Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious files.


  • Please log in to reply
8 replies to this topic

#1 DoorMat

DoorMat

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 08 January 2012 - 02:25 AM

Ok so, about a month or so (before I found this forum) i was hit with the Open Cloud AV Virus. I would get false scans, fake blocked emails and other pop-up/messages about how my computer was infected. I searched up on it and found out how to remove it. I rebooted in safe mode and ran a scan MBAM and deleted the infection. I rebooted back to normal and it wasn't there anymore and wasn't getting any signs of any other infections, the computer was back to normal.

Though recently my MBAM has been blocking outgoing IP's, though this only happens on websites like Hulkshare, or when I'm playing online games, didn't know if it was malware or if it was usual under the environment it was happening in so I didn't bother to make a thread. But just now, I found something quite odd that made me start a thread an make sure my system is clean. In my AVG firewall under "Application Information" I was going through programs that might need to communicate of the network and found this: C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\RARSFX0\4124345.EXE. Now I went to inspect what it was but I can't seem to find the folder, I unchecked hidden files and still can't find it, which brings me here.

I need to find out what this file is, and if my system is clean or still has any remaining infections.

Thanks for the help!

Edited by DoorMat, 08 January 2012 - 05:01 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 08 January 2012 - 08:42 PM

Did you run RKill before MBAM? Then it's an RKill file.

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 DoorMat

DoorMat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 08 January 2012 - 11:23 PM

Did you run RKill before MBAM? Then it's an RKill file.

Run TFC by OT (Temp File Cleaner)
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.


Hello and thanks for the reply.

I've tried using it twice now and both times it stops responding when I hit start and its "stopping processes". Am I doing anything wrong?

And yes, I did run RKill before MBAM.

Thanks.

Edited by DoorMat, 08 January 2012 - 11:24 PM.


#4 DoorMat

DoorMat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 09 January 2012 - 08:50 AM

Also, I would like to know since you answered half of my question is if there is any way you can help me check if my system is clean from any infection or any remaining infection that could of survived, just a precautionary before I start doing online transactions, thanks.

I really appreciate the help and services this website provides!

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 09 January 2012 - 10:32 AM

Hello,
If you are using Vista, right-click on the file and choose Run As Administrator.
If still no joy we'll pass it for now.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer




I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 DoorMat

DoorMat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 10 January 2012 - 02:47 AM

Hi, here are the results/logs:

Results.txt

MiniToolBox by Farbar
Ran by User Admin (administrator) on 10-01-2012 at 12:14:41
Microsoft Windows XP Home Edition Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

Hosts file not detected in the default directory
========================= IP Configuration: ================================

Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : user-fc51584e12 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : DSL2740BEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : DSL2740B Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC Physical Address. . . . . . . . . : 00-25-22-1C-52-B8 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.1.5 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DNS Servers . . . . . . . . . . . : 192.168.1.1 192.168.1.1 Lease Obtained. . . . . . . . . . : Tuesday, 10 January 2012 11:33:12 AM Lease Expires . . . . . . . . . . : Wednesday, 11 January 2012 11:33:12 AMServer: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.235.114, 74.125.235.113, 74.125.235.116, 74.125.235.112
74.125.235.115

Pinging google.com [74.125.235.114] with 32 bytes of data:Reply from 74.125.235.114: bytes=32 time=136ms TTL=47Reply from 74.125.235.114: bytes=32 time=135ms TTL=48Ping statistics for 74.125.235.114: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 135ms, Maximum = 136ms, Average = 135msServer: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56

Pinging yahoo.com [98.139.180.149] with 32 bytes of data:Reply from 98.139.180.149: bytes=32 time=275ms TTL=43Reply from 98.139.180.149: bytes=32 time=352ms TTL=43Ping statistics for 98.139.180.149: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 275ms, Maximum = 352ms, Average = 313msServer: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 25 22 1c 52 b8 ...... Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.5 192.168.1.5 20
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/05/2012 05:39:58 PM) (Source: Application Error) (User: )
Description: Faulting application avgui.exe, version 12.0.0.1887, faulting module msls31.dll, version 3.10.349.0, fault address 0x00008767.
Processing media-specific event for [avgui.exe!ws!]

