Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google extension seems fishy


  • Please log in to reply
11 replies to this topic

#1 dland22

dland22

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 16 January 2014 - 05:20 AM

I have an extesion on google chrome that I am unsure where it came from and what it does exactly.  It also returns once deleted and the browser reopened.  It is called digiSavero  6.7.  Can anyone help?



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:49 AM

Posted 16 January 2014 - 05:42 AM

Hello -

You had 1 reply from quietman7 already on this subject.

The extension with your spelling and Version #, is not listed on Google at all .........

Unless you have the spelling wrong, or it has altered in some way, please add more information -

 

Thank You -



#3 dland22

dland22
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 16 January 2014 - 09:00 PM

Hi, Yes I realise that he has replied to this, however it was not really particularly relevant to what is happening, in that unsubscribing or trying to remove the extension hasnt worked.  I have tried to google the extension and didnt find anything which was why I came here to see if there maybe a way to get rid of it.  I followed the instructions as far as I could that were on my earlier post but with no luck. 

 

The main issue is that it keeps returning regardless of how I try to uninstall it.  I am unsure if it is whats causeing the safesaver ads either.

Am I able to put a screenshot of the extension here?



#4 dland22

dland22
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 16 January 2014 - 09:03 PM

To add to this I have also found what appears to be a trojan threat called WInFilter.dll 



#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:49 PM

Posted 16 January 2014 - 11:08 PM

Hello, Please check that this is spelled exactly as this digiSavero 6.7.
 
We may as well scan this as you found a Trojan that steals personal info.
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
.
.
.
ADW Cleaner
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .
    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    .
    .
    .
    .
    • Last run ESET.
      • Hold down Control and click on this link to open ESET OnlineScan in a new window.
      • Click the esetonlinebtn.png button.
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the esetsmartinstaller_enu.png icon on your desktop.
      • Check "YES, I accept the Terms of Use."
      • Click the Start button.
      • Accept any security warnings from your browser.
      • Under scan settings, check "Scan Archives" and "Remove found threats"
      • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, click List Threats
      • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      • Click the Back button.
      • Click the Finish button.
      • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 dland22

dland22
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 17 January 2014 - 05:58 AM

# AdwCleaner v3.017 - Report created 17/01/2014 at 22:34:50
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dale - DALE-PC
# Running from : C:\Users\Dale\Desktop\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Dale\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [4293 octets] - [03/01/2014 14:45:36]
AdwCleaner[R1].txt - [880 octets] - [17/01/2014 22:09:53]
AdwCleaner[R2].txt - [998 octets] - [17/01/2014 22:34:04]
AdwCleaner[S0].txt - [4306 octets] - [03/01/2014 14:46:57]
AdwCleaner[S1].txt - [940 octets] - [17/01/2014 22:12:31]
AdwCleaner[S2].txt - [920 octets] - [17/01/2014 22:34:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [979 octets] ##########
 
 
MiniToolBox by Farbar  Version: 18-12-2013
Ran by Dale (administrator) on 17-01-2014 at 21:28:25
Running from "C:\Users\Dale\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1       localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
 
========================= IP Configuration: ================================
 
DW1520 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
Broadcom Virtual Wireless Adapter = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global defaultcurhoplimit=64 icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Dale-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : telecom
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 5C-AC-4C-D3-3D-26
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 5C-AC-4C-07-DA-94
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Local Area Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom Virtual Wireless Adapter
   Physical Address. . . . . . . . . : 5C-AC-4C-07-DA-94
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : telecom
   Description . . . . . . . . . . . : DW1520 Wireless-N WLAN Half-Mini Card
   Physical Address. . . . . . . . . : 5C-AC-4C-07-DA-94
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::45e3:d4bf:6646:c698%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.71(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, 17 January 2014 4:01:27 p.m.
   Lease Expires . . . . . . . . . . : Saturday, 18 January 2014 9:23:14 p.m.
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 308063308
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-E2-2C-D9-F0-4D-A2-41-43-F8
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F0-4D-A2-41-43-F8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.telecom:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{39E62337-3E09-448B-B838-ACE87D7951D2}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{A2A15DEF-F22E-4502-8D56-72FF90DD0B6B}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.lan:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 14:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{980F4DDC-03E7-457C-AD5B-35C341BE1422}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  telecom.telecom
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2404:6800:4006:805::100e
 74.125.237.194
 74.125.237.195
 74.125.237.198
 74.125.237.192
 74.125.237.201
 74.125.237.197
 74.125.237.200
 74.125.237.206
 74.125.237.199
 74.125.237.196
 74.125.237.193
 
