Jump to content

PUP.Optional.Spigot.A?


Recommended Posts

Just ran a hyper scan on my laptop and the PUP.Optional.Spigot.A thing came up. The last person to use this was my sister and sadly she tends to go on certain gambling sites like Moonbingo and the like. Here's the contents of the scan.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 16/07/2014
Scan Time: 20:44:52
Logfile: virusscan.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.16.07
Rootkit Database: v2014.07.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Mighty
 
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 298338
Time Elapsed: 20 min, 43 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 1
PUP.Optional.Spigot.A, HKU\S-1-5-21-4116224181-3687125611-3585537439-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://uk.search.yahoo.com?type=714647&fr=spigot-yhp-ie, Good: (www.google.com), Bad: (http://uk.search.yahoo.com?type=714647&fr=spigot-yhp-ie),,[f245ffa19be0f83e9c5580185aaad22e]
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.Spigot.A, C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://uk.search.yahoo.com/?type=714647&fr=spigot-yhp-ch" ],), ,[e057a000e59681b563c36b6713f1bb45]
PUP.Optional.Spigot.A, C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://uk.search.yahoo.com?type=714647&fr=spigot-yhp-ch",), ,[a592b0f07a019f978c9b23afd331659b]
PUP.Optional.Spigot.A, C:\Users\Mighty\AppData\Roaming\Mozilla\Firefox\Profiles\4u9reqmh.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://uk.search.yahoo.com?type=714647&fr=spigot-yhp-ff");), ,[52e5cdd39edd0135a87ba32f6f9534cc]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin..

Link to post
Share on other sites

I had to hard reset the laptop because everything froze up somehowwhile downloading FRST. It started up again alright and downloaded FRST alright as well. I did another Hyper Scan with MBAW just incase and this time I only got one file, linked to Chrome since it was in that directory(The others are still in quarantine I think)

 

Here's the MB scan log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 16/07/2014
Scan Time: 23:03:22
Logfile: virusscan2.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.07.16.09
Rootkit Database: v2014.07.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Mighty
 
Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 297006
Time Elapsed: 9 min, 29 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Spigot.A, C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://uk.search.yahoo.com?type=714647&fr=spigot-yhp-ch",), Replaced,[9f9af6aae69505317fe7fad87a8a26da]
 
Physical Sectors: 0
(No malicious items detected)
 
(end)

 

Just incase, here's the scan files from FRST as well. First is the FRST log file

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-07-2014 01
Ran by Mighty (administrator) on JOESTAR on 16-07-2014 23:17:11
Running from C:\Users\Mighty\Downloads
Platform: Windows 8 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [sRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] => C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TPUReg(x86)] => "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6883840 2012-09-06] (Pegatron Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope {531DC9C5-5759-4285-BBAC-4557EC5127B0} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {531DC9C5-5759-4285-BBAC-4557EC5127B0} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - DefaultScope {531DC9C5-5759-4285-BBAC-4557EC5127B0} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {531DC9C5-5759-4285-BBAC-4557EC5127B0} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {9C01A25D-B031-47A6-9FDD-A98A7F9DEF65} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {531DC9C5-5759-4285-BBAC-4557EC5127B0} URL = 
SearchScopes: HKCU - {9C01A25D-B031-47A6-9FDD-A98A7F9DEF65} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 46.23.70.78 pagead2.googlesyndication.com
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF ProfilePath: C:\Users\Mighty\AppData\Roaming\Mozilla\Firefox\Profiles\4u9reqmh.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://mugenguild.com/forum/
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Extension: bug489729(Disable detach and tear off tab) - C:\Users\Mighty\AppData\Roaming\Mozilla\Firefox\Profiles\4u9reqmh.default\Extensions\bug489729@alice0775 [2013-01-11]
FF Extension: No Name - C:\Users\Mighty\AppData\Roaming\Mozilla\Firefox\Profiles\4u9reqmh.default\Extensions\staged [2014-07-16]
FF Extension: Customizations for Adblock Plus - C:\Users\Mighty\AppData\Roaming\Mozilla\Firefox\Profiles\4u9reqmh.default\Extensions\customization@adblockplus.org.xpi [2013-01-11]
FF Extension: MEGA EXTENSION - C:\Users\Mighty\AppData\Roaming\Mozilla\Firefox\Profiles\4u9reqmh.default\Extensions\firefox@mega.co.nz.xpi [2013-05-28]
FF Extension: Popup ALT Attribute - C:\Users\Mighty\AppData\Roaming\Mozilla\Firefox\Profiles\4u9reqmh.default\Extensions\{61FD08D8-A2CB-46c0-B36D-3F531AC53C12}.xpi [2013-01-11]
FF Extension: Adblock Plus - C:\Users\Mighty\AppData\Roaming\Mozilla\Firefox\Profiles\4u9reqmh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-11]
FF Extension: Download Statusbar - C:\Users\Mighty\AppData\Roaming\Mozilla\Firefox\Profiles\4u9reqmh.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013-01-11]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR StartupUrls: "hxxp://tvtropes.org/pmwiki/thread_watch.php", "https://dub119.mail.live.com/default.aspx?fid=flinbox", "hxxp://mugenguild.com/forum/"
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Drive) - C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (Visible Alts) - C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjodnjdnjiblmdknhnokibkoamlfmpm [2013-08-01]
CHR Extension: (YouTube) - C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-20]
CHR Extension: (Adblock Plus) - C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-02-20]
CHR Extension: (Google Search) - C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-20]
CHR Extension: (XKit) - C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-01-12]
CHR Extension: (Word Filter) - C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhcjejiphdooogohnbfompmnglmgeiol [2013-12-02]
CHR Extension: (Google Wallet) - C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Tumblr Savior) - C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\Extensions\oefddkjnflmjbclpnnoegglmmdfkidip [2014-02-05]
CHR Extension: (Gmail) - C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-20]
 
