Virus spying on me help!

March 16, 2013 at 14:55:40
Specs: Windows 7 Pro, Intel(R) Core(TM) i3 / 3.20 GHz / 8 GB Ram
Hi, I have no idea what the subcategory should be but whatever it is its spying stuff.

Sometimes when i am on the internet watching youtube or stuff I get this really creepy thing where

it records me (Like a microfone) and then plays it back like 30 minuttes later an I have no means

of stopping it untill I restart my computer.

And to make it even more creepy, I did not have a microfone atached to my pc at any point neither does it have an inbuild mic. I have no idea what to do so please please please help me.

Sorry for my english.


See More: Virus spying on me help!

Report •


#1
March 16, 2013 at 15:28:20
Start by downloading the following tools:
Rkill which stops known malware from running:
http://www.bleepingcomputer.com/dow...

Rougekiller run, wait for auto pre scan, the click Scan, When scan is finished click delete. It will produce a log, please include the log in your next reply.
http://www.bleepingcomputer.com/dow...

Then download and update, and run a full scan, include the log in your next reply.
http://www.malwarebytes.org/product...

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#2
March 16, 2013 at 15:33:28
It sounds like an unwanted rootkit to me...try the following 3 progs in the EXACT order listed and DO NOT REBOOT until after the last prog has been run.
1- rkill.exe
http://www.technibble.com/rkill-rep...
2- tdss killer
http://www.pcadvisor.co.uk/reviews/...
3- Malwarebytes
http://www.filehippo.com/download_m...

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#3
March 17, 2013 at 03:53:47
I got some logs but how do i post them?

I could upload them to dropbox and link them or is there like a "spoiler" thing?


Report •

Related Solutions

#4
March 17, 2013 at 03:59:02
"I got some logs but how do i post them?"

Copy & Paste the contents of them here.


Report •

#5
March 17, 2013 at 04:04:18
Eh here is the logs for the first to programs: (The third arent done yet)

Log for rKill:
Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/for...

Program started at: 03/17/2013 11:38:51 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\SilasPc\Desktop\rkill\rkill-03-17-2013-11-38-56.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 03/17/2013 11:39:11 AM
Execution time: 0 hours(s), 0 minute(s), and 20 seconds(s)

And the logs from RogueKiller:
Log 1:
RogueKiller V8.5.3 [Mar 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : SilasPc [Admin rights]
Mode : Scan -- Date : 03/17/2013 11:41:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\es.scr) [-] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD204UI ATA Device +++++
--- User ---
[MBR] 52905488c57aca10e12a5270bef1266e
[BSP] 86b02f4707c7b6d37fc9470a8badd46a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 957627 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1961426944 | Size: 949999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03172013_02d1141.txt >>
RKreport[1]_S_03172013_02d1141.txt

Log 2:
RogueKiller V8.5.3 [Mar 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/file...
Website : http://tigzy.geekstogo.com/roguekil...
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : SilasPc [Admin rights]
Mode : Remove -- Date : 03/17/2013 11:42:14
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\es.scr) [-] -> REPLACED (C:\Windows\system32\logon.scr)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD204UI ATA Device +++++
--- User ---
[MBR] 52905488c57aca10e12a5270bef1266e
[BSP] 86b02f4707c7b6d37fc9470a8badd46a : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 957627 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1961426944 | Size: 949999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_03172013_02d1142.txt >>
RKreport[1]_S_03172013_02d1141.txt ; RKreport[2]_D_03172013_02d1142.txt

That was it.
Now I am just waiting for the third program to finish.


Report •

#6
March 17, 2013 at 04:11:09
"Now I am just waiting for the third program to finish"
That's Ok, I shall help out here, MrGoodguy who also knows how to deal with logs, is probably asleep now, it's after midnight where he is.

I'm here, where are you please.
http://www.timeanddate.com/worldclo...


Report •

#7
March 17, 2013 at 05:31:38
No idea about that but why do you need it?

And also how the hell do i make those things stop running couse my Minecraft server is lagging out and kicking everyone?


