Jump to content

Infected with spigot redirect

Recommended Posts

Hi I'm not very skilled or knowledgeable in IT so I'm really having a hard time now, apparently I found my laptop to be infected with the spigot redirect virus after reading up online and finding similar symptoms. I believe I've gotten it while I updated my bittorent a few days ago, I've since removed it and the spigot search protection that were showing up in the control panel, but the problem of redirecting still persists and I'm really worried and scared that it would harm my computer and compromise my safety in any way (as I heard that it may steal information and such). I'm new to the forum so I may not be familiar with all the things around but I'll try to comprehend.
Here are the dds and attach 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16688
Run by tiongahbang at 22:45:33 on 2013-09-17
Microsoft Windows 8  6.2.9200.0.932.81.1033.18.12173.9997 [GMT 8:00]
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
============== Pseudo HJT Report ===============
mWinlogon: Userinit = userinit.exe
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1209\1.0.1209\TmopIEPlg32.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: 85CD7B47-1F00-1362-11AE-1A8ED03ED6D0 Class: {85CD7B47-1F00-1362-11AE-1A8ED03ED6D0} - 
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe32.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
uRun: [bambooScribe.exe] "C:\Program Files (x86)\Vision Objects\Bamboo Scribe\BambooScribe.exe" /i
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\\AsusWSPanel.exe /S
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
StartupFolder: C:\Users\tiong\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
IE: &迅雷下?到手机 - <no file>
IE: & - <no file>
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
TCP: NameServer =
TCP: Interfaces\{5EF04FEA-E34D-4068-9435-E6CDCC49B528} : DHCPNameServer =
TCP: Interfaces\{C0DC10C9-486B-40BA-B222-2A35296937E5} : DHCPNameServer =
TCP: Interfaces\{C0DC10C9-486B-40BA-B222-2A35296937E5}\140707C6562E08993702960586F6E656 : DHCPNameServer =
TCP: Interfaces\{C0DC10C9-486B-40BA-B222-2A35296937E5}\14474756E64616E636560465963647F6279616A434 : DHCPNameServer =
TCP: Interfaces\{C0DC10C9-486B-40BA-B222-2A35296937E5}\75962756C65637370465963647F6279616A434 : DHCPNameServer =
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - 
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1209\1.0.1209\TmopIEPlg32.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll,C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: {004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - <orphaned>
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1209\1.0.1209\TmopIEPlg.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe64.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [btPreLoad] "C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe"
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - 
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.5.1136\7.5.1136\TmBpIe64.dll
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20013\1.0.1209\1.0.1209\TmopIEPlg.dll
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
============= SERVICES / DRIVERS ===============
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-5 645952]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\Drivers\mfehidk.sys [2012-6-22 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\Drivers\mfewfpk.sys [2012-6-22 340216]
R0 nvpciflt;nvpciflt;C:\Windows\System32\Drivers\nvpciflt.sys [2012-10-9 30056]
R0 TMEBC;TMEBC;C:\Windows\System32\Drivers\TMEBC64.sys [2013-3-11 46392]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-8 17536]
R1 tmevtmgr;tmevtmgr;C:\Windows\System32\Drivers\tmevtmgr.sys [2013-3-11 77184]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2013-3-11 310952]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-14 277120]
R2 AtherosSvc;AtherosSvc;C:\Windows\System32\AdminService.exe [2012-8-29 208384]
R2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-3-21 135824]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-21 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-11-20 166720]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-8-5 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-8-5 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-8-5 182752]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-3-19 1901752]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 tmusa;Trend Micro Osprey Driver;C:\Windows\System32\Drivers\tmusa.sys [2013-3-11 92456]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-11-20 365376]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-3-11 619904]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\Drivers\AiCharger.sys [2012-7-25 17152]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\Drivers\AsusTP.sys [2012-10-31 61824]
R3 BtFilter;BtFilter;C:\Windows\System32\Drivers\btfilter.sys [2012-8-29 565760]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-26 202752]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\Windows\System32\Drivers\AsHIDSwitch64.sys [2012-9-4 21152]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-9-4 342528]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\Drivers\mfeavfk.sys [2012-6-22 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\Drivers\mfefirek.sys [2012-6-22 515968]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-11-20 294544]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-11-20 683664]
