# Harddrive filling up on it's own?



## Skytteflickan88

I have a Packard Bell laptop, and the strangest thing happened while I was looking for a virus that most likely had infected a file according to the Norton security support guy I used. While I was using MaAfees free virus scanner, my harddrive kept fillng up, telling me I had little to no space. So I deleted a few GB but it kept filling up, so I kept deleting. The scan is now done, I've deleted about 20 GBs, checked the trash, deleted the trash, and there's still less than 1 GB left on the harddrive, even though I know I don't have that much stuff on there anymore. I havcen't tried to delete that much more since the scan ended, but a pop up told me to runa a scan an delete old useless files, so I did that, and took away some programmes and have a bit more space, but not enough.

I have no guarantee anymore since the laptop is old, and I don't think it's worth sending a over two year old laptop to get repaired, but I have no idea where to start looking for the problem. That's where you guys come in.

WTF happened?


----------



## Troncoso

Hmm....well you could always re-install the os. You should have gotten an install disk that'll let you do just that.


----------



## ElenaP

You can try a freeware tool named Zero Assumption Disk Space Visualizer at http://www.z-a-recovery.com/tools-visualizer.htm to find out and delete what "eats" your disk space.


----------



## Skytteflickan88

Thanks guys. I seriously need to re-install my computer, specially since I think I have a virus hidden somewhere. But I have no idea where that disc is.

I used the Zero Assumption programme and found that the files I thought I had deleted was hidden in another temporary file, even though I thought I had deleted them from the trash. Now I got some space freed up.


----------



## diduknowthat

Is system restore on? And if it's on or has been on make sure you delete the backup copies it created.


----------



## tlarkin

This is probably due to a temp file or a log file gone amuck.


there is actually a command line binary for windows that checks disk usage.  I know, I know, it is rare to find a command line binary that actually is useful and in Windows, right?



		Code:
	

DIRUSE /M /q:200 /* C:\


That will list all files over 200 megs.  You may want to play with the numbers see what files are large.  In the past I have seen a log file get up to gigs in size because it just kept writing to itself over and over again.


----------



## johnb35

It seems you may well be infected.  So please follow this procedure to see what we can clean up.

Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware


Download the HijackThis installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## Skytteflickan88

Thanks guys. I still seem to have troubles with logging into my emailaccount at yahoo.se, the site showed a error message that said I might have a virus, so I'll try and keep scanning. I'll probably havw to resintall my operative system(os?) anyway. I've been meaning to, but life gets in the way and I don't think I have the disc to reinstall.

@diduknowthat and tlarkin, I have absolutely no idea what you're saying. Wanna dumb it down for me.

@ johnb35.

When I tried to update, it said there was a error, but I went ahead and scanned anyway (I used the first option, that I think is the quick scan. Dumb of me to use the swedish version).

I have no idea how long this scan will take, my computer is usually slow, so I'll post the logs tomorrow.


----------



## Skytteflickan88

I hope I did it right. Malware found one virus, that I removed. Then I did a second scan and it was still there.

Malwarebytes:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4974

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

2010-10-28 18:15:21
mbam-log-2010-10-28 (18-15-21).txt

Scan type: Quick scan
Objects scanned: 168733
Time elapsed: 17 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\carro\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.


Hijack: 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:32:47, on 2010-10-28
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\FixCamera.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULA.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XD00SIE\HijackThis[1].exe
C:\Users\carro\Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9340
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9340
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Inloggningshjälp för Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S80D5.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6144/mcfscan.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop-hanteraren 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Tjänsten Google Update (gupdate1ca3007fe752090) (gupdate1ca3007fe752090) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 11206 bytes


----------



## johnb35

Please perform the following procedure as you have some suspicous software running on your system on startup.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## Skytteflickan88

The programmes are running slower than usual, and the web pages that do manage to load take forever. And lately, a page all of a sudden any random page turns into a packard bell "Page not found" page.

I'll see if it has gotten any better now.

The combofix log (tell me if I need to translate the swedish parts) that took way longer than 20 minutes:

ComboFix 10-10-28.02 - carro 2010-10-29   7:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.46.1053.18.1919.1013 [GMT 2:00]
Körs från: c:\users\carro\Documents\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Skapade en ny återställningspunkt
.