==================== Services (Whitelisted) =================
 
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-11] (Macrovision Europe Ltd.) [File not signed]
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1549384 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1549384 2013-05-02] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 cpuz136; \??\C:\windows\TEMP\cpuz136\cpuz136_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-07-16 23:17 - 2014-07-16 23:17 - 00017596 _____ () C:\Users\Mighty\Downloads\FRST.txt
2014-07-16 23:17 - 2014-07-16 23:17 - 00000000 ____D () C:\FRST
2014-07-16 23:15 - 2014-07-16 23:15 - 02086912 _____ (Farbar) C:\Users\Mighty\Downloads\FRST64.exe
2014-07-16 21:33 - 2014-07-16 21:33 - 00002059 _____ () C:\Users\Mighty\Documents\virusscan.txt
2014-07-16 00:53 - 2014-07-16 00:54 - 11071416 _____ () C:\Users\Mighty\Downloads\Haohmaru FX Matching.rar
2014-07-16 00:28 - 2014-07-16 00:28 - 00648142 _____ () C:\Users\Mighty\Downloads\lucinamaskboobs.jpeg
2014-07-15 01:16 - 2014-07-15 01:16 - 14562783 _____ () C:\Users\Mighty\Downloads\Haohmaru.rar
2014-07-15 01:15 - 2014-07-15 01:15 - 17952729 _____ () C:\Users\Mighty\Downloads\Yamazaki.rar
2014-07-15 01:15 - 2014-07-15 01:15 - 13541310 _____ () C:\Users\Mighty\Downloads\Batsu.rar
2014-07-15 01:14 - 2014-07-15 01:14 - 08934622 _____ () C:\Users\Mighty\Downloads\Laurence.rar
2014-07-14 23:33 - 2014-07-14 23:35 - 20781739 _____ () C:\Users\Mighty\Downloads\Rasetsumaru.rar
2014-07-14 16:22 - 2014-07-14 16:23 - 19154710 _____ () C:\Users\Mighty\Downloads\FreezaZ2.rar
2014-07-14 16:22 - 2014-07-14 16:22 - 40361635 _____ () C:\Users\Mighty\Downloads\GohanZ2.rar
2014-07-14 16:22 - 2014-07-14 16:22 - 40160015 _____ () C:\Users\Mighty\Downloads\SSJ_GokuZ2.rar
2014-07-14 16:19 - 2014-07-14 16:20 - 40495815 _____ () C:\Users\Mighty\Downloads\VegetaZ2.rar
2014-07-14 16:17 - 2014-07-14 16:17 - 25716342 _____ () C:\Users\Mighty\Downloads\GokuZ2.rar
2014-07-13 18:37 - 2014-07-13 18:37 - 00118256 _____ () C:\Users\Mighty\Downloads\mintonholiday.jpeg
2014-07-13 16:42 - 2014-07-13 16:42 - 06080449 _____ () C:\Users\Mighty\Downloads\Cyborg.rar
2014-07-13 16:42 - 2014-07-13 16:42 - 05880339 _____ () C:\Users\Mighty\Downloads\Sean.rar
2014-07-13 02:18 - 2014-07-13 02:18 - 00072314 _____ () C:\Users\Mighty\Downloads\emilcats.jpeg
2014-07-09 20:08 - 2014-07-09 20:08 - 00028620 _____ () C:\Users\Mighty\Documents\supersound.wav
2014-07-09 20:05 - 2014-07-09 20:05 - 00013824 _____ () C:\Users\Mighty\Documents\OWARIYO.wav
2014-07-09 19:59 - 2014-07-09 19:59 - 00039796 _____ () C:\Users\Mighty\Documents\duckhunt.wav
2014-07-09 19:59 - 2014-07-09 19:59 - 00031710 _____ () C:\Users\Mighty\Documents\fooditem.wav
2014-07-09 19:57 - 2014-07-09 19:57 - 00666552 _____ () C:\Users\Mighty\Documents\birdcooking.wav
2014-07-09 19:55 - 2014-07-09 19:55 - 00232688 _____ () C:\Users\Mighty\Documents\SUDDENLYTESTYOURMIGHT.wav
2014-07-09 19:55 - 2014-07-09 19:55 - 00093110 _____ () C:\Users\Mighty\Documents\KIKUENNA.wav
2014-07-08 20:43 - 2014-07-08 20:43 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-08 20:43 - 2014-07-08 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-08 20:41 - 2014-07-08 20:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-08 20:41 - 2014-07-08 20:41 - 00000000 ____D () C:\Program Files\iPod
2014-07-08 18:47 - 2014-07-08 18:48 - 00099993 _____ () C:\Users\Mighty\Downloads\9820f87c9dbf89b95bd54b91ea42af00.jpeg
2014-07-07 00:44 - 2014-07-07 00:44 - 00000255 _____ () C:\Users\Mighty\Downloads\quoteshit.txt
2014-07-07 00:36 - 2014-07-07 00:36 - 01930239 _____ () C:\Users\Mighty\Downloads\narf.wmv
2014-07-06 22:41 - 2014-07-06 22:41 - 00042474 _____ () C:\Users\Mighty\Downloads\vader-white.jpeg