R3 tmeevw;tmeevw;C:\Windows\System32\Drivers\tmeevw.sys [2013-3-11 94520]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\Windows\System32\Drivers\mfeelamk.sys [2012-6-19 69168]
S0 tmel;tmel;C:\Windows\System32\Drivers\tmel.sys [2013-3-11 34224]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [?]
S2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\Drivers\cfwids.sys [2012-6-22 70112]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudbus.sys [2013-2-6 102936]
S3 hidkmdf;KMDF Driver;C:\Windows\System32\Drivers\hidkmdf.sys [2013-3-11 13728]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\Drivers\HipShieldK.sys [2013-3-11 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\Drivers\mferkdet.sys [2012-6-22 106552]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\Drivers\ssudmdm.sys [2013-2-6 203544]
S3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\Drivers\wachidrouter.sys [2013-3-11 81824]
S3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\Drivers\wacomrouterfilter.sys [2013-3-11 15776]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-26 198656]
=============== Created Last 30 ================
2013-09-17 14:09:16 -------- d-----w- C:\Users\tiong\AppData\Roaming\Malwarebytes
2013-09-17 14:08:21 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-17 14:08:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-09-17 14:08:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-17 12:49:00 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B0B5B415-BF9E-4CC8-B6BA-3A200259FAA4}\mpengine.dll
2013-09-16 10:33:58 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-09-12 23:23:34 965008 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{14983E97-C3EB-4FD9-B59F-96627E4C4916}\gapaengine.dll
2013-09-11 13:08:57 4038144 ----a-w- C:\Windows\System32\win32k.sys
==================== Find3M  ====================
2013-09-17 14:35:00 408 ----a-w- C:\Users\tiong\AppData\Roaming\sp_data.sys
2013-09-05 20:09:17 78296 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09:17 694232 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-21 04:12:06 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-21 04:11:59 915968 ----a-w- C:\Windows\System32\uxtheme.dll
2013-08-21 04:11:59 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-08-21 04:11:07 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-21 04:11:04 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-21 04:11:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-21 02:34:51 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-21 02:06:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-21 02:06:06 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-08-21 02:05:28 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-21 02:05:25 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-21 02:05:25 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-21 01:43:54 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-20 23:52:56 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
2013-08-16 05:41:13 58200 ----a-w- C:\Windows\System32\drivers\dam.sys
2013-08-16 05:39:26 2371728 ----a-w- C:\Windows\System32\WSService.dll
2013-08-16 05:32:48 209200 ----a-w- C:\Windows\System32\NotificationUI.exe
2013-08-16 05:22:22 40448 ----a-w- C:\Windows\System32\wuapp.exe
2013-08-16 05:22:11 4917760 ----a-w- C:\Windows\System32\sppsvc.exe
2013-08-16 05:20:30 105984 ----a-w- C:\Windows\System32\WinSetupUI.dll
2013-08-15 22:43:21 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\Windows\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\Windows\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\Windows\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\Windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\Windows\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\Windows\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\Windows\SysWow64\sppc.dll
2013-07-13 06:18:21 337408 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-13 06:16:06 68096 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-13 06:16:06 1889280 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-13 06:15:53 98304 ----a-w- C:\Windows\System32\apprepsync.dll
2013-07-13 06:15:53 124416 ----a-w- C:\Windows\System32\apprepapi.dll
2013-07-13 04:24:58 261120 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-13 04:23:11 1568256 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-13 04:23:03 87040 ----a-w- C:\Windows\SysWow64\apprepapi.dll
2013-07-13 04:23:03 74240 ----a-w- C:\Windows\SysWow64\apprepsync.dll
2013-07-09 08:04:07 120144 ----a-w- C:\Windows\System32\drivers\msgpioclx.sys
2013-07-09 06:18:21 439488 ----a-w- C:\Windows\System32\WerFault.exe
2013-07-09 06:07:17 2233168 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-07-09 04:25:45 385768 ----a-w- C:\Windows\SysWow64\WerFault.exe
2013-07-09 03:57:19 245760 ----a-w- C:\Windows\SysWow64\LocationApi.dll
2013-07-08 22:46:00 543744 ----a-w- C:\Windows\System32\wwanmm.dll
2013-07-08 22:46:00 414208 ----a-w- C:\Windows\System32\wwanconn.dll
2013-07-08 22:46:00 370688 ----a-w- C:\Windows\System32\Wwanadvui.dll
2013-07-08 22:45:16 312832 ----a-w- C:\Windows\System32\LocationApi.dll
2013-07-06 00:16:17 1025024 ----a-w- C:\Windows\System32\localspl.dll
2013-07-03 00:23:43 391168 ----a-w- C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:23:12 778752 ----a-w- C:\Windows\System32\oleaut32.dll