Error: (01/01/2012 00:44:59 AM) (Source: Application Hang) (User: )
Description: Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/30/2011 04:21:49 PM) (Source: Application Hang) (User: )
Description: Hanging application MapleStory.exe, version 1.0.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/26/2011 08:17:58 PM) (Source: Application Hang) (User: )
Description: Hanging application hl2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/25/2011 08:41:24 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/25/2011 08:41:24 PM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (12/22/2011 10:17:33 AM) (Source: Application Hang) (User: )
Description: Hanging application MapleStory.exe, version 1.0.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (01/10/2012 11:35:17 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.

Error: (01/10/2012 11:34:58 AM) (Source: Service Control Manager) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079

Error: (01/10/2012 11:34:58 AM) (Source: Service Control Manager) (User: )
Description: The NetGroup Packet Filter Driver service failed to start due to the following error:
%%2

Error: (01/10/2012 10:45:12 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.

Error: (01/10/2012 10:44:29 AM) (Source: Service Control Manager) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079

Error: (01/10/2012 10:44:29 AM) (Source: Service Control Manager) (User: )
Description: The NetGroup Packet Filter Driver service failed to start due to the following error:
%%2

Error: (01/09/2012 11:15:00 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.

Error: (01/09/2012 11:14:31 PM) (Source: Service Control Manager) (User: )
Description: The Upload Manager service failed to start due to the following error:
%%1079

Error: (01/09/2012 11:14:31 PM) (Source: Service Control Manager) (User: )
Description: The NetGroup Packet Filter Driver service failed to start due to the following error:
%%2

Error: (01/09/2012 03:17:00 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the nvsvc service.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Aarons Cliker Version 2.89
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Ad-Aware (Version: 9.6.0)
Adobe AIR (Version: 2.7.0.19480)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Community Help (Version: 3.4.980)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Download Assistant (Version: 1.0.2)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Dreamweaver CS3 (Version: 9.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Help Viewer CS3 (Version: 1)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS5.1 (Version: 12.1)
Adobe Reader 9.4.7 (Version: 9.4.7)
Adobe Setup (Version: 1.0)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Advanced SystemCare 5 (Version: 5.0.0)
Agere Systems PCI Soft Modem
Any Video Converter 3.0.7
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
ASIO4ALL
Ask Toolbar (Version: 1.6.6.0)
Audacity 1.3.12 (Unicode)
AVG 2012 (Version: 12.0.1901)
AVG 2012 (Version: 12.0.2109)
AVG 2012 (Version: 2012.0.1901)
BitTorrent
Combat Arms
Counter-Strike
Counter-Strike: Source
Counter-Strike: Source (Version: 1.0.0.0)
Create-Ringtone 4.99.7
Drumaxx
e-tax 2010 (Version: 1.0.682)
FL Studio 9
Free YouTube Downloader 3.2.77
GoldWave v5.57
Half-Life Dedicated Server Update Tool
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
HyperCam 3 (Version: 3.0.912.18)
IL Download Manager
Interlok driver setup x32 (Version: 5.9.0)
iPod To Computer Transfer 6.1
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.6.1)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ SE Development Kit 6 Update 22 (Version: 1.6.0.220)
Killing Floor
LAME v3.98.2 for Audacity
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
MapleStory
Media Player Codec Pack 3.9.5
MediaWidget 6.0
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Native Client (Version: 10.0.1600.22)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1447.4)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Setup Support Files (English) (Version: 10.0.1600.22)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (Version: 3.5.5692.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (Version: 10.50.1447.4)
Microsoft SQL Server VSS Writer (Version: 10.0.1600.22)
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (Version: 6.1.5288.17011)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (Version: 3.5.30729)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (Version: 6.1.5295.17011)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mozilla Firefox (3.6.25) (Version: 3.6.25 (en-US))
MP3 M4R Converter v3.0 build 716
MSDN Library for Microsoft Visual Studio 2008 Express Editions (Version: 9.0.21022)
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Nero 8 (Version: 8.0.182)
Nexon Game Manager
NVIDIA Display Control Panel (Version: 6.14.11.9713)
NVIDIA Drivers (Version: 1.10.57.35)
NVIDIA nView Desktop Manager (Version: 6.14.10.00)
PDF Settings CS5 (Version: 10.0)
Pivot Stickfigure Animator (Version: 2.2.5)
PoiZone
Power MP3 Recorder Cutter, (ver 5.0) (Version: 5.0.0.0)
Project64 1.6 (Version: 1.6)
Quake III Arena
QuickTime (Version: 7.68.75.0)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.23.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5730)
resident evil 4 (Version: 1.00.0000)
Sakura
Sawer
Security Task Manager 1.8d (Version: 1.8d)
Segoe UI (Version: 14.0.4327.805)
Skype™ 4.2 (Version: 4.2.187)
Solid MP4 Video Converter 3.0.3.2
Solid YouTube Downloader and Converter 3.8
Spybot - Search & Destroy (Version: 1.6.2)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.0.1142)
Switch Sound File Converter
Tales of Pirates Online (Version: 2.00)
The Suffering (Version: 1.00.0000)
TomTom HOME 2.7.6.2056 (Version: 2.7.6.2056)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Toxic Biohazard
Virtual DJ Home - Atomix Productions
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
VLC media player 1.0.5 (Version: 1.0.5)
VST Bridge 1.1
WavePad Sound Editor
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Installer 3.1 (KB893803)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format Runtime
WinRAR archiver
Zulu DJ Software