(((((((((((((((((((((((((((((((((((((((   Andra raderingar   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\carro\.COMMgr
c:\users\carro\AppData\Local\Windows Server
c:\users\carro\AppData\Local\Windows Server\server.dat

.
((((((((((((((((((((((((   Filer Skapade från 2010-09-28 till 2010-10-29  ))))))))))))))))))))))))))))))
.

2010-10-29 05:50 . 2010-10-29 05:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-10-29 05:50 . 2010-10-29 05:50	--------	d-----w-	c:\users\catte\AppData\Local\temp
2010-10-29 05:50 . 2010-10-29 05:50	--------	d-----w-	c:\users\bengan\AppData\Local\temp
2010-10-28 14:01 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-28 14:01 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-28 14:00 . 2010-10-28 16:35	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-10-28 00:37 . 2010-10-28 00:37	--------	d-----w-	c:\users\carro\AppData\Roaming\Malwarebytes
2010-10-28 00:36 . 2010-10-28 00:36	--------	d-----w-	c:\programdata\Malwarebytes
2010-10-27 08:11 . 2010-08-26 16:34	1696256	----a-w-	c:\windows\system32\gameux.dll
2010-10-27 08:11 . 2010-08-26 16:33	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2010-10-27 08:11 . 2010-08-26 14:23	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 10:10 . 2010-10-28 20:36	--------	d-----w-	c:\program files\Disk Space Visualizer
2010-10-22 17:33 . 2010-10-22 20:00	--------	d-----w-	c:\users\carro\AppData\Local\NPE
2010-10-14 10:59 . 2010-09-13 13:56	168960	----a-w-	c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 10:59 . 2010-09-13 13:56	8147456	----a-w-	c:\windows\system32\wmploc.DLL
2010-10-14 10:56 . 2010-09-06 16:20	125952	----a-w-	c:\windows\system32\srvsvc.dll
2010-10-14 10:56 . 2010-09-06 13:45	304128	----a-w-	c:\windows\system32\drivers\srv.sys
2010-10-14 10:56 . 2010-09-06 13:45	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2010-10-14 10:56 . 2010-09-06 13:45	145408	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-10-14 10:56 . 2010-09-06 16:19	17920	----a-w-	c:\windows\system32\netevent.dll
2010-10-14 10:54 . 2010-08-10 15:53	274944	----a-w-	c:\windows\system32\schannel.dll
2010-10-14 10:53 . 2010-06-28 17:00	1316864	----a-w-	c:\windows\system32\ole32.dll
2010-10-14 10:53 . 2010-06-28 14:54	339968	----a-w-	c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 10:52 . 2010-08-26 16:37	157184	----a-w-	c:\windows\system32\t2embed.dll
2010-10-14 10:50 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2010-10-14 10:50 . 2010-08-20 16:05	867328	----a-w-	c:\windows\system32\wmpmde.dll
2010-10-14 10:50 . 2010-08-31 15:44	531968	----a-w-	c:\windows\system32\comctl32.dll
2010-10-09 18:02 . 2010-10-09 18:06	--------	d-----w-	C:\Hotspot Shield
2010-09-29 08:37 . 2010-06-22 13:30	2048	----a-w-	c:\windows\system32\tzres.dll
2010-09-29 08:33 . 2010-08-26 04:23	13312	----a-w-	c:\program files\Internet Explorer\iecompat.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-22 19:19 . 2010-09-22 19:19	37376	----a-w-	c:\windows\system32\drivers\HssDrv.sys
2010-08-26 16:33 . 2010-10-27 08:11	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-27 08:11	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-10-27 08:11	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-27 08:11	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2010-08-17 14:11 . 2010-09-15 11:48	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-10 03:15 . 2010-08-10 03:15	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-08-10 03:15 . 2010-08-10 03:15	69632	----a-w-	c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((   Startpunkter i registret   )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not*  Tomma poster & legitima standardposter visas inte. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMin0.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 11:47	333192	----a-w-	c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
2008-09-15 05:47	1784856	----a-w-	c:\program files\Mininova-Vuze\tbMin0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMin0.dll" [2008-09-15 1784856]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\program files\Mininova-Vuze\tbMin0.dll" [2008-09-15 1784856]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-10-16 552960]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-07 30192]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"FixCamera"="c:\windows\FixCamera.exe" [2007-01-30 20480]
"tsnp2std"="c:\windows\tsnp2std.exe" [2007-02-02 258048]
"snp2std"="c:\windows\vsnp2std.exe" [2007-02-02 675840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-16 113664]
BankID s„kerhetsprogram.lnk - c:\program files\Personal\bin\Personal.exe [2010-8-29 939920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 gupdate1ca3007fe752090;Tjänsten Google Update (gupdate1ca3007fe752090);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 133104]
R3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-07 30192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-01-27 482432]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101028.001\IDSvix86.sys [2010-10-19 353840]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-09-22 325168]
S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-09-17 24576]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-10-16 454008]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
S3 StkCMini;Syntek AVStream USB2.0 VGA WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-09-26 1355520]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Innehållet i mappen 'Schemalagda aktiviteter':

