Harddrive filling up on it's own?

Discussion in 'Computer Memory and Hard Drives' started by Skytteflickan88, Oct 26, 2010.

  1. Skytteflickan88

    Skytteflickan88 New Member

    Messages:
    10
    I have a Packard Bell laptop, and the strangest thing happened while I was looking for a virus that most likely had infected a file according to the Norton security support guy I used. While I was using MaAfees free virus scanner, my harddrive kept fillng up, telling me I had little to no space. So I deleted a few GB but it kept filling up, so I kept deleting. The scan is now done, I've deleted about 20 GBs, checked the trash, deleted the trash, and there's still less than 1 GB left on the harddrive, even though I know I don't have that much stuff on there anymore. I havcen't tried to delete that much more since the scan ended, but a pop up told me to runa a scan an delete old useless files, so I did that, and took away some programmes and have a bit more space, but not enough.

    I have no guarantee anymore since the laptop is old, and I don't think it's worth sending a over two year old laptop to get repaired, but I have no idea where to start looking for the problem. That's where you guys come in.

    WTF happened?
     
  2. Troncoso

    Troncoso VIP Member

    Messages:
    4,375
    Hmm....well you could always re-install the os. You should have gotten an install disk that'll let you do just that.
     
  3. ElenaP

    ElenaP New Member

    Messages:
    34
  4. Skytteflickan88

    Skytteflickan88 New Member

    Messages:
    10
    Thanks guys. I seriously need to re-install my computer, specially since I think I have a virus hidden somewhere. But I have no idea where that disc is.

    I used the Zero Assumption programme and found that the files I thought I had deleted was hidden in another temporary file, even though I thought I had deleted them from the trash. Now I got some space freed up.
     
  5. diduknowthat

    diduknowthat formerly liuliuboy

    Messages:
    9,268
    Is system restore on? And if it's on or has been on make sure you delete the backup copies it created.
     
  6. tlarkin

    tlarkin VIP Member

    Messages:
    12,880
    This is probably due to a temp file or a log file gone amuck.


    there is actually a command line binary for windows that checks disk usage. I know, I know, it is rare to find a command line binary that actually is useful and in Windows, right?

    Code:
    DIRUSE /M /q:200 /* C:\
    
    That will list all files over 200 megs. You may want to play with the numbers see what files are large. In the past I have seen a log file get up to gigs in size because it just kept writing to itself over and over again.
     
  7. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,234
    It seems you may well be infected. So please follow this procedure to see what we can clean up.

    Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware


    Download the HijackThis installer from here.
    Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

    Click Do a system scan and save a logfile

    Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

    Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
     
  8. Skytteflickan88

    Skytteflickan88 New Member

    Messages:
    10
    Thanks guys. I still seem to have troubles with logging into my emailaccount at yahoo.se, the site showed a error message that said I might have a virus, so I'll try and keep scanning. I'll probably havw to resintall my operative system(os?) anyway. I've been meaning to, but life gets in the way and I don't think I have the disc to reinstall.

    @diduknowthat and tlarkin, I have absolutely no idea what you're saying. Wanna dumb it down for me.

    @ johnb35.

    When I tried to update, it said there was a error, but I went ahead and scanned anyway (I used the first option, that I think is the quick scan. Dumb of me to use the swedish version).

    I have no idea how long this scan will take, my computer is usually slow, so I'll post the logs tomorrow.
     
    Last edited: Oct 28, 2010
  9. Skytteflickan88

    Skytteflickan88 New Member

    Messages:
    10
    I hope I did it right. Malware found one virus, that I removed. Then I did a second scan and it was still there.

    Malwarebytes:
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4974

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    2010-10-28 18:15:21
    mbam-log-2010-10-28 (18-15-21).txt

    Scan type: Quick scan
    Objects scanned: 168733
    Time elapsed: 17 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\carro\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.