2014-07-06 20:58 - 2014-07-06 20:58 - 00280952 _____ () C:\windows\Minidump\070614-31637-01.dmp
2014-07-06 17:18 - 2014-07-06 17:18 - 00000000 ____D () C:\Users\Mighty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rondo Of Blood
2014-07-06 17:18 - 2014-07-06 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rondo Of Blood
2014-07-06 17:17 - 2014-07-06 17:18 - 00000000 ____D () C:\Program Files\RondoWin32
2014-07-03 22:33 - 2014-07-03 22:33 - 00000222 _____ () C:\Users\Mighty\Desktop\Retro City Rampage.url
2014-07-03 17:52 - 2014-07-05 20:52 - 00003284 _____ () C:\Users\Mighty\Documents\starwarsletsplaytropes.txt
2014-07-02 20:07 - 2014-07-02 20:09 - 00000000 ____D () C:\Users\Mighty\Downloads\Biohazard Complete
2014-06-30 17:58 - 2014-06-30 17:58 - 00076819 _____ () C:\Users\Mighty\Documents\diotumblr3.wma
2014-06-30 17:55 - 2014-06-30 17:55 - 00382139 _____ () C:\Users\Mighty\Documents\diobread3.wma
2014-06-30 17:54 - 2014-06-30 17:54 - 00530309 _____ () C:\Users\Mighty\Documents\diobread2.wma
2014-06-30 17:53 - 2014-06-30 17:53 - 00287849 _____ () C:\Users\Mighty\Documents\diobread.wma
2014-06-30 16:43 - 2014-06-30 16:43 - 00324056 _____ () C:\Users\Mighty\Downloads\4f1ae666915eb1ab1b684c585d25b900.jpeg
2014-06-27 14:25 - 2014-06-27 14:25 - 00000222 _____ () C:\Users\Mighty\Desktop\Dungeons & Dragons Chronicles of Mystara.url
2014-06-27 11:56 - 2014-06-27 11:56 - 00139679 _____ () C:\Users\Mighty\Documents\jonathanpsa.wma
2014-06-26 19:45 - 2014-06-26 19:45 - 00000220 _____ () C:\Users\Mighty\Desktop\Garry's Mod.url
2014-06-25 12:59 - 2014-05-15 02:02 - 00059424 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-06-25 12:59 - 2014-05-14 23:43 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-06-25 12:59 - 2014-05-14 23:43 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-06-25 12:59 - 2014-05-14 23:43 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-06-25 12:59 - 2014-05-14 23:42 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-06-24 22:00 - 2014-06-24 22:00 - 00272789 _____ () C:\Users\Mighty\Downloads\e708cc0c7f81afb8bcffa3760b3cadca.jpeg
2014-06-24 21:11 - 2014-06-24 21:12 - 00280896 _____ () C:\windows\Minidump\062414-54397-01.dmp
2014-06-24 17:00 - 2014-06-24 17:01 - 00000000 ____D () C:\Users\Mighty\AppData\Roaming\MKKE
2014-06-24 13:20 - 2014-06-24 13:27 - 00000000 ____D () C:\Users\Mighty\Documents\GTA3 User Files
2014-06-23 19:30 - 2014-06-23 19:30 - 00054954 _____ () C:\Users\Mighty\Downloads\7cbd130445988141862fcdb978f6bd02.jpeg
2014-06-23 17:03 - 2014-06-23 17:03 - 00561739 _____ () C:\Users\Mighty\Documents\snk delicatessen.wma
2014-06-22 16:51 - 2014-06-22 16:51 - 00338998 _____ () C:\Users\Mighty\Downloads\c8050836412b170a64a594ebaaf7aa05.jpeg
2014-06-22 13:22 - 2014-06-22 13:22 - 00058859 _____ () C:\Users\Mighty\Documents\geesemilkmaid2.wma
2014-06-22 13:22 - 2014-06-22 13:22 - 00058859 _____ () C:\Users\Mighty\Documents\geesemilkmaid.wma
2014-06-21 01:15 - 2014-06-21 01:15 - 00001692 _____ () C:\Users\Mighty\Documents\plot.txt
2014-06-20 23:49 - 2014-06-20 23:49 - 00000000 ____D () C:\Users\Mighty\AppData\Roaming\3909 LLC
2014-06-20 22:33 - 2014-06-20 22:33 - 00004993 _____ () C:\Users\Mighty\Downloads\Swimming Down a River of Radioactive Semen and Lies.txt
2014-06-20 13:11 - 2014-06-20 13:13 - 278848632 ____R (DLPB ) C:\Users\Mighty\Downloads\RaW.exe
2014-06-20 13:08 - 2014-06-20 13:08 - 00403456 _____ () C:\Users\Mighty\Downloads\RaW.dll
2014-06-19 13:47 - 2014-06-19 13:47 - 00000221 _____ () C:\Users\Mighty\Desktop\FINAL FANTASY VIII.url
2014-06-18 13:01 - 2014-06-18 13:01 - 00103759 _____ () C:\Users\Mighty\Documents\jinmoon.wma
 