 
Pinging google.com [74.125.237.192] with 32 bytes of data:
Reply from 74.125.237.192: bytes=32 time=55ms TTL=52
Reply from 74.125.237.192: bytes=32 time=55ms TTL=52
 
Ping statistics for 74.125.237.192:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 55ms, Maximum = 55ms, Average = 55ms
Server:  telecom.telecom
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  98.138.253.109
 206.190.36.45
 98.139.183.24
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=244ms TTL=50
Reply from 98.138.253.109: bytes=32 time=217ms TTL=50
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 217ms, Maximum = 244ms, Average = 230ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...5c ac 4c d3 3d 26 ......Bluetooth Device (Personal Area Network)
 13...5c ac 4c 07 da 94 ......Microsoft Virtual WiFi Miniport Adapter
 12...5c ac 4c 07 da 94 ......Broadcom Virtual Wireless Adapter
 11...5c ac 4c 07 da 94 ......DW1520 Wireless-N WLAN Half-Mini Card
 10...f0 4d a2 41 43 f8 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 27...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 28...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 26...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
 24...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #6
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.71     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.71    281
     192.168.1.71  255.255.255.255         On-link      192.168.1.71    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.71    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.71    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.71    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 11    281 fe80::/64                On-link
 11    281 fe80::45e3:d4bf:6646:c698/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/17/2014 03:42:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2059
 
Error: (01/17/2014 03:42:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2059
 
Error: (01/17/2014 03:42:44 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/17/2014 03:42:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1061
 
Error: (01/17/2014 03:42:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1061
 
Error: (01/17/2014 03:42:43 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/14/2014 10:10:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028
 
Error: (01/14/2014 10:10:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028
 
Error: (01/14/2014 10:10:55 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/14/2014 10:10:54 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
 
System errors:
=============
Error: (01/17/2014 09:23:16 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (01/17/2014 04:03:30 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/17/2014 04:02:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/17/2014 04:01:27 PM) (Source: Service Control Manager) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error %%0.
 
Error: (01/17/2014 03:59:14 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (01/17/2014 02:44:57 PM) (Source: Service Control Manager) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/17/2014 02:38:43 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (01/16/2014 09:52:11 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (01/14/2014 09:01:25 PM) (Source: BTHUSB) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
 
Error: (01/14/2014 01:16:41 AM) (Source: NetBT) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.1.71.
The computer with the IP address 192.168.1.253 did not allow the name to be claimed by
this computer.
 
 
Microsoft Office Sessions:
=========================
Error: (01/17/2014 03:42:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2059
 
Error: (01/17/2014 03:42:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2059
 
Error: (01/17/2014 03:42:44 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/17/2014 03:42:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1061
 
Error: (01/17/2014 03:42:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1061
 
Error: (01/17/2014 03:42:43 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/14/2014 10:10:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028
 
Error: (01/14/2014 10:10:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028
 
