Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SW-Sustainer 1.80 infection - Please help [Solved]


  • This topic is locked This topic is locked

#1
Aviete

Aviete

    Member

  • Member
  • PipPip
  • 26 posts

Hi,

 

I am not a computer pro and I have my pc infected. Sounds almost like a confession "I am an alcoholic"..

 

2 days ago I went to sendspace.com to download a couple of files sent by my mother, a pretty trustful recourse, because I was using this website for years for sending large files to clients and I was explaining my mom how to upload, step by step, followed by printscreens. It all began, when I clicked on the link I got from sendspace to download  my files. The page that opened had a messy look with buttons "download" at least in 5-6 places, and it shouldnt be so, but I got it a second too late, because I clicked on the wrong download button. A little grey pop up window appeared and began running a text line, like it is when you install any software. That window looked old stylish, grey, more like pop up questions kind of "Are you sure you want to save?" that windows pop. The text line there ran very fast, I just manage to see message "thank you for installing.." what - I wasnt so fast to read.

 

Leaving that page didnt work, as it was obviously too late. All the later websites I tried to open, seemed to be stuffed with all kinds of ads and offers, which pushed the original site designs into almost a puzzle. Also, I noticed some words (way too many words) were highlighted in blue and turned into hyperlinks, in any website I tried to open (weather, news..)

 

Running Spybot Search&Destroy didnt help.

 

I tried AdBlock then, no real effect. It did block some of the ads, but the longer I was searching the web, the more it seemed AdBlocker is getting "killed" by ads.

 

When I tried to restart pc, I saw a red "turn off" botton/icon in the lower right corner of my wallpaper, not on the taskbar, but on the wallpaper area, kind of imitating windows turn of and saying "install important updates". I did not restart then not turned off, I turned off the updates after this. In fact, lately my pc was updating and updating, I'm not sure if it has something to do with my virus problem, or not. That "button" was very weird and it appeared just that one time.

 

I had no antivirus on this computer for now, so I ran to the store and got what they had, as I was afraid to pay online. I got McAfee, was told this soft will take care of everything, ha.. I had issues with activating the card, so called them for a remote assistance and their guy said he fixed the problem, as it was just some extensions on chrome, he checked explorer and reset both browsers, telling me I'm good to go. But as the problem with ads persisted, I started googling for more help, and found this http://malwaretips.c...ooster-removal/ I installed just Hitman Pro, ran it and it seemed it helped, because programs like NextCoup, GoSave and SW Booster have disappeared from control panels program list, except SW-Sustainer, which actually says it is empty... As you can see from the attachments below, Sustainer seems does not exist, it's not on the Program Files list, but something STILL is there. 

 

I tried to restart my pc and even later, everytime I restart, I get the same problems: NextCoup, GoSave and one more of that kind, (I have deleted them and cant remember the name, and dont want to restart not finished writing) extensions appear on chrome. Cannot uninstal SW-Sustainer.

 

I had my portable hd connected before it all happened, but cannot exactly remember, when I have disconnected it for safety... I'm afraid it was after I clicked that wrong download button. So it may be possible that this hd is infected too? :( I haven't connected it since and performed the OTL scan just for the computer, no other hd connected. The installation date of SW-Sustainer on Program files says  2013 10 16, so it is possible this virus was sitting here since then, or is it just mocking the year, because my problem happened in October 16th, just this year.

 

Please help me dealing with this, because it seems that it is a bigger problem than it looks :(

 

Here's the OTL quick scan report:

 

OTL Extras logfile created on: 10/18/2014 9:51:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.75 Gb Total Physical Memory | 4.97 Gb Available Physical Memory | 64.17% Memory free
15.49 Gb Paging File | 11.92 Gb Available in Paging File | 76.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 767.58 Gb Free Space | 82.41% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files 
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E3B264CE-D9CF-448B-960F-4F832FB1F990}" = Corel Graphics - Windows Shell Extension 64 Bit
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"Creative VF0520" = Creative Live! Cam Sync (VF0520) Driver (1.01.04.00)
"HitmanPro37" = HitmanPro 3.7
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"WinRAR archiver" = WinRAR 4.20 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications ® Core
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 67
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{d0e87c27}" = SW-Sustainer 1.80
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}" = TomTom HOME
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B922902F-E9E9-4AD9-B87D-7F62FA9EA1AD}" = Corel Graphics - Windows Shell Extension
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications ® Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist Corporate
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"MSC" = McAfee LiveSafe – Internet Security
"NirSoft DownTester" = NirSoft DownTester
"SafeKey" = McAfee SafeKey(uninstall only)
"Visual CertExam Suite_is1" = Visual CertExam Suite
"VLC media player" = VLC media player 2.1.3
"WinPcapInst" = WinPcap 4.1.3
"Wireshark" = Wireshark 1.10.0 (64-bit)
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/17/2014 8:50:23 PM | Computer Name = Owner-PC | Source = VSS | ID = 8193
Description = 
 
