help with removing spigot

Hi

My computer seems to have been infected with spigot, i’m pretty sure i got it via downloading utorrent which i have no uninstalled

I ran the 3 programs that were mentioned in previous posts and i’ve attached the logs, note i couldn’t attach the OTL log as its saying its to big

just wondering if i can get some help removing this damn thing!!

Thanks

L

do you have OTL.txt log ? … thats the important one

Perhaps the total size of the logs combined is too big. Try to attach only the otl log.

the OTL file is 560 KB in size, so its not letting me upload it

you can split it in two and use two posts…or upload to a file share site and give download link here

link for OTL.txt: http://www.sendspace.com/file/q7tls0

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.

Then…

Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Hey

see attached

Thanks

L

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

HKCU\...\Run: [SearchProtection] - "C:\Users\Luke\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
C:\Users\Luke\AppData\Roaming\Search Protection
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=714647&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {9E1004DD-500F-4BD6-9AB0-49BB1A259E27} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://search.yahoo.com/?type=714647&fr=spigot-yhp-ff
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms}
C:\Users\Luke\AppData\Local\Temp\Checkupdate.exe
C:\Users\Luke\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Luke\AppData\Local\Temp\gcapi_dll.dll
C:\Users\Luke\AppData\Local\Temp\gtapi_signed.dll
C:\Users\Luke\AppData\Local\Temp\Quarantine.exe
C:\Users\Luke\AppData\Local\Temp\uttACA7.tmp.exe
hosts:
cmd: ipconfig /flushdns
cmd: netsh winsock reset

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

Hi

see attached log

L

How are the things now?

google chrome is still using yahoo search as the default search engine

Then set it the way you like :slight_smile:

https://support.google.com/chrome/answer/95426?hl=en
https://support.google.com/chrome/answer/95314

Let me know if you succeded?

yeah cool got it sorted, everything seems to be good now, thanks a million for your help

anything else i need to do?

Terrific, only thing left is to remove used tools :slight_smile:

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

Cheers

all done and its deleted all the programs i previously downloaded