==================== One Month Modified Files and Folders =======
 
2014-07-16 23:17 - 2014-07-16 23:17 - 00017596 _____ () C:\Users\Mighty\Downloads\FRST.txt
2014-07-16 23:17 - 2014-07-16 23:17 - 00000000 ____D () C:\FRST
2014-07-16 23:15 - 2014-07-16 23:15 - 02086912 _____ (Farbar) C:\Users\Mighty\Downloads\FRST64.exe
2014-07-16 23:05 - 2013-02-20 14:04 - 00000914 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 23:05 - 2013-01-11 03:07 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4116224181-3687125611-3585537439-1001
2014-07-16 23:04 - 2012-08-02 01:02 - 00725978 _____ () C:\windows\system32\perfh01D.dat
2014-07-16 23:04 - 2012-08-02 01:02 - 00153132 _____ () C:\windows\system32\perfc01D.dat
2014-07-16 23:04 - 2012-08-02 00:48 - 00439770 _____ () C:\windows\system32\perfh00B.dat
2014-07-16 23:04 - 2012-08-02 00:48 - 00085674 _____ () C:\windows\system32\perfc00B.dat
2014-07-16 23:04 - 2012-07-26 08:28 - 02214008 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-16 23:03 - 2014-04-11 16:32 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 23:03 - 2013-01-11 02:53 - 01918797 _____ () C:\windows\WindowsUpdate.log
2014-07-16 23:02 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2014-07-16 23:00 - 2013-02-20 14:04 - 00000910 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 22:59 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-16 22:58 - 2012-09-13 03:59 - 00018546 _____ () C:\windows\PFRO.log
2014-07-16 21:38 - 2013-01-11 04:22 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-16 21:33 - 2014-07-16 21:33 - 00002059 _____ () C:\Users\Mighty\Documents\virusscan.txt
2014-07-16 21:15 - 2013-01-11 03:07 - 00000000 ____D () C:\Users\Mighty\AppData\Roaming\uTorrent
2014-07-16 21:15 - 2012-11-14 16:24 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2014-07-16 21:12 - 2012-11-14 16:23 - 00000000 ____D () C:\ProgramData\WildTangent
2014-07-16 18:57 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-07-16 14:09 - 2013-02-08 13:46 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-16 02:14 - 2012-12-30 15:01 - 00000000 ____D () C:\Users\Mighty\Documents\mugen2
2014-07-16 00:54 - 2014-07-16 00:53 - 11071416 _____ () C:\Users\Mighty\Downloads\Haohmaru FX Matching.rar
2014-07-16 00:28 - 2014-07-16 00:28 - 00648142 _____ () C:\Users\Mighty\Downloads\lucinamaskboobs.jpeg
2014-07-16 00:04 - 2014-04-27 02:24 - 00011953 _____ () C:\Users\Mighty\Documents\newpart1.txt
2014-07-15 01:16 - 2014-07-15 01:16 - 14562783 _____ () C:\Users\Mighty\Downloads\Haohmaru.rar
2014-07-15 01:15 - 2014-07-15 01:15 - 17952729 _____ () C:\Users\Mighty\Downloads\Yamazaki.rar
2014-07-15 01:15 - 2014-07-15 01:15 - 13541310 _____ () C:\Users\Mighty\Downloads\Batsu.rar