Error - 10/17/2014 8:50:23 PM | Computer Name = Owner-PC | Source = VSS | ID = 8193
Description = 
 
Error - 10/17/2014 8:50:23 PM | Computer Name = Owner-PC | Source = VSS | ID = 8193
Description = 
 
Error - 10/17/2014 8:50:23 PM | Computer Name = Owner-PC | Source = VSS | ID = 8193
Description = 
 
Error - 10/17/2014 8:50:23 PM | Computer Name = Owner-PC | Source = VSS | ID = 8193
Description = 
 
Error - 10/17/2014 8:50:23 PM | Computer Name = Owner-PC | Source = VSS | ID = 8193
Description = 
 
Error - 10/17/2014 8:50:23 PM | Computer Name = Owner-PC | Source = VSS | ID = 8193
Description = 
 
Error - 10/17/2014 8:50:23 PM | Computer Name = Owner-PC | Source = VSS | ID = 8193
Description = 
 
Error - 10/17/2014 8:52:02 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SDUpdate.exe, version: 2.2.18.91, time 
stamp: 0x51949fc0  Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, 
time stamp: 0x53159a86  Exception code: 0x0eedfade  Fault offset: 0x0000c42d  Faulting
 process id: 0x14ec  Faulting application start time: 0x01cfea6db38888d4  Faulting application
 path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe  Faulting module
 path: C:\Windows\syswow64\KERNELBASE.dll  Report Id: f88b845b-5660-11e4-bb37-bcaec5e0107d
 
Error - 10/18/2014 4:47:39 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SDTray.exe, version: 2.1.21.129, time stamp:
 0x51f0ed9e  Faulting module name: dhcpcsvc6.DLL, version: 6.1.7601.17970, time stamp:
 0x50745f7c  Exception code: 0xc0000005  Fault offset: 0x00001414  Faulting process id:
 0x9e8  Faulting application start time: 0x01cfeb14ad0df6ba  Faulting application path:
 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe  Faulting module path:
 C:\Windows\system32\dhcpcsvc6.DLL  Report Id: ff2ba6f9-5707-11e4-b0e4-bcaec5e0107d
 
[ Media Center Events ]
Error - 5/17/2013 6:32:59 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 6:32:59 AM - Failed to retrieve MCEClientUX (Error: The request failed
 with HTTP status 403: Forbidden.)  
 
Error - 5/17/2013 6:32:59 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 6:32:59 AM - Failed to retrieve SportsSchedule (Error: The request
 failed with HTTP status 403: Forbidden.)  
 
Error - 5/17/2013 6:33:19 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 6:33:18 AM - Failed to retrieve Broadband (Error: The request failed
 with HTTP status 403: Forbidden.)  
 
Error - 5/17/2013 7:33:23 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 7:33:23 AM - Failed to retrieve Directory (Error: The request failed
 with HTTP status 403: Forbidden.)  
 
Error - 5/17/2013 7:33:24 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 7:33:24 AM - Failed to retrieve NetTV (Error: The request failed with
 HTTP status 403: Forbidden.)  
 
Error - 5/17/2013 7:33:24 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 7:33:24 AM - Failed to retrieve MCESpotlight (Error: The request failed
 with HTTP status 403: Forbidden.)  
 
Error - 5/17/2013 7:33:25 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 7:33:25 AM - Failed to retrieve MCEClientUX (Error: The request failed
 with HTTP status 403: Forbidden.)  
 