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 22:09]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 22:09]

2010-10-28 c:\windows\Tasks\Recovery DVD Creator-bengan.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-07-04 10:13]

2010-10-28 c:\windows\Tasks\Utökad garanti-bengan.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-07-04 10:13]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.se/
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-29 07:52
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Sluttid: 2010-10-29  07:58:56
ComboFix-quarantined-files.txt  2010-10-29 05:58

Före genomsökningen: 31*322*779*648 byte ledigt
Efter genomsökningen: 37*733*449*728 byte ledigt

- - End Of File - - D4E7A0964CA7F0A7C8A32A6392AE7CEA


HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:04:55, on 2010-10-29
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\tsnp2std.exe
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULA.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\carro\Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Inloggningshjälp för Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6144/mcfscan.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop-hanteraren 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Tjänsten Google Update (gupdate1ca3007fe752090) (gupdate1ca3007fe752090) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 10619 bytes


----------



## johnb35

Download and run Superantispyware and post the logfile from it.  You can obtain the log by clicking on the preferences button on the main page and then click on the statistics/logs tab.  Then open the log and copy and paste back here.

http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

Make sure you update it fully before running a scan.  Post a fresh hijackthis log afterwards.


----------



## Skytteflickan88

I ran Superantispyware, but can't access the log. After putting the viruses in quarantine I rebooted like the programme asked me too, but when I tried to start the programme again the welcome square saying "remove all the spyware, not just the easy ones" showed up, then disapeared. Then nothing happened. I tried to open though clicking the Alternate Start and Free Edition buttons, but nothing.

Hijackthis: (it said something about it being devied acces to Host file)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:11:11, on 2010-10-29
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SiS VGA Utilities\SiSTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Windows\FixCamera.exe
C:\Windows\tsnp2std.exe
C:\Windows\vsnp2std.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULA.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\carro\Documents\HijackThis.exe
C:\Windows\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9340
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Inloggningshjälp för Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6144/mcfscan.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop-hanteraren 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Tjänsten Google Update (gupdate1ca3007fe752090) (gupdate1ca3007fe752090) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

--
End of file - 10634 bytes


----------



## johnb35

When you clicked on the icon to open the program, it created the icon down in the system tray.  You just have to open the program via the icon.


----------



## Skytteflickan88

It worked when I clicked the icon this time.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/29/2010 at 10:55 PM

Application Version : 4.45.1000

Core Rules Database Version : 5782
Trace Rules Database Version: 3594

Scan type       : Complete Scan
Total Scan Time : 01:25:10

Memory items scanned      : 768
Memory threats detected   : 0
Registry items scanned    : 9635
Registry threats detected : 0
File items scanned        : 32589
File threats detected     : 313

