1. simrick said:
In the LastPass login, select remember email only, and not remember password. Plug in your LastPass master password whenever you need to use LastPass. LastPass remembers all your other passwords, so you only have to remember the master password.
LOL. Ok yeah, I had it setup like that. Sorry Simrick. Brain fart. Still gotta try getting this dual boot setup but I will get to that in the next few days or by the weekend for sure. Also I'll start the setup of the personalized browser protection. I'll keep you posted.
My System Specs

2. Does this setup look right for OpenDNS on my router? I kinda muddled through. It seems different that Its supposed to be but when I run the test on OpenDNS it works. What do you think;

My System Specs

3. LAPS said:
Does this setup look right for OpenDNS on my router? I kinda muddled through. It seems different that Its supposed to be but when I run the test on OpenDNS it works. What do you think;

Yes, that looks correct to me.
My System Specs

4. Hi. Just FYI: CryptoPrevent Free has v8 out of BETA now. You'll need to update manually here:
Upgrading CryptoPrevent v7.x to v8.x Manually Foolish IT
.
My System Specs

5. simrick said:
Hi. Just FYI: CryptoPrevent Free has v8 out of BETA now. You'll need to update manually here:
Upgrading CryptoPrevent v7.x to v8.x Manually Foolish IT
.
Awesome. Thanks Simrick. Sorry I've been missing lately. I just haven't been motivated to do much lately as things seem to be working alot better but I still want to do it, at least a few of those things. Maybe this weekend I'll get around to it. Have a good one!
My System Specs

6. I finally got around to trying to setup the dual boot system tonight. Epic fail. Its caused issues with booting up the main HD I was using since the do-over. For some reason no matter how I setup my BIOS it sees to only want to boot up my INTEL SSD, and not the new Kingston SSD I just bought. Now something wrong with the boot info on the Kingston drive and I need to repair it. But before I got back into that I wanted to setup a few things with the INTEL.

I had initally formatted this drive, installed all the protection on it then disconnected this drive and did the same thing on the new Kingston SSD installing the new Windows and whatnot. It's been working great until tonight. I like having the admin account and then monitoring what the kids are up to. But it seems my oldest really love those viruses. He loves minecraft and is constantly trying to get different mods etc. But like you said there can be alot of issues there. Yesterday I got a warning from WinPatrol that it was trying to change my Search engine to yahoo which struck me as odd. I immediately ran the scans and it was infested. Over 350 different discoveries (420+ if you count between MBAM and SAS). I did the same think on his user account today and found the same thing. Somehow they all came back.. Maybe he ran the software again I'm not entirely sure. But anyways I cleaned it up. I had run an avast Quick scan but not the full scan yet. and that was clean.

MOVING ON.
Then tonight came along and I tried to install all the drives. Problems problems everwhere, but I just started working o the intel drive. It was really wierd, but I got that same alert about 10 minutes in that it was trying to change my search engine to Yahoo.. Super wierd. I haven't even had this drive connected until tonight, and all the problems I've had booting that other drive I have no idea how this would get infected but I started running scans.

AVAST FULL SCAN -- Why all the locked up files?
Code:
* Avast Scan Report
* This file is generated automatically
*
* Scan name: Full system scan
* Started on: Sunday, November 6, 2016 10:40:13 PM
* VPS: 161106-0, 2016-11-06
*