2014-07-15 01:14 - 2014-07-15 01:14 - 08934622 _____ () C:\Users\Mighty\Downloads\Laurence.rar
2014-07-14 23:35 - 2014-07-14 23:33 - 20781739 _____ () C:\Users\Mighty\Downloads\Rasetsumaru.rar
2014-07-14 16:23 - 2014-07-14 16:22 - 19154710 _____ () C:\Users\Mighty\Downloads\FreezaZ2.rar
2014-07-14 16:22 - 2014-07-14 16:22 - 40361635 _____ () C:\Users\Mighty\Downloads\GohanZ2.rar
2014-07-14 16:22 - 2014-07-14 16:22 - 40160015 _____ () C:\Users\Mighty\Downloads\SSJ_GokuZ2.rar
2014-07-14 16:20 - 2014-07-14 16:19 - 40495815 _____ () C:\Users\Mighty\Downloads\VegetaZ2.rar
2014-07-14 16:17 - 2014-07-14 16:17 - 25716342 _____ () C:\Users\Mighty\Downloads\GokuZ2.rar
2014-07-14 03:25 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\NDF
2014-07-13 18:37 - 2014-07-13 18:37 - 00118256 _____ () C:\Users\Mighty\Downloads\mintonholiday.jpeg
2014-07-13 16:42 - 2014-07-13 16:42 - 06080449 _____ () C:\Users\Mighty\Downloads\Cyborg.rar
2014-07-13 16:42 - 2014-07-13 16:42 - 05880339 _____ () C:\Users\Mighty\Downloads\Sean.rar
2014-07-13 02:18 - 2014-07-13 02:18 - 00072314 _____ () C:\Users\Mighty\Downloads\emilcats.jpeg
2014-07-11 17:13 - 2013-02-10 23:59 - 00000000 ____D () C:\Users\Mighty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-11 14:15 - 2014-03-26 14:40 - 00103573 _____ () C:\Users\Mighty\Documents\stardustcrusadersnovel.txt
2014-07-11 01:06 - 2013-01-16 00:29 - 00000000 ____D () C:\Users\Mighty\AppData\Roaming\Skype
2014-07-10 00:20 - 2012-07-26 08:59 - 00000000 ____D () C:\windows\CbsTemp
2014-07-09 21:29 - 2013-01-05 18:08 - 00000000 ____D () C:\Users\Mighty\Downloads\Kega Fusion
2014-07-09 20:08 - 2014-07-09 20:08 - 00028620 _____ () C:\Users\Mighty\Documents\supersound.wav
2014-07-09 20:05 - 2014-07-09 20:05 - 00013824 _____ () C:\Users\Mighty\Documents\OWARIYO.wav
2014-07-09 19:59 - 2014-07-09 19:59 - 00039796 _____ () C:\Users\Mighty\Documents\duckhunt.wav
2014-07-09 19:59 - 2014-07-09 19:59 - 00031710 _____ () C:\Users\Mighty\Documents\fooditem.wav
2014-07-09 19:57 - 2014-07-09 19:57 - 00666552 _____ () C:\Users\Mighty\Documents\birdcooking.wav
2014-07-09 19:55 - 2014-07-09 19:55 - 00232688 _____ () C:\Users\Mighty\Documents\SUDDENLYTESTYOURMIGHT.wav
2014-07-09 19:55 - 2014-07-09 19:55 - 00093110 _____ () C:\Users\Mighty\Documents\KIKUENNA.wav
2014-07-08 20:43 - 2014-07-08 20:43 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-08 20:43 - 2014-07-08 20:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-08 20:43 - 2014-07-08 20:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-08 20:43 - 2013-01-11 05:01 - 00000000 ____D () C:\Program Files\iTunes
2014-07-08 20:43 - 2013-01-11 04:28 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-08 20:41 - 2014-07-08 20:41 - 00000000 ____D () C:\Program Files\iPod
