MightyKombat

My PC's behaving okay so far. Running one last Hyper Scan.

Alright, ran the fix thing. Here's the fix log. Computer needed a restart but otherwise, no hitches on my end. Fixlog.txt

Alright. I'm running Threat Scan on MWAB and just ran FRST. Here's the log files. I'll upload the MWAB threat scan log when its finished, if it finds anything. FRST.txt Addition.txt

Found 2 of these under a Hyper Scan and aparently they're in the Google Chrome browser folder, and I never use Chrome anymore. I've attached a log file as well. Suggestions? I've put the 2 objects under Quarantine. I'll be running a threat scan shortly. logscan.txt

Thanks. Ran Delfix and everything went well. I'll run a hyperscan later tonight.

Yeah. I just ran another hyper scan that also found nothing problematic so its cool now, hopefully.

Alright, I've done all that, did a hyper scan and found nothing.

Hyper scan finished. It found another one of those spigot files. log2.txt

Right now I haven't noticed anything unusual. Should I do another hyper scan? I'll probably run one in a minute.

Thanks. I also ran a Threat Scan on MWAB not long after I did the hyper scan and quarantined another Spigot file. I've attached that log file as well as the FRST ones. biglog.txt FRST.txt Addition.txt

Hi again. After doing some general internet surfing I ended up coming across this thing again after a hyperscan that only turned up 2 results this time: A registry value and a firefox-related file. I've saved a log file and afterwards quarantined them both. I'm running a threat scan at this moment. Here's the log Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 01/04/2015 Scan Time: 18:12:44 Logfile: log.txt Administrator: Yes Version: 2.01.4.1018 Malware Database: v2015.04.01.08 Rootkit Database: v2015.03.31.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8 CPU: x64 File System: NTFS User: Mighty Scan Type: Hyper Scan Result: Completed Objects Scanned: 372907 Time Elapsed: 32 min, 9 sec Memory: Enabled Startup: Enabled Filesystem: Disabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Warn PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 1 PUP.Optional.Spigot.A, HKU\S-1-5-21-4116224181-3687125611-3585537439-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9C01A25D-B031-47A6-9FDD-A98A7F9DEF65}|URL, http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms},, [680478efd3b747ef3d269c19c73c8080] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.Spigot.A, C:\Users\Mighty\AppData\Roaming\Mozilla\Firefox\Profiles\4u9reqmh.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p="),,[b8b4d790a3e742f4e8a1ba7a93735da3] Physical Sectors: 0 (No malicious items detected) (end) Have already quarantined both results, not sure if it'll come back or not but just in case I've posted here again.

No problem. Thanks again. Anything pops up tomorrow I'll let you know.

Alright. Just ran a Hyper Scan which found absolutely no threats or problems. Looks like everything's all been dealt with. Thanks for your help man. Hey if anything else comes up I'll PM you or something.

Alright I've done all of that. So far, nothing out of the ordinary. I'll report back tomorrow if anything is amiss. Is it okay if I run a Hyper scan in MalwareBytes just incase?

Got it. ESET scan took around 4 and a half hours and found 4 threats. Here's what the log file has C:\FRST\Quarantine\C\Users\Mighty\AppData\Local\Temp\bitool.dll.xBAD Win32/Somoto.B potentially unwanted application deleted - quarantinedC:\Users\Mighty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODBZ9DFJ\BiTool[1].dll Win32/Somoto.B potentially unwanted application deleted - quarantinedC:\Users\Mighty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ODBZ9DFJ\duckegg[1].exe Win32/Duckegg.A potentially unwanted application deleted - quarantinedC:\Users\Mighty\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RXML9C4G\wsconduit__166[1].exe a variant of Win32/Amonetize.B potentially unwanted application deleted - quarantined Suggestions?