Jump to content

field293

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

Reputation

0 Neutral
  1. field293
    Hi Georgi, thank you so much for all your help. It's so cool that knowledgeable people like you take the time to help others. I will work my way down the list of recommendations. Have a great day!
  2. field293
    Hi Georgi, here are the JavaRa and Security Check logs. Adobe Reader 9 wasn't listed under the programs in Control Panel and I can't find it in my program directory. Everything else seemed to go well. Thanks for all your help! JavaRa-4-4-2015.log checkup.txt
  3. field293
    Sorry - I am supposed to skip that part.
  4. field293
    Still not working for me. I can go to any other page I try; not sure what's up. Thank you for uploading. That worked just fine. After I click Remove Java Runtime, my prompt is Run Uninstaller, not Perform Removal Routine. Are we still okay?
  5. field293
    Hi Georgi, the SingularLabs page is not available. I see some other sources for JavaRa 2.6 but don't want to step out of line. Please advise. Thanks!
  6. field293
    Georgi, I'm sorry I misspelled your name in my previous post.
  7. field293
    Hi Giorgi, please don't apologize - you've been so helpful! I hope your break from the internet was relaxing. I think Irfanview was quarantined by Farbar; anyway, it shows up as a remove item in the Farbar log. I'm glad to know I can install it again. Here are the results of the FRST scan and Security Check. Not sure if you wanted C&P or uploads this time. Thanks! Fixlog.txt checkup.txt
  8. field293
    Hi Georgi, sorry if I'm jumping in out of turn. It wasn't clear to me if I'd hear from you if there were no problems. I do have 2 questions: 1 - Irfanview was quarantined during this process. I can't find evidence that it's a suspect application; was this a false positive? Is it okay if I reinstall Irfanview? 2 - ESET found a Komodio-like variant, along with a couple of other potentially unsafe items. Your instructions said to uncheck the "remove threats" button in ESET. Should I rerun and delete the threats now? Thanks, Georgi.
  9. field293
    Hi Georgi, Here are the contents of the JRT, ZHPCleaner and ESET scan logs. I've also included the contents of the unsupported operating system message from Security Check. Thanks! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.9 (03.31.2015:1)OS: Microsoft Windows XP x86Ran by main on Tue 03/31/2015 at 17:06:57.40~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\WINDOWS\wininit.ini" ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\pcdr" ~~~ FireFox Successfully deleted the following from C:\Documents and Settings\main\Application Data\mozilla\firefox\profiles\8noemqrm.default\prefs.js user_pref("extensions.tH4z86ADe5SkQQLC.url", "hxxp://getitjpi.info/sync2/?q=hfZ9ofV9CShEAen0rTgEqShTB6lKDzt4ok1FtNtVh7n0rjkErTsFrTsGpja4tMFHhd9FqjaGrTwGrHwGqjnMDMlGojUMAe4Uojs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 03/31/2015 at 17:10:12.73End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~ ZHPCleaner v2015.3.31.148 by Nicolas Coolman (31/03/2015)~ Run by main (Administrator) (31/03/2015 17:12:51)~ Forum : http://forum.nicolascoolman.fr~ Facebook : https://www.facebook.com/nicolascoolman1~ State version : Version OK~ Type : Scan~ Report : C:\Documents and Settings\main\Desktop\ZHPCleaner.txt~ Quarantine : C:\Documents and Settings\main\Application Data\ZHP\ZHPCleaner_Quarantine.txt~ UAC : Deactivate~ Boot Mode : Normal (Normal boot)~ Windows XP, 32-bit Service Pack 3 (Build 2600) ---\\ Services (1) FOUND : SpyHunter 4 Service (Crapware.SpyHunter) ---\\ Browser internet (0)~ No malicious items found. ---\\ Hosts file (1)~ The hosts file is legitimate (19) ---\\ Scheduled automatic tasks. (0)~ No malicious items found. ---\\ Explorer ( File, Folder) (19)FOUND file: C:\WINDOWS\system32\wdfmgr.exe [Microsoft Corporation - Windows User Mode Driver Manager](PUP.DriverManager)FOUND file: C:\WINDOWS\system32\wdfmgr.exe [Microsoft Corporation - Windows User Mode Driver Manager](PUP.DriverManager)FOUND file: C:\WINDOWS\system32\wdfmgr.exe [Microsoft Corporation - Windows User Mode Driver