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 1023.23 MB
Available physical RAM: 576.79 MB
Total Pagefile: 2457.36 MB
Available Pagefile: 1599.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.52 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:270.44 GB) (Free:58.63 GB) NTFS
2 Drive d: () (Fixed) (Total:195.31 GB) (Free:193.32 GB) NTFS

========================= Users: ========================================

User accounts for \\USER-FC51584E12

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 User Admin

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

TDSS Killer

12:18:15.0828 0812 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
12:18:17.0593 0812 ============================================================
12:18:17.0593 0812 Current date / time: 2012/01/10 12:18:17.0593
12:18:17.0593 0812 SystemInfo:
12:18:17.0593 0812
12:18:17.0593 0812 OS Version: 5.1.2600 ServicePack: 2.0
12:18:17.0593 0812 Product type: Workstation
12:18:17.0593 0812 ComputerName: USER-FC51584E12
12:18:17.0593 0812 UserName: User Admin
12:18:17.0593 0812 Windows directory: C:\WINDOWS
12:18:17.0593 0812 System windows directory: C:\WINDOWS
12:18:17.0593 0812 Processor architecture: Intel x86
12:18:17.0593 0812 Number of processors: 2
12:18:17.0593 0812 Page size: 0x1000
12:18:17.0593 0812 Boot type: Normal boot
12:18:17.0593 0812 ============================================================
12:18:19.0250 0812 Initialize success
12:18:22.0203 2036 ============================================================
12:18:22.0203 2036 Scan started
12:18:22.0203 2036 Mode: Manual;
12:18:22.0203 2036 ============================================================
12:18:24.0421 2036 21818611 (186b54479d98e48aee0e9ada4b3c4d31) C:\WINDOWS\system32\DRIVERS\21818611.sys
12:18:24.0484 2036 21818611 - ok
12:18:24.0515 2036 33896d36 ( Rootkit.Win32.PMax.gen ) - infected
12:18:24.0515 2036 33896d36 - detected Rootkit.Win32.PMax.gen (0)
12:18:24.0640 2036 Abiosdsk - ok
12:18:24.0734 2036 abp480n5 - ok
12:18:24.0812 2036 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:18:24.0812 2036 ACPI - ok
12:18:24.0828 2036 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:18:24.0875 2036 ACPIEC - ok
12:18:24.0875 2036 adpu160m - ok
12:18:24.0890 2036 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
12:18:24.0906 2036 aec - ok
12:18:24.0937 2036 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
12:18:24.0937 2036 AFD - ok
12:18:25.0000 2036 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:18:25.0046 2036 AgereSoftModem - ok
12:18:25.0046 2036 Aha154x - ok
12:18:25.0062 2036 aic78u2 - ok
12:18:25.0062 2036 aic78xx - ok
12:18:25.0078 2036 AliIde - ok
12:18:25.0078 2036 amsint - ok
12:18:25.0093 2036 asc - ok
12:18:25.0109 2036 asc3350p - ok
12:18:25.0109 2036 asc3550 - ok
12:18:25.0171 2036 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:18:25.0171 2036 AsyncMac - ok
12:18:25.0187 2036 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:18:25.0203 2036 atapi - ok
12:18:25.0203 2036 Atdisk - ok
12:18:25.0218 2036 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:18:25.0218 2036 Atmarpc - ok
12:18:25.0250 2036 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:18:25.0250 2036 audstub - ok
12:18:25.0265 2036 Avgfwdx (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
12:18:25.0265 2036 Avgfwdx - ok
12:18:25.0265 2036 Avgfwfd (841b0a982065bffc7d7e84009f2fa76f) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
12:18:25.0265 2036 Avgfwfd - ok
12:18:25.0312 2036 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
12:18:25.0312 2036 AVGIDSDriver - ok
12:18:25.0328 2036 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
12:18:25.0328 2036 AVGIDSEH - ok
12:18:25.0359 2036 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
12:18:25.0359 2036 AVGIDSFilter - ok
12:18:25.0375 2036 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
12:18:25.0375 2036 AVGIDSShim - ok
12:18:25.0421 2036 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
12:18:25.0421 2036 Avgldx86 - ok
12:18:25.0421 2036 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