Error: (01/14/2014 10:10:55 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/14/2014 10:10:54 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-03-13 21:52:18.494
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-03-13 21:52:18.385
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-12-10 10:04:45.550
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2012-12-10 10:04:45.478
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
Accelerometer (Version: 1.06.08.17)
Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.2)
Adobe AIR (Version: 3.7.0.1530)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe Download Assistant (Version: 1.2.5)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Help Manager (Version: 4.0.244)
Adobe Illustrator CS6 (Version: 16.0)
Adobe InDesign CS6 (Version: 8.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader X (10.1.9) (Version: 10.1.9)
AdobeColorCommonSetRGB (Version: 2.0)
Advanced Audio FX Engine (Version: 1.12.05)
Akamai NetSession Interface
Akamai NetSession Interface Service
Alan Wake
Alan Wake's American Nightmare
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
ArchiCAD 15 R1 NZE (Version: 15.0)
ArchiCAD GDL Objects ITG
ATI AVIVO64 Codecs (Version: 10.12.0.00122)
ATI Catalyst Install Manager (Version: 3.0.758.0)
AutoCAD 2012 - English (Version: 18.2.51.0)
AutoCAD 2012 Language Pack - English (Version: 18.2.51.0)
Autodesk Content Service (Version: 2.0.90)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79)
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79)
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138)
Autodesk Material Library 2012 (Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8)
BitLord 2.3 (Version: 2.3.1-221)
Bonjour (Version: 3.0.0.10)
Borderlands 2
Broken Sword 5
Brother MFL-Pro Suite MFC-J265W (Version: 1.0.3.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Full Existing (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Full New (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Light (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Previews Common (Version: 2010.0122.858.16002)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0122.858.16002)
Catalyst Control Center InstallProxy (Version: 2010.0122.858.16002)
Catalyst Control Center Localization All (Version: 2010.0122.858.16002)
CCC Help Chinese Standard (Version: 2010.0122.0857.16002)
CCC Help Chinese Traditional (Version: 2010.0122.0857.16002)
CCC Help Danish (Version: 2010.0122.0857.16002)
CCC Help Dutch (Version: 2010.0122.0857.16002)
CCC Help English (Version: 2010.0122.0857.16002)
CCC Help Finnish (Version: 2010.0122.0857.16002)
CCC Help French (Version: 2010.0122.0857.16002)
CCC Help German (Version: 2010.0122.0857.16002)
CCC Help Italian (Version: 2010.0122.0857.16002)
CCC Help Japanese (Version: 2010.0122.0857.16002)
CCC Help Korean (Version: 2010.0122.0857.16002)
CCC Help Norwegian (Version: 2010.0122.0857.16002)
CCC Help Portuguese (Version: 2010.0122.0857.16002)
CCC Help Russian (Version: 2010.0122.0857.16002)
CCC Help Spanish (Version: 2010.0122.0857.16002)
CCC Help Swedish (Version: 2010.0122.0857.16002)
ccc-core-static (Version: 2010.0122.858.16002)
ccc-utility64 (Version: 2010.0122.858.16002)
CDDRV_Installer (Version: 4.60)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Lite (Version: 4.45.4.0315)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Dock (Version: 2.0)