Manager](PUP.DriverManager)FOUND file: C:\WINDOWS\system32\wdfmgr.exe [Microsoft Corporation - Windows User Mode Driver Manager](PUP.DriverManager)FOUND folder: C:\Program Files\Enigma Software Group\SpyHunter (PUP.EnigmaSoftware)FOUND folder: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)FOUND folder: C:\Program Files\Enigma Software Group\SpyHunter (PUP.EnigmaSoftware)FOUND folder: C:\Program Files\Enigma Software Group (PUP.EnigmaSoftware)FOUND file: C:\Documents and Settings\All Users\Application Data\18022262837205724958\14e3ff1a5b63b70f37b8b6007f26634a.ini (PUP.CrossRider)FOUND file: C:\Documents and Settings\All Users\Application Data\18022262837205724958\33c7d5298817947437b8b6007f26634a.ini (PUP.CrossRider)FOUND file: C:\Documents and Settings\All Users\Application Data\18022262837205724958\48b3953b525f68d737b8b6007f26634a.ini (PUP.CrossRider)FOUND file: C:\Documents and Settings\All Users\Application Data\18022262837205724958\cd5b15e575e1c3d037b8b6007f26634a.ini (PUP.CrossRider)FOUND file: C:\Documents and Settings\All Users\Application Data\18022262837205724958\e62923f612d821d137b8b6007f26634a.ini (PUP.CrossRider)FOUND file: C:\Documents and Settings\All Users\Application Data\18022262837205724958\f58fc3a7beebbd8637b8b6007f26634a.ini (PUP.CrossRider)FOUND file: C:\Documents and Settings\All Users\Application Data\18022262837205724958\f70fcb9ed91b0ab137b8b6007f26634a.ini (PUP.CrossRider)FOUND folder: C:\Documents and Settings\All Users\Application Data\18022262837205724958 (PUP.CrossRider)FOUND file: C:\Documents and Settings\main\Application Data\Enigma Software Group\sh_installer.exe [Enigma Software Group USA, LLC. - Enigma Installer](PUP.EnigmaSoftware)FOUND folder: C:\Documents and Settings\main\Application Data\Enigma Software Group (PUP.EnigmaSoftware)FOUND file: C:\WINDOWS\System32\Drivers\EsgScanner.sys (PUP.EnigmaSoftware) ---\\ Registry ( Key, Value, Data) (32)FOUND : HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 [25SystemRoot2UCsystem32\rs7g0sp.dll (Not File)] (Hijacker.Winsock)FOUND : HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 [25SystemRoot2UCsystem32\rs7g0sp.dll (Not File)] (Hijacker.Winsock)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\EsgScanner [system32\DRIVERS\EsgScanner.sys] (PUP.EnigmaSoftware)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [] (Crapware.SpyHunter)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\UMWdf [C:\WINDOWS\system32\wdfmgr.exe] (PUP.DriverManager)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\EsgScanner [system32\DRIVERS\EsgScanner.sys] (PUP.EnigmaSoftware)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [] (Crapware.SpyHunter)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\UMWdf [C:\WINDOWS\system32\wdfmgr.exe] (PUP.DriverManager)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\UMWdf [C:\WINDOWS\system32\wdfmgr.exe] (PUP.DriverManager)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\EsgScanner [system32\DRIVERS\EsgScanner.sys] (PUP.EnigmaSoftware)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [] (Crapware.SpyHunter)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\UMWdf [C:\WINDOWS\system32\wdfmgr.exe] (PUP.DriverManager)FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service [ (Not File) ] (Crapware.SpyHunter)FOUND data: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\\Intl [bad : http://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s] (Hijacker.Association)FOUND key: HKLM\SOFTWARE\Classes\Notation.Notation [Notation Class] (Hijacker.Proxy)FOUND key: HKLM\SOFTWARE\Classes\Notation.Notation.1 [Notation Class] (Hijacker.Proxy)FOUND key: HKLM\SOFTWARE\Classes\SearchAssistantOC.SearchAssistantOC [searchAssistantOC] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\SearchAssistantOC.SearchAssistantOC.1 [searchAssistantOC] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\SrchUI.SearchAssistant [search Assistant Control] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\SrchUI.SearchAssistant.1 [search Assistant Control] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\WPDSupport.CM10RCMWPDMediaManager [RCMWPDMediaManager Class] (Adware.DoubleD)FOUND