12:18:25.0421 2036 Avgmfx86 - ok
12:18:25.0437 2036 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
12:18:25.0437 2036 Avgrkx86 - ok
12:18:25.0453 2036 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
12:18:25.0453 2036 Avgtdix - ok
12:18:25.0468 2036 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:18:25.0468 2036 Beep - ok
12:18:25.0500 2036 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:18:25.0546 2036 cbidf2k - ok
12:18:25.0562 2036 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:18:25.0562 2036 CCDECODE - ok
12:18:25.0562 2036 cd20xrnt - ok
12:18:25.0593 2036 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:18:25.0640 2036 Cdaudio - ok
12:18:25.0656 2036 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
12:18:25.0656 2036 Cdfs - ok
12:18:25.0671 2036 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:18:25.0687 2036 Cdrom - ok
12:18:25.0687 2036 Changer - ok
12:18:25.0703 2036 CmdIde - ok
12:18:25.0734 2036 Cpqarray - ok
12:18:25.0750 2036 dac2w2k - ok
12:18:25.0750 2036 dac960nt - ok
12:18:25.0765 2036 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
12:18:25.0781 2036 Disk - ok
12:18:25.0828 2036 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
12:18:25.0843 2036 dmboot - ok
12:18:25.0859 2036 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
12:18:25.0859 2036 dmio - ok
12:18:25.0875 2036 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:18:25.0875 2036 dmload - ok
12:18:25.0890 2036 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
12:18:25.0921 2036 DMusic - ok
12:18:25.0921 2036 dpti2o - ok
12:18:25.0953 2036 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
12:18:25.0953 2036 drmkaud - ok
12:18:25.0968 2036 EagleNT - ok
12:18:25.0984 2036 EagleXNt - ok
12:18:26.0000 2036 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
12:18:26.0000 2036 Fastfat - ok
12:18:26.0031 2036 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
12:18:26.0046 2036 Fdc - ok
12:18:26.0078 2036 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
12:18:26.0078 2036 Fips - ok
12:18:26.0093 2036 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:18:26.0109 2036 Flpydisk - ok
12:18:26.0125 2036 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:18:26.0125 2036 FltMgr - ok
12:18:26.0171 2036 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:18:26.0171 2036 Fs_Rec - ok
12:18:26.0203 2036 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:18:26.0203 2036 Ftdisk - ok
12:18:26.0234 2036 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:18:26.0234 2036 GEARAspiWDM - ok
12:18:26.0250 2036 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:18:26.0250 2036 Gpc - ok
12:18:26.0265 2036 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:18:26.0281 2036 HDAudBus - ok
12:18:26.0296 2036 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:18:26.0296 2036 HidUsb - ok
12:18:26.0312 2036 hpn - ok
12:18:26.0328 2036 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
12:18:26.0328 2036 HTTP - ok
12:18:26.0343 2036 i2omgmt - ok
12:18:26.0343 2036 i2omp - ok
12:18:26.0375 2036 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:18:26.0375 2036 i8042prt - ok
12:18:26.0406 2036 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:18:26.0406 2036 Imapi - ok
12:18:26.0406 2036 ini910u - ok
12:18:26.0531 2036 IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:18:26.0593 2036 IntcAzAudAddService - ok
12:18:26.0609 2036 IntelIde - ok
12:18:26.0625 2036 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:18:26.0625 2036 intelppm - ok
12:18:26.0640 2036 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
12:18:26.0640 2036 Ip6Fw - ok
12:18:26.0671 2036 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:18:26.0671 2036 IpFilterDriver - ok
12:18:26.0703 2036 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:18:26.0703 2036 IpInIp - ok
12:18:26.0718 2036 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:18:26.0718 2036 IpNat - ok
12:18:26.0734 2036 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:18:26.0734 2036 IPSec - ok