Dell Mobile Broadband Manager (Version: 6.1.13.2)
Dell Mobile Broadband Utility (Version: 3.00.20.003)
Dell Support Center (Version: 3.2.6032.55)
Dell Touchpad (Version: 14.0.2.0)
Dell Webcam Central (Version: 1.40.05)
Dropbox (Version: 2.4.11)
DW WLAN Card Utility (Version: 5.60.48.18)
EA Download Manager (Version: 8.0.3.427)
erLT (Version: 1.20.0137)
ExtractNow
Far Cry 3 (Version: 1.05)
FARO LS 1.1.406.58 (Version: 4.6.58.2)
Futuremark SystemInfo (Version: 4.6.0)
Google Chrome (Version: 31.0.1650.63)
Google Earth (Version: 7.1.2.2041)
Google SketchUp 7 (Version: 2.1.6860)
Google SketchUp 8 (Version: 3.0.4811)
Google Talk Plugin (Version: 4.9.1.16010)
Google Update Helper (Version: 1.3.22.3)
Grand Theft Auto IV (Version: 1.0.0013.131)
Half-Life 2
HandBrake 0.9.9.1 (Version: 0.9.9.1)
HitmanPro 3.7 (Version: 3.7.8.208)
iCloud (Version: 3.0.2.163)
IDT Audio (Version: 1.0.6267.0)
InstallVC90Support (Version: 1.01.0000)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® Turbo Boost Technology Driver (Version: 01.01.01.1007)
iTunes (Version: 11.1.3.8)
iWin Games (remove only)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
JavaFX 2.1.1 (Version: 2.1.1)
KhalInstallWrapper (Version: 2.00.0000)
LEGO Lord of the Rings
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Logitech SetPoint (Version: 4.80)
MagniPic (Version: 1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 4.0 Refresh (Version: 4.0.30901.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
MobileMe Control Panel (Version: 3.1.8.0)
MotoHelper 2.0.40 Driver 4.8.0 (Version: 2.0.40)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 4.8.0 (Version: 4.8.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
Netwaiting (Version: 2.5.59)
Nokia Connectivity Cable Driver (Version: 7.1.32.69)
NVIDIA PhysX (Version: 9.11.1111)
OpenAL
Pando Media Booster (Version: 2.6.0.8)
PDF Settings CS6 (Version: 11.0)
PunkBuster Services (Version: 0.993)
Quickset64 (Version: 9.6.21)
QuickTime (Version: 7.74.80.86)
Reach for the Sun
Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0009)
RICOH Media Driver ver.2.07.01.04 (Version: 2.07.01.04)
Rockstar Games Social Club (Version: 1.1.0.1)
RollerCoaster Tycoon 3: Platinum!
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.11 (Version: 6.11.102)
Steam (Version: 1.0.0.0)
System Requirements Lab CYRI (Version: 6.0.8.0)
System Requirements Lab Detection (Version: 1.0.5.0)
System Requirements Lab for Intel (Version: 4.4.22.0)
The Elder Scrolls V: Skyrim
Torchlight II
Unity Web Player (Version: )
Unreal Tournament 2004
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Uplay (Version: 2.0)
VLC media player 2.0.2 (Version: 2.0.2)
Vuze (Version: 4.7)
WD Drive Utilities (Version: 1.0.3.3)
WD Quick View (Version: 2.2.1.6)
WD Security (Version: 1.0.3.3)
WD SmartWare (Version: 2.2.1.6)
WD SmartWare Installer (Version: 2.2.1.6)
WIDCOMM Bluetooth Software (Version: 6.2.0.9600)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinFilter
WinRAR 4.00 (64-bit) (Version: 4.00.0)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 46%
Total physical RAM: 3956.52 MB
Available physical RAM: 2097.11 MB
Total Pagefile: 7911.23 MB
Available Pagefile: 5541.79 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.01 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:248.92 GB) (Free:89.05 GB) NTFS
2 Drive d: (My data) (Fixed) (Total:216.74 GB) (Free:82.27 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DALE-PC
 