Report •

#8
March 18, 2013 at 06:00:37
I got Malwarebytes log.
And this was delayed since the first scan was interupted by power failure :(
Here is the log:
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.17.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SilasPc :: SILAS-PC [administrator]

Protection: Enabled

18-03-2013 07:40:01
mbam-log-2013-03-18 (07-40-01).txt

Scan type: Full scan (C:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1053368
Time elapsed: 4 hour(s), 8 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-2537699091-3910726793-1475090287-1001\$R04P6FK\facebook hack wild ones.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyTools\searchInstaller.exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)


Report •

#9
March 18, 2013 at 15:32:30
Download AdwCleaner from this link:

http://www.bleepingcomputer.com/dow...
AdwCleaner Usage Instructions:
Using AdwCleaner is very simple. Simply download the program and run it. You will then be presented with a screen that contains a Search and Delete button. The Search button will cause AdwCleaner to search your computer for unwanted programs and then display a log showing the various files, folders, and registry entries used by these programs.
To delete these unwanted programs simply click on the Delete button, which will cause AdwCleaner to reboot your computer and remove the files and registry entries associated with the various adware that you are removing. On reboot, AdwCleaner will display a log showing the files, folders, and registry entries that were removed.
Please include the log in your next reply.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

#10
March 20, 2013 at 14:00:21
One problem. Its not gonna be english.
But nevermind:
# AdwCleaner v2.115 - Logfil lavet d. 20/03/2013 kl. 20:56:37
# Opdateret d. 17/03/2013 af Xplode
# Operativ system : Windows 7 Professional Service Pack 1 (64 bits)
# Bruger : SilasPc - SILAS-PC
# Boot Mode : Normal
# Kører fra : C:\Users\SilasPc\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BGX1XIYL\AdwCleaner.exe
# Indstilling [Søg]


***** [Servicer] *****


***** [Filer / Mapper] *****

Filer Fundet : C:\Users\SilasPc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage
Filer Fundet : C:\Users\SilasPc\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_home.sweetim.com_0.localstorage-journal
Filer Fundet : C:\Users\SilasPc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
Filer Fundet : C:\Users\SilasPc\Desktop\PutLockerDownloader.lnk
Mapper Fundet : C:\Program Files (x86)\Ask.com
Mapper Fundet : C:\Program Files (x86)\PutLockerDownloader
Mapper Fundet : C:\Program Files (x86)\search results toolbar
Mapper Fundet : C:\Program Files (x86)\SweetIM
Mapper Fundet : C:\Program Files (x86)\sweetpacks bundle uninstaller
Mapper Fundet : C:\Program Files (x86)\Yontoo
Mapper Fundet : C:\ProgramData\Ask
Mapper Fundet : C:\ProgramData\boost_interprocess
Mapper Fundet : C:\ProgramData\SweetIM
Mapper Fundet : C:\ProgramData\Tarma Installer
Mapper Fundet : C:\Users\SilasPc\AppData\Local\APN
Mapper Fundet : C:\Users\SilasPc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci
Mapper Fundet : C:\Users\SilasPc\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Mapper Fundet : C:\Users\SilasPc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Mapper Fundet : C:\Users\SilasPc\AppData\Local\Ilivid
Mapper Fundet : C:\Users\SilasPc\AppData\Local\PutLockerDownloader
Mapper Fundet : C:\Users\SilasPc\AppData\Local\Temp\Smartbar
Mapper Fundet : C:\Users\SilasPc\AppData\LocalLow\AskToolbar
Mapper Fundet : C:\Users\SilasPc\AppData\LocalLow\boost_interprocess
Mapper Fundet : C:\Users\SilasPc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
Mapper Fundet : C:\Users\SilasPc\AppData\Roaming\OpenCandy
Mapper Fundet : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Mapper Fundet : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