Error - 5/17/2013 7:33:26 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 7:33:25 AM - Failed to retrieve SportsSchedule (Error: The request
 failed with HTTP status 403: Forbidden.)  
 
Error - 5/17/2013 1:40:45 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 1:40:45 PM - Failed to retrieve MCESpotlight (Error: The request failed
 with HTTP status 403: Forbidden.)  
 
Error - 5/17/2013 1:40:45 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 1:40:45 PM - Failed to retrieve MCEClientUX (Error: The request failed
 with HTTP status 403: Forbidden.)  
 
[ System Events ]
Error - 10/18/2014 8:31:43 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SW-Sustainer
 service to connect.
 
Error - 10/18/2014 8:33:18 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
 %%-2147023143.
 
Error - 10/18/2014 8:34:29 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 10/18/2014 8:35:38 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The WinDefend service terminated with the following error:   %%126
 
Error - 10/18/2014 9:52:28 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 10/18/2014 4:46:53 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
Description = The Windows Firewall service terminated with service-specific error
 %%5.
 
Error - 10/18/2014 4:47:30 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SW-Sustainer
 service to connect.
 
Error - 10/18/2014 4:48:14 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
 %%-2147023143.
 
Error - 10/18/2014 4:50:05 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%2
 
Error - 10/18/2014 4:50:12 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The WinDefend service terminated with the following error:   %%126
 
 
< End of report >
 

Attached Thumbnails

  • 2014 10 18 report.jpg
  • 2014 10 18 deleting program files empty folders 1-6.jpg
  • 2014 10 18 deleting program files empty folders 2-6.jpg
  • 2014 10 18 deleting program files empty folders 3-6.jpg
  • 2014 10 18 deleting program files empty folders 4-6.jpg
  • 2014 10 18 deleting program files empty folders 5-6.jpg
  • 2014 10 18 deleting program files empty folders 6-6.jpg
  • 2014 10 18 cant uninstall.jpg
  • 2014 10 18 Hitman report.jpg

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, you missed the main log :)

No problems though

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Aviete

Aviete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Hi, Essexboy and thank you for your time! 

Sorry I missed something.. As I am not familiar with this, I dont even know what is called "main log"...

Here's the attachment.... 

Attached Files

  • Attached File  FRST.txt   56.42KB   79 downloads

  • 0

#4
Aviete

Aviete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

My system is 64bit.

There was no KnownDLLs to check, is that ok?

Attached Thumbnails

  • without dll.jpg

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is correct no need to check the dll's however, you should have an additions.txt as well could you post that.
 
A fair few bad boys to kill so lets get at it :)

We will also have to uninstall chrome as it has been changed to developer build which means that anything can be added to it without a check