2013-07-03 00:22:26 1300480 ----a-w- C:\Windows\System32\gdi32.dll
2013-07-03 00:11:23 268800 ----a-w- C:\Windows\SysWow64\Windows.Networking.BackgroundTransfer.dll
2013-07-03 00:11:02 551424 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2013-07-02 00:44:14 36288 ----a-w- C:\Windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49 247216 ----a-w- C:\Windows\System32\drivers\WdFilter.sys
2013-06-30 22:30:14 67072 ----a-w- C:\Windows\SysWow64\openfiles.exe
2013-06-30 22:29:22 77312 ----a-w- C:\Windows\System32\openfiles.exe
2013-06-29 06:15:54 195416 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-06-29 06:15:47 125784 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-06-29 05:43:16 327512 ----a-w- C:\Windows\System32\drivers\Classpnp.sys
2013-06-29 01:12:01 1022464 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-06-26 03:01:38 321536 ----a-w- C:\Windows\System32\drivers\udfs.sys
2013-06-26 02:59:34 341504 ----a-w- C:\Windows\System32\drivers\HdAudio.sys
2013-06-24 22:54:52 447488 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-24 22:54:45 74240 ----a-w- C:\Windows\System32\wcmcsp.dll
2013-06-24 22:54:45 263680 ----a-w- C:\Windows\System32\wcmsvc.dll
2013-06-20 19:05:36 35272 ----a-w- C:\Windows\xinstaller.exe
2013-06-20 19:05:34 80328 ----a-w- C:\Windows\xinstaller.dll
============= FINISH: 22:45:44.22 ===============
DDS (Ver_2012-11-20.01)
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 10/3/2013 11:28:45 PM
System Uptime: 17/9/2013 10:33:46 PM (0 hours ago)
Motherboard: ASUSTeK COMPUTER INC. |  | K55VJ
Processor: Intel® Core i7-3630QM CPU @ 2.40GHz | SOCKET 0 | 2401/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 279 GiB total, 129.935 GiB free.
D: is FIXED (NTFS) - 398 GiB total, 134.38 GiB free.
E: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP29: 14/8/2013 4:22:04 PM - Windows Update
RP30: 25/8/2013 3:41:11 PM - Scheduled Checkpoint
RP31: 13/9/2013 8:09:31 AM - Windows Update
==== Installed Programs ======================
Adobe AIR
Adobe Reader X (10.1.8) MUI
ASUS Instant Connect
ASUS InstantOn
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS Tutor
ASUS USB Charger Plus
ASUS WebStorage Sync Agent
ATK Package
Bamboo Dock
Corel Painter Essentials 4
EPSON L210 Series Printer Uninstall
Epson User's Guide L210 Series
foobar2000 v1.2.4
Google Chrome
Google Update Helper
Intel® Management Engine Components
Intel® Processor Graphics
Intel® SDK for OpenCL - CPU Only Runtime Package
IntelR Trusted Connect Service Client
Malwarebytes Anti-Malware version
Microsoft Office Professional Plus 2013 - en-us
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mp3tag v2.57
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA PhysX System Software 9.12.0613
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
openCanvas Lite
Qualcomm Atheros Client Installation Program
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Shared C Run-time for x64
Trend Micro Titanium
Trend Micro Titanium Internet Security
Update for Japanese Microsoft IME Postal Code Dictionary
Update for Japanese Microsoft IME Standard Dictionary
Update for Japanese Microsoft IME Standard Extended Dictionary
VLC media player 2.0.6
WebTablet FB Plugin 32 bit
WebTablet FB Plugin 64 bit
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012
WinRAR 4.20 (64-bit)
微??音?捷 2012 流行??更新 (KB2723161)
==== Event Viewer Messages From Past Week ========
17/9/2013 9:21:00 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
17/9/2013 10:37:31 PM, Error: Service Control Manager [7000]  - The McAfee VirusScan Announcer service failed to start due to the following error:  The system cannot find the file specified.
17/9/2013 10:37:31 PM, Error: Service Control Manager [7000]  - The McAfee Services service failed to start due to the following error:  The system cannot find the file specified.
17/9/2013 10:37:31 PM, Error: Service Control Manager [7000]  - The McAfee Network Agent service failed to start due to the following error:  The system cannot find the file specified.
17/9/2013 10:34:33 PM, Error: Service Control Manager [7000]  - The McAfee Proxy Service service failed to start due to the following error:  The system cannot find the file specified.
17/9/2013 10:34:33 PM, Error: Service Control Manager [7000]  - The McAfee Personal Firewall Service service failed to start due to the following error:  The system cannot find the file specified.
17/9/2013 10:34:33 PM, Error: Service Control Manager [7000]  - The McAfee Anti-Spam Service service failed to start due to the following error:  The system cannot find the file specified.
17/9/2013 10:33:29 PM, Error: Service Control Manager [7043]  - The Group Policy Client service did not shut down properly after receiving a pre-shutdown control.
13/9/2013 9:18:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8007045B: Update for Windows 8 for x64-based Systems (KB2871389).
13/9/2013 9:18:50 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8007045B: Update for Windows 8 for x64-based Systems (KB2862768).
13/9/2013 9:18:49 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8007045B: Update for Microsoft .NET Framework 3.5 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2836946).
13/9/2013 11:29:05 PM, Error: Service Control Manager [7034]  - The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
==== End Of File ===========================


