Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Backing up and restoring program data/files/etc.

  • Please log in to reply
1 reply to this topic

#1 droseofc


  • Members
  • 1 posts
  • Local time:12:52 AM

Posted 08 March 2017 - 10:45 PM

            Is there a way to back up the program files and program files (86) and program data to restore it after a fresh install of windows? Basically, I have one M.2 SSD BPX 240GB that I use as my C: drive, for the windows installation and the automated files that direct to the C: drive, such as program files/data/etc. I have a 1TB SSD that is my D: drive, which I install games and programs to via custom installation option and directing it to the D: drive. So, all the programs and games are on my D: drive and windows and the program files are on my C: drive. I want to reinstall windows on the C: drive, as I came across dclog files pointing to a dark comet rat infection. Got a little nuts trying to get rid of it, deleted rundll32 and other things, registry deletes who knows, but things are complicated now.


          I have done a dism with a windows installation and tried sfc and chkdsk. Came to the conclusion, a reinstall is the best option here, but I do not want to have to reinstall all the games and programs on the D: drive just so the files and data work their way into the C: drive. Is there a way to do this? Basically, I want to format my M.2 C: drive, install Windows, once rebooted be able to play the games and use programs from the D: drive. If this means backing up program files and (86) and program data and restoring that is fine. If it requires backing up registry and restoring it, fine too but the objective is to remove this dark comet thing, and I have removed too much in the process, not sure if it is gone but I do not want to restore it with the program files/86/ or registry if needed. Cripes. Also, on Windows 10 Education and the upgrade tool from windows.com is not compatible. I do have the windows 10 education disc if there’s a way similar to upgrading through windows itself so the ability of keeping apps and files is still a choice please tell. I also have windows pe/nt or whatever to boot into via bootable usb, among other various bootable options kapersky, eset, ultimatebootcd, the one that starts with a H. herons? anyways, i have the tools, just need those brains. 

BC AdBot (Login to Remove)


#2 dc3


    Bleeping Treehugger

  • Members
  • 30,754 posts
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:10:52 PM

Posted 09 March 2017 - 09:03 AM

I would suggest running some scan and see if we can clean the malware out of this computer.  DarkComet RAT remover is a tool used to remove backdoor infections.  Please post the log from the scan you ran with this tool.
Please run the following scans in the order they are requested and post their logs in your topic in the same order.  Do not wrap the logs in code, do not use a host website to post the logs.
Please download and run RKill

RKill attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections.  RKill will not remove malware, the scans you run after setting up RKill will find and remove those infections.

These settings will remain until the computer is rebooted, for this reason you must run your security applications before the computer is rebooted.  

Please download RKill from the Bleeping Computer option and install it.
Attention:  While running RKill you may see a message stating that the program could not be run because it is a virus or is infected.  This is the malware trying to protect itself.  Two methods that you can try to get past this and allow RKill to run are:

1)  Rename Rkill so that it has a .com extension.

2)  Download a version that is already renamed as files that are commonly white-listed by malware. The main Rkill download page contains individual links to renamed versions.  

When RKill is run it will display a console screen similar to the one below:


When RKill has finished running a log will be displayed showing all of the processes that were terminated by RKill.

AttentionAt this time you need to run your security applications listed below.  Do not restart the computer until all of the requested scans have been run and the logs posted in your topic.

After the security scan have been run successfully you should reboot the computer to restore the processes and Windows Registry entries.
Please run TDSSKiller.
Please download TDSSKiller from here and save it to your Desktop.

The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
3.  Click Start Scan and allow the scan process to run.
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
***Do NOT select Delete!

Click on Continue.
5.  Click on Reboot computer.
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.

Note:  The log may be very long.  You may need to break it into parts to post the whole log.

Post this in your topic.
Please run Malwarebytes AntiMalware

Please download Malwarebytes Anti-Malware 2.2.

1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2)  Malwarebytes will automatically open.  You will see an image like the one below, click on Update Now.  


3)  Click on Settings, you will see a image like the one below.


When Settings opens click on Detection and Protection, then under Non-Malware Protection, click on the down arrow for PUP (Potentially Unwanted Programs) detections and select Treat detections as malware.  Under Detection Options place a check in the box for Scan for rootkits

4)  Click on Scan (next to Settings), then click on Scan Now.  The scan will automatically run now.

5)  When the scan is complete the results will be displayed.  Click on Delete All.


6)  Please post the Malwarebytes log.

To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
To open the log double click on mbam-check.exe on your desktop.  Copy and paste the entire log in your topic.

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run
till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need
to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats.  (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 09 March 2017 - 09:08 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users