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

HKLM\...\Run: [MSC] => "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey <===== ATTENTION (File name is altered)
HKLM-x32\...\Run: [Stronghold AntiMalware] => C:\Program Files (x86)\Stronghold AntiMalware\StrongholdAntiMalware.exe
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
AppInit_DLLs-x32: c:\progra~2\sw-boo~1\assist~1.dll => "c:\progra~2\sw-boo~1\assist~1.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.all...&cc=US&unqvl=64
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.all...&cc=US&unqvl=64
SearchScopes: HKCU - DefaultScope {B4599768-F3E0-446B-9CC6-2AF6E72456EA} URL = https://search.yahoo...p={SearchTerms}
SearchScopes: HKCU - {5F0E1667-80D4-4326-9464-440EF6571D19} URL = http://search.yahoo....11,17118,0,18,0
SearchScopes: HKCU - {B4599768-F3E0-446B-9CC6-2AF6E72456EA} URL = https://search.yahoo...p={SearchTerms}
BHO: NextCoup -> {a1ff7bdb-fb04-45e3-8f7f-69f7c15ce637} -> C:\Program Files (x86)\NextCoup\pFNTkfheimkWtm.x64.dll No File
BHO: NextCoup -> {e7d3ae70-f156-46d5-be16-9eebd51e86ab} -> C:\Program Files (x86)\NextCoup\i309X1EgMaRBR7.x64.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: NextCoup -> {a1ff7bdb-fb04-45e3-8f7f-69f7c15ce637} -> C:\Program Files (x86)\NextCoup\pFNTkfheimkWtm.dll No File
BHO-x32: NextCoup -> {e7d3ae70-f156-46d5-be16-9eebd51e86ab} -> C:\Program Files (x86)\NextCoup\i309X1EgMaRBR7.dll No File
FF DefaultSearchUrl: http://websearch.all...unqvl=64&l=1&q=
FF Homepage: hxxp://websearch.allsearches.info/?pid=945&r=2014/10/16&hid=12827458011353005973&lg=EN&cc=US&unqvl=64
FF SearchEngineOrder.1: WebSearch
FF DefaultSearchEngine: WebSearch
FF SelectedSearchEngine: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF DefaultSearchEngine,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Keyword.URL: hxxp://websearch.allsearches.info/?pid=945&r=2014/10/16&hid=12827458011353005973&lg=EN&cc=US&unqvl=64&l=1&q=
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ixgln5xn.default\searchplugins\safesearch.xml
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
CHR HKLM-x32\...\Chrome\Extension: [obcjlnjgjjgghcedkcohaeboelbblehc] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx [2014-07-14]
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Extension: (NextCoup) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\damjpaghdlldnhfkfjhlpkagboklfebj [2014-10-17]
CHR Extension: (NextCoup) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fanjgonigpejjggdhaimiojpfimipeog [2014-10-17]
CHR Extension: (GoSave) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkkpaahpjpiklnmonaocmhnnllpgfnda [2014-10-16]
CHR HKLM-x32\...\Chrome\Extension: [obcjlnjgjjgghcedkcohaeboelbblehc] - C:\Program Files (x86)\1clickmoviedownloader.com\clickmoviedownloader10.crx [2014-07-14]
S2 d0e87c27; "C:\Windows\system32\rundll32.exe" "c:\progra~2\sw-boo~1\AssistantSvc.dll",service
2014-10-16 19:00 - 2014-10-17 13:23 - 00000000 ____D () C:\ProgramData\d648aeeddec485c2
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\Torch
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\Comodo
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\Chromatic Browser
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Google
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Comodo
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-10-16 19:00 - 2014-10-16 19:00 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
C:\$Recycle.Bin\S-1-5-18\$0906a283eedaa414308f0a11fe85ea31
C:\$Recycle.Bin\S-1-5-21-422040510-2405641811-1513485937-1000\$0906a283eedaa414308f0a11fe85ea31
C:\Program Files (x86)\Stronghold AntiMalware
C:\Program Files\Updater By SweetPacks
C:\Program Files (x86)\1clickmoviedownloader.com
c:\progra~2\sw-boo~1
C:\Program Files (x86)\NextCoup
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#6
Aviete

Aviete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Here's addition.txt

Attached Files


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just two elements on that log so I will wait to see if AdwCleaner gets them before I do anything :)
  • 0

#8
Aviete

Aviete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

So after fixing, my pc restarted and here's the fixlog.

Now downloading AdwCleaner and going step by step and will post the log after that.

 

THANK YOU SO MUCH for helping!!

Attached Files


  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You should have noticed a degree of improvement after the FRST fix
  • 0

#10
Aviete

Aviete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

I did! My pc is much faster now. I just wonder how long that crap was sitting in my pc and I didnt even have an idea it's there....

 

Here's the AdwCleaner log.

Attached Files


  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK the last bits now :)

Once done could you let me know of any problems you are experiencing

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

 

Task: {C1A1448D-3C65-4E23-A599-3596DFD9C423} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {574E3C1D-D003-418C-BF9E-9F41191959E2} - System32\Tasks\4704 => Wscript.exe C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {5BED9DAD-C51B-4AE5-86B6-0592028E839B} - System32\Tasks\DSite => C:\Users\Owner\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#12
Aviete

Aviete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

Was the new log created on top of the old one? If yes, this is it...

Attached Files


  • 0

#13
Aviete

Aviete

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts

What kind of problems I may have, where should I draw my attention?

I just have some questions and need your advice, but that's later.. if you will be so kind :) 


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was the one :thumbsup:

Things to test :

Speed of your computer to boot, is it good enough
Speed of programmes opening, are they good enough
No popups of any description
Surfing on the web appears reasonably speedy and trouble free with no redirects
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Oops, feel free to ask any questions you may have. Remember the only stupid question is the one you do not ask :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP