Page 14 of 15 FirstFirst ... 412131415 LastLast

  1. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       27 Oct 2016 #131

    simrick said: View Post
    In the LastPass login, select remember email only, and not remember password. Plug in your LastPass master password whenever you need to use LastPass. LastPass remembers all your other passwords, so you only have to remember the master password.
    LOL. Ok yeah, I had it setup like that. Sorry Simrick. Brain fart. Still gotta try getting this dual boot setup but I will get to that in the next few days or by the weekend for sure. Also I'll start the setup of the personalized browser protection. I'll keep you posted.
      My System SpecsSystem Spec


  2. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       27 Oct 2016 #132

    Does this setup look right for OpenDNS on my router? I kinda muddled through. It seems different that Its supposed to be but when I run the test on OpenDNS it works. What do you think;

    Click image for larger version. 

Name:	ROUTEr.PNG 
Views:	4 
Size:	86.6 KB 
ID:	107765
      My System SpecsSystem Spec


  3. Joined : Apr 2015
    Posts : 9,117
    W10Prox64
       27 Oct 2016 #133

    LAPS said: View Post
    Does this setup look right for OpenDNS on my router? I kinda muddled through. It seems different that Its supposed to be but when I run the test on OpenDNS it works. What do you think;

    Click image for larger version. 

Name:	ROUTEr.PNG 
Views:	4 
Size:	86.6 KB 
ID:	107765
    Yes, that looks correct to me.
      My System SpecsSystem Spec


  4. Joined : Apr 2015
    Posts : 9,117
    W10Prox64
       03 Nov 2016 #134

    Hi. Just FYI: CryptoPrevent Free has v8 out of BETA now. You'll need to update manually here:
    Upgrading CryptoPrevent v7.x to v8.x Manually Foolish IT
    .
      My System SpecsSystem Spec


  5. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       04 Nov 2016 #135

    simrick said: View Post
    Hi. Just FYI: CryptoPrevent Free has v8 out of BETA now. You'll need to update manually here:
    Upgrading CryptoPrevent v7.x to v8.x Manually Foolish IT
    .
    Awesome. Thanks Simrick. Sorry I've been missing lately. I just haven't been motivated to do much lately as things seem to be working alot better but I still want to do it, at least a few of those things. Maybe this weekend I'll get around to it. Have a good one!
      My System SpecsSystem Spec


  6. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       4 Weeks Ago #136

    I finally got around to trying to setup the dual boot system tonight. Epic fail. Its caused issues with booting up the main HD I was using since the do-over. For some reason no matter how I setup my BIOS it sees to only want to boot up my INTEL SSD, and not the new Kingston SSD I just bought. Now something wrong with the boot info on the Kingston drive and I need to repair it. But before I got back into that I wanted to setup a few things with the INTEL.


    I had initally formatted this drive, installed all the protection on it then disconnected this drive and did the same thing on the new Kingston SSD installing the new Windows and whatnot. It's been working great until tonight. I like having the admin account and then monitoring what the kids are up to. But it seems my oldest really love those viruses. He loves minecraft and is constantly trying to get different mods etc. But like you said there can be alot of issues there. Yesterday I got a warning from WinPatrol that it was trying to change my Search engine to yahoo which struck me as odd. I immediately ran the scans and it was infested. Over 350 different discoveries (420+ if you count between MBAM and SAS). I did the same think on his user account today and found the same thing. Somehow they all came back.. Maybe he ran the software again I'm not entirely sure. But anyways I cleaned it up. I had run an avast Quick scan but not the full scan yet. and that was clean.


    MOVING ON.
    Then tonight came along and I tried to install all the drives. Problems problems everwhere, but I just started working o the intel drive. It was really wierd, but I got that same alert about 10 minutes in that it was trying to change my search engine to Yahoo.. Super wierd. I haven't even had this drive connected until tonight, and all the problems I've had booting that other drive I have no idea how this would get infected but I started running scans.

    AVAST FULL SCAN -- Why all the locked up files?
    Code:
    * Avast Scan Report
    * This file is generated automatically
    *
    * Scan name: Full system scan
    * Started on: Sunday, November 6, 2016 10:40:13 PM
    * VPS: 161106-0, 2016-11-06
    *
    
    C:\Windows\System32\DriverStore\FileRepository\qca_btusb.inf_amd64_4fa11d4381a15978\AthrBT_0x11020000.dfu|> [E] ARJ archive is corrupted. (42120)
    C:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf [E] Access is denied (5)
    C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001 [E] Access is denied (5)
    C:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
    C:\Windows\System32\drivers\AthrBT_0x11020000.dfu|> [E] ARJ archive is corrupted. (42120)
    C:\Windows\SoftwareDistribution\Download\cec125821fe1a3ea58b223ece4121d04c391af8b|>AthrBT_0x11020000.dfu|> [E] ARJ archive is corrupted. (42120)
    C:\Users\xstee\AppData\Roaming\.minecraft\libraries\com\mojang\realms\1.9.8\realms-1.9.8.jar|>com\mojang\realmsclient\client\RealmsError.class [E] ZIP archive is corrupted. (42125)
    C:\swapfile.sys [E] The process cannot access the file because it is being used by another process (32)
    C:\pagefile.sys [E] The process cannot access the file because it is being used by another process (32)
    C:\hiberfil.sys [E] The process cannot access the file because it is being used by another process (32)
    C:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000003 [E] Access is denied (5)
    C:\Users\xstee\Downloads\winpese-x64_16.07.07.iso|>SOURCES\BOOT.WIM [E] Compressed file is too big to be processed. (42057)
    E:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002 [E] Access is denied (5)
    E:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf [E] Access is denied (5)
    E:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001 [E] Access is denied (5)
    E:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
    X:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf [E] Access is denied (5)
    X:\DOWNLOADS\PROTECTION STUFF\winpese-x64_16.07.07.iso|>SOURCES\BOOT.WIM [E] Compressed file is too big to be processed. (42057)
    X:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001 [E] Access is denied (5)
    X:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002 [E] Access is denied (5)
    X:\DOCUMENTS\Curse\Minecraft\Instances\All the Mods\mods\Psi-r1.0-41.jar|>assets\psi\sounds\cadCreate.ogg|> [E] ARJ archive is corrupted. (42120)
    X:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
    X:\DOCUMENTS\Curse\Minecraft\Instances\FTB Presents SkyFactory 2.5\mods\witchery-1.7.10-0.24.1.jar|>assets\witchery\sounds\mob\banshee\banshee_scream.ogg|> [E] ARJ archive is corrupted. (42120)
    X:\DOCUMENTS\Curse\Minecraft\Instances\FTB Infinity Evolved\mods\witchery-1.7.10-0.24.1.jar|>assets\witchery\sounds\mob\banshee\banshee_scream.ogg|> [E] ARJ archive is corrupted. (42120)
    Z:\$Extend\$RmMetadata\$TxfLog\$TxfLog.blf [E] Access is denied (5)
    Z:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000001 [E] Access is denied (5)
    Z:\$Extend\$RmMetadata\$TxfLog\$TxfLogContainer00000000000000000002 [E] Access is denied (5)
    Z:\$Extend\$RmMetadata\$TxfLog\$Tops [E] Access is denied (5)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\CDisplayEx.exe [E] Installer archive is corrupted. (42145)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\swscale-2.dll [E] Installer archive is corrupted. (42145)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\avutil-52.dll [E] Installer archive is corrupted. (42145)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\sqlite3.dll [E] Installer archive is corrupted. (42145)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\7z.dll [E] Installer archive is corrupted. (42145)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\libwebp.dll [E] Installer archive is corrupted. (42145)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\libwebpdemux.dll [E] Installer archive is corrupted. (42145)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\unrar.dll [E] Installer archive is corrupted. (42145)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\unrarshell.dll [E] Installer archive is corrupted. (42145)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\Leap.dll [E] Installer archive is corrupted. (42145)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$R2WPXI2.exe|>{app}\LeapCSharp.dll [E] Installer archive is corrupted. (42145)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$RZZMIM1\Downloads\witchery-1.7.10-0.24.0.jar|>assets\witchery\sounds\mob\banshee\banshee_scream.ogg|> [E] ARJ archive is corrupted. (42120)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$RZZMIM1\Downloads\witchery-1.7.10-0.24.1.jar|>assets\witchery\sounds\mob\banshee\banshee_scream.ogg|> [E] ARJ archive is corrupted. (42120)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$RZZMIM1\Servers\CrundeeCraft_1023\mods\witchery-1.7.10-0.24.1.jar|>assets\witchery\sounds\mob\banshee\banshee_scream.ogg|> [E] ARJ archive is corrupted. (42120)
    Z:\FIREFOX DOWNLOADS\SAMS STUFF\PowerDirectorContentPack_140716_ContentPack_Essential_PCP140715-01(2).exe|>Data1.7z [E] Compressed file is too big to be processed. (42057)
    Z:\$RECYCLE.BIN\S-1-5-21-2635751861-4022201966-413610615-1001\$R1JFYAF\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.216\deploy\assets\sounds\es_AR\Champions\Yorick.mp3|> [E] ARJ archive is corrupted. (42120)
    Z:\$RECYCLE.BIN\S-1-5-21-2635751861-4022201966-413610615-1001\$R1JFYAF\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.216\deploy\assets\sounds\es_MX\Champions\Yorick.mp3|> [E] ARJ archive is corrupted. (42120)
    Z:\FIREFOX DOWNLOADS\DRIVERS FOR DAD's PC\lws280.exe|>$INSTDIR\LWS\YouKuInstaller_Release_x86.exe|>$INSTDIR\ikuacc.dat|>- [E] Archive is password protected. (42056)
    Z:\FIREFOX DOWNLOADS\UTILITIES\tweaking.com_windows_repair_aio_setup.exe|>%AppFolder%\files\permissions\8\hklm.7z|>hklm.txt [E] The file is a decompression bomb. (42110)
    Z:\FIREFOX DOWNLOADS\UTILITIES\tweaking.com_windows_repair_aio_setup.exe|>%AppFolder%\files\permissions\8\windows.7z|>windows.txt [E] The file is a decompression bomb. (42110)
    Z:\FIREFOX DOWNLOADS\UTILITIES\tweaking.com_windows_repair_aio_setup.exe|>%AppFolder%\files\permissions\8\program_files.7z|>program_files.txt [E] The file is a decompression bomb. (42110)
    Z:\FIREFOX DOWNLOADS\UTILITIES\tweaking.com_windows_repair_aio_setup.exe|>%AppFolder%\files\permissions\10\hklm.7z|>hklm.txt [E] The file is a decompression bomb. (42110)
    Z:\FIREFOX DOWNLOADS\UTILITIES\tweaking.com_windows_repair_aio_setup.exe|>%AppFolder%\files\permissions\10\program_files.7z|>program_files.txt [E] The file is a decompression bomb. (42110)
    Z:\FIREFOX DOWNLOADS\UTILITIES\tweaking.com_windows_repair_aio_setup.exe|>%AppFolder%\files\permissions\10\windows.7z|>windows.txt [E] The file is a decompression bomb. (42110)
    Z:\FIREFOX DOWNLOADS\UTILITIES\tweaking.com_windows_repair_aio_setup.exe|>%AppFolder%\files\permissions\7\hklm.7z|>hklm.txt [E] The file is a decompression bomb. (42110)
    Z:\FIREFOX DOWNLOADS\UTILITIES\tweaking.com_windows_repair_aio_setup.exe|>%AppFolder%\files\permissions\7\windows.7z|>windows.txt [E] The file is a decompression bomb. (42110)
    Z:\FIREFOX DOWNLOADS\UTILITIES\tweaking.com_windows_repair_aio_setup.exe|>%AppFolder%\files\permissions\8.1\hklm.7z|>hklm.txt [E] The file is a decompression bomb. (42110)
    Z:\FIREFOX DOWNLOADS\UTILITIES\tweaking.com_windows_repair_aio_setup.exe|>%AppFolder%\files\permissions\8.1\program_files.7z|>program_files.txt [E] The file is a decompression bomb. (42110)
    Z:\FIREFOX DOWNLOADS\UTILITIES\tweaking.com_windows_repair_aio_setup.exe|>%AppFolder%\files\permissions\8.1\windows.7z|>windows.txt [E] The file is a decompression bomb. (42110)
    Z:\FIREFOX DOWNLOADS\UTILITIES\tweaking.com_windows_repair_aio_setup.exe|>%AppFolder%\files\permissions\8.1\windows.7z [E] The file is a decompression bomb. (42110)
    Z:\FIREFOX DOWNLOADS\UTILITIES\tweaking.com_windows_repair_aio_setup.exe [E] The file is a decompression bomb. (42110)
    Z:\FIREFOX DOWNLOADS\ASSORTED SOFTWARE\BlueStacks2_native.exe|>Data.sparsefs\Store [E] Compressed file is too big to be processed. (42057)
    Z:\FIREFOX DOWNLOADS\ASSORTED SOFTWARE\BlueStacks2_native.exe|>Root.fs [E] Compressed file is too big to be processed. (42057)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$RRAHHW4.x264-AVS\better.call.saul.s02e08.720p.hdtv.x264-avs.rar|>Better.Call.Saul.S02E08.720p.HDTV.x264-AVS.mkv [E] Compressed file is too big to be processed. (42057)
    Z:\Documents\PowerDirector_2604_GM5_Trial_Trial_VDE150123-05.exe|>Data1.7z|>ParticleObject\PDR13_Triangles\base_074.png|> [E] ARJ archive is corrupted. (42120)
    Z:\$RECYCLE.BIN\S-1-5-21-1665485277-3297097811-304278644-1001\$RE58QV5.rar|>IGG-Youtubers.Life.v0.7.7\YoutubersLife_Data\resources.assets.resS [E] Compressed file is too big to be processed. (42057)
    Infected files: 0
    Total files: 1958874
    Total folders: 55927
    Total size: 1.2 TB
    