Adware.Tracking Cookie
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@technoratimedia[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@content.yieldmanager[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@doubleclick[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@liveperson[3].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@imrworldwide[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@adtech[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@serving-sys[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@ads.trafficspaces[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@eas8.emediate[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@bizrate[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@stat.swedbank[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@serving-sys[3].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@ru4[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@adsby.webtraffic[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@liveperson[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@atdmt[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@ads.pubmatic[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@track.adform[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@yadro[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@tracking.quisma[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@xiti[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@user.lucidmedia[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@bs.serving-sys[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@2o7[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@adserver.adtechus[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@ad.zanox[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@harrenmedianetwork[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@pointroll[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@mediaplex[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@trafficmp[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@invitemedia[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@linksynergy[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@questionmarket[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@revsci[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@adlegend[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@apmebf[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@statcounter[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@dc.tremormedia[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@media.adfrontiers[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@paypal.112.2o7[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@cdn1.trafficmp[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@zanox[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@fastclick[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@adecn[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@content.yieldmanager[3].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@advertising[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@tradedoubler[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@adbrite[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@adxpose[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@ad.yieldmanager[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@tacoda[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@ads.pointroll[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@server.iad.liveperson[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\bengan@atdmt[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\bengan@imrworldwide[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@xiti[1].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@ad.yieldmanager[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@mms.122.2o7[1].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@bluestreak[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@www.counttonine[1].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@adxclicks.eniro[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@groupepackardbell.solution.weborama[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@msnportal.112.2o7[1].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@zanox[1].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@fastclick[1].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@revsci[1].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@svenskahandelsbanken.112.2o7[1].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@tradera.db.advertising[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@bs.serving-sys[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@serving-sys[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@weborama[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@tv4.122.2o7[1].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@track.adform[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@winzip.122.2o7[1].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@tradedoubler[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@atdmt[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@sifomedia.dn[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@advertising[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@imrworldwide[1].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@doubleclick[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@adsby.webtraffic[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@ad.adtoma[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@apmebf[1].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@adtech[2].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@statcounter[1].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@tvprogram.112.2o7[1].txt
	C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@content.yieldmanager[1].txt
	.divx.112.2o7.net [ C:\Users\carro\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.divx.112.2o7.net [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	acvs.mediaonenetwork.net [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	aka-cdn-ns.adtech.de [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	bannerfarm.ace.advertising.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	bloody-disgusting.indieclicktv.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	cdn.insights.gravity.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	core.insightexpressai.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	crackle.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	googleads.g.doubleclick.net [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	hs.interpolls.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	hstse.tradedoubler.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	i.adultswim.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	ia.media-imdb.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	indieclick.3janecdn.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	input.insights.gravity.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.entertonement.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.ign.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.jambocast.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.movieweb.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.mtvnservices.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.scanscout.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.tattomedia.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media1.break.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	objects.tremormedia.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	oddcast.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	s0.2mdn.net [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	secure-us.imrworldwide.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	serving-sys.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	track.adform.net [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
www.soundclick.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	acvs.mediaonenetwork.net [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	aka-cdn-ns.adtech.de [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	bannerfarm.ace.advertising.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	banners.securedataimages.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	bloody-disgusting.indieclicktv.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	cdn.insights.gravity.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	cdn4.specificclick.net [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	cdn5.specificclick.net [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	core.insightexpressai.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	crackle.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	googleads.g.doubleclick.net [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	hs.interpolls.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	hstse.tradedoubler.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	i.adultswim.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	ia.media-imdb.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	indieclick.3janecdn.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	input.insights.gravity.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.entertonement.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.ign.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.jambocast.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.movieweb.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.mtvnservices.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.scanscout.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.socialvibe.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media.tattomedia.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	media1.break.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	objects.tremormedia.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	oddcast.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	s0.2mdn.net [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	secure-us.imrworldwide.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	serving-sys.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	static.plymedia.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	track.adform.net [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
www.animalsex-tube.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
www.soundclick.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@mediaplex[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@fidelity.rotator.hadj7.adjuggler[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@tradefx.advertserve[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@stat.swedbank[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@tribalfusion[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@clickfuse[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@yieldmanager[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@ikanobanken.112.2o7[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@clickbank[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@questionmarket[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@serving-sys[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@servedby.adxpower[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@adserver.adtechus[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@ad.yieldmanager[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@user.lucidmedia[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@media6degrees[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@mediabrandsww[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@elkjop.112.2o7[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@pointroll[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@tracking.quisma[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@linksynergy[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@ru4[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@eas8.emediate[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@ad.wsod[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@adbrite[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@tacoda[3].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@tacoda[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@doubleclick[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@view.atdmt[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@msnportal.112.2o7[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@adxpose[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@stats.paypal[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@insightexpressai[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@lucidmedia[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@a1.interclick[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@interclick[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@ads.cinamuse[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@revsci[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@ads.pointroll[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@legolas-media[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@media.adfrontiers[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@dc.tremormedia[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@technoratimedia[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@apmebf[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@statcounter[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@rts.pgmediaserve[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@ntm.122.2o7[1].txt


