pgrace0154

Fantastic!! Thank You PG

I am following MR C's (HERO MEMBER) "Preventative Maintenance Plan" and am at the point of using IE-SPYPAD to populate my IE9 and Google Chrome "Restricted Sites List" BUT IE-SPYPAD documentation states that they only support up to IE8 and Vista. I have Win 7 and IE 9. Also it looks that like the last time they posted to their site was 2008. I am using WOT so it's not a big thing but I would like to know how to do it anyway. Thanks, PG

Maurice, I'm done and thanks for having this great Forum. Many thanks to CWB, dale001 and especially to Assassin7772. I'll be lurking and looking out for you! Serenity NOW Insanity LATER. PG

Maurice, Here is the SecurityCheck. Results of screen317's Security Check version 0.99.43 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5% ````````````````````End of Log``````````````````````

Thanks Assassain I might go with it. I'm definitely looking. Pat G

Will get it tonight or tomorrow. Serenity NOW. Thanks, Pat G

Maurice, RE: Your issues Q. It's just questions as to how to do things properly and in the correct order. I have done most, but not all of what Assassian suggested but I will probably have more questions. For instance I am using the default Firewall and MSE BUT I intend to do more research and if I find better ones I intend to ask for help as to how to install them. MrC had some suggestions that I have not had time to look at yet. If you want me to open a new topic for each it's no problem. Just tell me. I will use the Security Check tomorrow and I thank you for it. Sorry for being long winded. Found it difficult to answer correctly. PG

Hi Folks, MacAffe out! MSE in! MSN Firewall in. The BING cookies were there so was MacAfee Cookies. Deletet, but some just came back. Called DELL Support. Told him get ALL the junk off my PC except what I might need. He did a lot of stuff. Don't know what remnants are left. Don't even know what all he removed. The only one I remember was E-Bay. There was a whole lot more. Problem with Malwarebytes Pro which was why I called Dell. Problem with WTO. Said I needed IE 6 or > running IE 9. Quit after getting of the phone with Dell. I think MB and WTO will be OK Fri. I heard that CWB. Good night, PG

Good morning daledoc1, Starting this AM step1 of AdvancedSetup post. PS did you know that DELL is now hijacking (for want of a better description) your home page. First boot they place a cookie that says www.dell.wildcard.com so say you make your home page in IE options MSN as I do what you get is DELL.MSM.COM. They then add insult to injury by putting the PING search on your desktop with the only option being to click OK to accept it. No "OPT OUT" or "NO THANKS". Your only option to get the BING MSG off of the screen is to click OK, or, as I did research it and learn how to stop it. I haven't done it yet, but it is to delete the cookie, set your home page and restart. Just ranting. PG

Admins, Please don't close yet. Trying to start out with a clean mean machine and not familiar with Win 7. Do want to post back results of advice. Thanks PG

Assassian772 and Daletoc1 Thank you both very much for taking the trouble and time to help me out. I certantily have enough to get me started on the right track now. And CWB of course. Regarding the IE settings when using FF, I am almost positive that it was in one of MrC's recommendations that I read it but I can't find it again and can't remember what it was. I'll come across it again. I would like to keep this open so I can report back to you folks. Many Thanks, Pat G

CWB thanks for the quick reply. Couple questions please. I know where to get WOT but not trafficlight? I understand that if I install FF i have to make some changes to the settings in IE. Don't know what ? Where in the sequence should I install MalwarePro?

Thanks in advance. Just got a dell with macaffee. From prev topic started by Assassin777 think I know how to remove it. Should I remove it before or after I install Malwarebyts pro and MSE? Suggestions for a Firewall appreciated. After removing MacAffe is there a registry checker I should run? After getting hit by a trojan once I am now super security aware. Thanks, Pat G

That was it!!! Norton. I uninstalled Norton. Was going to do that anyway. Got the Internet back. Installed MSE and it found a potential. I took no action in case you wanted to do something with it. It is in C:\Program Files\Yes Trader\RemoteAssist\WinVNC4.exe. If there is a topic here about setting the settings on MSE and Exclusions for MalwareBytes/MSE could you tell me where I can find it. Thank You Very Much, You are the MAN. MrC for Pres. Pat

Farbar Service Scanner Version: 26-07-2012 Ran by pat grace (administrator) on 27-07-2012 at 08:15:26 Running from "C:\Documents and Settings\pat grace\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Network **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist. System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll". BITS Service is not running. Checking service configuration: The start type of BITS service is set to Demand. The default start type is Auto. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs". The ServiceDll of EventSystem: "C:\WINDOWS\system32\Es.dll". Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(13) Tcpip(3) 0x0D000000040000000100000002000000030000000D0000000B0000000A00000008000000050000000600000007000000090000000C000000 IpSec Tag value is correct. **** End of log ****

will do.

Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll". BITS Service is not running. Checking service configuration: The start type of BITS service is set to Demand. The default start type is Auto. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs". The ServiceDll of EventSystem: "C:\WINDOWS\system32\Es.dll". Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(13) Tcpip(3) 0x0D000000040000000100000002000000030000000D0000000B0000000A00000008000000050000000600000007000000090000000C000000 IpSec Tag value is correct. **** End of log **** When Combofix ran a couple of days ago at the end it did a reboot. When it did that reboot it did not reboot into "Safe Mode with Networking" It rebooted into "regular mode" At that time I could access the internet and I thought my troubles were over, however, when I rebooted myself into "regular mode" I could not access the Internet. That was what I meant when I said "I spoke to soon" I am in Safe mode now"

Can not access the Internet with either IE 8 or Firefox. Pat

mbam-log-2012-07-26 (03-50-38).zipI spoke too soon only after the Combofix reboot did I have the Internet back. I am in safe mode now. Attached is the log from the Quik Scan zipped. Could not get back sooner was away. New PC comes today. Need impartial advice as to what will run well with Malwarebytes. Thanks, Pat

ComboFix.zipHere is the attachment again

It looks like I have the Internet back. This is not from safe mode. He only rebooted once. Combofix reported that Norton was active. I could not see it actuive. I had NO option to disable or stop it. My only option was to uninstall it. I let Combofix run anyway. I made a donation to the author of Combofix and if you or you folks accept donations let me know. Attached is the log from Combofix. I should note that the Norton I am running is the Comcast free version. It will not be on my new computer. I am looking for advice as to what I should run with Malwarebytes. I NEVER want to go through through this again. Can I assume that I can safely move what I need from this PC to my new PC?? Words fail me about you.

TDSSKiller.2.7.47.0_23.07.2012_14.38.34_log.zipGreat instructions. TDSKiller did not ask for a reboot. Attachesd is the Zipped report and Thanks!! Just to be sure I need to say that all of this was done in safe mode with networking.

RKreport1.txtQuarantineReport.txtIn Ref multiple posts I posted originnaly on Sunday but the post never appeared so I posted again today. I'm sorry for the confisusion. Thank you for your help the results are attached. Pat

Mr Charlie, I did not start a multiple thread. I am new to this and I posted originally Sunday when the po did not show up I posted again today.