Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FINDGALA


  • Please log in to reply
3 replies to this topic

#1 Ruth P

Ruth P

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 03 November 2010 - 02:22 PM

Hi everyone:

Yesterday, I innocently enough did an IE search for trumpet music when WHAM!! I got an alarm system telling me I had serious threats to my computer and to download some program that looked legit enough. I did not, instead I ran my avast program, defender and CC and did not find anything out of the ordinary. I rebooted and looked at CC registry where I found a "Smart Engine" program which I promptly deleted. The problem however lies in the fact that when I type a web adress on my browser using IE "Findgala" pops up.. ANY suggestions on how to remove said offending program?? Its not in my programs list BTW!

Thanks

Ruth

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:05 AM

Posted 03 November 2010 - 02:25 PM

Try this: Findgala Redirector Removal Guide see if one those matches your current issue.

#3 Ruth P

Ruth P
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 03 November 2010 - 05:22 PM

I've done all of the above except the HOTSPERM.Bat suggestions as comp wont let it run.. Here is my HIJACK LOG..

Thanks

Ruth

StartupList report, 11/3/2010, 3:11:05 PM
StartupList version: 1.52.2
Started from : C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SK6OHG1\HijackThis[1].EXE
Detected: Windows 7 (WinNT 6.00.3504)
Detected: Internet Explorer v8.00 (8.00.7600.16671)
* Using default options
==================================================

Running processes:

C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\Ruth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1SK6OHG1\HijackThis[1].exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

avast5 = "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
PDVDDXSrv = "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
Adobe Reader Speed Launcher = "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4efb-9B51-7695ECA05670}
AcroIEHelperStub - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
(no name) - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

--------------------------------------------------

Enumerating Download Program Files:

[DellSystemLite.Scanner]
InProcServer32 = C:\Windows\Downloaded Program Files\DellSystemLite.ocx
CODEBASE = http://support.dell.com/systemprofiler/DellSystemLite.CAB

[{E2883E8F-472F-4FB0-9522-AC9BF37916A7}]
CODEBASE = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #4: C:\Windows\system32\napinsp.dll
NameSpace #5: C:\Windows\system32\pnrpnsp.dll
NameSpace #6: C:\Windows\system32\pnrpnsp.dll
NameSpace #7: C:\Program Files (x86)\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------
End of report, 4,397 bytes
Report generated in 0.016 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Edited by Blade Zephon, 03 November 2010 - 05:32 PM.
Moved to log forum. ~BZ


#4 Ruth P

Ruth P
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 05 November 2010 - 10:05 AM

Cryptodan:

Any more suggestions? I posted my hijacklog for your review. As I said in my previous post I have done all the article suggested except run the host cleanup tool which FINDGALA wont let me do..

Help!

Ruth




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users