Should I reformat? 27 replies

Please wait...

CyberRaptor

Jinxed

50 XP

5th August 2004

0 Uploads

2,593 Posts

0 Threads

#1 11 years ago

I was infected with a virus recently, which seems to have been successfully removed. Nonetheless, I've been having connection problems lately, and my registry, for unrelated reasons, is a disorganized mess. There's nothing seriously wrong at the moment, but things are so cluttered I think it would be nice to have a fresh install of XP. What say you, Mr. American Ambassador? Is it worth the trouble?




puffdadder

the really annoying Catholic

50 XP

12th May 2007

0 Uploads

3,121 Posts

0 Threads

#2 11 years ago

re format now! before it screws up everything.




>Omen<

Modern Warfare

50 XP

1st January 2005

0 Uploads

7,395 Posts

0 Threads

#3 11 years ago

What does the System Idle Processes show in the Processes tab of Task Manager when no programs are running? It should be idling at around 98-99% with Task Manager open and nothing else running. There are other tools that can search your PC for residual clutter that may have been left behind by that virus. I recommend the following: Ad-Aware Avast (if you don't have a retail AV) A-squared CCleaner (the Registry tab can search for unused registry keys) HijackThis Sophos Spybot Sygate (if you don't have a retail firewall) Windows Defender (if you use IE) You, or someone here, could find out a lot just by running a quick HijackThis scan and posting your scanlog. Once you learn more about how to deal with such problems, the more you'll find that formatting should be more of a last resort, rather than a knee jerk reaction.




CyberRaptor

Jinxed

50 XP

5th August 2004

0 Uploads

2,593 Posts

0 Threads

#4 11 years ago

I use: Ad-Aware Avast CCleaner (the Registry tab can search for unused registry keys) Spybot Spywareblaster Sunbelt Kerio Firewall

The System Idle process appears to be at the normal 98-99% range you describe.

Hijackthis log below

Spoiler: Show

Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 2:01:11 AM, on 10/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal

Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Venom\Desktop\Hijackthis\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188365400203 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP2\RpcSandraSrv.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

-- End of file - 5405 bytes




>Omen<

Modern Warfare

50 XP

1st January 2005

0 Uploads

7,395 Posts

0 Threads

#5 11 years ago

Absolutely nothing to worry about in that log. It's all green checkmarks and saftey shields. See for yourself by pasting it here: HijackThis Logfileauswertung I do advise some sort of dedicated anti-rootkit tool though.




puffdadder

the really annoying Catholic

50 XP

12th May 2007

0 Uploads

3,121 Posts

0 Threads

#6 11 years ago

re format.




>Omen<

Modern Warfare

50 XP

1st January 2005

0 Uploads

7,395 Posts

0 Threads

#7 11 years ago

Forgot to mention, there are other things to worry about than malware when it comes to Windows operating properly. Your OS could be corrupted, which wouldn't show as malware. There are ways to try and reinstall missing Windows components using Disc Management Error Checking, the sfc /scannow command in Start\Run (w/ OS disc), Recovery Console, System Restore or just reinstalling Windows itself, but often those methods don't work. Sometimes the best thing to do in the case of OS corruption in Windows if you think that's the case is format. It's the only way to be sure the OS is installed and working properly. Many say Windows is such that a format should be done once or twice a year anyway. It truly is a bloatware OS. (EDITED) I edited this post to spell check and the spell checker actually recognizes bloatware as a word after I misspelled it boatware. LOL




Jeff Über Admin

I am a mean boss ⬆️⬆️⬇️⬇️⬅️➡️⬅️➡️🅱🅰

184,632 XP

6th April 2000

0 Uploads

14,591 Posts

1,534 Threads

#8 11 years ago

you don't need to reformat. Just back up everything in your my documents folder (and the other my folders like my music, my pictures, etc..) that you wish to keep and reinstall windows. It'll delete those directories and the windows directory and completely wipe your registry.

No format is necessary.


Product Manager | GameFront.com




arcadeplayer987

Revenge was here.

50 XP

25th April 2007

0 Uploads

1,819 Posts

0 Threads

#9 11 years ago

reformat is the best way




*The.Doctor

Trust me, I'm a Doctor

102,440 XP

25th November 2003

0 Uploads

9,964 Posts

0 Threads

#10 11 years ago

In this case, a repair install sounds best.