field293
Members-
Posts
14 -
Joined
-
Last visited
Reputation
0 Neutral-
Hi Georgi, thank you so much for all your help. It's so cool that knowledgeable people like you take the time to help others. I will work my way down the list of recommendations. Have a great day!
-
Hi Georgi, here are the JavaRa and Security Check logs. Adobe Reader 9 wasn't listed under the programs in Control Panel and I can't find it in my program directory. Everything else seemed to go well. Thanks for all your help! JavaRa-4-4-2015.log checkup.txt
-
Sorry - I am supposed to skip that part.
-
Still not working for me. I can go to any other page I try; not sure what's up. Thank you for uploading. That worked just fine. After I click Remove Java Runtime, my prompt is Run Uninstaller, not Perform Removal Routine. Are we still okay?
-
Hi Georgi, the SingularLabs page is not available. I see some other sources for JavaRa 2.6 but don't want to step out of line. Please advise. Thanks!
-
Georgi, I'm sorry I misspelled your name in my previous post.
-
Hi Giorgi, please don't apologize - you've been so helpful! I hope your break from the internet was relaxing. I think Irfanview was quarantined by Farbar; anyway, it shows up as a remove item in the Farbar log. I'm glad to know I can install it again. Here are the results of the FRST scan and Security Check. Not sure if you wanted C&P or uploads this time. Thanks! Fixlog.txt checkup.txt
-
Hi Georgi, sorry if I'm jumping in out of turn. It wasn't clear to me if I'd hear from you if there were no problems. I do have 2 questions: 1 - Irfanview was quarantined during this process. I can't find evidence that it's a suspect application; was this a false positive? Is it okay if I reinstall Irfanview? 2 - ESET found a Komodio-like variant, along with a couple of other potentially unsafe items. Your instructions said to uncheck the "remove threats" button in ESET. Should I rerun and delete the threats now? Thanks, Georgi.
-
Hi Georgi, Here are the contents of the JRT, ZHPCleaner and ESET scan logs. I've also included the contents of the unsupported operating system message from Security Check. Thanks! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.9 (03.31.2015:1)OS: Microsoft Windows XP x86Ran by main on Tue 03/31/2015 at 17:06:57.40~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\WINDOWS\wininit.ini" ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pcdr" ~~~ FireFox Successfully deleted the following from C:\Documents and Settings\main\Application Data\mozilla\firefox\profiles\8noemqrm.default\prefs.js user_pref("extensions.tH4z86ADe5SkQQLC.url", "hxxp://getitjpi.info/sync2/?q=hfZ9ofV9CShEAen0rTgEqShTB6lKDzt4ok1FtNtVh7n0rjkErTsFrTsGpja4tMFHhd9FqjaGrTwGrHwGqjnMDMlGojUMAe4Uojs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 03/31/2015 at 17:10:12.73End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ ZHPCleaner v2015.3.31.148 by Nicolas Coolman (31/03/2015)~ Run by main (Administrator) (31/03/2015 17:12:51)~ Forum : http://forum.nicolascoolman.fr~ Facebook : https://www.facebook.com/nicolascoolman1~ State version : Version OK~ Type : Scan~ Report : C:\Documents and Settings\main\Desktop\ZHPCleaner.txt~ Quarantine : C:\Documents and Settings\main\Application Data\ZHP\ZHPCleaner_Quarantine.txt~ UAC : Deactivate~ Boot Mode : Normal (Normal boot)~ Windows XP, 32-bit Service Pack 3 (Build 2600) ---\\ Services (1) FOUND : SpyHunter 4 Service (Crapware.SpyHunter) ---\\ Browser internet (0)~ No malicious items found. ---\\ Hosts file (1)~ The hosts file is legitimate (19) ---\\ Scheduled automatic tasks. (0)~ No malicious items found. ---\\ Explorer ( File, Folder) (19)FOUND file: C:\WINDOWS\system32\wdfmgr.exe [Microsoft Corporation - Windows User Mode Driver Manager](PUP.DriverManager)FOUND file: C:\WINDOWS\system32\wdfmgr.exe [Microsoft Corporation - Windows User Mode Driver Manager](PUP.DriverManager)FOUND file: C:\WINDOWS\system32\wdfmgr.exe [Microsoft Corporation - Windows User Mode