Jump to content

Adware.SwiftBrowse.CH cannot be removed


Recommended Posts

Do the following:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

HKLM-x32\...\Run: [] => [X]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-2954132182-3363387201-177372180-1002 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
"BFE" => service could not be unlocked. <===== ATTENTION
U1 {d96d43c4-16c2-4eef-a381-9a25d36535a8}w64; C:\Windows\System32\drivers\{d96d43c4-16c2-4eef-a381-9a25d36535a8}w64.sys [48784 2015-11-25] () [File not signed]
U5 BFE;  <===== ATTENTION: Locked Service
U1 {2b929fe1-284b-4766-afb9-19b0915b99b0}w64; system32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}w64.sys [X]
U1 {c8905eec-9eab-447c-84a8-9e864d454523}w64; system32\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}w64.sys [X]
2013-01-22 21:50 - 2013-01-22 21:50 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-12-30 15:46 - 2012-12-30 15:46 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-10-19 03:44 - 2010-10-19 03:44 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-10-19 03:42 - 2010-10-19 03:43 - 0000106 _____ () C:\ProgramData\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}.log
2010-10-19 03:39 - 2010-10-19 03:40 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-10-19 03:43 - 2010-10-19 03:43 - 0000110 _____ () C:\ProgramData\{B7A0CE06-068E-11D6-97FD-0050BACBF861}.log
2010-10-19 03:38 - 2010-10-19 03:39 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-10-19 03:40 - 2010-10-19 03:42 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
C:\Users\ghaddar\AppData\Local\Temp\System.Data.SQLite41168.dll
C:\Users\ghaddar\AppData\Local\Temp\System.Data.SQLite57369.dll
C:\Users\ghaddar\AppData\Local\Temp\System.Data.SQLite77996.dll
C:\Windows\System32\drivers\{2b929fe1-284b-4766-afb9-19b0915b99b0}w64.sys
C:\Windows\System32\drivers\{c8905eec-9eab-447c-84a8-9e864d454523}w64.sys
C:\Windows\System32\drivers\{d96d43c4-16c2-4eef-a381-9a25d36535a8}w64.sys
C:\Users\ghaddar\AppData\Local\26092\Updater.exe
C:\Users\ghaddar\AppData\Local\26092
C:\ProgramData\IePluginServices
Task: {05F9B73C-3D14-4A69-947F-751503437F59} - \AmiUpdXp -> No File <==== ATTENTION
Task: C:\windows\Tasks\AmiUpdXp.job => C:\Users\ghaddar\AppData\Local\26092\Updater.exe <==== ATTENTION
AlternateDataStreams: C:\windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\conhost.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\credssp.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\els.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\hpinkcoiC511.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\hpinkinsC511.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\hpinkstsC511LM.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\HPScanTRDrv_EN4500.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\HPWia2_EN4500.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\rstrui.exe:$CmdTcID
AlternateDataStreams: C:\windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\srclient.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\sspisrv.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wow64.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wow64cpu.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wow64win.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\apisetschema.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\auditpol.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\catsrvut.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\credssp.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\cryptbase.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\els.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\explorer.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\instnm.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msobjs.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\msv1_0.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\ntvdm64.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\schannel.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\secur32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\setup16.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\srclient.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\sspicli.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\TSpkg.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\user.exe:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\user32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\usp10.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wdigest.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wow32.dll:$CmdTcID
AlternateDataStreams: C:\windows\SysWOW64\wshrm.dll:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\CFRMD.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\cm_km.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\kl1.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\klbackupdisk.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\klbackupflt.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\kldisk.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\klflt.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\klhk.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\klif.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\klim6.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\klkbdflt.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\klmouflt.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\klpd.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\kltdi.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\klwtp.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\kneps.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\mrxsmb20.sys:$CmdTcID
AlternateDataStreams: C:\windows\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\Users\ghaddar\Downloads\AVG_Protection_Free_1028.exe:$CmdZnID
AlternateDataStreams: C:\Users\ghaddar\Downloads\ChromeSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\ghaddar\Downloads\ChromeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\ghaddar\Downloads\EmsisoftAntiMalwareSetup (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\ghaddar\Downloads\EmsisoftAntiMalwareSetup (2).exe:$CmdTcID
AlternateDataStreams: C:\Users\ghaddar\Downloads\EmsisoftAntiMalwareSetup (2).exe:$CmdZnID
AlternateDataStreams: C:\Users\ghaddar\Downloads\EmsisoftAntiMalwareSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\ghaddar\Downloads\EmsisoftEmergencyKit.exe:$CmdZnID
AlternateDataStreams: C:\Users\ghaddar\Downloads\EN4500_198.exe:$CmdZnID
AlternateDataStreams: C:\Users\ghaddar\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\ghaddar\Downloads\kis16.0.0.614a bcden_fr_9296.exe:$CmdTcID
AlternateDataStreams: C:\Users\ghaddar\Downloads\kis16.0.0.614a bcden_fr_9296.exe:$CmdZnID
AlternateDataStreams: C:\Users\ghaddar\Downloads\POD_7577853135.pdf:$CmdZnID
Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

Link to post
Share on other sites

Changing tools:

Download RogueKiller from one of the following links and save it to your desktop:

  • Link 1
  • Link 2
    • Close all programs and disconnect any USB or external drives before running the tool.
    • Double-click RogueKiller.exe to run the tool (Vista/7/8/10 users: Right-click and select Run As Administrator).
    • Once the Prescan has finished, click Scan.
    • Once the Status box shows "Scan Finished", just close the program. <--Don't fix anything!
    • Attach the RogueKiller report to your next reply.
      • The log can also be found on your desktop labeled (RKreport[X]_S_xxdatexx_xtimex)
      • The highest number of [X], is the most recent can
Link to post
Share on other sites

Do the following:

Close all programs and disconnect any USB or external drives before running the tool.

  • Double-click RogueKiller.exe to run the tool again (Vista/7/8/10 users: Right-click and select Run As Administrator)[/i].
  • Once the Prescan has finished, click Scan.
  • Once the Status box shows "Scan Finished".
    • Click the Registry Tab and select the following items:
      [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nethfdrv (\??\C:\windows\system32\drivers\nethfdrv.sys) -> Found
      [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nethfdrv (\??\C:\windows\system32\drivers\nethfdrv.sys) -> Found
      [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\nethfdrv (\??\C:\windows\system32\drivers\nethfdrv.sys) -> Found
    • Click the Tasks Tab and select the following items:
      [Suspicious.Path] %WINDIR%\Tasks\AmiUpdXp.job -- C:\Users\ghaddar\AppData\Local\26092\Updater.exe -> Found
    • Click the Delete button.
  • Attach the RogueKiller report to your next reply.
    • The log can also be found on your desktop labeled (RKreport[X]_D_xxdatexx_xtimex)
    • The highest number of [X], is the most recent Delete
Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...