12:18:26.0750 2036 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:18:26.0765 2036 IRENUM - ok
12:18:26.0765 2036 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:18:26.0781 2036 isapnp - ok
12:18:26.0828 2036 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:18:26.0828 2036 Kbdclass - ok
12:18:26.0859 2036 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:18:26.0859 2036 kbdhid - ok
12:18:26.0875 2036 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
12:18:26.0875 2036 kmixer - ok
12:18:26.0890 2036 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
12:18:26.0890 2036 KSecDD - ok
12:18:26.0984 2036 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
12:18:26.0984 2036 Lavasoft Kernexplorer - ok
12:18:27.0000 2036 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
12:18:27.0000 2036 Lbd - ok
12:18:27.0015 2036 lbrtfdc - ok
12:18:27.0046 2036 ManyCam (c6d085c7045200143528136a43a65fde) C:\WINDOWS\system32\DRIVERS\ManyCam.sys
12:18:27.0046 2036 ManyCam - ok
12:18:27.0062 2036 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
12:18:27.0062 2036 MBAMProtector - ok
12:18:27.0093 2036 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:18:27.0093 2036 mnmdd - ok
12:18:27.0125 2036 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
12:18:27.0125 2036 Modem - ok
12:18:27.0140 2036 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:18:27.0140 2036 Mouclass - ok
12:18:27.0187 2036 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:18:27.0187 2036 mouhid - ok
12:18:27.0218 2036 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
12:18:27.0218 2036 MountMgr - ok
12:18:27.0218 2036 mraid35x - ok
12:18:27.0250 2036 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:18:27.0250 2036 MRxDAV - ok
12:18:27.0265 2036 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:18:27.0281 2036 MRxSmb - ok
12:18:27.0281 2036 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
12:18:27.0281 2036 Msfs - ok
12:18:27.0296 2036 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:18:27.0312 2036 MSKSSRV - ok
12:18:27.0328 2036 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
12:18:27.0328 2036 msloop - ok
12:18:27.0359 2036 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:18:27.0359 2036 MSPCLOCK - ok
12:18:27.0359 2036 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
12:18:27.0375 2036 MSPQM - ok
12:18:27.0390 2036 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:18:27.0390 2036 mssmbios - ok
12:18:27.0421 2036 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
12:18:27.0421 2036 MSTEE - ok
12:18:27.0421 2036 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
12:18:27.0421 2036 Mup - ok
12:18:27.0453 2036 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:18:27.0453 2036 NABTSFEC - ok
12:18:27.0468 2036 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
12:18:27.0468 2036 NDIS - ok
12:18:27.0484 2036 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:18:27.0484 2036 NdisIP - ok
12:18:27.0515 2036 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:18:27.0515 2036 NdisTapi - ok
12:18:27.0531 2036 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:18:27.0531 2036 Ndisuio - ok
12:18:27.0546 2036 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:18:27.0546 2036 NdisWan - ok
12:18:27.0562 2036 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
12:18:27.0562 2036 NDProxy - ok
12:18:27.0593 2036 Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
12:18:27.0593 2036 Netaapl - ok
12:18:27.0609 2036 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:18:27.0609 2036 NetBIOS - ok
12:18:27.0625 2036 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:18:27.0625 2036 NetBT - ok
12:18:27.0671 2036 NPF - ok
12:18:27.0671 2036 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
12:18:27.0687 2036 Npfs - ok
12:18:27.0687 2036 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
12:18:27.0703 2036 Ntfs - ok
12:18:27.0734 2036 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:18:27.0734 2036 Null - ok
12:18:27.0921 2036 nv (cd9ed87b4fc6ec41d3b5be0b923843fc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:18:28.0093 2036 nv - ok