    *
    * Scan stopped: November 6, 2016 10:59:25 PM
    * Run-time was 19 minute(s), 19 second(s)
    *
    MBAM
    Code:
    Malwarebytes Anti-Malware
    www.malwarebytes.org
    
    Scan Date: 11/6/2016
    Scan Time: 10:10 PM
    Logfile: 
    Administrator: Yes
    
    Version: 2.2.1.1043
    Malware Database: v2016.11.07.02
    Rootkit Database: v2016.10.31.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled
    
    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: xstee
    
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 336240
    Time Elapsed: 2 min, 29 sec
    
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled
    
    Processes: 0
    (No malicious items detected)
    
    Modules: 0
    (No malicious items detected)
    
    Registry Keys: 0
    (No malicious items detected)
    
    Registry Values: 0
    (No malicious items detected)
    
    Registry Data: 0
    (No malicious items detected)
    
    Folders: 0
    (No malicious items detected)
    
    Files: 0
    (No malicious items detected)
    
    Physical Sectors: 0
    (No malicious items detected)
    
    
    (end)
    SAS
    Code:
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    
    Generated 11/06/2016 at 10:23 PM
    
    Application Version : 6.0.1228
    Database Version : 13137
    
    Scan type       : Complete Scan
    Total Scan Time : 00:05:16
    
    Operating System Information
    Windows 10 Home 64-bit (Build 10.00.14393)
    UAC On - Limited User
    
    Memory items scanned      : 843
    Memory threats detected   : 0
    Registry items scanned    : 63462
    Registry threats detected : 0
    File items scanned        : 42842
    File threats detected     : 30
    
    Adware.Tracking Cookie
        C:\Users\xstee\AppData\Local\Microsoft\Windows\INetCookies\OXD350Z6.cookieC:\Users\xstee\AppData\Local\Microsoft\Windows\INetCookies\OXD350Z6.cookie [ /advertising.com ]
        C:\Users\xstee\AppData\Local\Microsoft\Windows\INetCookies\6IWOXFWW.cookieC:\Users\xstee\AppData\Local\Microsoft\Windows\INetCookies\6IWOXFWW.cookie [ /adnxs.com ]
        C:\Users\xstee\AppData\Local\Microsoft\Windows\INetCookies\LXGM9NO6.cookieC:\Users\xstee\AppData\Local\Microsoft\Windows\INetCookies\LXGM9NO6.cookie [ /atwola.com ]
        C:\Users\xstee\AppData\Local\Microsoft\Windows\INetCookies\YLR5AQPK.cookieC:\Users\xstee\AppData\Local\Microsoft\Windows\INetCookies\YLR5AQPK.cookie [ /cdn.at.atwola.com ]
        C:\Users\xstee\AppData\Local\Microsoft\Windows\INetCookies\K92PM4W7.cookieC:\Users\xstee\AppData\Local\Microsoft\Windows\INetCookies\K92PM4W7.cookie [ /at.atwola.com ]
        C:\Users\xstee\AppData\Local\Microsoft\Windows\INetCookies\QZIVNLF8.cookieC:\Users\xstee\AppData\Local\Microsoft\Windows\INetCookies\QZIVNLF8.cookie [ /doubleclick.net ]
        aa.online-metrix.net [ C:\USERS\XSTEE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\NMVGE68W ]
        .abmr.net [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        p2099.ic-live.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .mathtag.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .scorecardresearch.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .scorecardresearch.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .bizible.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .addthis.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .42265985.log.optimizely.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .ic-live.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .ic-live.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .lijit.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .addthis.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .mathtag.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .lijit.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .lijit.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .addthis.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .mathtag.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .mathtag.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .addthis.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
        .addthis.com [ C:\USERS\XSTEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\W8KH331T.DEFAULT\COOKIES.SQLITE ]
    