C:\Windows\System32\DriverStore\FileRepository\qca_btusb.inf_amd64_4fa11d4381a15978\AthrBT_0x11020000.dfu|> [E] ARJ archive is corrupted. (42120)
C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf [E] Access is denied (5)
C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001 [E] Access is denied (5)
C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
C:\Windows\System32\drivers\AthrBT_0x11020000.dfu|> [E] ARJ archive is corrupted. (42120)
C:\Users\xstee\AppData\Roaming\.minecraft\libraries\com\mojang\realms\1.9.8\realms-1.9.8.jar|>com\mojang\realmsclient\client\RealmsError.class [E] ZIP archive is corrupted. (42125)
C:\swapfile.sys [E] The process cannot access the file because it is being used by another process (32)
C:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)
C:\hiberfil.sys [E] The process cannot access the file because it is being used by another process (32)
C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000003 [E] Access is denied (5)
E:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002 [E] Access is denied (5)
E:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf [E] Access is denied (5)
E:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001 [E] Access is denied (5)
E:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
X:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf [E] Access is denied (5)
X:\DOWNLOADS\PROTECTION STUFF\winpese-x64_16.07.07.iso|>SOURCES\BOOT.WIM [E] Compressed file is too big to be processed. (42057)
X:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001 [E] Access is denied (5)
X:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002 [E] Access is denied (5)
X:\DOCUMENTS\Curse\Minecraft\Instances\All the Mods\mods\Psi-r1.0-41.jar|>assets\psi\sounds\cadCreate.ogg|> [E] ARJ archive is corrupted. (42120)
X:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
X:\DOCUMENTS\Curse\Minecraft\Instances\FTB Presents SkyFactory 2.5\mods\witchery-1.7.10-0.24.1.jar|>assets\witchery\sounds\mob\banshee\banshee_scream.ogg|> [E] ARJ archive is corrupted. (42120)
X:\DOCUMENTS\Curse\Minecraft\Instances\FTB Infinity Evolved\mods\witchery-1.7.10-0.24.1.jar|>assets\witchery\sounds\mob\banshee\banshee_scream.ogg|> [E] ARJ archive is corrupted. (42120)
Z:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf [E] Access is denied (5)
Z:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001 [E] Access is denied (5)
Z:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002 [E] Access is denied (5)
Z:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\CDisplayEx.exe [E] Installer archive is corrupted. (42145)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\swscale-2.dll [E] Installer archive is corrupted. (42145)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\avutil-52.dll [E] Installer archive is corrupted. (42145)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\sqlite3.dll [E] Installer archive is corrupted. (42145)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\7z.dll [E] Installer archive is corrupted. (42145)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\libwebp.dll [E] Installer archive is corrupted. (42145)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\libwebpdemux.dll [E] Installer archive is corrupted. (42145)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\unrar.dll [E] Installer archive is corrupted. (42145)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\unrarshell.dll [E] Installer archive is corrupted. (42145)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\Leap.dll [E] Installer archive is corrupted. (42145)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\LeapCSharp.dll [E] Installer archive is corrupted. (42145)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$RZZMIM1\Downloads\witchery-1.7.10-0.24.0.jar|>assets\witchery\sounds\mob\banshee\banshee_scream.ogg|> [E] ARJ archive is corrupted. (42120)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$RZZMIM1\Downloads\witchery-1.7.10-0.24.1.jar|>assets\witchery\sounds\mob\banshee\banshee_scream.ogg|> [E] ARJ archive is corrupted. (42120)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$RZZMIM1\Servers\CrundeeCraft_1023\mods\witchery-1.7.10-0.24.1.jar|>assets\witchery\sounds\mob\banshee\banshee_scream.ogg|> [E] ARJ archive is corrupted. (42120)
Z:\FIREFOX DOWNLOADS\SAMS STUFF\PowerDirectorContentPack_140716_ContentPack_Essential_PCP140715-01(2).exe|>Data1.7z [E] Compressed file is too big to be processed. (42057)
Z:\$RECYCLE.BIN\S-1-5-21-2635751861-4022201966-413610615-1001\$R1JFYAF\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.216\deploy\assets\sounds\es_AR\Champions\Yorick.mp3|> [E] ARJ archive is corrupted. (42120)
Z:\$RECYCLE.BIN\S-1-5-21-2635751861-4022201966-413610615-1001\$R1JFYAF\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.216\deploy\assets\sounds\es_MX\Champions\Yorick.mp3|> [E] ARJ archive is corrupted. (42120)
Z:\FIREFOX DOWNLOADS\DRIVERS FOR DAD's PC\lws280.exe|>$INSTDIR\LWS\YouKuInstaller_Release_x86.exe|>$INSTDIR\ikuacc.dat|>- [E] Archive is password protected. (42056)
Z:\FIREFOX DOWNLOADS\ASSORTED SOFTWARE\BlueStacks2_native.exe|>Data.sparsefs\Store [E] Compressed file is too big to be processed. (42057)
Z:\FIREFOX DOWNLOADS\ASSORTED SOFTWARE\BlueStacks2_native.exe|>Root.fs [E] Compressed file is too big to be processed. (42057)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$RRAHHW4.x264-AVS\better.call.saul.s02e08.720p.hdtv.x264-avs.rar|>Better.Call.Saul.S02E08.720p.HDTV.x264-AVS.mkv [E] Compressed file is too big to be processed. (42057)
Z:\Documents\PowerDirector_2604_GM5_Trial_Trial_VDE150123-05.exe|>Data1.7z|>ParticleObject\PDR13_Triangles\base_074.png|> [E] ARJ archive is corrupted. (42120)
Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$RE58QV5.rar|>IGG-Youtubers.Life.v0.7.7\YoutubersLife_Data\resources.assets.resS [E] Compressed file is too big to be processed. (42057)
Infected files: 0
Total files: 1958874
Total folders: 55927
Total size: 1.2 TB