2014-07-08 18:48 - 2014-07-08 18:47 - 00099993 _____ () C:\Users\Mighty\Downloads\9820f87c9dbf89b95bd54b91ea42af00.jpeg
2014-07-08 18:39 - 2013-01-11 04:22 - 00003718 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 09:50 - 2013-03-27 16:32 - 00000000 ____D () C:\Users\Mighty\AppData\Local\CrashDumps
2014-07-07 18:41 - 2013-01-05 18:15 - 00000000 ____D () C:\Users\Mighty\Downloads\mario
2014-07-07 00:44 - 2014-07-07 00:44 - 00000255 _____ () C:\Users\Mighty\Downloads\quoteshit.txt
2014-07-07 00:36 - 2014-07-07 00:36 - 01930239 _____ () C:\Users\Mighty\Downloads\narf.wmv
2014-07-06 22:41 - 2014-07-06 22:41 - 00042474 _____ () C:\Users\Mighty\Downloads\vader-white.jpeg
2014-07-06 20:58 - 2014-07-06 20:58 - 00280952 _____ () C:\windows\Minidump\070614-31637-01.dmp
2014-07-06 20:58 - 2013-01-11 02:47 - 00000000 ____D () C:\windows\Minidump
2014-07-06 20:57 - 2013-01-11 02:46 - 581388407 _____ () C:\windows\MEMORY.DMP
2014-07-06 17:18 - 2014-07-06 17:18 - 00000000 ____D () C:\Users\Mighty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rondo Of Blood
2014-07-06 17:18 - 2014-07-06 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rondo Of Blood
2014-07-06 17:18 - 2014-07-06 17:17 - 00000000 ____D () C:\Program Files\RondoWin32
2014-07-05 20:52 - 2014-07-03 17:52 - 00003284 _____ () C:\Users\Mighty\Documents\starwarsletsplaytropes.txt
2014-07-03 22:33 - 2014-07-03 22:33 - 00000222 _____ () C:\Users\Mighty\Desktop\Retro City Rampage.url
2014-07-03 00:56 - 2013-01-05 18:23 - 00000000 ____D () C:\Users\Mighty\Downloads\Touhou
2014-07-02 20:09 - 2014-07-02 20:07 - 00000000 ____D () C:\Users\Mighty\Downloads\Biohazard Complete
2014-06-30 17:58 - 2014-06-30 17:58 - 00076819 _____ () C:\Users\Mighty\Documents\diotumblr3.wma
2014-06-30 17:55 - 2014-06-30 17:55 - 00382139 _____ () C:\Users\Mighty\Documents\diobread3.wma
2014-06-30 17:54 - 2014-06-30 17:54 - 00530309 _____ () C:\Users\Mighty\Documents\diobread2.wma
2014-06-30 17:53 - 2014-06-30 17:53 - 00287849 _____ () C:\Users\Mighty\Documents\diobread.wma
2014-06-30 16:43 - 2014-06-30 16:43 - 00324056 _____ () C:\Users\Mighty\Downloads\4f1ae666915eb1ab1b684c585d25b900.jpeg
2014-06-29 21:27 - 2013-01-11 02:54 - 00000000 ____D () C:\Users\Mighty\AppData\Local\VirtualStore
2014-06-27 19:41 - 2013-09-06 13:09 - 00184288 _____ () C:\Users\Mighty\Documents\phantombloodnovel.txt
2014-06-27 14:25 - 2014-06-27 14:25 - 00000222 _____ () C:\Users\Mighty\Desktop\Dungeons & Dragons Chronicles of Mystara.url
2014-06-27 11:56 - 2014-06-27 11:56 - 00139679 _____ () C:\Users\Mighty\Documents\jonathanpsa.wma
2014-06-26 19:45 - 2014-06-26 19:45 - 00000220 _____ () C:\Users\Mighty\Desktop\Garry's Mod.url
2014-06-25 17:06 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\rescache