    Hijack:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:32:47, on 2010-10-28
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18975)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\SiS VGA Utilities\SiSTray.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    C:\Windows\FixCamera.exe
    C:\Windows\tsnp2std.exe
    C:\Windows\vsnp2std.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE
    C:\Program Files\Personal\bin\Personal.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Packard Bell\GOOGLE_EULA\EULA.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XD00SIE\HijackThis[1].exe
    C:\Users\carro\Documents\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9340
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9340
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Inloggningshjälp för Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O3 - Toolbar: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S80D5.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6144/mcfscan.cab
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop-hanteraren 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Tjänsten Google Update (gupdate1ca3007fe752090) (gupdate1ca3007fe752090) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

    --
    End of file - 11206 bytes
     
  10. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,234
    Please perform the following procedure as you have some suspicous software running on your system on startup.

    Download and Run ComboFix
    If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
    Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

    Combofix should never take more that 20 minutes including the reboot if malware is detected.


    In your next reply please post:
    • The ComboFix log
    • A fresh HiJackThis log
    • An update on how your computer is running
     
    Last edited: Oct 29, 2010
  11. Skytteflickan88

    Skytteflickan88 New Member

    Messages:
    10
    The programmes are running slower than usual, and the web pages that do manage to load take forever. And lately, a page all of a sudden any random page turns into a packard bell "Page not found" page.

    I'll see if it has gotten any better now.

    The combofix log (tell me if I need to translate the swedish parts) that took way longer than 20 minutes:

    ComboFix 10-10-28.02 - carro 2010-10-29 7:13.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.46.1053.18.1919.1013 [GMT 2:00]
    Körs från: c:\users\carro\Documents\ComboFix.exe
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Skapade en ny återställningspunkt
    .

    ((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\carro\.COMMgr
    c:\users\carro\AppData\Local\Windows Server
    c:\users\carro\AppData\Local\Windows Server\server.dat

    .
    (((((((((((((((((((((((( Filer Skapade från 2010-09-28 till 2010-10-29 ))))))))))))))))))))))))))))))
    .

    2010-10-29 05:50 . 2010-10-29 05:50 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-29 05:50 . 2010-10-29 05:50 -------- d-----w- c:\users\catte\AppData\Local\temp
    2010-10-29 05:50 . 2010-10-29 05:50 -------- d-----w- c:\users\bengan\AppData\Local\temp
    2010-10-28 14:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-28 14:01 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-28 14:00 . 2010-10-28 16:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-28 00:37 . 2010-10-28 00:37 -------- d-----w- c:\users\carro\AppData\Roaming\Malwarebytes
    2010-10-28 00:36 . 2010-10-28 00:36 -------- d-----w- c:\programdata\Malwarebytes
    2010-10-27 08:11 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-27 08:11 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-27 08:11 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-26 10:10 . 2010-10-28 20:36 -------- d-----w- c:\program files\Disk Space Visualizer
    2010-10-22 17:33 . 2010-10-22 20:00 -------- d-----w- c:\users\carro\AppData\Local\NPE
    2010-10-14 10:59 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-14 10:59 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-14 10:56 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-14 10:56 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-14 10:56 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-14 10:56 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-14 10:56 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-14 10:54 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-14 10:53 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-14 10:53 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2010-10-14 10:52 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-14 10:50 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-14 10:50 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-14 10:50 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-09 18:02 . 2010-10-09 18:06 -------- d-----w- C:\Hotspot Shield
    2010-09-29 08:37 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-29 08:33 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-22 19:19 . 2010-09-22 19:19 37376 ----a-w- c:\windows\system32\drivers\HssDrv.sys
    2010-08-26 16:33 . 2010-10-27 08:11 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33 . 2010-10-27 08:11 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-26 16:33 . 2010-10-27 08:11 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-26 16:33 . 2010-10-27 08:11 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-17 14:11 . 2010-09-15 11:48 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-10 03:15 . 2010-08-10 03:15 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-08-10 03:15 . 2010-08-10 03:15 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .

    (((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Not* Tomma poster & legitima standardposter visas inte.
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMin0.dll" [2008-09-15 1784856]

    [HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2009-04-02 11:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
    2008-09-15 05:47 1784856 ----a-w- c:\program files\Mininova-Vuze\tbMin0.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMin0.dll" [2008-09-15 1784856]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

    [HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\program files\Mininova-Vuze\tbMin0.dll" [2008-09-15 1784856]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

    [HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-10-16 552960]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 4702208]
    "Skytel"="Skytel.exe" [2007-08-03 1826816]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-07 30192]
    "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
    "FixCamera"="c:\windows\FixCamera.exe" [2007-01-30 20480]
    "tsnp2std"="c:\windows\tsnp2std.exe" [2007-02-02 258048]
    "snp2std"="c:\windows\vsnp2std.exe" [2007-02-02 675840]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-16 113664]
    BankID s„kerhetsprogram.lnk - c:\program files\Personal\bin\Personal.exe [2010-8-29 939920]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    R2 gupdate1ca3007fe752090;Tjänsten Google Update (gupdate1ca3007fe752090);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 133104]
    R3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-07 30192]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
    S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
    S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-01-27 482432]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20101028.001\IDSvix86.sys [2010-10-19 353840]
    S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
    S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-09-22 325168]
    S2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
    S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2007-09-17 24576]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-26 102448]
    S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-10-16 454008]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
    S3 StkCMini;Syntek AVStream USB2.0 VGA WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-09-26 1355520]
    S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS [2009-08-22 48688]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Innehållet i mappen 'Schemalagda aktiviteter':

    2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 22:09]

    2010-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-07 22:09]

    2010-10-28 c:\windows\Tasks\Recovery DVD Creator-bengan.job
    - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-07-04 10:13]

    2010-10-28 c:\windows\Tasks\Utökad garanti-bengan.job
    - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-07-04 10:13]
    .
    .
    ------- Extra genomsökning -------
    .
    uStart Page = hxxp://www.google.se/
    mStart Page = hxxp://search.myheritage.com
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    .
    - - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

    WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-29 07:52
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
    .
    --------------------- LÅSTA REGISTERNYCKLAR ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Sluttid: 2010-10-29 07:58:56
    ComboFix-quarantined-files.txt 2010-10-29 05:58

    Före genomsökningen: 31*322*779*648 byte ledigt
    Efter genomsökningen: 37*733*449*728 byte ledigt

    - - End Of File - - D4E7A0964CA7F0A7C8A32A6392AE7CEA


    HiJackThis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 08:04:55, on 2010-10-29
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18975)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Program Files\SiS VGA Utilities\SiSTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    C:\Windows\tsnp2std.exe
    C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEDE.EXE
    C:\Program Files\Personal\bin\Personal.exe
    C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Packard Bell\GOOGLE_EULA\EULA.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Users\carro\Documents\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Inloggningshjälp för Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O3 - Toolbar: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6144/mcfscan.cab
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop-hanteraren 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Tjänsten Google Update (gupdate1ca3007fe752090) (gupdate1ca3007fe752090) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

    --
    End of file - 10619 bytes
     
  12. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,234
    Download and run Superantispyware and post the logfile from it. You can obtain the log by clicking on the preferences button on the main page and then click on the statistics/logs tab. Then open the log and copy and paste back here.

    http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html

    Make sure you update it fully before running a scan. Post a fresh hijackthis log afterwards.
     
  13. Skytteflickan88

    Skytteflickan88 New Member

    Messages:
    10
    I ran Superantispyware, but can't access the log. After putting the viruses in quarantine I rebooted like the programme asked me too, but when I tried to start the programme again the welcome square saying "remove all the spyware, not just the easy ones" showed up, then disapeared. Then nothing happened. I tried to open though clicking the Alternate Start and Free Edition buttons, but nothing.

