Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spigot Infection


  • Please log in to reply
7 replies to this topic

#1 SicilianStyle

SicilianStyle

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 13 February 2014 - 11:47 PM

Hello, I believe to have been infected by some sort of Malware or PUP known as "Spigot". It came after using a torrent to download a certain program, perhaps as a way for the author to make money with the downloads.

 

I have done lots of research on it, even reading this site and trying many things. I ran full Kaspersky and Malwarebytes Anti-Malware scans which detected and deleted several things, however, upon running any internet browser the main page is still a Yahoo Search engine. Nothing has gotten rid of it yet. I also ran an ESET Online Scanner which found nothing. Any help would be appreciated! Thank you.

 

EDIT: I also used Junkware Removal Tool and AdwCleaner which found nothing suspicious


Edited by SicilianStyle, 13 February 2014 - 11:52 PM.


BC AdBot (Login to Remove)

 


#2 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:08:24 AM

Posted 14 February 2014 - 04:04 AM

HI SicilianStyle and welcome to BleepingComputer! :)

 

So, what is your current problems? Browser homepage changed?

 

:step1:

Please download Minitoolbox and save to your desktop.

Close all programs, run minitoolbox and select these boxes:

  • Flush DNS
  • Report IE proxy settings
  • Reset IE proxy settings
  • Report FF proxy settings
  • Reset proxy settings
  • List Content of Hosts
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices (Only Problems)
  • List User, partitions and memory size.

Click GO and wait, please post the log here.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#3 SicilianStyle

SicilianStyle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 14 February 2014 - 04:48 PM

Yes, my issue is that my browsers homepage is changed to: "http://search.yahoo.com/?type=599486&fr=spigot-yhp-ch" and no matter what programs I use to scan my computer, nothing picks it up. Kaspersky and MalwareBytes deleted some files but the homepage change is still there.
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by Carmine (administrator) on 14-02-2014 at 16:46:07
Running from "C:\Users\Carmine\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (02/14/2014 04:27:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/13/2014 11:45:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (02/13/2014 11:27:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2014 07:26:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009
 
Error: (02/12/2014 07:26:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4009
 
Error: (02/12/2014 07:26:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/12/2014 07:26:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error: (02/12/2014 07:26:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011
 
Error: (02/12/2014 07:26:05 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/12/2014 07:26:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2012
 
 
System errors:
=============
Error: (02/13/2014 11:30:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Definition Update for Windows Defender - KB915597 (Definition 1.165.3774.0).
 
Error: (02/12/2014 01:04:10 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer HARRIET-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0CA2C90C-7CCA-4CE5-BBC7-DF7DC5F9FE7D}.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
Error: (02/14/2014 04:27:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/13/2014 11:45:49 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Carmine\Downloads\esetsmartinstaller_enu.exe
 
Error: (02/13/2014 11:27:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/12/2014 07:26:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4009
 
Error: (02/12/2014 07:26:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4009
 
Error: (02/12/2014 07:26:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/12/2014 07:26:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error: (02/12/2014 07:26:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011
 