2014-06-24 22:00 - 2014-06-24 22:00 - 00272789 _____ () C:\Users\Mighty\Downloads\e708cc0c7f81afb8bcffa3760b3cadca.jpeg
2014-06-24 21:12 - 2014-06-24 21:11 - 00280896 _____ () C:\windows\Minidump\062414-54397-01.dmp
2014-06-24 17:01 - 2014-06-24 17:00 - 00000000 ____D () C:\Users\Mighty\AppData\Roaming\MKKE
2014-06-24 13:27 - 2014-06-24 13:20 - 00000000 ____D () C:\Users\Mighty\Documents\GTA3 User Files
2014-06-23 19:30 - 2014-06-23 19:30 - 00054954 _____ () C:\Users\Mighty\Downloads\7cbd130445988141862fcdb978f6bd02.jpeg
2014-06-23 17:03 - 2014-06-23 17:03 - 00561739 _____ () C:\Users\Mighty\Documents\snk delicatessen.wma
2014-06-22 16:51 - 2014-06-22 16:51 - 00338998 _____ () C:\Users\Mighty\Downloads\c8050836412b170a64a594ebaaf7aa05.jpeg
2014-06-22 13:22 - 2014-06-22 13:22 - 00058859 _____ () C:\Users\Mighty\Documents\geesemilkmaid2.wma
2014-06-22 13:22 - 2014-06-22 13:22 - 00058859 _____ () C:\Users\Mighty\Documents\geesemilkmaid.wma
2014-06-21 01:15 - 2014-06-21 01:15 - 00001692 _____ () C:\Users\Mighty\Documents\plot.txt
2014-06-20 23:49 - 2014-06-20 23:49 - 00000000 ____D () C:\Users\Mighty\AppData\Roaming\3909 LLC
2014-06-20 22:33 - 2014-06-20 22:33 - 00004993 _____ () C:\Users\Mighty\Downloads\Swimming Down a River of Radioactive Semen and Lies.txt
2014-06-20 19:11 - 2013-01-11 03:32 - 00000000 ____D () C:\Users\Mighty\AppData\Roaming\Audacity
2014-06-20 13:13 - 2014-06-20 13:11 - 278848632 ____R (DLPB ) C:\Users\Mighty\Downloads\RaW.exe
2014-06-20 13:08 - 2014-06-20 13:08 - 00403456 _____ () C:\Users\Mighty\Downloads\RaW.dll
2014-06-19 23:04 - 2014-04-16 15:04 - 00011244 _____ () C:\Users\Mighty\Documents\peacewalkernovel.txt
2014-06-19 13:47 - 2014-06-19 13:47 - 00000221 _____ () C:\Users\Mighty\Desktop\FINAL FANTASY VIII.url
2014-06-19 13:00 - 2013-02-20 14:04 - 00003886 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 13:00 - 2013-02-20 14:04 - 00003650 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 21:11 - 2012-12-31 16:44 - 00000000 ____D () C:\Users\Mighty\Downloads\snes9x
2014-06-18 13:01 - 2014-06-18 13:01 - 00103759 _____ () C:\Users\Mighty\Documents\jinmoon.wma
2014-06-17 14:47 - 2012-07-26 08:21 - 00030322 _____ () C:\windows\setupact.log
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Mighty\AppData\Local\Temp\21ovkbnd.dll
C:\Users\Mighty\AppData\Local\Temp\bassmod.dll
C:\Users\Mighty\AppData\Local\Temp\bdfilters.dll
C:\Users\Mighty\AppData\Local\Temp\bitool.dll
C:\Users\Mighty\AppData\Local\Temp\drm_dyndata_7370014.dll
C:\Users\Mighty\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Mighty\AppData\Local\Temp\htmlayout.dll
C:\Users\Mighty\AppData\Local\Temp\SRLDetectionLibrary3775906360885738249.dll
C:\Users\Mighty\AppData\Local\Temp\utt92C8.tmp.exe
C:\Users\Mighty\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-16 15:31
 
