Understanding HijackThis

Yup, I missed PCP. Added a link to the Viruses, Spyware, Adware forum.

Hmm, I am so glad I always have yesterdays image and do not have to jump thru all those hoops.

As you know, whs, most people are not that organized or diligent. At the sites that I administer, I ask that the posted logs include an ARK scan and also t hat ERUNT be installed to ensure there is a valid registry backup.

(Although not active at all of the listed sites, I bet that between Jacee and myself we are most likely a member of most of the listed sites -- at least the English language sites and some of the non-English sites that have private forums for the security community.)

Corrine, with that being said, I will continue telling people that frequent imaging is their best protection. Apart from a $50 to $70 external disk, it takes so little that everybody should really do it.

Hi, Victek.

Nothing beats a visual inspection and too much can be hidden from HJT -- or just not available for evaluation.

If I can't clean it in an hour I have to move on to data backup and re-installation of the OS.

How come you are not using imaging? That would be a lot faster. Or are those customers on which you have no influence on what they are doing.

Since you working via a tech service, Victek, perhaps you would find it advantageous to obtain a Malwarebytes' Anti-Malware Technician's License. It is an annually renewable subscription. With that license, you can install MBAM on disk or USB key or both and then update the rules.ref file from your own copy on your own computer to take to your customer's computer. There is a license restriction that you can use it on only one computer at any given time and that it must be uninstalled before using it on another computer.

Inquires can be made about the Technician's License here: Corporate Licensing : Malwarebytes