key: HKLM\SOFTWARE\Classes\WPDSupport.CM10RCMWPDMediaManager.1 [RCMWPDMediaManager Class] (Adware.DoubleD)FOUND key: HKLM\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D} [searchAssistantOC] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\CLSID\{5CABA49F-1222-46EF-8EA3-A43834D109C9} [saveImage Class] (PUP.SaveMass)FOUND key: HKLM\SOFTWARE\Classes\CLSID\{B45FF030-4447-11D2-85DE-00C04FA35C89} [searchAssistantOC] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SpyHunter [] (Crapware.SpyHunter)FOUND key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{8517035c} [] (Adware.Graftor)FOUND key: HKCU\SOFTWARE\5BA510695D225F09FEC7ED9C538620A1 [] (Hijacker.Browser)FOUND key: HKLM\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D}\InprocServer32 [%SystemRoot%\system32\shdocvw.dll] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\CLSID\{B45FF030-4447-11D2-85DE-00C04FA35C89}\InprocServer32 [%SystemRoot%\system32\shdocvw.dll] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\CLSID\{2E71FD0F-AAB1-42c0-9146-6D2C4EDCF07D} [searchAssistantOC] (PUP.SearchAssist)FOUND key: HKLM\SOFTWARE\Classes\CLSID\{B45FF030-4447-11D2-85DE-00C04FA35C89} [searchAssistantOC] (PUP.SearchAssist) ---\\ Result of repair~ Any repair made~ Browser not found (Opera Software) ---\\ Statistics~ Items scanned : 54172~ Items found : 62~ Items repaired : 0 End of clean at 17:20:13===================ZHPCleaner--31032015-17_20_13.txt C:\AdwCleaner\Quarantine\C\Util\Nirsoft\StartupRun v1.22\strun.exe.vir Win32/StartupRun.AB potentially unsafe applicationC:\Documents and Settings\main\Local Settings\Temp\8EBC\temp\GrubTartan.xyz a variant of Win32/Adware.MultiPlug.ER applicationC:\WINDOWS\system32\LavasoftTcpService.dll a variant of Win32/Komodia.A potentially unsafe application UNSUPPORTED OPERATING SYSTEM! ABORTED!
  10. field293
    Hi Georgi, Following are the contents of the clipboard from the MBAM scan, and the contents of the logfile from the AdwCleaner scan. Thanks again! Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 3/31/2015Scan Time: 12:20:45 PMLogfile: mbam log 033115.txtAdministrator: Yes Version: 2.01.4.1018Malware Database: v2015.03.31.06Rootkit Database: v2015.03.31.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows XP Service Pack 3CPU: x86File System: NTFSUser: main Scan Type: Threat ScanResult: CompletedObjects Scanned: 462112Time Elapsed: 35 min, 44 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: DisabledRootkits: EnabledHeuristics: DisabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 2PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\behlpdeadflagcopdbpgolhmgoeinbmi, Quarantined, [d53df5575a30f2444a2b0d415aabf010], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\mbnbnehgkdmmfeacmcmmmlckeemhodee, Quarantined, [16fc321a533778bea9ccf05e8d78ec14], Files: 10PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\behlpdeadflagcopdbpgolhmgoeinbmi\lsdb.js, Quarantined, [d53df5575a30f2444a2b0d415aabf010], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\behlpdeadflagcopdbpgolhmgoeinbmi\background.html, Quarantined, [d53df5575a30f2444a2b0d415aabf010], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\behlpdeadflagcopdbpgolhmgoeinbmi\content.js, Quarantined, [d53df5575a30f2444a2b0d415aabf010], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\behlpdeadflagcopdbpgolhmgoeinbmi\FOTzz.js, Quarantined, [d53df5575a30f2444a2b0d415aabf010], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\behlpdeadflagcopdbpgolhmgoeinbmi\manifest.json, Quarantined, [d53df5575a30f2444a2b0d415aabf010], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\mbnbnehgkdmmfeacmcmmmlckeemhodee\lsdb.js, Quarantined, [16fc321a533778bea9ccf05e8d78ec14], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\mbnbnehgkdmmfeacmcmmmlckeemhodee\background.html, Quarantined, [16fc321a533778bea9ccf05e8d78ec14], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\mbnbnehgkdmmfeacmcmmmlckeemhodee\content.js, Quarantined, [16fc321a533778bea9ccf05e8d78ec14], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\mbnbnehgkdmmfeacmcmmmlckeemhodee\manifest.json, Quarantined, [16fc321a533778bea9ccf05e8d78ec14], PUP.Optional.MultiPlug.A, C:\Documents