Thanks, I hope there's a way to solve the problem and removing the spigot thing for good

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

Hi Marius thanks for your reply, here's the log


aswMBR version Copyright© 2011 AVAST Software
Run date: 2013-09-17 23:05:45
23:05:45.462    OS Version: Windows x64 6.2.9200 
23:05:45.462    Number of processors: 8 586 0x3A09
23:05:45.462    ComputerName: TIONGAHBANG  UserName: tiongahbang
23:05:47.138    Initialze error 1 
23:09:58.328    AVAST engine defs: 13091700
23:10:15.750    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000003f
23:10:15.753    Disk 0 Vendor: WDC_WD7500BPVT-80HXZT3 01.01A01 Size: 715404MB BusType: 11
23:10:15.797    Disk 0 MBR read successfully
23:10:15.800    Disk 0 MBR scan
23:10:15.815    Disk 0 unknown MBR code
23:10:15.820    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
23:10:15.836    Disk 0 scanning C:\Windows\system32\drivers
23:10:15.840    Service scanning
23:10:16.460    Modules scanning
23:10:16.466    Disk 0 trace - called modules:
23:10:16.475    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys 
23:10:16.483    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800c8ef060]
23:10:16.489    3 CLASSPNP.SYS[fffff88000a8ce0a] -> nt!IofCallDriver -> [0xfffffa800a6b7c00]
23:10:16.495    5 ACPI.sys[fffff88000e93a91] -> nt!IofCallDriver -> \Device\0000003f[0xfffffa800a6b7060]
23:10:16.502    AVAST engine scan C:\Windows
23:10:16.509    AVAST engine scan C:\Windows\system32
23:10:16.516    AVAST engine scan C:\Windows\system32\drivers
23:10:16.523    AVAST engine scan C:\Users\tiong
23:10:16.530    AVAST engine scan C:\ProgramData
23:10:16.536    Scan finished successfully
23:10:22.321    Disk 0 MBR has been saved successfully to "C:\Users\tiong\Documents\MBR.dat"
23:10:22.333    The log file has been saved successfully to "C:\Users\tiong\Documents\aswMBR.txt"
Link to post
Share on other sites


Combofix should only be run when adviced by a team member!


Important - Save the file to your desktop!