Error: (02/12/2014 07:26:05 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/12/2014 07:26:04 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2012
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-14 01:26:22.761
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-14 01:26:22.760
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-14 01:26:22.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-14 01:26:22.750
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-14 01:26:22.749
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-14 01:26:22.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-14 01:26:22.744
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-14 01:26:22.743
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-14 01:26:22.742
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-02-12 14:04:41.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Adobe Flash Player 12 Plugin (Version: 12.0.0.44)
Adobe Reader XI (Version: 11.0.00)
Amazon Kindle
AMD Accelerated Video Transcoding (Version: 13.15.100.30830)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Control Center (Version: 2013.0830.1944.33589)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80830.1925)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Asmedia ASM106x SATA Host Controller Driver (Version: 1.3.1.000)
ASRock App Charger v1.0.5
Battlefield 3™ (Version: 1.4.0.0)
Battlefield 4™ (Version: 1.1.0.0)
Battlelog Web Plugins (Version: 2.3.2)
Bitcoin (Version: 0.8.6)
Bonjour (Version: 3.0.0.10)
Broadcom NetLink Controller (Version: 14.8.5.1)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2013.0830.1944.33589)
Catalyst Control Center InstallProxy (Version: 2013.0830.1944.33589)
Catalyst Control Center Localization All (Version: 2013.0830.1944.33589)
CCC Help Chinese Standard (Version: 2013.0830.1943.33589)
CCC Help Chinese Traditional (Version: 2013.0830.1943.33589)
CCC Help Czech (Version: 2013.0830.1943.33589)
CCC Help Danish (Version: 2013.0830.1943.33589)
CCC Help Dutch (Version: 2013.0830.1943.33589)
CCC Help English (Version: 2013.0830.1943.33589)
CCC Help Finnish (Version: 2013.0830.1943.33589)
CCC Help French (Version: 2013.0830.1943.33589)
CCC Help German (Version: 2013.0830.1943.33589)
CCC Help Greek (Version: 2013.0830.1943.33589)
CCC Help Hungarian (Version: 2013.0830.1943.33589)
CCC Help Italian (Version: 2013.0830.1943.33589)
CCC Help Japanese (Version: 2013.0830.1943.33589)
CCC Help Korean (Version: 2013.0830.1943.33589)
CCC Help Norwegian (Version: 2013.0830.1943.33589)
CCC Help Polish (Version: 2013.0830.1943.33589)
CCC Help Portuguese (Version: 2013.0830.1943.33589)
CCC Help Russian (Version: 2013.0830.1943.33589)
CCC Help Spanish (Version: 2013.0830.1943.33589)
CCC Help Swedish (Version: 2013.0830.1943.33589)
CCC Help Thai (Version: 2013.0830.1943.33589)
CCC Help Turkish (Version: 2013.0830.1943.33589)
ccc-utility64 (Version: 2013.0830.1944.33589)
CCleaner (Version: 4.05)
Counter-Strike: Global Offensive
Counter-Strike: Source
Crysis® 2 (Version: 1.9.0.0)
Day of Defeat: Source
dBpoweramp Music Converter (Version: Release 14.3)
ESN Sonar (Version: 0.70.4)
f.lux
Far Cry 2 (Version: 1.03.00)
GoldWave v5.68 (Version: 5.68)
Google Chrome (Version: 32.0.1700.107)
Google Earth Plug-in (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.22.3)
Hitman: Blood Money
Intel® Processor Graphics (Version: 9.17.10.2932)
Intel® USB 3.0 eXtensible Host Controller Driver (Version: 1.0.4.220)
iTunes (Version: 11.1.0.126)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Kaspersky Internet Security 2013 (Version: 13.0.1.4190)
Killing Floor
Logitech Gaming Software (Version: 8.35.18)
Logitech Gaming Software 5.10 (Version: 5.10.127)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
Native Instruments Abbey Road 60s Drums Vintage (Version: 1.1.0.002)
Native Instruments Controller Editor (Version: 1.5.4.1182)
Native Instruments Dark Pressure (Version: 1.0.0.003)
Native Instruments Drop Squad (Version: 1.0.0.002)
Native Instruments Drop Squad Sounds (Version: 1.0.0.002)
Native Instruments Guitar Rig 5 (Version: 5.0.0.2354)
Native Instruments Guitar Rig Elements for Maschine (Version: 1.0.0.001)
Native Instruments Helios Ray (Version: 1.0.2.001)
Native Instruments Komplete Elements Mk2 (Version: 8.0.0.003)
Native Instruments Kontakt 5 (Version: 5.2.0.6361)
Native Instruments Kontakt Elements Selection R2 (Version: 1.1.0.003)
Native Instruments Maschine (Version: 1.8.2.247)
Native Instruments Maschine Controller MK2 Driver (Version: 3.0.4.719)
Native Instruments Massive (Version: 1.3.0.2050)
Native Instruments Platinum Bounce (Version: 1.0.0.002)
Native Instruments Reaktor 5 (Version: 5.8.0.550)
Native Instruments Reaktor Elements Selection (Version: 1.1.0.003)
Native Instruments Reaktor Spark R2 (Version: 1.1.0.004)
Native Instruments Service Center (Version: 2.3.2.926)
Native Instruments Transistor Punch (Version: 1.0.0.001)
Native Instruments True School (Version: 1.0.0.002)
Notation Composer 2.6.3 (Trial Version) (Version: 2.6.3)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Origin (Version: 9.0.15.65)
PunkBuster Services (Version: 0.993)
Realtek High Definition Audio Driver (Version: 6.0.1.6559)
Samsung SSD Magician (Version: 3.2)
Steam (Version: 1.0.0.0)
TeamViewer 8 (Version: 8.0.22298)
TouchCopy 12 (Version: 12.01)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4.5 (KB2750147) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805221) (Version: 1)
Update for Microsoft .NET Framework 4.5 (KB2805226) (Version: 1)
VLC media player 2.0.5 (Version: 2.0.5)
Windows Driver Package - CASIO (CCUSBMIDI) MEDIA  (02/24/2012 1.00.00.0004) (Version: 02/24/2012 1.00.00.0004)
WinRAR 5.01 (64-bit) (Version: 5.01.0)
xVideoServiceThief (Version: 2.5)
 
