the system appears to
> >be behaving itself but how can you be certain?

> I don't think anyone can.  I take all the usual precautions and don't go
> to dodgy websites or install stuff where I don't know its origin.  I've
> had this Windows installation for a long time (the DOS 6 directory was
> still on the disk until recently!) and it's been upgraded from 3.1 right
> through the various intermediate releases to XP, and would prefer not to
> have to reformat now I have everything just so.

 Wow! That's quite a long lived system. I suppose it's like "Great Grand
Daddy's Axe". It's the original one, except for two replacement handles
and a new axehead. ;-)

> > Tools like ProcessExplorer can help but there'll always be a nagging
> >doubt

> Must download it - John J recommended it too.

> > If you want to run ComboFix on a Compaq Presario AMD64 system (the one
> >with the sysprep intel/AMD SP3 upgrade booby trap),

> you really should read the Register more often.  They reported on this
> weeks ago. :o)

 What, _only_ weeks ago? This is a problem that hearks back to SP1,
initially screwing up the SP2 upgrade but also, as in my case, screwing
up the SP2 to SP3 upgrade.

> > What should have been a simple 15 or 20 minute hands off job

> Welcome to the wonder of Windows.  It's why I won't do "little jobs" for
> friends and family any more.  You only end up looking at progress bars,
> screaming at the monitor "Hurry the   up will you!" or doing yet
> another in an interminable series of reboots, or having to shuffle files
> around and optimise the pagefile (as you went on to describe.)

 I've long gotten used to the slugging effect of winXP(plus passengers -
unwanted or not) and stopped cursing such pathetic performance on
hardware that's (on the face of it) got a better spec than my 5 1/2 year
old win2k box.

> It's all so horribly time-consuming, and if you spend ages getting the
> job just right, you know your relative/friend/sibling won't understand
> for one second haw much of a pain in the arse it is.

 In my case, it was much worse since my customer had only brought it in
to fix the front panel On/Off button which a nephew had damaged in a
swivel chair related incident a month or two earlier. I had made the
mistake of quoting for an hour's worth to sort that and remove the felt
matt of dust from the CPU heatsink.

 The swivel chair incident had smashed into the On/Off button so hard
that it had actually dented the metalwork it was clipped into (it's a
wonder there was anything left of the switch at all!).

 The thing was, since he did have a second unused drive (D: drive) and
not too much user data plus he'd obviously run the 'repair' recovery
option quite a few times (as he'd mentioned as an aside when he'd
dropped the system box off with me), I thought the best option was to
transfer the user files to where they should have been all along and do
a full restore, nicely killing off any parasites that the repair option
he'd used was allowing to persist (I should have known better).

 So, of course (as it often seems to in these cases), the already
protracted job ran into further difficulties for me to sort out but I
thought my customer would appreciate the extra effort to succeed (where
he had failed) in getting it to a virus (and IE7/IE8) free SP3
configuration with a lot more pep than it ever had.

 Unfortunately, when I quoted him the conservatively estimated hands on
time for the job, he was all too quick to point out that he'd only been
quoted for the On/Off button repair work and hadn't specifically asked
for any further work to be done beyond that.

 Technically, he was quite right so I had to agree and allow him to come
and collect it "In Half an Hour's time"(tm). Just enough time to knock
it back to SP2 via the factory restore option and fix all those
cockameemee microsoft defaults (if he wasn't prepared to pay, he'd have
to tackle the SP3 update problem himself).

 Unfortunately, in my rush to set it up again, I'd forgotten to juggle
the drive letters on the 144GB drive. The P drive had now reverted back
to drive D with the D drive getting promoted to E and I was in the
middle of sorting that lot out when he arrived, exactly half an hour
later, declaiming that he couldn't hang around on account his mother or
MiL was waiting in the car, not even prepared to allow me the five
minutes or so needed to finish optimising the system.

 Since it was in a better working state than it had ever been before,
despite the half completed tuneup, I decided it was best not to argue
and let him take it as it was. That was last Saturday and I've not heard
from him since so I can only presume he was able to find his data ok and
has not had any further trouble.

 I've stuck a Post It note to my monitor just so I'd be up to speed in
case I did get a rant of a phone call. I've written a brief note which
 " "Terms of Contract" are more important than commonsense "give and
take" (collected B4 SP2 could be properly re-configured)."
 just to remind myself that he was the one that had insisted on taking
it away before the job was properly completed.

 He seemed awfully keen to regain possession which makes me wonder
whether his real concern was more to do with the quality of the
'content' he had stored on the hard drive rather than the quality of my

 It's my own fault, of course. I should have recognised the signs and
treated the system to a dose of "If it ain't broke, don't fix it!", but
sometimes it can be hard to resist that urge to "Do The Right Thing"(tm)
and do that little bit extra. ;-(

 In this case, it was circumstance that conspired against me, the one
time that ComboFix had produced the warned of dire consequences it just
had to be on a booby trapped system box and with an unreasonable
customer to boot.

 I daresay I'll land up in a similar situation within the next year or
two. It's one of the hazards of this profession when you actually do
give a shit.

Regards, John.

