FINDGALA

Hi everyone:

Yesterday, I innocently enough did an IE search for trumpet music when WHAM!! I got an alarm system telling me I had serious threats to my computer and to download some program that looked legit enough. I did not, instead I ran my avast program, defender and CC and did not find anything out of the ordinary. I rebooted and looked at CC registry where I found a "Smart Engine" program which I promptly deleted. The problem however lies in the fact that when I type a web adress on my browser using IE "Findgala" pops up.. ANY suggestions on how to remove said offending program?? Its not in my programs list BTW!

Thanks

Ruth

Try this: Findgala Redirector Removal Guide see if one those matches your current issue.

I've done all of the above except the HOTSPERM.Bat suggestions as comp wont let it run.. Here is my HIJACK LOG..

Thanks

Ruth

StartupList report, 11/3/2010, 3:11:05 PM
StartupList version: 1.52.2
Started from : C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SK6OHG1\HijackThis[1].EXE
Detected: Windows 7 (WinNT 6.00.3504)
Detected: Internet Explorer v8.00 (8.00.7600.16671)
* Using default options
==================================================

Running processes:

C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SK6OHG1\HijackThis[1].exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

avast5 = "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
PDVDDXSrv = "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
Adobe Reader Speed Launcher = "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
AcroIEHelperStub - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

--------------------------------------------------

Enumerating Download Program Files:

[DellSystemLite.Scanner]
InProcServer32 = C:\Windows\Downloaded Program Files\DellSystemLite.ocx
CODEBASE = http://support.dell.com/systemprofiler/DellSystemLite.CAB

[{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll
NameSpace #7: C:\Program Files (x86)\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------
End of report, 4,397 bytes
Report generated in 0.016 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Edited by Blade Zephon, 03 November 2010 - 05:32 PM.
Moved to log forum. ~BZ

Cryptodan:

Any more suggestions? I posted my hijacklog for your review. As I said in my previous post I have done all the article suggested except run the host cleanup tool which FINDGALA wont let me do..

Help!

Ruth