My browser was hijacked a few days ago and everything was yahoo all of a sudden.
To day I get a windows 8 notification from action center with 3 problems.
One was to check my startup to speed things up and there was an entry I never heard of called spigot. In task manager it was listed as “SearchProtection Spigot Enabled Medium”
I googled for it and found a thread here and followed some steps and it told me to post some logs in a message from OTL.
http://forum.avast.com/index.php?PHPSESSID=gjrtlfq58cm82h8o3vnv65vnv1&topic=53253.0
I currently have the free Norton’s from Comcast. It seems the same as 360 minus parental controls possibly others I don’t know about.
I also purchased SuperAntiSpyware Pro a while back and it runs often. no reports of problems from either, other than some tracking cookies.
I should have previous scan logs if needed for these programs.
Any help will be greatly appreciated.
-=Mark=-
Pondus
August 26, 2013, 5:42am
2
also attach AdwCleaner and Malwarebytes log…
system
August 26, 2013, 7:43am
3
Hi Mark
Re-run OTL.exe .
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
IE - HKU\S-1-5-21-832364309-2392195436-1852538002-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=714647&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-832364309-2392195436-1852538002-1001\..\SearchScopes\{8372CE3C-9FCD-4041-A28B-E70AE4F7FD79}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p="
FF - user.js - File not found
[2013/08/23 16:27:53 | 000,000,915 | ---- | M] () -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\qhi43xb5.default\searchplugins\yahoo.xml
O4 - HKU\S-1-5-21-832364309-2392195436-1852538002-1001..\Run: [SearchProtection] "C:\Users\Mark\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart File not found
O33 - MountPoints2\{ddc745d6-dae3-11e2-be66-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ddc745d6-dae3-11e2-be66-806e6f6e6963}\Shell\AutoRun\command - "" = "E:\LaunchU3.exe" -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = "F:\LaunchU3.exe" -a
:Commands
[emptytemp]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn’t appear, it can be found here:
c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
.
How’s it now?
Thanks Argus that seems to have my search providers off Yahoo.
However, IE came up with a, “Manage Add-Ons” menu and it lists only Bing as a search provider option. How do I get Google in there? I see no “add” search providers anywhere here.
Thanks so much for your help
-=Mark=-
system
August 26, 2013, 5:11pm
5
Please download zoek.zip and save it to your desktop.
[*] Close any open browsers.
[*] Temporarily disable your AntiVirus program. (If necessary )
If you are unsure how to do this please read this or this Instruction.
[*] Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*] Copy the text present inside the code box below and paste it into the large window in the zoek tool:
iedefaults;http://www.google.com
autoclean;
FFdefaults;
chrdefaults;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button
Please wait until a logreport will open (this can be after reboot)
[*] Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log ”
I ran it. It took a while to run, but it seems fine now.
Google is up and running.
Thanks again
-=Mark=-
ps. I found the add search providers at the bottom of the window in the footer or the window.
system
August 26, 2013, 7:22pm
7
looks good, any problems?
Everything seems fine so far.
Thanks again
-=Mark=-
system
August 27, 2013, 7:24am
9
Please download DelFix by “Xplode” to your Desktop.
Run the tool and check the following boxes below;
[] Remove disinfection tools
[ ] Create registry backup
[*] Purge System Restore
Now click on “Run ” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt )
Note: The report will also be stored on C:\DelFix.txt
I don’t need DelFix log report.
sweet, things are running smoothly.
thank again.
-=Mark=-