1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved My search dial hijacked my home page

Discussion in 'Malware and Virus Removal Archive' started by sallnjackn, 2014/03/20.

Page 2 of 2
  1. 2014/03/24
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    Farbar Service Scanner Version: 25-02-2014
    Ran by Sallie (administrator) on 24-03-2014 at 19:56:51
    Running from "C:\Documents and Settings\Sallie\Desktop "
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Other Services:
    ==============


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    aswTdi(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) Tcpip6(9)
    0x0A00000005000000010000000200000003000000040000000A00000009000000060000000700000008000000
    IpSec Tag value is correct.

    **** End of log ****
     
    sallnjackn,
    #21
  2. 2014/03/25
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    Eset took over 5 hours. No threats! No log! What a pleasure working with you. This being windows XP I plan to use this drive in a USB enclosure in order to use my data. I will have Win 7 on my internal drive. I consider my problem RESOLVED and will mark it as such when I get your okay. Thank you for your help and patience.

    Sallie
     
    sallnjackn,
    #22


  3. to hide this advert.

  4. 2014/03/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
    broni,
    #23
  5. 2014/03/25
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    Hi Broni,
    My computer is running very nicely and it's much faster than it has been lately. I will keep it going for a few days just to be sure that all is well. I followed all of your suggestions and will keep the last note on my desk as a reminders to do all the checks every week. I'm sure that will help a lot. I will re download all the tools and watch like a hawk for programs hitchhiking on things I need to install. That's so irritating. Adobe Air said it needed updating and that's where I picked up the "mysearchdial ". Frankly I didn't remember why I got Adobe Air.

    Thank you for all your expertise and will keep you up to date on how XP is running. Sallie
     
    sallnjackn,
    #24
  6. 2014/03/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Way to go!! [​IMG]
    Good luck and stay safe :)
     
    broni,
    #25
  7. 2014/03/25
    sallnjackn

    sallnjackn Well-Known Member Thread Starter

    Joined:
    2005/02/04
    Messages:
    172
    Likes Received:
    0
    I accidentally unsubscribed to my own thread when I was looking around the page. I hope I got it subscribed to again. I was trying to find out how to mark a thread solved and found the thread tools but no option to mark it resolved. If anyone can help with that please do. Sallie
     
    sallnjackn,
    #26
  8. 2014/03/25
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    In this forum only I can do it and I just marked is a solved.
     
    broni,
    #27
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...