  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

Hi Marius here's the log


ComboFix 13-09-17.01 - tiongahbang 9/2013 Tue  23:50:42.2.8 - x64
Microsoft Windows 8  6.2.9200.0.932.81.1033.18.12173.9959 [GMT 8:00]
Running from: c:\users\tiong\Downloads\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\tiong\AppData\Local\Microsoft\Windows\Temporary Internet Files\tipcondition_v1.3.dat
(((((((((((((((((((((((((   Files Created from 2013-08-17 to 2013-09-17  )))))))))))))))))))))))))))))))
2013-09-17 15:58 . 2013-09-17 15:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-17 15:58 . 2013-09-17 15:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-17 15:58 . 2013-09-17 15:58 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-09-17 14:09 . 2013-09-17 14:09 -------- d-----w- c:\users\tiong\AppData\Roaming\Malwarebytes
2013-09-17 14:08 . 2013-09-17 14:08 -------- d-----w- c:\programdata\Malwarebytes
2013-09-17 14:08 . 2013-09-17 14:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-09-17 14:08 . 2013-04-04 06:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-17 12:49 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0B5B415-BF9E-4CC8-B6BA-3A200259FAA4}\mpengine.dll
2013-09-13 01:22 . 2013-09-13 01:22 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2013-09-12 23:23 . 2013-09-04 13:58 965008 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{14983E97-C3EB-4FD9-B59F-96627E4C4916}\gapaengine.dll
2013-09-11 13:09 . 2013-08-21 04:11 19246592 ----a-w- c:\windows\system32\mshtml.dll
2013-09-11 13:08 . 2013-08-03 04:30 4038144 ----a-w- c:\windows\system32\win32k.sys
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
2013-09-17 14:35 . 2013-03-10 15:31 408 ----a-w- c:\users\tiong\AppData\Roaming\sp_data.sys
2013-09-13 01:15 . 2013-03-11 10:13 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-12 23:23 . 2013-03-19 08:46 564432 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-09-05 20:09 . 2012-07-26 08:14 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:09 . 2012-07-26 08:14 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-21 10:00 . 2013-03-11 09:13 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-07-13 06:18 . 2013-08-14 08:04 337408 ----a-w- c:\windows\system32\wintrust.dll
2013-07-13 06:16 . 2013-08-14 08:04 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-07-13 06:16 . 2013-08-14 08:04 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-13 06:15 . 2013-08-14 08:04 98304 ----a-w- c:\windows\system32\apprepsync.dll
2013-07-13 06:15 . 2013-08-14 08:04 124416 ----a-w- c:\windows\system32\apprepapi.dll
2013-07-13 04:24 . 2013-08-14 08:04 261120 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-13 04:23 . 2013-08-14 08:04 1568256 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-13 04:23 . 2013-08-14 08:04 87040 ----a-w- c:\windows\SysWow64\apprepapi.dll
2013-07-13 04:23 . 2013-08-14 08:04 74240 ----a-w- c:\windows\SysWow64\apprepsync.dll
2013-07-09 06:07 . 2013-08-14 08:05 2233168 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-07-02 00:44 . 2013-08-15 18:50 36288 ----a-w- c:\windows\system32\drivers\WdBoot.sys
2013-07-01 22:08 . 2013-08-15 18:50 247216 ----a-w- c:\windows\system32\drivers\WdFilter.sys
2013-06-20 19:05 . 2013-06-20 19:05 35272 ----a-w- c:\windows\xinstaller.exe
2013-06-20 19:05 . 2013-06-20 19:05 80328 ----a-w- c:\windows\xinstaller.dll
2013-06-20 11:09 . 2013-05-05 15:01 408 ----a-w- c:\users\Guest\AppData\Roaming\sp_data.sys
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
2013-09-12 23:25 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
2013-09-12 23:25 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
2013-09-12 23:25 1724616 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
2013-06-20 19:05 373704 ----a-w- c:\users\Public\Thunder Network\KanKan\reghelper\xappex.
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-09-03 40312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2013-03-08 95192]
"ASUSWebStorage"="c:\program files (x86)\ASUS\WebStorage Sync Agent\\AsusWSPanel.exe" [2012-08-28 3417984]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2012-10-16 646744]
c:\users\tiong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2013-9-13 158896]
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2012-11-20 549040]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\3DVISI~1\nvStInit.dll c:\windows\SysWOW64\nvinit.dll
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R0 tmel;tmel;c:\windows\system32\DRIVERS\tmel.sys;c:\windows\SYSNATIVE\DRIVERS\tmel.sys [x]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\System32\drivers\hidkmdf.sys;c:\windows\SYSNATIVE\drivers\hidkmdf.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 TMEBC;TMEBC;c:\windows\system32\DRIVERS\TMEBC64.sys;c:\windows\SYSNATIVE\DRIVERS\TMEBC64.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys;c:\windows\SYSNATIVE\DRIVERS\tmevtmgr.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x]
S2 AtherosSvc;AtherosSvc;c:\windows\system32\AdminService.exe;c:\windows\SYSNATIVE\AdminService.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 tmusa;Trend Micro Osprey Driver;c:\windows\system32\DRIVERS\tmusa.sys;c:\windows\SYSNATIVE\DRIVERS\tmusa.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 ATP;ASUS PS/2 Port Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys;c:\windows\SYSNATIVE\DRIVERS\tmeevw.sys [x]
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
XLServicePlatform REG_MULTI_SZ   XLServicePlatform
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-07 00:15 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
Contents of the 'Scheduled Tasks' folder
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11 09:47]
2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-11 09:47]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
2013-09-12 23:25 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
2013-09-12 23:25 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
2013-09-12 23:25 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\\AsusWSShellExt64.dll
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\\AsusWSShellExt64.dll
2012-03-13 09:23 1500672 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\\AsusWSShellExt64.dll
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-31 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-31 398656]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-20 13192848]
"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-08-25 107192]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2013-05-29 1374328]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2013-02-04 209712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\NVIDIA~1\3DVISI~1\nvStInit64.dll c:\windows\System32\nvinitx.dll
------- Supplementary Scan -------
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer =
- - - - ORPHANS REMOVED - - - -
BHO-{85CD7B47-1F00-1362-11AE-1A8ED03ED6D0} - c:\program files (x86)\Thunder Network\Thunder\BBInside\{85CD7B47-1F00-1362-11AE-1A8ED03ED6D0}\AddressBar.dll
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-BambooScribe.exe - c:\program files (x86)\Vision Objects\Bamboo Scribe\BambooScribe.exe
Wow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe
Wow6432Node-HKLM-Run-WinampAgent - c:\program files (x86)\Winamp\winampa.exe
BHO-{004B0726-A010-4ABF-8556-FCDB7F1FCA1E} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-BtPreLoad - c:\program files (x86)\Bluetooth Suite\BtPreLoad.exe
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-812081695-3912098186-1946200493-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\MenuExt\&*譲・N}・RKb:g]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (S-1-15-2-1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
@Denied: (Full) (Everyone)
@SACL=(02 0000)
Completion time: 2013-09-18  00:01:09
ComboFix-quarantined-files.txt  2013-09-17 16:01
Pre-Run: 140,558,864,384 bytes free
Post-Run: 140,526,825,472 bytes free
- - End Of File - - 378C77DEA1A3DB3E165B2038B871EAFA
Just a few questions, I found my desktop wallpaper to be removed, is it temporary or do I just change it back myself? And may I ask if the programs used here can be removed easily without leaving traces in the system? Just a bit concerned due to my personality, hope you won't mind
Link to post
Share on other sites