Driver Manager](PUP.DriverManager)FOUND file: C:\WINDOWS\system32\wdfmgr.exe [Microsoft Corporation - Windows User Mode Driver Manager](PUP.DriverManager)FOUND folder: C:\Program Files\Enigma Software Group\SpyHunter (PUP.EnigmaSoftware)FOUND folder: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)FOUND folder: C:\Program Files\Enigma Software Group\SpyHunter (PUP.EnigmaSoftware)FOUND folder: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)FOUND file: C:\Documents and Settings\All Users\Application Data\18022262837205724958\14e3ff1a5b63b70f37b8b6007f26634a.ini (PUP.CrossRider)FOUND file: C:\Documents and Settings\All Users\Application Data\18022262837205724958\33c7d5298817947437b8b6007f26634a.ini (PUP.CrossRider)FOUND file: C:\Documents and Settings\All Users\Application Data\18022262837205724958\48b3953b525f68d737b8b6007f26634a.ini (PUP.CrossRider)FOUND file: C:\Documents and Settings\All Users\Application Data\18022262837205724958\cd5b15e575e1c3d037b8b6007f26634a.ini (PUP.CrossRider)FOUND file: C:\Documents and Settings\All Users\Application Data\18022262837205724958\e62923f612d821d137b8b6007f26634a.ini (PUP.CrossRider)FOUND file: C:\Documents and Settings\All Users\Application Data\18022262837205724958\f58fc3a7beebbd8637b8b6007f26634a.ini (PUP.CrossRider)FOUND file: C:\Documents and Settings\All Users\Application Data\18022262837205724958\f70fcb9ed91b0ab137b8b6007f26634a.ini (PUP.CrossRider)FOUND folder: C:\Documents and Settings\All Users\Application Data\18022262837205724958 (PUP.CrossRider)FOUND file: C:\Documents and Settings\main\Application Data\Enigma Software Group\sh_installer.exe [Enigma Software Group USA, LLC. - Enigma Installer](PUP.EnigmaSoftware)FOUND folder: C:\Documents and Settings\main\Application Data\Enigma Software Group (PUP.EnigmaSoftware)FOUND file: C:\WINDOWS\System32\Drivers\EsgScanner.sys (PUP.EnigmaSoftware) ---\\ Registry ( Key, Value, Data) (32)FOUND : HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 [25SystemRoot2UCsystem32\rs7g0sp.dll (Not File)] (Hijacker.Winsock)FOUND : HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 [25SystemRoot2UCsystem32\rs7g0sp.dll (Not File)] (Hijacker.Winsock)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\EsgScanner [system32\DRIVERS\EsgScanner.sys] (PUP.EnigmaSoftware)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [] (Crapware.SpyHunter)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\UMWdf [C:\WINDOWS\system32\wdfmgr.exe] (PUP.DriverManager)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\EsgScanner [system32\DRIVERS\EsgScanner.sys] (PUP.EnigmaSoftware)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [] (Crapware.SpyHunter)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\UMWdf [C:\WINDOWS\system32\wdfmgr.exe] (PUP.DriverManager)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\UMWdf [C:\WINDOWS\system32\wdfmgr.exe] (PUP.DriverManager)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\EsgScanner [system32\DRIVERS\EsgScanner.sys] (PUP.EnigmaSoftware)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [] (Crapware.SpyHunter)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\UMWdf [C:\WINDOWS\system32\wdfmgr.exe] (PUP.DriverManager)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [ (Not File) ] (Crapware.SpyHunter)FOUND data: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\\Intl [bad : http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s] (Hijacker.Association)FOUND key: HKLM\SOFTWARE\Classes\Notation.Notation [Notation Class] (Hijacker.Proxy)FOUND key: HKLM\SOFTWARE\Classes\Notation.Notation.1 [Notation Class] (Hijacker.Proxy)FOUND key: HKLM\SOFTWARE\Classes\SearchAssistantOC.SearchAssistantOC [searchAssistantOC] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\SearchAssistantOC.SearchAssistantOC.1 [searchAssistantOC] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\SrchUI.SearchAssistant [search Assistant Control] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\SrchUI.SearchAssistant.1 [search Assistant Control] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\WPDSupport.CM10RCMWPDMediaManager [RCMWPDMediaManager Class] (Adware.DoubleD)FOUND key: HKLM\SOFTWARE\Classes\WPDSupport.CM10RCMWPDMediaManager.1 [RCMWPDMediaManager Class] (Adware.DoubleD)FOUND key: HKLM\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D} [searchAssistantOC] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\CLSID\{5CABA49F-1222-46EF-8EA3-A43834D109C9} [saveImage Class] (PUP.SaveMass)FOUND key: HKLM\SOFTWARE\Classes\CLSID\{B45FF030-4447-11D2-85DE-00C04FA35C89} [searchAssistantOC] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SpyHunter [] (Crapware.SpyHunter)FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{8517035c} [] (Adware.Graftor)FOUND key: HKCU\SOFTWARE\5BA510695D225F09FEC7ED9C538620A1 [] (Hijacker.Browser)FOUND key: HKLM\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D}\InprocServer32 [%SystemRoot%\system32\shdocvw.dll] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\CLSID\{B45FF030-4447-11D2-85DE-00C04FA35C89}\InprocServer32 [%SystemRoot%\system32\shdocvw.dll] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D} [searchAssistantOC] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\CLSID\{B45FF030-4447-11D2-85DE-00C04FA35C89} [searchAssistantOC] (PUP.SearchAssist) ---\\ Result of repair~ Any repair made~ Browser not found (Opera Software) ---\\ Statistics~ Items scanned : 54172~ Items found : 62~ Items repaired : 0 End of clean at 17:20:13===================ZHPCleaner--31032015-17_20_13.txt C:\AdwCleaner\Quarantine\C\Util\Nirsoft\StartupRun v1.22\strun.exe.vir Win32/StartupRun.AB potentially unsafe applicationC:\Documents and Settings\main\Local Settings\Temp\8EBC\temp\GrubTartan.xyz a variant of Win32/Adware.MultiPlug.ER applicationC:\WINDOWS\system32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application UNSUPPORTED OPERATING SYSTEM! ABORTED!
-
Hi Georgi, Following are the contents of the clipboard from the MBAM scan, and the contents of the logfile from the AdwCleaner scan. Thanks again! Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 3/31/2015Scan Time: 12:20:45 PMLogfile: mbam log 033115.txtAdministrator: Yes Version: 2.01.4.1018Malware Database: v2015.03.31.06Rootkit Database: v2015.03.31.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: main Scan Type: Threat ScanResult: CompletedObjects Scanned: 462112Time Elapsed: 35 min, 44 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: DisabledRootkits: EnabledHeuristics: DisabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 2PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\behlpdeadflagcopdbpgolhmgoeinbmi, Quarantined, [d53df5575a30f2444a2b0d415aabf010], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\mbnbnehgkdmmfeacmcmmmlckeemhodee, Quarantined, [16fc321a533778bea9ccf05e8d78ec14], Files: 10PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\behlpdeadflagcopdbpgolhmgoeinbmi\lsdb.js, Quarantined, [d53df5575a30f2444a2b0d415aabf010], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\behlpdeadflagcopdbpgolhmgoeinbmi\background.html, Quarantined, [d53df5575a30f2444a2b0d415aabf010], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\behlpdeadflagcopdbpgolhmgoeinbmi\content.js, Quarantined, [d53df5575a30f2444a2b0d415aabf010], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\behlpdeadflagcopdbpgolhmgoeinbmi\FOTzz.js, Quarantined, [d53df5575a30f2444a2b0d415aabf010], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\behlpdeadflagcopdbpgolhmgoeinbmi\manifest.json, Quarantined, [d53df5575a30f2444a2b0d415aabf010], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\mbnbnehgkdmmfeacmcmmmlckeemhodee\lsdb.js, Quarantined, [16fc321a533778bea9ccf05e8d78ec14], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\mbnbnehgkdmmfeacmcmmmlckeemhodee\background.html, Quarantined, [16fc321a533778bea9ccf05e8d78ec14], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\mbnbnehgkdmmfeacmcmmmlckeemhodee\content.js, Quarantined, [16fc321a533778bea9ccf05e8d78ec14], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\mbnbnehgkdmmfeacmcmmmlckeemhodee\manifest.json, Quarantined, [16fc321a533778bea9ccf05e8d78ec14], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\mbnbnehgkdmmfeacmcmmmlckeemhodee\Q76ET.js, Quarantined, [16fc321a533778bea9ccf05e8d78ec14], Physical