*
* Scan stopped: November 6, 2016 10:59:25 PM
* Run-time was 19 minute(s), 19 second(s)
*
MBAM
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/6/2016
Scan Time: 10:10 PM
Logfile:

Version: 2.2.1.1043
Malware Database: v2016.11.07.02
Rootkit Database: v2016.10.31.01
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: xstee

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 336240
Time Elapsed: 2 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
SAS
Code:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/06/2016 at 10:23 PM

Application Version : 6.0.1228
Database Version : 13137

Scan type       : Complete Scan
Total Scan Time : 00:05:16

Operating System Information
Windows 10 Home 64-bit (Build 10.00.14393)
UAC On - Limited User

Memory items scanned      : 843
Memory threats detected   : 0
Registry items scanned    : 63462
Registry threats detected : 0
File items scanned        : 42842
File threats detected     : 30

aa.online-metrix.net [ C:\USERS\XSTEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NMVGE68W ]

============
End of Log
============

How is this getting in? Through the other drives? I'm sure that is wasn't on there before. I just realied I need to run ADWCleaner. I'm gonna try that. Then I will repair the other drive and mess with the booting up of the 2 drives. I sure hope I can get that working. I just don't get how it got screwed up. Thanks as always.
My System Specs

7. Hi.
Well, mostly the Minecraft mods come from users/people who have written these themselves (not the developers). So, it's always a risk to download them. You just don't know what they've written into their code. They are also sometimes found on less-than-stellar websites, and those sites may be infection vectors as well. The problem is, they don't have have "installers" per se; the user simply follows instructions to copy certain files into certain folders and runs them to get things to work. Very risky, as most of them are *.jar files (usually executables) and *.DLLs. (Compressed *.jar files can be distributing executables; i.e. double-clicking them can launch an application, if that's how it has been packaged. Those applications can contain malicious code which executes in the background, unbeknownst to the user.)

It could be that something had a rootkit. I see in the MBAM scan that you didn't check the box to enable rootkit scanning. And, yes, some infections can cross-contaminate to any drive connected to the system. They can also lie dormant, like a ticking time bomb. There are even some which create a hidden partition, so as to survive a format.

The MBAM scan was only a threat scan, not a custom scan, where you check the box for rootkits, and select the entire drive to be scanned (takes a while to complete).
The Avast! scan didn't find anything.
There are some files that it can't get access to because they are in constant use by the OS.
The decompression bombs are just files that are so tightly compressed they would be huge when uncompressed, and so Avast skips them.
The ...\$Extend\$RmMetadata... lines - well, you can read a bit about them here:
windows - Could and \$RmMetadata pose information leakage on a nuked HDD? - Information Security Stack Exchange
.
I've read here that a program called everything.exe (voidtools) will cause these lines to show up, and also possibly prevent you from safely ejecting external drives. Do you have that program installed? If so, might want to try Agent Ransack instead.