Administrator            ASPNET                   Dale                     
Guest                    
 
 
**** End of log ****
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dale on Fri 17/01/2014 at 22:24:37.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 17/01/2014 at 22:30:00.44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:49 PM

Posted 17 January 2014 - 07:23 AM

I have an extesion on google chrome that I am unsure where it came from and what it does exactly.  It also returns once deleted and the browser reopened.  It is called digiSavero  6.7.  Can anyone help?


As I noted in the link I provided in your other topic...

Many of these extensions are cross web browser plugins for Internet Explorer, Firefox and Chrome so make sure you check all your browsers to remove or disable even if you seldom use them.



To add to this I have also found what appears to be a trojan threat called WInFilter.dll


Where did you find that information?

WinFilter.dll file info

When searching for malware removal assistance on the Internet, it is not unusual to find numerous hits from untrustworthy and scam sites which mis-classify detections or provide misleading information. This is deliberately done more as a scam to entice folks into buying an advertised fix or removal tool. In some cases if the fix is a free download, users may be enticed to download a malicious file or be redirected to a malicious web site.

Determining whether a file is malware or a legitimate process usually depends on its location (path). One of the ways that malware tries to hide is to give itself the same name as a legitimate or critical system file. However, it then places itself in a different location (folder) than where the legitimate file resides.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 dland22

dland22
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 17 January 2014 - 02:06 PM

Ok I will try again and see what I can do.  The file came up as a threat when hitman pro ran a scan.  Im not sure when or why I have that on here or if its any good maybe I should remove it too.  I have run an eset scan overnight as well .

 

C:\Users\All Users\WinFilter\WinFilterSvc.dll a variant of Win32/SProtector.D application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Vuze\.install4j\i4j_extf_20_5p83tu.exe.vir Win32/Somoto.F application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\MagniPiiC\5180c52b0bf9c.dll.vir a variant of Win32/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\ProgramData\WinFilter\WinFilterSvc.dll a variant of Win32/SProtector.D application cleaned by deleting - quarantined
C:\Users\Dale\Downloads\cbsidlm-cbsi134-Razer_Game_Booster-ORG-10913645.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantined
C:\Users\Dale\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
 
How do I post a screenshot on here?  I have one of the digiSavero extension in chrome if you would like to see it but Im a bit of a noob. 


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:49 PM

Posted 17 January 2014 - 04:39 PM

To capture a screenshot, refer to:Then upload it to an image site such as Photobucket, Glowfoto, TinyPic or ImageShack and provide a link to the url address back here?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 dland22

dland22
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 18 January 2014 - 03:27 AM

http://i756.photobucket.com/albums/xx205/dland22/GoogleExtension_zps9fff2009.png

 

This is the extension on my google chrome browser i hope the link works...?? 



#11 dland22

dland22
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 18 January 2014 - 04:23 AM

Hi Quietman7, I have looked through your previous instructions to me on my original post and I still cant find anything that is going to work for my problem.  The underlined text which is from safesaver (also has a large popup ad box every now and then) doesnt seem to have a way to remove it. when I go to the options to remove it has the following

 

You may be seeing ads as part of our advertising solution for Internet properties (such as websites or web browser extensions). This solution provides content at no cost to you and displays advertisements during your web browsing experience. It was installed by you, or someone using your computer.

You currently have the following software installed: ajaxLoad.gif

You are able to suppress ad placements for 24 hours by clicking "Hide this ad" under each placement. Clearing your cookies will cause the ads to come back. If you wish to remove the advertising completely, you must uninstall the software.

If you'd like to remove all software and associated advertising provided by this product, you may easily uninstall the program from "Add/Remove programs" on your Windows computer. For additional help please visit our support page.

Thank you,

 

Trying to uninstall is impossible because there is no sign of it in the programs menu.  I have also tried using revo as well but it also doesnt show anything that refers to safesaver.  The other issue is the extension on chrome, (digiSavero 6.7) which if I am reading correctly suggests that all I need to do is delete it from the extensions menu. This will remove it until i reopen chrome.  I have also looked at internet explorer to remove it from there, but there is nothing called digiSavero there.  There is however something called 'cheapme' which has enable/disable greyed out when I click on it and I am unsure of what this is. 

My other question is regarding the suggestion to use adblocker.  Im not sure how this is would effect what I am experiencing. I did install it on chrome but it seemed to have no effect.  

Cheers and thank you for your help so far



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:49 PM

Posted 18 January 2014 - 07:54 AM

I have conducted a search for DigiSavero 6.7 and can find no information so it most likely is something new.

The safesaver support link appears to go in circles.

However, I noted the Help Desk also includes this solution.

You can also submit a request or send us an email at support@advertisingsupportdesk.zendesk.com


This removal guide includes a section on how to remove Safe Saver from Google Chrome.

However, it may just be easier to Create a new browser user profile in Google Chrome
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users