==================== End Of Log ============================
 
I've attached Addition.txt as well.

Addition.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Run Malwarebytes threat scan:

 


On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

Post log:

 


After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Let me see those logs. also give an update on any remaining issues or concerns...

 

Kevin

 

 

fixlist.txt

Link to post
Share on other sites

It only means that significant progress has been made, it is still very beneficial to run the other scans to ensure nothing has been missed. Just because one scanner shows clean is not conclusive...

 

when you return the logs from the other scanners we can continue and run one final indepth and very thorough scan to finish up, after that we will clean up and close out....

 

Thank you for your patience and understanding...

 

Kevin

Link to post
Share on other sites

Alright.

 

I ran AdwCleaner and here's wha tit go tin the log

 

# AdwCleaner v3.215 - Report created 17/07/2014 at 12:20:55
# Updated 09/07/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Mighty - JOESTAR
# Running from : C:\Users\Mighty\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\clsoft ltd
Folder Deleted : C:\Users\Mighty\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Mighty\AppData\Roaming\SendSpace
File Deleted : C:\END
File Deleted : C:\Users\Administrator\Favorites\eBay.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\ExpressFiles
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Mozilla Firefox v18.0.2 (en-US)
 
[ File : C:\Users\Mighty\AppData\Roaming\Mozilla\Firefox\Profiles\4u9reqmh.default\prefs.js ]
 
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\Mighty\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [startup_urls] : hxxps://dub119.mail.live.com/default.aspx?fid=flinbox
 
*************************
 
AdwCleaner[R0].txt - [1472 octets] - [17/07/2014 12:18:20]
AdwCleaner[s0].txt - [1284 octets] - [17/07/2014 12:20:55]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1344 octets] ##########
 
And here's the log from JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Mighty on 17/07/2014 at 12:24:57.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Mighty\AppData\Roaming\mozilla\firefox\profiles\4u9reqmh.default\extensions\staged
Emptied folder: C:\Users\Mighty\AppData\Roaming\mozilla\firefox\profiles\4u9reqmh.default\minidumps [98 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/07/2014 at 12:40:42.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Link to post
Share on other sites

Yes we still make good progress, continue please:

 

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats"  is ticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

Copy and paste the report in next reply.

 

Thank you,

 

Kevin

Link to post
Share on other sites

Got it. ESET scan took around 4 and a half hours and found 4 threats. Here's what the log file has

 

C:\FRST\Quarantine\C\Users\Mighty\AppData\Local\Temp\bitool.dll.xBAD Win32/Somoto.B potentially unwanted application deleted - quarantined
C:\Users\Mighty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODBZ9DFJ\BiTool[1].dll Win32/Somoto.B potentially unwanted application deleted - quarantined
C:\Users\Mighty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODBZ9DFJ\duckegg[1].exe Win32/Duckegg.A potentially unwanted application deleted - quarantined
C:\Users\Mighty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXML9C4G\wsconduit__166[1].exe a variant of Win32/Amonetize.B potentially unwanted application deleted - quarantined
 
Suggestions?
Link to post
Share on other sites

What is the current status of your system, any remaining issues or concerns?  if none please continue....

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Kevin

Link to post
Share on other sites

Run your system as usual, plus any scans you want... Post back when you`re ready and give an update. If all is ok with no issues  guess we can close out..

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Kevin...

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.