Before running scans, I would run RKILL and check the log to see if it stops any active malicious/suspicious process. Everything RKILL does is undone by a reboot, so it needs to be run after every reboot.

What did ADWCleaner find, anything? Have you tried TDSSKiller to check for rootkits? When you run that program, select all the boxes, going from bottom to top. It will tell you it needs to reboot to run the scan properly.
My System Specs

8. LAPS said:
I finally got around to trying to setup the dual boot system tonight. Epic fail. Its caused issues with booting up the main HD I was using since the do-over. For some reason no matter how I setup my BIOS it sees to only want to boot up my INTEL SSD, and not the new Kingston SSD I just bought. Now something wrong with the boot info on the Kingston drive and I need to repair it. But before I got back into that I wanted to setup a few things with the INTEL.
If you connect only the Kingston and boot to Macrium rescue media (or Kyhi's rescue media and open Macrium), it has a fix boot option you can try.

Are you using a 3rd-party application to setup your dual boot?

LAPS said:
I had initally formatted this drive, installed all the protection on it then disconnected this drive and did the same thing on the new Kingston SSD installing the new Windows and whatnot. It's been working great until tonight. I like having the admin account and then monitoring what the kids are up to. But it seems my oldest really love those viruses. He loves minecraft and is constantly trying to get different mods etc. But like you said there can be alot of issues there. Yesterday I got a warning from WinPatrol that it was trying to change my Search engine to yahoo which struck me as odd. I immediately ran the scans and it was infested. Over 350 different discoveries (420+ if you count between MBAM and SAS). I did the same think on his user account today and found the same thing. Somehow they all came back.. Maybe he ran the software again I'm not entirely sure. But anyways I cleaned it up. I had run an avast Quick scan but not the full scan yet. and that was clean.
What was found?
There may be a malicious add-on or two in a browser. You could run JRT to clear that out.

LAPS said:
MOVING ON.
Then tonight came along and I tried to install all the drives. Problems problems everwhere, but I just started working o the intel drive. It was really wierd, but I got that same alert about 10 minutes in that it was trying to change my search engine to Yahoo.. Super wierd. I haven't even had this drive connected until tonight, and all the problems I've had booting that other drive I have no idea how this would get infected but I started running scans.
Did WinPatrol tell you "what" was trying to change your default search provider? Can you grab a screenshot when it does?

LAPS said:
How is this getting in? Through the other drives? I'm sure that is wasn't on there before. I just realied I need to run ADWCleaner. I'm gonna try that. Then I will repair the other drive and mess with the booting up of the 2 drives. I sure hope I can get that working. I just don't get how it got screwed up. Thanks as always.
If you continue to have warnings/problems, we might need to have a look at a FRST scan. Let me know.
My System Specs

9. Just FYI-
A lot of people here use EasyBCD.
EasyBCD and UEFI

I have never used it personally. I used GRUB years ago to dual-boot an XP and W8 system. Now I do everything in VMs.
My System Specs

10. If you connect only the Kingston and boot to Macrium rescue media (or Kyhi's rescue media and open Macrium), it has a fix boot option you can try.

Are you using a 3rd-party application to setup your dual boot?
That's the plan. I'm not using anything to setup the dual boot. I'm just playing with the BIOS and boot settings. Maybe some software might help.

What was found?
There may be a malicious add-on or two in a browser. You could run JRT to clear that out.
There were a bunch of files, something like WinYahoo. When I can get back on the drive I'll pull the logs.

Did WinPatrol tell you "what" was trying to change your default search provider? Can you grab a screenshot when it does?
Now that I think about it, I don't even know if it was WinPatrol warning me, but something definitely was. It was quite vague, It was just something like a 3rd party program is trying to change your default home page to Yahoo. If I see it again, I'll definitely catch a screenshot. Right now I'm doing the custom MBAM scan. So far clean clean.

If you continue to have warnings/problems, we might need to have a look at a FRST scan. Let me know.[/QUOTE]
My System Specs

Page 14 of 15 First ... 412131415 Last