I had discovered that Apple (iTunes) had decided to change all my synced photos to .ITHMB file extensions that couldn't be opened on my PC, and when the windows pop-up box asked me if I wanted to search the web for software to open this type of file, I agreed, and was taken to the site for Systweak File Optimizer. The site claimed their software could "fix" broken file extensions, including the .ITHMB type. I thought this issue was related to an issue I had with iTunes the day before (had to uninstall and reinstall), so ran the "free" program. It identified all these errors in different sectors of my PC. When it asked if I wanted to fix them, it said it would fix 5 file types for free without a full purchase, so I agreed, hoping it would fix the .ITHMBs. Of course it didn't, so I paid $19.95 for the full version. When asked if I wanted to download all their other programs, I unclicked all the boxes. I ran the full version of the program, yet the photo files weren't fixed. I planned on calling them and asking for a refund. In the meantime, I took the time to search apple.com to find a solution, and downloaded an appropriate program that successfully converted all the photo files back to .jpg extensions. I should have realized something was wrong when a pop-up box kept coming up asking if I wanted to run "PC Back-up", one of the programs I specifically declined to have Systweak download.
The next afternoon, I checked my email, and found several auto-replies from my mail contacts that I had not emailed, and haven't in 5-7 years, so I knew my account had been hacked. Then I got an email from Paypal that someone had tried unsuccessfully to log into my account from 3 different IP addresses so they were suspending my account. I had just installed Microsoft Security Essentials 2 days before I downloaded this Systweak junk, and also had WinZip Malware Protection installed (it had always caught anything else in the year I had been using it). I noticed that WinZip MP had started to run at its scheduled time the night before, but had been caught up on the registry files for 14 hours. I started digging around on my PC, and noticed a couple of new icons on my desktop for Systweak software that I didn't authorize, and when I checked my processes, found them running. I tried to uninstall the software, and was told I didn't have administrative rights to uninstall them. That's when I realized this software was the cause of the email and paypal hacks. I went into the services folder under task manager, and discovered that my firewall, Windows Security Essentials and Windows Defender had all been stopped, even though if I looked at my settings, it said that everything was ok. I started looking through my system file logs, and found that a bunch of files had been modified at exactly the same time that I had installed this software, and the modifications were all over the place. I went through different logs, and found that coding had been inserted to prevent Windows Security Essentials from notifying me that 1. it was turned off, and 2. that downloaded upgrades had failed. I also discovered a bunch of other crazy stuff that was all time stamped when I downloaded this software. I also found entries where it accessed Outlook and inserted coding to "impersonate user". I tried to restore my PC to an earlier version, but couldn't, it had blocked that too. I called an IT friend of mine, and he came over and we thought he had uninstalled the software and gotten rid of the folder with all the "crap" in it. He had to reinstall Windows Security Essentials, and we ran a full scan, that took about 4 hours. It was pretty late by this time, so I went to bed. When I checked my PC yesterday morning, I found a new folder in my program files...the software had cloned itself and cloaked itself under a new name, but hovering over the icons in the folder showed it was still Systweak software. Again, I couldn't uninstall it. He had me reboot in safe mode and try to uninstall it this way as he had the day before. I got some odd messages, so wasn't sure if it worked, since it was still showing up in my programs. I used a "shredding" program to delete the whole folder and when I tried to delete it from the recycle bin, my PC crashed, and went into repair mode. After it ran, it said it couldn't repair the disc. I hit ok, and my PC shut down. I thought I had just crashed the whole system, but it did start up again. I searched the web for instructions on removing this software, and was directed to CCleaner. It found a ton of registry errors, mostly to do with Office 15 (I had just installed Office365 on 7/11/14). It said there were missing .dll extensions associated with the files. I probably shouldn't have cleaned them, but I did. Now Office15 won't run at all, though the folders under program files are there, but on the start menu, it is showing as empty. I checked my PC this morning to see if this software re-installed itself again, and found quite a few more files date stamped as modified yesterday at 2AM, that's when I think the program had cloned and re-installed itself. This virus/malware/worm/Trojan (not sure what it is), has obviously corrupted multiple files all over the place, and I need help finding all the corrupted or infected files and cleaning them, then fixing Office365. I tried to uninstall Office365, but it won't uninstall, and I can't find a file application to do it manually. Thanks for your help!
Edited by Orange Blossom, 29 July 2014 - 03:49 PM.
Moved from Windows 7 to AII. ~ OB