12:18:28.0109 2036 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:18:28.0109 2036 NwlnkFlt - ok
12:18:28.0125 2036 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:18:28.0125 2036 NwlnkFwd - ok
12:18:28.0140 2036 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
12:18:28.0140 2036 Parport - ok
12:18:28.0156 2036 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
12:18:28.0156 2036 PartMgr - ok
12:18:28.0187 2036 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:18:28.0265 2036 ParVdm - ok
12:18:28.0281 2036 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
12:18:28.0281 2036 PCI - ok
12:18:28.0296 2036 PCIDump - ok
12:18:28.0296 2036 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:18:28.0296 2036 PCIIde - ok
12:18:28.0328 2036 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:18:28.0375 2036 Pcmcia - ok
12:18:28.0375 2036 PDCOMP - ok
12:18:28.0390 2036 PDFRAME - ok
12:18:28.0390 2036 PDRELI - ok
12:18:28.0390 2036 PDRFRAME - ok
12:18:28.0406 2036 perc2 - ok
12:18:28.0406 2036 perc2hib - ok
12:18:28.0468 2036 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:18:28.0468 2036 PptpMiniport - ok
12:18:28.0500 2036 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
12:18:28.0500 2036 PSched - ok
12:18:28.0531 2036 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:18:28.0546 2036 Ptilink - ok
12:18:28.0546 2036 ql1080 - ok
12:18:28.0546 2036 Ql10wnt - ok
12:18:28.0562 2036 ql12160 - ok
12:18:28.0562 2036 ql1240 - ok
12:18:28.0578 2036 ql1280 - ok
12:18:28.0593 2036 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:18:28.0593 2036 RasAcd - ok
12:18:28.0609 2036 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:18:28.0609 2036 Rasl2tp - ok
12:18:28.0625 2036 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:18:28.0625 2036 RasPppoe - ok
12:18:28.0640 2036 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:18:28.0640 2036 Raspti - ok
12:18:28.0656 2036 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:18:28.0656 2036 Rdbss - ok
12:18:28.0671 2036 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:18:28.0671 2036 RDPCDD - ok
12:18:28.0703 2036 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
12:18:28.0703 2036 RDPWD - ok
12:18:28.0734 2036 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:18:28.0734 2036 redbook - ok
12:18:28.0781 2036 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
12:18:28.0781 2036 RsFx0102 - ok
12:18:28.0828 2036 RTLE8023xp (6e7470477d08f6e47e91016d6a1c5a5f) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
12:18:28.0828 2036 RTLE8023xp - ok
12:18:28.0906 2036 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:18:28.0906 2036 SASDIFSV - ok
12:18:28.0921 2036 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:18:28.0921 2036 SASKUTIL - ok
12:18:28.0937 2036 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:18:28.0953 2036 Secdrv - ok
12:18:28.0968 2036 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
12:18:28.0968 2036 serenum - ok
12:18:28.0984 2036 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
12:18:28.0984 2036 Serial - ok
12:18:29.0031 2036 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:18:29.0062 2036 Sfloppy - ok
12:18:29.0078 2036 Simbad - ok
12:18:29.0109 2036 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:18:29.0109 2036 SLIP - ok
12:18:29.0109 2036 Sparrow - ok
12:18:29.0140 2036 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
12:18:29.0140 2036 splitter - ok
12:18:29.0156 2036 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
12:18:29.0156 2036 sr - ok
12:18:29.0187 2036 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
12:18:29.0187 2036 Srv - ok
12:18:29.0218 2036 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:18:29.0218 2036 streamip - ok
12:18:29.0250 2036 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:18:29.0250 2036 swenum - ok
12:18:29.0265 2036 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
12:18:29.0265 2036 swmidi - ok
12:18:29.0281 2036 symc810 - ok
12:18:29.0281 2036 symc8xx - ok
12:18:29.0296 2036 sym_hi - ok