    Hijackthis: (it said something about it being devied acces to Host file)
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:11:11, on 2010-10-29
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18975)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\SiS VGA Utilities\SiSTray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    C:\Windows\FixCamera.exe
    C:\Windows\tsnp2std.exe
    C:\Windows\vsnp2std.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Personal\bin\Personal.exe
    C:\Program Files\Hotspot Shield\bin\openvpntray.exe
    C:\Program Files\Packard Bell\GOOGLE_EULA\EULA.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
    C:\Users\carro\Documents\HijackThis.exe
    C:\Windows\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.packardbell.com/?id=9340
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Inloggningshjälp för Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
    O2 - BHO: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O3 - Toolbar: Mininova-Vuze Toolbar - {d51d388b-f5dc-471a-a1ce-5e2d671091c0} - C:\Program Files\Mininova-Vuze\tbMin0.dll
    O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SiSTray] %ProgramFiles%\SiS VGA Utilities\SiSTray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
    O4 - HKLM\..\Run: [FixCamera] C:\Windows\FixCamera.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    O9 - Extra button: Blogga detta - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blogga detta i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6144/mcfscan.cab
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop-hanteraren 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Tjänsten Google Update (gupdate1ca3007fe752090) (gupdate1ca3007fe752090) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
    O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe

    --
    End of file - 10634 bytes
     
  14. johnb35

    johnb35 Administrator Staff Member

    Messages:
    33,234
    When you clicked on the icon to open the program, it created the icon down in the system tray. You just have to open the program via the icon.
     
  15. Skytteflickan88

    Skytteflickan88 New Member

    Messages:
    10
    It worked when I clicked the icon this time.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/29/2010 at 10:55 PM

    Application Version : 4.45.1000

    Core Rules Database Version : 5782
    Trace Rules Database Version: 3594

    Scan type : Complete Scan
    Total Scan Time : 01:25:10

    Memory items scanned : 768
    Memory threats detected : 0
    Registry items scanned : 9635
    Registry threats detected : 0
    File items scanned : 32589
    File threats detected : 313

    Adware.Tracking Cookie
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@technoratimedia[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@doubleclick[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@liveperson[3].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@imrworldwide[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@adtech[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@serving-sys[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@bizrate[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@serving-sys[3].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@ru4[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@liveperson[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@atdmt[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@yadro[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@xiti[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@2o7[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@harrenmedianetwork[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@pointroll[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@mediaplex[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@trafficmp[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@invitemedia[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@linksynergy[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@questionmarket[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@revsci[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@adlegend[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@apmebf[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@statcounter[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@zanox[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@fastclick[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@adecn[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@advertising[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@tradedoubler[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@adbrite[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@adxpose[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\carro@tacoda[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\bengan@atdmt[2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\bengan@imrworldwide[2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@xiti[1].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@bluestreak[2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@zanox[1].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@fastclick[1].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@revsci[1].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@serving-sys[2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@weborama[2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@tradedoubler[2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@atdmt[2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@advertising[2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@imrworldwide[1].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@doubleclick[2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@apmebf[1].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@adtech[2].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\bengan@statcounter[1].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\bengan\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    .divx.112.2o7.net [ C:\Users\carro\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    .divx.112.2o7.net [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
    acvs.mediaonenetwork.net [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    aka-cdn-ns.adtech.de [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    bannerfarm.ace.advertising.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    bloody-disgusting.indieclicktv.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    cdn.insights.gravity.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    core.insightexpressai.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    crackle.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    googleads.g.doubleclick.net [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    hs.interpolls.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    hstse.tradedoubler.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    i.adultswim.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    ia.media-imdb.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    indieclick.3janecdn.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    input.insights.gravity.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.entertonement.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.ign.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.jambocast.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.movieweb.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.mtvnservices.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.scanscout.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.tattomedia.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media1.break.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    objects.tremormedia.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    oddcast.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    s0.2mdn.net [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    secure-us.imrworldwide.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    serving-sys.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    track.adform.net [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    www.soundclick.com [ C:\Users\carro\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    acvs.mediaonenetwork.net [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    aka-cdn-ns.adtech.de [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    bannerfarm.ace.advertising.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    banners.securedataimages.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    bloody-disgusting.indieclicktv.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    cdn.insights.gravity.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    cdn4.specificclick.net [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    cdn5.specificclick.net [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    core.insightexpressai.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    crackle.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    googleads.g.doubleclick.net [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    hs.interpolls.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    hstse.tradedoubler.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    i.adultswim.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    ia.media-imdb.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    indieclick.3janecdn.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    input.insights.gravity.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.entertonement.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.ign.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.jambocast.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.movieweb.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.mtvnservices.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.scanscout.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.socialvibe.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media.tattomedia.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    media1.break.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    objects.tremormedia.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    oddcast.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    s0.2mdn.net [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    secure-us.imrworldwide.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    serving-sys.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    static.plymedia.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    track.adform.net [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    www.animalsex-tube.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    www.soundclick.com [ C:\Users\carro\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\587VHEVF ]
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@mediaplex[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@tribalfusion[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@clickfuse[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@yieldmanager[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@clickbank[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@questionmarket[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@serving-sys[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@media6degrees[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@mediabrandsww[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@pointroll[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@linksynergy[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@ru4[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@adbrite[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@tacoda[3].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@tacoda[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@doubleclick[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@adxpose[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@insightexpressai[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@lucidmedia[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@interclick[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@revsci[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@legolas-media[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@technoratimedia[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@apmebf[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@statcounter[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
     
