Jump to content

Windows 7-IE browser hi-jack


Recommended Posts

My son aquired the gala redirect bug 2 days ago and has apparently tried to remove it on his own :) He d/l several programs in an attempt to remove it (Glary,Iobit and idk what.) I can tell you that attempting to do a search results in search settings v1.2.3 Spigot inc. installation windows open but nothing installs.I would really appreciate it if you could direct me to the correct software and ideas on solving these issues.

Idk if the gala files are still installed.I can tell you he tried :

Open the Start menu, then select Run...

- In the blank next to Open, type "c:\windows\system32\drivers\etc" without the quotes, then hit OK.

- Select the Tools menu (toward the top, between Favorites and Help)

- Select Folder Options in the Tools menu, then click the View tab

- Under Advanced Settings, select the radio button beside "Show hidden files and folders"

- Uncheck the box next to "Hide protected operating system files..."

- A warning window will appear, select Yes, then hit OK

- Right-click the file named "hosts" and select Properties.

- Under the General tab, uncheck the box next to Read-only (if it is blank, leave it as is).

- Hit OK.

- Right-click the file named "hosts" again and select Open-With

Link to post
Share on other sites

Oh he also used SF IE Restorator,his friend suggested it would repair the search settings v1.2.3 spigot inc issues. :P So he ran all repairs including Winsock.

Here is where the root of it seems to be, Spybot report

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SDWinSec.exe (1.0.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-03-05 TeaTimer.exe (1.6.6.32)

2010-09-19 unins000.exe (51.49.0.0)

2010-09-20 unins001.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-11-04 advcheck.dll (1.6.5.20)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2010-06-29 Includes\Adware.sbi

2010-08-24 Includes\AdwareC.sbi

2010-08-13 Includes\Cookies.sbi

2009-11-03 Includes\Dialer.sbi

2010-07-27 Includes\DialerC.sbi

2010-01-25 Includes\HeavyDuty.sbi

2009-05-26 Includes\Hijackers.sbi

2010-07-27 Includes\HijackersC.sbi

2010-06-29 Includes\iPhone.sbi

2010-08-02 Includes\Keyloggers.sbi

2010-08-31 Includes\KeyloggersC.sbi

2004-11-29 Includes\LSP.sbi

2010-09-13 Includes\Malware.sbi

2010-09-14 Includes\MalwareC.sbi

2010-05-18 Includes\PUPS.sbi

2010-09-14 Includes\PUPSC.sbi

2010-01-25 Includes\Revision.sbi

2009-01-13 Includes\Security.sbi

2010-07-27 Includes\SecurityC.sbi

2008-06-03 Includes\Spybots.sbi

2008-06-03 Includes\SpybotsC.sbi

2010-06-29 Includes\Spyware.sbi

2010-07-27 Includes\SpywareC.sbi

2010-03-08 Includes\Tracks.uti

2010-08-04 Includes\Trojans.sbi

2010-07-28 Includes\TrojansC-02.sbi

2010-07-28 Includes\TrojansC-03.sbi

2010-07-28 Includes\TrojansC-04.sbi

2010-09-15 Includes\TrojansC-05.sbi

2010-09-13 Includes\TrojansC.sbi

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, Adobe ARM

command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

size: 976832

MD5: 0B232C77D822983397674AEEC9AB59DC

Located: HK_LM:Run, Bing Bar

command: "C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe"

file: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1363.0\mswinext.exe

size: 243032

MD5: 5CEFDF4CF4B6957316A7384B17A491EB

Located: HK_LM:Run, dellsupportcenter

command: "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

file: C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

size: 206064

MD5: 00D1FB0073B4A8BD2989EA8FF4CC792B

Located: HK_LM:Run, Microsoft Default Manager

command: "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

file: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

size: 288088

MD5: 9ED4F1D990A3D16112155EA2D50E7975

Located: HK_LM:Run, SunJavaUpdateSched

command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

size: 248552

MD5: 93DB1FF92B03D24738A71E6E4992DFD3

Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)

command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

size: 35760

MD5: A32B25970003B6ABA027EFF8EEDA12A3

Located: HK_LM:Run, avgnt (DISABLED)

command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

size: 282792

MD5: CF4A0E2C240501C826977ACC5F0E8411

Located: HK_LM:Run, IAStorIcon (DISABLED)

command: C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

file: C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

size: 284696

MD5: 25107F58D1B8F60D67D1EE95798C0DE8

Located: HK_LM:Run, PDVDDXSrv (DISABLED)

command: "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

file: C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe

size: 140520

MD5: C07A6F058A7DB354EBEE77DF9537127A

Located: HK_LM:Run, SearchSettings (DISABLED) <----------Vendio "Search Settings" foistware .startup list according to spybot .

command: C:\Program Files (x86)\Search Settings\SearchSettings.exe

file: C:\Program Files (x86)\Search Settings\SearchSettings.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_LM:Run, TkBellExe (DISABLED)

command: "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

file: C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

size: 202256

MD5: 9ACE8ECDB1EBC519F48AA65DE5875573

Located: HK_LM:RunOnce, Launcher (DISABLED)

command: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

file: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe

size: 165104

MD5: FBFC1555B320EF4F6F80D740A041DFB1

Located: HK_LM:RunOnceEx, ContentMerger (DISABLED)

command: c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe

file: c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe

size: 19952

MD5: 3431100ADEAA484A1A36BC4623097420

Located: HK_CU:Run, Sidebar

where: S-1-5-19...

command: %ProgramFiles(x86)%\Windows Sidebar\Sidebar.exe /autoRun

file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

size: 1173504

MD5: EA6EADF6314E43783BA8EEE79F93F73C

Located: HK_CU:RunOnce, mctadmin

where: S-1-5-19...

command: C:\Windows\System32\mctadmin.exe

file: C:\Windows\System32\mctadmin.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar

where: S-1-5-20...

command: %ProgramFiles(x86)%\Windows Sidebar\Sidebar.exe /autoRun

file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe

size: 1173504

MD5: EA6EADF6314E43783BA8EEE79F93F73C

Located: HK_CU:RunOnce, mctadmin

where: S-1-5-20...

command: C:\Windows\System32\mctadmin.exe

file: C:\Windows\System32\mctadmin.exe

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_CU:Run, Cricket Broadband

where: S-1-5-21-331698588-3890817700-464814031-1000...

command: C:\Program Files (x86)\Cricket\Cricket Broadband\Cricket Broadband.exe

file: C:\Program Files (x86)\Cricket\Cricket Broadband\Cricket Broadband.exe

size: 9256165

MD5: E26069AE5B40B96B3545AF303C48C347

Located: HK_CU:Run, POP Peeper

where: S-1-5-21-331698588-3890817700-464814031-1000...

command: "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -min

file: C:\Program Files (x86)\POP Peeper\POPPeeper.exe

size: 1511424

MD5: 677F614F5FC422A180AF17A9E65FCD9E

Located: HK_CU:Run, Pando Media Booster (DISABLED)

where: S-1-5-21-331698588-3890817700-464814031-1000...

command: "C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"

file: C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

size: 2937528

MD5: 7C6FCBAF1BE7513C5BC5B90519EE59DF

Located: Startup (common), Digital Line Detect.lnk (DISABLED)

where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...

command: C:\Program Files (x86)\Digital Line Detect\DLG.exe

file: C:\Program Files (x86)\Digital Line Detect\DLG.exe

size: 50688

MD5: F03FFC962E18F36A922E61F96BE09925

Now do you have any how to remove this?

Link to post
Share on other sites

Hi,

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Link to post
Share on other sites

  • 3 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.