Spigot removal help.

My browser was hijacked a few days ago and everything was yahoo all of a sudden.

To day I get a windows 8 notification from action center with 3 problems.

One was to check my startup to speed things up and there was an entry I never heard of called spigot. In task manager it was listed as “SearchProtection Spigot Enabled Medium”

I googled for it and found a thread here and followed some steps and it told me to post some logs in a message from OTL.

http://forum.avast.com/index.php?PHPSESSID=gjrtlfq58cm82h8o3vnv65vnv1&topic=53253.0

I currently have the free Norton’s from Comcast. It seems the same as 360 minus parental controls possibly others I don’t know about.

I also purchased SuperAntiSpyware Pro a while back and it runs often. no reports of problems from either, other than some tracking cookies.

I should have previous scan logs if needed for these programs.

Any help will be greatly appreciated.
-=Mark=-

also attach AdwCleaner and Malwarebytes log…

Hi Mark

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.



:OTL
IE - HKU\S-1-5-21-832364309-2392195436-1852538002-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-832364309-2392195436-1852538002-1001\..\SearchScopes\{8372CE3C-9FCD-4041-A28B-E70AE4F7FD79}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p="
FF - user.js - File not found
[2013/08/23 16:27:53 | 000,000,915 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\qhi43xb5.default\searchplugins\yahoo.xml
O4 - HKU\S-1-5-21-832364309-2392195436-1852538002-1001..\Run: [SearchProtection] "C:\Users\Mark\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart File not found
O33 - MountPoints2\{ddc745d6-dae3-11e2-be66-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ddc745d6-dae3-11e2-be66-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\LaunchU3.exe" -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = "F:\LaunchU3.exe" -a

:Commands
[emptytemp]



[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

.

How’s it now?

Thanks Argus that seems to have my search providers off Yahoo.

However, IE came up with a, “Manage Add-Ons” menu and it lists only Bing as a search provider option. How do I get Google in there? I see no “add” search providers anywhere here.

Thanks so much for your help
-=Mark=-

Please download zoek.zip and save it to your desktop.

[*] Close any open browsers.

[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:



iedefaults;http://www.google.com
autoclean;
FFdefaults;
chrdefaults;


[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button
Please wait until a logreport will open (this can be after reboot)

[*] Save notepad to your Desktop and attach here zoek-results.log

Note: It will also create a log in the C:\ directory named “zoek-results.log

I ran it. It took a while to run, but it seems fine now.

Google is up and running.

Thanks again
-=Mark=-
ps. I found the add search providers at the bottom of the window in the footer or the window.

looks good, any problems?

Everything seems fine so far.

Thanks again
-=Mark=-

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[
] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

sweet, things are running smoothly.

thank again.
-=Mark=-