***** [Registeret] *****

Data Fundet : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll
Data Fundet : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\mgrldr.dll
Nøgle Fundet : HKCU\Software\1ClickDownload
Nøgle Fundet : HKCU\Software\APN
Nøgle Fundet : HKCU\Software\APN DTX
Nøgle Fundet : HKCU\Software\AppDataLow\Software\AskToolbar
Nøgle Fundet : HKCU\Software\Ask.com
Nøgle Fundet : HKCU\Software\Conduit
Nøgle Fundet : HKCU\Software\ilivid
Nøgle Fundet : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Nøgle Fundet : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Nøgle Fundet : HKCU\Software\Softonic
Nøgle Fundet : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Nøgle Fundet : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Nøgle Fundet : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\Software\APN
Nøgle Fundet : HKLM\Software\AskToolbar
Nøgle Fundet : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Nøgle Fundet : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Nøgle Fundet : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Nøgle Fundet : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Nøgle Fundet : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Nøgle Fundet : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Nøgle Fundet : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Nøgle Fundet : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Nøgle Fundet : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Nøgle Fundet : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Nøgle Fundet : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Nøgle Fundet : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Nøgle Fundet : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Nøgle Fundet : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Nøgle Fundet : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Nøgle Fundet : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Nøgle Fundet : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Nøgle Fundet : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Nøgle Fundet : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Nøgle Fundet : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Nøgle Fundet : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Nøgle Fundet : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Nøgle Fundet : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Nøgle Fundet : HKLM\SOFTWARE\Classes\PutLockerDownloader
Nøgle Fundet : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Nøgle Fundet : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Nøgle Fundet : HKLM\SOFTWARE\Classes\sim-packages
Nøgle Fundet : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Nøgle Fundet : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Nøgle Fundet : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Nøgle Fundet : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Nøgle Fundet : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Nøgle Fundet : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Nøgle Fundet : HKLM\SOFTWARE\Classes\TypeLib\{162E06EC-4E38-4809-AE76-BF2400D34334}
Nøgle Fundet : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Nøgle Fundet : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Nøgle Fundet : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Nøgle Fundet : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Nøgle Fundet : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Nøgle Fundet : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Nøgle Fundet : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Nøgle Fundet : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Nøgle Fundet : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Nøgle Fundet : HKLM\Software\DataMngr
Nøgle Fundet : HKLM\Software\iLividSRTB
Nøgle Fundet : HKLM\Software\Iminent
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Nøgle Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Nøgle Fundet : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Nøgle Fundet : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Nøgle Fundet : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Nøgle Fundet : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Nøgle Fundet : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Nøgle Fundet : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Nøgle Fundet : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Nøgle Fundet : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Nøgle Fundet : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Nøgle Fundet : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Nøgle Fundet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Nøgle Fundet : HKLM\SOFTWARE\Tarma Installer
Nøgle Fundet : HKU\S-1-5-21-2537699091-3910726793-1475090287-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Nøgle Fundet : HKU\S-1-5-21-2537699091-3910726793-1475090287-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Nøgle Fundet : HKU\S-1-5-21-2537699091-3910726793-1475090287-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Værdi Fundet : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Værdi Fundet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Værdi Fundet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Værdi Fundet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Værdi Fundet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Værdi Fundet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Værdi Fundet : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Værdi Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Værdi Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Værdi Fundet : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Værdi Fundet : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DK&userid=beb07e9a-ad7f-408d-b305-939e6c994787&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DK&userid=beb07e9a-ad7f-408d-b305-939e6c994787&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DK&userid=beb07e9a-ad7f-408d-b305-939e6c994787&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DK&userid=beb07e9a-ad7f-408d-b305-939e6c994787&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={0F431095-5D97-11E2-9275-002522A4E429}

-\\ Google Chrome v25.0.1364.172

Filer : C:\Users\SilasPc\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Filen er ren.

*************************

AdwCleaner[R1].txt - [19647 octets] - [20/03/2013 20:56:37]

########## EOF - C:\AdwCleaner[R1].txt - [19708 octets] ##########


Report •

#11
March 20, 2013 at 17:02:28
 Download Junkware Removal Tool from these links:

http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.co.nz/20...
Download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
The tool will open and start scanning your system.
NOTE:Once the scan is complete JRT will shut down your browser with NO warning.
The scan can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Copy and Paste the JRT.txt log into your next message.

Please reply and let us know if our help worked. Your feedback helps others. Maybe you?


Report •

Ask Question