Your settings will be restored and the tools will be removed afterwards! :)



Full System Scan with Malwarebytes Antimalware

  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.




Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Hi Marius, here are the logs


Malwarebytes Anti-Malware
Database version: v2013.09.18.05
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
tiongahbang :: TIONGAHBANG [administrator]
18/9/2013 5:40:05 PM
mbam-log-2013-09-18 (17-40-05).txt
Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 495373
Time elapsed: 2 hour(s), 25 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 14
HKCR\AppID\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DD31B76-C57E-49ba-94BC-BF53F0C82CD4} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{11CC93E4-0BE6-4f8f-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.JsObject (PUP.Funshion) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11CC93E4-0BE6-4F8F-82AA-D577FB955B05} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{91878E42-FC03-4785-B513-1F9E613D1027} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D02E3AB9-7796-40cb-BDFC-20D834FE1F75} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\Interface\{FCB380C4-D350-44BE-8791-50216F4747AC} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\ASBarBroker.BDBroker (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\CLSID\{FBEDBA6C-44A2-43b9-BD49-20EB6E0C4E86} (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol.1 (PUP.Funshion) -> Quarantined and deleted successfully.
HKCR\AddressSearch.SnavHttpProtocol (PUP.Funshion) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
There's not threat found so there was no log generated for the eset scan, does it mean the system is cleaned? 


Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Delete
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Hi Marius, my Chrome browser and Internet Explorer no longer suffer from the redirect to yahoo spigot page, so can I assume the spigot is gone now?


But before I proceed with the cleanup, I have an issue here: there is now a $RECYCLE.BIN folder in my hard disks (:C and :D). I've read that it could be a virus or just a hidden folder, but I'm suspecting it to be a virus because: 1)I changed my setting to show hidden files and folders long before but this folder did not show up till yesterday 2)I tried changing the settings to hide hidden files and folders, but the folder still shows up.