  16. Skytteflickan88

    Skytteflickan88 New Member

    Messages:
    10
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@statcounter[5].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@imrworldwide[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@smartadserver[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@atdmt[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@collective-media[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@specificclick[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@invitemedia[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@lfstmedia[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@trafficmp[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][4].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@specificmedia[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@karenessex[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@partypoker[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@advertising[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@bravenet[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@tradedoubler[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@xiti[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@zedo[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@harrenmedianetwork[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@pro-market[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@fastclick[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@zanox[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@adtech[2].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\carro@adviva[1].txt
    C:\Users\carro\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    bannerfarm.ace.advertising.com [ C:\Users\catte\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\H3TETENH ]
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\catte@atdmt[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\catte@imrworldwide[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\catte@tradedoubler[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\catte@serving-sys[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\catte@doubleclick[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@jarmediatrack[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@lfstmedia[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@statcounter[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@adrevolver[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@imrworldwide[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@atdmt[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@fastclick[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@apmebf[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][3].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\[email protected][1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@ads.nyheter24[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@media.adrevolver[3].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@media.adrevolver[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@campadre.adservinginternational[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@advertising[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@mediaplex[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@sifomedia.gp[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@xiti[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@server.cpmstar[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@adsby.webtraffic[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@247realmedia[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@tradedoubler[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@banners.dragonfable[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@dynamic.media.adrevolver[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@serving-sys[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@www.counttonine[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@zanox[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@bs.serving-sys[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@www.googleadservices[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@paypal.112.2o7[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@ice.112.2o7[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@track.adform[3].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@track.adform[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@doubleclick[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@www.googleadservices[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@www.googleadservices[3].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@stat.swedbank[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@socialmedia[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@media6degrees[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@ad.adtoma[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@ad1.emediate[2].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@adtech[1].txt
    C:\Users\catte\AppData\Roaming\Microsoft\Windows\Cookies\Low\catte@banners.battleon[1].txt

    Trojan.Agent/Gen-SVC[Fake]
    C:\PROGRAMDATA\BIRDSTEP TECHNOLOGY\EASYCONNECT\UPDATE\UPDATEAPN.EXE
    C:\USERS\CARRO\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\VIRTUALIZED\C\PROGRAMDATA\BIRDSTEP TECHNOLOGY\EASYCONNECT\UPDATE\UPDATEAPN.EXE
     

Share This Page