    ============
     End of Log 
    ============

    How is this getting in? Through the other drives? I'm sure that is wasn't on there before. I just realied I need to run ADWCleaner. I'm gonna try that. Then I will repair the other drive and mess with the booting up of the 2 drives. I sure hope I can get that working. I just don't get how it got screwed up. Thanks as always.
      My System SpecsSystem Spec


  7. Joined : Apr 2015
    Posts : 9,117
    W10Prox64
       4 Weeks Ago #137

    Hi.
    Well, mostly the Minecraft mods come from users/people who have written these themselves (not the developers). So, it's always a risk to download them. You just don't know what they've written into their code. They are also sometimes found on less-than-stellar websites, and those sites may be infection vectors as well. The problem is, they don't have have "installers" per se; the user simply follows instructions to copy certain files into certain folders and runs them to get things to work. Very risky, as most of them are *.jar files (usually executables) and *.DLLs. (Compressed *.jar files can be distributing executables; i.e. double-clicking them can launch an application, if that's how it has been packaged. Those applications can contain malicious code which executes in the background, unbeknownst to the user.)

    It could be that something had a rootkit. I see in the MBAM scan that you didn't check the box to enable rootkit scanning. And, yes, some infections can cross-contaminate to any drive connected to the system. They can also lie dormant, like a ticking time bomb. There are even some which create a hidden partition, so as to survive a format.

    The SAS scan found only cookies - nothing to worry about.
    The MBAM scan was only a threat scan, not a custom scan, where you check the box for rootkits, and select the entire drive to be scanned (takes a while to complete).
    The Avast! scan didn't find anything.
    There are some files that it can't get access to because they are in constant use by the OS.
    The decompression bombs are just files that are so tightly compressed they would be huge when uncompressed, and so Avast skips them.
    The ...\$Extend\$RmMetadata... lines - well, you can read a bit about them here:
    windows - Could and $RmMetadata pose information leakage on a nuked HDD? - Information Security Stack Exchange
    .
    I've read here that a program called everything.exe (voidtools) will cause these lines to show up, and also possibly prevent you from safely ejecting external drives. Do you have that program installed? If so, might want to try Agent Ransack instead.

    Before running scans, I would run RKILL and check the log to see if it stops any active malicious/suspicious process. Everything RKILL does is undone by a reboot, so it needs to be run after every reboot.

    What did ADWCleaner find, anything? Have you tried TDSSKiller to check for rootkits? When you run that program, select all the boxes, going from bottom to top. It will tell you it needs to reboot to run the scan properly.
      My System SpecsSystem Spec


  8. Joined : Apr 2015
    Posts : 9,117
    W10Prox64
       4 Weeks Ago #138

    LAPS said: View Post
    I finally got around to trying to setup the dual boot system tonight. Epic fail. Its caused issues with booting up the main HD I was using since the do-over. For some reason no matter how I setup my BIOS it sees to only want to boot up my INTEL SSD, and not the new Kingston SSD I just bought. Now something wrong with the boot info on the Kingston drive and I need to repair it. But before I got back into that I wanted to setup a few things with the INTEL.
    If you connect only the Kingston and boot to Macrium rescue media (or Kyhi's rescue media and open Macrium), it has a fix boot option you can try.

    Are you using a 3rd-party application to setup your dual boot?