12:18:29.0296 2036 sym_u3 - ok
12:18:29.0328 2036 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
12:18:29.0359 2036 sysaudio - ok
12:18:29.0390 2036 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
12:18:29.0390 2036 taphss - ok
12:18:29.0421 2036 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:18:29.0437 2036 Tcpip - ok
12:18:29.0453 2036 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:18:29.0484 2036 TDPIPE - ok
12:18:29.0500 2036 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
12:18:29.0515 2036 TDTCP - ok
12:18:29.0546 2036 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:18:29.0562 2036 TermDD - ok
12:18:29.0578 2036 TosIde - ok
12:18:29.0593 2036 TPkd (6d0bbed2f17d940b6b4e0bde08175c87) C:\WINDOWS\system32\drivers\TPkd.sys
12:18:29.0609 2036 TPkd - ok
12:18:29.0656 2036 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
12:18:29.0687 2036 Udfs - ok
12:18:29.0687 2036 ultra - ok
12:18:29.0718 2036 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
12:18:29.0718 2036 Update - ok
12:18:29.0750 2036 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
12:18:29.0750 2036 USBAAPL - ok
12:18:29.0781 2036 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
12:18:29.0796 2036 usbaudio - ok
12:18:29.0828 2036 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:18:29.0828 2036 usbccgp - ok
12:18:29.0843 2036 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:18:29.0843 2036 usbehci - ok
12:18:29.0859 2036 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:18:29.0859 2036 usbhub - ok
12:18:29.0875 2036 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:18:29.0890 2036 usbscan - ok
12:18:29.0890 2036 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:18:29.0890 2036 usbstor - ok
12:18:29.0906 2036 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
12:18:29.0906 2036 usbuhci - ok
12:18:29.0921 2036 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
12:18:29.0937 2036 usbvideo - ok
12:18:29.0968 2036 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\WINDOWS\system32\DRIVERS\vcsvad.sys
12:18:29.0968 2036 VCSVADHWSer - ok
12:18:30.0015 2036 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
12:18:30.0015 2036 VgaSave - ok
12:18:30.0015 2036 ViaIde - ok
12:18:30.0031 2036 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
12:18:30.0031 2036 VolSnap - ok
12:18:30.0062 2036 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:18:30.0062 2036 Wanarp - ok
12:18:30.0109 2036 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
12:18:30.0109 2036 Wdf01000 - ok
12:18:30.0109 2036 WDICA - ok
12:18:30.0140 2036 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
12:18:30.0140 2036 wdmaud - ok
12:18:30.0187 2036 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
12:18:30.0187 2036 WpdUsb - ok
12:18:30.0203 2036 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
12:18:30.0203 2036 WS2IFSL - ok
12:18:30.0218 2036 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:18:30.0234 2036 WSTCODEC - ok
12:18:30.0250 2036 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
12:18:30.0390 2036 \Device\Harddisk0\DR0 - ok
12:18:30.0406 2036 Boot (0x1200) (aafdad13c44511b668a012499c29048f) \Device\Harddisk0\DR0\Partition0
12:18:30.0406 2036 \Device\Harddisk0\DR0\Partition0 - ok
12:18:30.0437 2036 Boot (0x1200) (a1c38b03f93c0867a585d6f6592adab9) \Device\Harddisk0\DR0\Partition1
12:18:30.0437 2036 \Device\Harddisk0\DR0\Partition1 - ok
12:18:30.0437 2036 ============================================================
12:18:30.0437 2036 Scan finished
12:18:30.0437 2036 ============================================================
12:18:30.0453 3100 Detected object count: 1
12:18:30.0453 3100 Actual detected object count: 1
12:19:59.0968 3100 HKLM\SYSTEM\ControlSet001\services\33896d36 - will be deleted on reboot
12:19:59.0984 3100 HKLM\SYSTEM\ControlSet002\services\33896d36 - will be deleted on reboot
12:19:59.0984 3100 C:\WINDOWS\913148211:3430322889.exe - will be deleted on reboot
12:19:59.0984 3100 33896d36 ( Rootkit.Win32.PMax.gen ) - User select action: Delete
12:20:10.0312 5396 Deinitialize success