Is it really a virus? I'm really devastated, can you advice me on this issue?


Link to post
Share on other sites

Hi Marius, thanks for the confirmation, I do feel relieved now


Here's the log from adwCleaner


# AdwCleaner v3.004 - Report created 19/09/2013 at 16:56:34
# Updated 15/09/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : tiongahbang - TIONGAHBANG
# Running from : C:\Users\tiong\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16688
-\\ Google Chrome v29.0.1547.66
[ File : C:\Users\tiong\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ File : C:\Users\tiong\AppData\Local\Google\Chrome\User Data\Default\preferences ]
AdwCleaner[R0].txt - [942 octets] - [19/09/2013 16:53:45]
AdwCleaner[s0].txt - [866 octets] - [19/09/2013 16:56:34]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [925 octets] ##########
And here's the one from SecurityCheck
Results of screen317's Security Check version 0.99.73  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Google Chrome 29.0.1547.62  
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MsMpEng.exe   
 Trend Micro AMSP coreServiceShell.exe  
 Trend Micro UniClient UiFrmWrk uiWatchDog.exe 
 Trend Micro AMSP coreFrameworkHost.exe  
 Trend Micro AMSP AMSP_LogServer.exe  
 Trend Micro UniClient UiFrmWrk uiSeAgnt.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Your system is clean now! :)



Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.

  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.





Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.





How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

Hi Marius, have done all the above but have a few queries:


1)What is Defogger? Did we used that?

2)There's still a AdwCleaner folder in my : C drive, do I delete it manually?

3)An ESET Online Scanner folder remains, do I delete manually as well?

4)The $RECYCLE.BIN still lingers in my : D drive (while it's gone from my : C drive), I'm really paranoid of this being a virus



Link to post
Share on other sites

This delfix-answer is a canned speech, this is why it says "in case we used...".

We didn´t use it on your system, so just ignore that.


There shouldn´t be an adwCleaner remaining - please delete the folder, I´ll advice the developer to hit this directory in further versions.


You may uninstall ESET online scanner via add/remove programs in control panel. The directory should be gone afterwards. If not: delete it.


The displayed $recycle.BIN is a system file - it is the (normally hidden) recycle bin where you find deleted files.


Hide system files and hidden files to make it disappear. You´ll find a "how to" here: http://www.sevenforums.com/tutorials/394-hidden-files-folders-show-hide.html

Link to post
Share on other sites

Hi Marius, I am done with almost everything but the $RECYCLE.BIN still bothers me.


I changed the settings to Hide hidden files and folders, but it did not work and the folder remains there. In fact, it didn't look translucent like how hidden folders are like when it is visible. The properties are disturbing as well, it shows "1 Files, 4 Folders" when there's nothing in it nor in the Recycle Bin, and the size is 129bytes and 4.00KB on disk, and the numbers haven't changed at all. I don't know if I'm just being paranoid but it is really bothering me.



Link to post
Share on other sites

Hi Marius, I've checked the 'Hidden' box and now the folder is hidden properly, though, I'm still puzzled at why did the folder only appear yesterday as it did not showed up any once before I got the spigot (I guess I'm being too paranoid). For now, I guess I'll just be extra watchful for my laptop whether it is infected with malicious stuff or suffers from any effects of a virus.


I hope you won't mind if I ask some questions:
1) Can you tell me about what the spigot redirect virus can actually do to my laptop and what harm it could bring?
2) After cleaning up, I assume that my laptop is no longer 100% safe and more vulnerable. Is it still safe for me to do things like online purchase or processes where personal information is required?
Sorry for the long-winded questions.
Link to post
Share on other sites

Be sure that this folder is part of windows and has to exist. :)


Spigot is no virus - it is some kiond of adware. Partially, it works a bit like a virus to get installed to your computer but it doesn´t do any damage but bombards you with nasty advertising.


Your computer is safe now and you can do financial transactions as you wish.

Link to post
Share on other sites

Hi Marius, I have another question.


Previously I did a scan with Malwarebytes Anti-Malware under your instructions. Today I went to look at the Quarantine tab, there are threats registered there. Do I press the 'Delete' or 'Delete all'? By doing it does it mean I'm deleting these threats for good (like, erase them off my system)? Should I delete them?



Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.