    LAPS said: View Post
    I had initally formatted this drive, installed all the protection on it then disconnected this drive and did the same thing on the new Kingston SSD installing the new Windows and whatnot. It's been working great until tonight. I like having the admin account and then monitoring what the kids are up to. But it seems my oldest really love those viruses. He loves minecraft and is constantly trying to get different mods etc. But like you said there can be alot of issues there. Yesterday I got a warning from WinPatrol that it was trying to change my Search engine to yahoo which struck me as odd. I immediately ran the scans and it was infested. Over 350 different discoveries (420+ if you count between MBAM and SAS). I did the same think on his user account today and found the same thing. Somehow they all came back.. Maybe he ran the software again I'm not entirely sure. But anyways I cleaned it up. I had run an avast Quick scan but not the full scan yet. and that was clean.
    What was found?
    There may be a malicious add-on or two in a browser. You could run JRT to clear that out.

    LAPS said: View Post
    MOVING ON.
    Then tonight came along and I tried to install all the drives. Problems problems everwhere, but I just started working o the intel drive. It was really wierd, but I got that same alert about 10 minutes in that it was trying to change my search engine to Yahoo.. Super wierd. I haven't even had this drive connected until tonight, and all the problems I've had booting that other drive I have no idea how this would get infected but I started running scans.
    Did WinPatrol tell you "what" was trying to change your default search provider? Can you grab a screenshot when it does?

    LAPS said: View Post
    How is this getting in? Through the other drives? I'm sure that is wasn't on there before. I just realied I need to run ADWCleaner. I'm gonna try that. Then I will repair the other drive and mess with the booting up of the 2 drives. I sure hope I can get that working. I just don't get how it got screwed up. Thanks as always.
    If you continue to have warnings/problems, we might need to have a look at a FRST scan. Let me know.
      My System SpecsSystem Spec


  9. Joined : Apr 2015
    Posts : 9,117
    W10Prox64
       4 Weeks Ago #139

    Just FYI-
    A lot of people here use EasyBCD.
    EasyBCD and UEFI

    I have never used it personally. I used GRUB years ago to dual-boot an XP and W8 system. Now I do everything in VMs.
      My System SpecsSystem Spec


  10. Joined : Sep 2016
    Calgary
    Posts : 74
    Windows 10 Anniversary
       4 Weeks Ago #140

    If you connect only the Kingston and boot to Macrium rescue media (or Kyhi's rescue media and open Macrium), it has a fix boot option you can try.

    Are you using a 3rd-party application to setup your dual boot?
    That's the plan. I'm not using anything to setup the dual boot. I'm just playing with the BIOS and boot settings. Maybe some software might help.

    What was found?
    There may be a malicious add-on or two in a browser. You could run JRT to clear that out.
    There were a bunch of files, something like WinYahoo. When I can get back on the drive I'll pull the logs.



    Did WinPatrol tell you "what" was trying to change your default search provider? Can you grab a screenshot when it does?
    Now that I think about it, I don't even know if it was WinPatrol warning me, but something definitely was. It was quite vague, It was just something like a 3rd party program is trying to change your default home page to Yahoo. If I see it again, I'll definitely catch a screenshot. Right now I'm doing the custom MBAM scan. So far clean clean.


    If you continue to have warnings/problems, we might need to have a look at a FRST scan. Let me know.[/QUOTE]
      My System SpecsSystem Spec


 
Page 14 of 15 FirstFirst ... 412131415 LastLast


Similar Threads
Thread Forum
How to get the Windows 10 Anniversary Update
760521668653518849 Source: How to get the Windows 10 Anniversary Update | Windows Experience Blog Download Windows 10 Anniversary ISO (32-bit 3.14 GB) (64-bit=4.07 GB):
Windows 10 News
Cannot Update to Windows 10 Anniversary Update (Freeze during Update)
Search Results I am trying to update from Windows 10 OS Build 10586.589 to the Anniversary Update but my computer freezes at 1% progress. I have tried everything I can think of including: Unplugging all extra SATA drives except my main SSD,...
Windows Updates and Activation
Windows Update does not download and install the anniversary update.
I am downloading the update manually. Have others had the same issue with windows update not showing the update? I'm not sure my WU is working because of this.
Windows Updates and Activation
First one with windows 10 anniversary update
Who will it be? With no glitches. What time? Where are you located? What do you really notice improved over old 10? If you are a paying customer, did you get your monies worth? Are loading times (software and boot speeds). Add your questions if you...
General Support
Windows 10 Anniversary Update SDK Now Available!
Source: Windows 10 Anniversary Update SDK Now Available! Windows Store Open for Submissions | Building Apps for Windows
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 14:20.
Find Us
Twitter Facebook Google+



Windows 10 Forums