I use Macrium Reflect to make backup's and Clones.
They are install on external ssd's.
I used one the other day because of a infection. As a matter of fact I'm on the Clone at the present time. It works like the older install, except without the infection. Just like it was designed to do.
Jack
For what it is worth I agree with what the others are saying and personally that chkdsk I always run with the /r switch which unless I am terribly mistaken goes through the /f during the chkdsk operation.
With the Kaspersky I find that it will pick up a lot of stuff in a basically non Windows based program ie FF and Thunderbird. So what would be interesting to know is at what levels of security/sensitivity you have set in the KISS too I find using high level settings in Web Antivirus and Mail Antivirus settings for example do tend to make the KISS overly sensitive to what else goes on with Windows.
But this is only my two cents worth and what the others are saying and advising ie imaging is so important and me I do mine on regular basis and for the tie it takes it is not worth the grief.
Just to give you all a progress report: MalwareBytes found some strange-looking registry entries (not just GUIDs, which are always strange), and these (see attachment) were quarantined. Eset is doing an end-to-end scan, and has about 400 GB of stuff to go through. So far (1 hour 16 minutes, 580K items checked), it has found 12 files it doesn't like, but I won't know what they are until it's done.
When Eset finishes, I'll probably accept all of its quarantine recommendations, but before trying another Normal-mode boot I'll be back here for last-minute advice. Since starting this thread, I've made some parallel attempts to find the problem, and in some ways I seem to have made things worse.
- I had had only about 13% free space on my C: drive, so I extended it.
- In my first Normal-mode boot after this expansion, the freeze didn't happen until after close to a minute after the desktop appeared. I don't know if the volume-expansion had anything to do with this. In any event, I now had time to get into ProcMon and ask for a bootlog.
- On the next Normal-mode boot, I expected ProcMon to tell me it had a boot log waiting, but it didn't. I saved the log it did have (probably useless non-boot stuff), and you can see it, if you wish, on my Web site here.
- I tried to do another ProcMon run, thinking that I might have missed some part of the boot-log-capturing procedure (ProcMon is not a program I am at all familiar with). I set it up, rebooted, and during the reboot encountered an AVGUI error. I pushed ahead, but now I have no Normal-mode desktop. Instead, there is an all-cream screen (no task bar, no Start menu) with a tiny white legend claiming (falsely) that my copy of Windows is not a legal one.
Now I did ask if you have any really hard settings in the Kaspersky so have you?? If that MBAM is a free one then ok but if it is a real time / paid for then again Kaspersky does not like playing with other AV's like that.
From you log.
Conduit is very worrisome.PUP.Optional.Conduit, C:\USERS\ROBERT R. FENICHEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\702QQ0Q4.DEFAULT\PREFS.JS, Replaced, [522], [301520],1.0.1694
I have always removed all PUP's found by Malwarebytes and or Eset. Never had any problems.
Malwarebytes 3.0 Trial version will act just like the paid for version until the time expires.
I have been running Malwarebytes 3.0 Premium along side MSE for about a week and have had no problems.
I have no idea if it runs well with other anti virus programs. Malwarebytes says it okay with other anti virus programs but one will just have to test to make sure.
TFC by Old Timer doesn't get along with Malwarebytes 3.0. I had to remove TFC.
If I don't have any problems with Malwarebytes 3.0 for about another week I will upgrade my other system to 3.0.
Jack
Yes Jack have come across this a few moons ago and it was ugly then I did find this thoughConduit is very worrisome.
What is Conduit browser hijacker? - Definition from WhatIs.com
It would be worth running this if it hasn't already
SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!
I still would like to know about those Kaspersky settings as well.
In Safe Mode, I am not sure how to access my Kaspersky settings. I have the paid, full version of Kaspersky.
I have a question for the clone-experienced contributors. When I first thought about cloning, quite a few years ago, I thought that it couldn't work. My thought was that most disk drives have a few unusable sectors here and there, identified to prevent their being allocated, but straight copying of one HDD onto another would not take proper account of the receiving HDD's bad sectors. Now, obviously my thinking was wrong, but what did I miss?
SuperAntiSpyware found lots of tracking cookies, but only 2 files of interest. One was Borland's Package Collection Editor; this dates from 2002, and I strongly suspect that it's a false positive. The other is Unlocker, that I use only every year or so to get rid of files that appear to be open by nonexistent userrs. I haven't used either of these for a very long time.
I can't find any trace of Conduit on my machine, but I haven't used any specialized tools to find it.
In view of the bizarre difficulty I had when I last tried to get into Normal mode (see message #13), is there anything I should do before trying again?
Ok mate have just tried it out in safe mode on my tester as I have never used safe mode for disabling it.
Now get into safe mode Start > All programs > open the Kaspersky program listing >open the Kaspersky GUI > click on Settings (lower left) of GUI > go to the General tab > then turn off that other button to activate Protection > it will open a small window asking you to choose how long you want ti pause the pritection > do that and if you have protected the Settings it will ask you to type the password for that > then Enter.
The prog rm will switch off for that allocated time. It is a good idea to add a permission viw=a your own password to change settings in case someone inadvertently or maliciously tries to reset the level of protection with in your AV.
Just tip make sure you have the current edition of the program by clicking on the small icon in blue circle. You should do that after each install or major updates after a reboot from those updates - not the malware database ones.
Pics are of my small 10 laptop but will look the same in 7/
Quote