Spigot Removed but Browser Still Redirecting

[Nitu]

I was alerted to infection from Webroot Secure when I turned on Machine on 12/26/213. Spent a few hours following removal guide but now IE and Mozilla are redirected to "http://search.yahoo.com/?type=198484&fr=spigot-yhp-ff" Chrome I was able to correct using the instructions.

Your Help Will be appreciated.

Attaching Logs for AdwCleaner and FRST Scan log but could not get aswmbr to run properly. Will try again and post in the AM.

Thank You

 

[TwinHeadedEagle]

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.

 

[Nitu]

Did as instructed. Attaching the file. Do you still need the log from aswMBR?

Opening up IE or Mozilla there is no more redirecting am going to keep fingers crossed.

 

[TwinHeadedEagle]

Good

We need another check:


Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  
  

  createsrpoint; 
  StandardSearch; 
  emptyfolderscheck; 
  installer-list; 
  installedprogs; 
  uninstall-list;

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

Then...



Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.

• Wait for initial scan to finish - if there is any query, click No;
• Click Scan button and wait until the full scan is complete;
• Click Save ... - save the report to the Desktop (named Gmer );

> Attach here Gmer logreports.

 

[Nitu]

Okay here are the two logs you requested..still keeping my fingers crossed.

Thank You

 

[TwinHeadedEagle]

> Re-run zoek with this script and attach here fresh zoek log results.

autoclean;
emptyalltemp;
emptyclsid;
shortcutfix;
emptyfolderscheck;delete
ipconfig /flushdns >> %temp%\log.txt;b
iedefaults;
C:\Program Files (x86)\IObit Apps Toolbar;fs

Then...



Download TDSSKiller and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Confirm "End user Licence Agreement" and "KSN Statement" dialog box by clicking on Accept button.

• Press Start Scan
• If Suspicious object is detected, the default action will be Skip, click on Continue.
• If Malicious objects are found, select Cure.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.

 

[Nitu]

Attached are both files you requested. Hope my pc not gets a clean bill of health

 

[TwinHeadedEagle]

One more fix and, we're done.

> Re-run zoek with this script and attach here fresh zoek log results.

lipgolpfajiadodbcbljdpmbmbdmfcil;chr
emptyclsid;
autoclean;
emptyalltemp;

How are the thins now?

 

[Nitu]

Sorry for delay..work got in the way. Here is the log from zoek. so far things look good.

 

[TwinHeadedEagle]

Good, then we're done here


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;

• Remove disinfection tools
• Create registry backup
• Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.