ESET Log

C:\Documents and Settings\User Admin\My Documents\YouTubeDownloaderSetup265.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined
C:\Documents and Settings\User Admin\My Documents\Downloads\avc-free.exe Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\User Admin\My Documents\Downloads\cnet_DM-244_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\User Admin\My Documents\Downloads\flstudio_9.1_online.exe Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\User Admin\My Documents\Downloads\FreeYouTubeDownloaderSetup.exe multiple threats deleted - quarantined
C:\Documents and Settings\User Admin\My Documents\Downloads\media.player.codec.pack.v3.9.5.setup.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\Documents and Settings\User Admin\My Documents\Downloads\OrbitSetup4.0.4.exe Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\User Admin\My Documents\Downloads\SoftonicDownloader70101.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined

So TDSSKiller found a rootkit? I'm not that computer savvy haha what is this? It's weird because I scanned with my AVG Anti-Rootkit last week and it found nothing, unless it was recently installed on my system? And I searched up the symptoms and I didn't/wasn't experiencing any of them.

I'd also like to note that the symptoms for this particular virus was exactly what I was getting when I had Open Cloud AV virus, as stated at the start of the thread, though when and since I removed it I haven't experiened any symptoms that this virus does (like redirects or AV shutting down)

So how is my system looking? Is my personal information/data safe? Thanks.

Edited by DoorMat, 10 January 2012 - 04:53 AM.


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 10 January 2012 - 10:24 AM

The reality of a Rootkit is they Steal info..

b]Rootkits[/b], backdoor Trojans, Botnets, and IRC Bots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do


Although the infection has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if the malware appears to have been removed. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired so you can never be sure that you have completely removed a rootkit. The malware may leave so many remnants behind that security tools cannot find them. Tools that claim to be able to remove rootkits cannot guarantee that all traces of it will be removed. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

When should I re-format? How should I reinstall?
Help: I Got Hacked. Now What Do I Do?
Where to draw the line? When to recommend a format and reinstall?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 DoorMat

DoorMat
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:44 PM

Posted 10 January 2012 - 08:16 PM

Hi, I'm going to reinstall my OS I just have a question. Can I put some files/documents that I need/want on another hard drive and transfer them back on the new windows? Thanks.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:44 PM

Posted 10 January 2012 - 09:18 PM

Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech
Windows XP: Clean Install

Of course also feel free to ask anything on this in the XP forum. They'd be glad to help.

==============================

2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Also, .html or .htm files that are webpages should also be avoided.

Download Belarc Advisor - builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes, and displays the results in your Web browser.
Run it and then print out the results, they may be handy.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users