Sectors: 0(No malicious items detected) (end) # AdwCleaner v4.200 - Logfile created 31/03/2015 at 13:10:21# Updated 29/03/2015 by Xplode# Database : 2015-03-29.1 [Local]# Operating system : Microsoft Windows XP Service Pack 3 (x86)# Username : main - LENOVO1# Running from : C:\Documents and Settings\main\Desktop\adwcleaner_4.200.exe# Option : Cleaning ***** [ Services ] ***** [x] Not Deleted : 0194421427805168mcinstcleanup ***** [ Files / Folders ] ***** Folder Deleted : C:\UtilFolder Deleted : C:\Documents and Settings\All Users\Application Data\fa1bf0907c5eef1eFile Deleted : C:\Documents and Settings\main\Application Data\Mozilla\Firefox\Profiles\8noemqrm.default\searchplugins\securesearch.xml ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\ce75af5f-5951-ae2b-5d7a-a0087a723436Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}Key Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}Key Deleted : HKCU\Software\AppDataLow\Software\adawarebpKey Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} ***** [ Web browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v12.0 (en-US) [8noemqrm.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150223");[8noemqrm.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150223");[8noemqrm.default\prefs.js] - Line Deleted : user_pref("extensions.7ELhXRtqFFUtp1fR.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdaFqjw8pjw5rja8rds6qdgHqa\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"c[...][8noemqrm.default\prefs.js] - Line Deleted : user_pref("extensions.8rzQMS9PiLNZxiwl.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdaFqjw8pjw5rja8rds6qdgHqa\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"c[...][8noemqrm.default\prefs.js] - Line Deleted : user_pref("extensions.goSVyvfPzHKZg636.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdaFqjw8pjw5rja8rds6qdgHqa\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"c[...][8noemqrm.default\prefs.js] - Line Deleted : user_pref("extensions.tH4z86ADe5SkQQLC.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdaFqjw8pjw5rja8rds6qdgHqa\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"c[...] -\\ Google Chrome v41.0.2272.101 ************************* AdwCleaner[R0].txt - [4464 bytes] - [31/03/2015 13:08:05]AdwCleaner[s0].txt - [4513 bytes] - [31/03/2015 13:10:21] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4572 bytes] ##########
-
Hi Georgi, my Fixlog.txt is attached. Chrome is free of that nasty rootkit, finally! I see that you said absence of the symptom doesn't necessarily mean the system is clean so I will wait to hear if I need to do anything else. Thank you! Fixlog.txt
-
Followed the steps and posted on the other forum. Thanks!
-
I posted on the MBAR - Beta forum and was directed here. My computer has the DiggiSAver rootkit (Chrome extension). Also Ad Saver in Firefox (which I rarely use). MBAR didn't identify the bugs. Just ran MBAM, which also did not. Here are my Farbar Recovery Scan results. Thanks! Addition.txt FRST.txt
-
I picked up this rootkit as a Chrome extension and have run the anti-rootkit tool, which did not detect the problem. I hope I followed the right procedure. Is DiggiSAver in the database? I can't run this computer as an administrator - would that make a difference? I rarely use Firefox but saw that there is a bug there too. Behaves the same way. It is called Ad Saver. It was also not detected by MBAR. After I disable the Diggi extension in Chrome it doesn't seem to cause problems (slowness, unknown processes) but I hope there is a way to get rid of it permanently. Thanks for any ideas!