re-mbam scan

aliEnRIK

joe134 wrote: »

Thanks David, bare with me.do I,ve signed up, pasted it, but ain't got a clue from then on?
Never used Pastebin before, how do I get the link etc?
it's me being thick:rotfl:

just copy and paste the url of the page youve uploaded to

for example :
https://pastebin.com/qzNhTxZp

joe134

aliEnRIK wrote: »

just copy and paste the url of the page youve uploaded to

for example :
https://pastebin.com/qzNhTxZp[/url

][/QUOTE here tis
https://pastebin.com/EDGiz783;

sorry EnRIK, told you I AM thick:-).

aliEnRIK

https://pastebin.com/EDGiz783

DavidP24

With regard to the time taken etc, you have the compare the time taken to rebuild which means backing up your data, your bookmarks and making a note of all the apps you have to reinistall etc etc.

I build my systems on the basis that they are going to fail at some point, so I partition the disk on day 1 to allow prompt recovery as follows:

P1 - Primary Boot Win
P2 - Primary Boot Win Backup
P3 - Primary Boot (for eval Win10 or Linux etc
P4 - Logical Data vol
P5 - Page vol

P2 is hidden to prevent it being hacked

Below is a system that is in the middle of being migrated to Win10, so P1 has been upgraded, P2 is still active, when migration is complete Win10 will be cloned to P2.

I may have other partitions for other purposes. but this is to help you visualise what I am describing:



If Windows is hacked but I need to work immediately on a project I hide P1, unhide P2 and reboot. I am immediately productive and can scan other volumes for malware in background while I work or when it suits me.

Later I can unhide P1, do scans or whatever, if I do not feel confident in the build I may choose to backup the profile and nuke it (cloning P2 to P1) or I may cleanse it and go back to it, hiding P2.

It should be noted that I never use an Admin account except for Admin tasks so Malware only has access to the profile folder of the lowly standard user. If something asks me for the Admin password and I was not expecting it then that would warn me and of course I would not grant access.

This method has worked so well for me, coupled with some common sense about what I download or click on, I do not need an AV program running on most of my systems, suffice to say they run faster. Of course I have MBAM and other tools and periodically run scans as well as on individual files. To be honest I am not that confident in any one AV program at catching something in time, so I use virustotal on suspect files.

When friends and family bring me their systems slowed down with PUP's or corrupted with Malware I configure their systems in this way and they cease getting infected thereafter. I do not disable AV for them, I install the free AV software and configure it wisely, I add MBAM as a separate scanner.

The biggest cause of infection is that people use an Admin account, it take 2 mins to create an admiin account, log into it and demote the main account to standard user.

I explained about partitioning in Post 38

https://forums.moneysavingexpert.com/discussion/5634845

If you had a rootkit and I am NOT convinced you do, then it would be located outside of windows so reinstalling WIndows to the same partition may not solve it, you would need to do a low level format with hard disk tools you get on Hiren disk or similar. You would have to backup all your data to an external drive including your profile and bookmarks (making sure you do not take any malware with it).

If you at minimum resize your win partition, create a 2nd boot partition for windows, and a data partition, you can move your data and clone your current Win build to P2,

If problems persist you can hide your current win partition and install fresh to P2, that way if you lose or miss anything it is there on the disk, only when you are confident you have everything you can nuke it and clone new build, then hide it and boot from other.

It may turn out that you have some bad sectors on your drive and that your errors are simply that, if there are such errors they may be highlighted when you clone your drive.

It IS time consuming, which is why I build my systems like this so I do it when it is convenient for me, I have designed corporate builds this way too, it allows the IT staff to get a user up and running quickly over the phone and to examine the PC later.

I suggest you partition your disk as described above, it will make backing up data easier in future and you can clone the current Win partition, then roll back to something more stable. I would also suggest you test the integrity of your hard disk, start with a surface test in the partition tool.

aliEnRIK

Right.

I cant see anything untoward as such.
Personally I would uninstall Secunia and Rapport (Your call, neither are needed)
Then I would download ccleaner (if you dont already have it)
http://filehippo.com/download_ccleaner/download/fee36f72c4c7acfbcb5f82ad370f1333/
open it. Goto TOOLS and STARTUP. then bottom right click SAVE TO TEXT FILE.
Post that text file (Or pastebin if more issues with posting logs - again, I dont know how this forum operates anymore)

aliEnRIK

joe134 wrote: »

aliEnRIK wrote: »

just copy and paste the url of the page youve uploaded to

for example :
https://pastebin.com/qzNhTxZp[/url

][/QUOTE here tis
https://pastebin.com/EDGiz783;

sorry EnRIK, told you I AM thick:-).

No worries - I got it sorted
Youre not thick. Many people struggle with computers which is why these forums exist

joe134

aliEnRIK wrote: »

Right.

I cant see anything untoward as such.
Personally I would uninstall Secunia and Rapport (Your call, neither are needed)
Then I would download ccleaner (if you dont already have it)
http://filehippo.com/download_ccleaner/download/fee36f72c4c7acfbcb5f82ad370f1333/
open it. Goto TOOLS and STARTUP. then bottom right click SAVE TO TEXT FILE.
Post that text file (Or pastebin if more issues with posting logs - again, I dont know how this forum operates anymore)

Thanks EnRIK,appreciate what you have done:beer:

Got CCleaner, use it regularly, both, clean and and Registry, but save Reg backup.

aliEnRIK

joe134 wrote: »

Thanks EnRIK,appreciate what you have done:beer:

Got CCleaner, use it regularly, both, clean and and Registry, but save Reg backup.

I suspect secunia and Rapport are creating problems.
When I referred to ccleaner I wasnt talking about 'cleaning', I was using it as a tool to show us what items start up on your computer when you boot it up.
I dont believe theres a rootkit issue, I believe theres conflicting programs

debitcardmayhem

aliEnRIK wrote: »

Right.

I cant see anything untoward as such.
Personally I would uninstall Secunia and Rapport (Your call, neither are needed)
Then I would download ccleaner (if you dont already have it)
http://filehippo.com/download_ccleaner/download/fee36f72c4c7acfbcb5f82ad370f1333/
open it. Goto TOOLS and STARTUP. then bottom right click SAVE TO TEXT FILE.
Post that text file (Or pastebin if more issues with posting logs - again, I dont know how this forum operates anymore)

morning Rik, dysfunctional at best :rotfl:
There has been a long standing problem with posting HJT logs, especially bits that contain C:\Windows\System32\ in them, and someting else but my brain doesn't always work.
Nice to hear your dulcet tones again(virtually of course)

joe134

aliEnRIK wrote: »

I suspect secunia and Rapport are creating problems.
When I referred to ccleaner I wasnt talking about 'cleaning', I was using it as a tool to show us what items start up on your computer when you boot it up.
I dont believe theres a rootkit issue, I believe theres conflicting programs

https://pastebin.com/bXYeTgsj
You could be right, just always had them for years, no probs, but, as I only use this pc for surfing and reading paper, might as well remove them as you say.
Rapport often claims keylogger, and screen capture has been blocked, nearly every week.
I know lots don't like it, I used to bank on here, that's why I put it on.
So they cannot claim anything was my fault.

had to go via pastebin again.
I remember MSE being hacked a while ago, but, security is beefed up a tad high.