========================= Devices: ================================
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 22%
Total physical RAM: 8084.01 MB
Available physical RAM: 6225.55 MB
Total Pagefile: 16166.2 MB
Available Pagefile: 13879.23 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.42 MB
 
========================= Partitions: =====================================
 
1 Drive b: (Local Disk) (Fixed) (Total:931.51 GB) (Free:785.19 GB) NTFS
2 Drive c: (SSD) (Fixed) (Total:119.14 GB) (Free:46.61 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\JEDDLOVESMAZAL
 
Administrator            Carmine                  Guest                    
 
 
**** End of log ****

Edited by SicilianStyle, 14 February 2014 - 04:57 PM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:24 AM

Posted 15 February 2014 - 03:26 AM

Hello -

Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please Copy and Paste the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

 

Did you dowload Bitcoin (Version: 0.8.6), or did this turn up about the same time as your problem ? Why have you installed it ?


It came after using a torrent to download a certain program

ALL P2P Torrent downloads will carry an infection, this just depends if your active Antivirus and Antimalware is enough to stop it.

 

 

You do not list the download or the Torrent site where you downloaded this rogue program.
Have you uninstalled it yet, or have you been back to that site ?

 

 

I ran full Kaspersky and Malwarebytes Anti-Malware scans which detected and deleted several things

Are you able to post any of these results ??

 

Please run a sfc /scannow scan as per below ............

1. Go - Start Orb > Programs > Accessories > and find Command Prompt : Right click on it and select "Run as an administrator".
2. Once Command Prompt is open, type sfc /scannow and then press Enter.
Note: There's a space between sfc and /scannow.
3. System File Checker will now verify the integrity of every protected operating system file on your computer.
4.Restart your computer if sfc /scannow did actually repair any files.
Note: System File Checker may or may not prompt you to restart but even if it doesn't, you should restart anyway.
Often you will need to run this several times even if you get no errors.
This will take (on average) about 20 minutes to run, depending on your system
NOTE - If this is laptop, make sure it is plugged into a reliable power source.
Do not touch the keyboard or try to do other things while the program is running -



#5 SicilianStyle

SicilianStyle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 15 February 2014 - 04:31 PM



Did you dowload Bitcoin (Version: 0.8.6), or did this turn up about the same time as your problem ? Why have you installed it ?

 

You do not list the download or the Torrent site where you downloaded this rogue program.

Have you uninstalled it yet, or have you been back to that site ?

 

1. Yes, i downloaded Bitcoin. It's safe and I had it quite some time before getting infected.

 

2. I downloaded uTorrent and used it to download Ableton Live. I uninstalled uTorrent right afterwards. However, Ableton doesn't show up in the 'Installed Programs' list, rather it just has its own folder in Program Files. I scanned the whole folder with Kaspersky and Malwarebytes and nothing came up. I believe the program is clean and just came with Spigot for the author to make money. (Look at www.spigot.com)

 

 

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Kaspersky Internet Security   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Java version out of Date!
 Adobe Flash Player 11.9.900.170  
 Adobe Reader XI  
 Mozilla Firefox (26.0) 
 Google Chrome 32.0.1700.102  
 Google Chrome 32.0.1700.107  
````````Process Check: objlist.exe by Laurent````````
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Kaspersky Lab Kaspersky Internet Security 2013 avp.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 
 
I have ran the SFC scan, and it says "Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log". When I open the log it says "Access is denied" and will not show me the log.

Edited by SicilianStyle, 15 February 2014 - 04:39 PM.


#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:24 AM

Posted 15 February 2014 - 05:32 PM


I ran full Kaspersky and Malwarebytes Anti-Malware scans which detected and deleted several things

 

Are you able to post any of these results ??

Note my question from above.

 

If you are not able to find your old scan results, please run a Full Scan then Copy and Paste any results -



#7 SicilianStyle

SicilianStyle
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 15 February 2014 - 10:33 PM

Nevermind, I fixed it! I ran CCleaner and cleared all my Browser cache's and cookies, and it ended up getting rid of it once and for all. Surprisingly I ran it before and it didn't fix anything but this time it did. Thank you for the help though!


Edited by SicilianStyle, 15 February 2014 - 10:34 PM.


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:24 AM

Posted 17 February 2014 - 03:49 AM

For a much safer cache / Temp file cleaner please use this ........

 

Please download Temp File Cleaner by Old Timer
* Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
* Double-click on the TFC icon.
* Vista / Windows 7 & 8 users Right click on the icon and select Run as Administrator
* When the program opens, click on the Start button. 
* TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
* When done, press OK and reboot your computer to finish the cleanup.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users