----------



## Skytteflickan88

C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@statcounter[5].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@imrworldwide[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@ads.mefeedia[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@at.atwola[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@smartadserver[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@atdmt[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@ads.ad4game[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@collective-media[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@specificclick[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@invitemedia[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@adsby.webtraffic[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@lfstmedia[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@trafficmp[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@www.burstnet[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@content.yieldmanager[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@content.yieldmanager[4].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@content.yieldmanager[3].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@specificmedia[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@ads.undertone[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@richmedia.yahoo[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@karenessex[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@partypoker[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@advertising[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@bravenet[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@tradedoubler[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@bs.serving-sys[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@cdn1.trafficmp[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@ads.adk2[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@e-2dj6wjmyqgc5mcp.stats.esomniture[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@xiti[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@zedo[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@harrenmedianetwork[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@pro-market[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@microsoftwga.112.2o7[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@fastclick[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@ads.pubmatic[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@media.photobucket[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@paypal.112.2o7[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@ad.zanox[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@eas.apm.emediate[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@zanox[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@track.adform[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@e-2dj6wmmykkczolp.stats.esomniture[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@adtech[2].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@adviva[1].txt
	C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@videoegg.adbureau[2].txt
	bannerfarm.ace.advertising.com [ C:\Users\catte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3TETENH ]
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\catte@msnportal.112.2o7[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\catte@atdmt[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\catte@msnaccountservices.112.2o7[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\catte@imrworldwide[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\catte@tradedoubler[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\catte@serving-sys[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\catte@bs.serving-sys[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\catte@track.adform[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\catte@doubleclick[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@ad.yieldmanager[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@jarmediatrack[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@eas8.emediate[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@eas4.emediate[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@lfstmedia[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@stats.paypal[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@www.socialtrack[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@statcounter[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@adserver.adzone[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@msnportal.112.2o7[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@adrevolver[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@imrworldwide[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@insightxe.gp[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@ads.ad4game[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@atdmt[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@fastclick[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@ad.zanox[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@apmebf[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@www.jartrack[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@click.cashengines[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@content.yieldmanager[3].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@content.yieldmanager[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@ads.nyheter24[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@media.adrevolver[3].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@media.adrevolver[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@campadre.adservinginternational[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@advertising[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@mediaplex[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@sifomedia.gp[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@xiti[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@server.cpmstar[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@adsby.webtraffic[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@247realmedia[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@tradedoubler[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@banners.dragonfable[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@dynamic.media.adrevolver[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@serving-sys[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@www.counttonine[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@zanox[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@bs.serving-sys[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@www.googleadservices[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@paypal.112.2o7[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@ice.112.2o7[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@track.adform[3].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@track.adform[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@doubleclick[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@www.googleadservices[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@www.googleadservices[3].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@stat.swedbank[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@socialmedia[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@media6degrees[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@ad.adtoma[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@ad1.emediate[2].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@adtech[1].txt
	C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@banners.battleon[1].txt

Trojan.Agent/Gen-SVC[Fake]
	C:\PROGRAMDATA\BIRDSTEP TECHNOLOGY\EASYCONNECT\UPDATE\UPDATEAPN.EXE
	C:\USERS\CARRO\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C\PROGRAMDATA\BIRDSTEP TECHNOLOGY\EASYCONNECT\UPDATE\UPDATEAPN.EXE


----------