and Settings\All Users\Application Data\mbnbnehgkdmmfeacmcmmmlckeemhodee\Q76ET.js, Quarantined, [16fc321a533778bea9ccf05e8d78ec14], Physical Sectors: 0(No malicious items detected) (end) # AdwCleaner v4.200 - Logfile created 31/03/2015 at 13:10:21# Updated 29/03/2015 by Xplode# Database : 2015-03-29.1 [Local]# Operating system : Microsoft Windows XP Service Pack 3 (x86)# Username : main - LENOVO1# Running from : C:\Documents and Settings\main\Desktop\adwcleaner_4.200.exe# Option : Cleaning ***** [ Services ] ***** [x] Not Deleted : 0194421427805168mcinstcleanup ***** [ Files / Folders ] ***** Folder Deleted : C:\UtilFolder Deleted : C:\Documents and Settings\All Users\Application Data\fa1bf0907c5eef1eFile Deleted : C:\Documents and Settings\main\Application Data\Mozilla\Firefox\Profiles\8noemqrm.default\searchplugins\securesearch.xml ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\ce75af5f-5951-ae2b-5d7a-a0087a723436Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DD1CFE82-CC89-497D-9573-B8B1867DDA09}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BDF61FAE-9D19-40F0-8F34-688DEB334CA9}Key Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}Key Deleted : HKCU\Software\AppDataLow\Software\adawarebpKey Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{B6D700D3-3D0D-FEEB-D675-2CE78F9EC5D6}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613} ***** [ Web browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v12.0 (en-US) [8noemqrm.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150223");[8noemqrm.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10088_cnet_150223");[8noemqrm.default\prefs.js] - Line Deleted : user_pref("extensions.7ELhXRtqFFUtp1fR.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdaFqjw8pjw5rja8rds6qdgHqa\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"c[...][8noemqrm.default\prefs.js] - Line Deleted : user_pref("extensions.8rzQMS9PiLNZxiwl.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdaFqjw8pjw5rja8rds6qdgHqa\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"c[...][8noemqrm.default\prefs.js] - Line Deleted : user_pref("extensions.goSVyvfPzHKZg636.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdaFqjw8pjw5rja8rds6qdgHqa\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"c[...][8noemqrm.default\prefs.js] - Line Deleted : user_pref("extensions.tH4z86ADe5SkQQLC.scode", "(function(){try{if(window.self.location.href.indexOf(\"qdaFqjw8pjw5rja8rds6qdgHqa\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"safecart.com\",\"c[...] -\\ Google Chrome v41.0.2272.101 ************************* AdwCleaner[R0].txt - [4464 bytes] - [31/03/2015 13:08:05]AdwCleaner[s0].txt - [4513 bytes] - [31/03/2015 13:10:21] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4572 bytes] ##########
  11. field293
    Hi Georgi, my Fixlog.txt is attached. Chrome is free of that nasty rootkit, finally! I see that you said absence of the symptom doesn't necessarily mean the system is clean so I will wait to hear if I need to do anything else. Thank you! Fixlog.txt
  12. field293
    Followed the steps and posted on the other forum. Thanks!
  13. field293
    I posted on the MBAR - Beta forum and was directed here. My computer has the DiggiSAver rootkit (Chrome extension). Also Ad Saver in Firefox (which I rarely use). MBAR didn't identify the bugs. Just ran MBAM, which also did not. Here are my Farbar Recovery Scan results. Thanks! Addition.txt FRST.txt
  14. field293
    I picked up this rootkit as a Chrome extension and have run the anti-rootkit tool, which did not detect the problem. I hope I followed the right procedure. Is DiggiSAver in the database? I can't run this computer as an administrator - would that make a difference? I rarely use Firefox but saw that there is a bug there too. Behaves the same way. It is called Ad Saver. It was also not detected by MBAR. After I disable the Diggi extension in Chrome it doesn't seem to cause problems (slowness, unknown processes) but I hope there is a way to get rid of it permanently. Thanks for any ideas!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.