Logs fra min com
Hey. Jeg har fulgt dette link http://www.eksperten.dk/artikler/1123 og har nu de tre logfiler.. jeg håber en der har forstand på det vil hjælpe mig her ;)..HIJACK:
Logfile of HijackThis v1.99.1
Scan saved at 17:05:34, on 15-04-2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ASUSTPE.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\tsnpstd3.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
D:\super\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\Casper\Desktop\rent\alternativ.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Hjælp til tilmelding til Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUSTPE] C:\Windows\system32\ASUSTPE.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\Windows\vsnpstd3.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UGESK_0001_N122M0303] "c:\users\casper\appdata\roaming\setup_dk[1].exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Casper\AppData\Local\Temp\geBSmmJa.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Casper\AppData\Local\Temp\qoMeEXNF.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\Casper\AppData\Local\Temp\xkwnlsip.dll",run
O4 - HKCU\..\Run: [60ecbcc2] rundll32.exe "C:\Users\Casper\AppData\Local\Temp\odxcjrqe.dll",b
O4 - HKCU\..\Run: [BM63df8f5e] Rundll32.exe "C:\Users\Casper\AppData\Local\Temp\wowwvimh.dll",s
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\super\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog det - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog det i Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe (file missing)
O9 - Extra button: Ladbrokes Poker - {DD34854E-E65B-4940-AEEB-0041BCADDBA5} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O15 - Trusted Zone: *.cdon.com
O15 - Trusted Zone: *.cdon.dk
O16 - DPF: {07D09E9E-C667-45DD-B035-217BC2A61A3B} (ActiveX sikkerhedssoftware Control) - https://www.portalbank.dk/package/sdc/external/activex/ActiveXSikkerhedssoftware-prod-1.20.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldda-dk.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino.ladbrokes.com/instant-play-dk/FlashAX.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\super\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
COMBOFIX:
ComboFix 08-04-14.2 - Casper 2008-04-15 17:07:50.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1030.18.1242 [GMT 2:00]
Running from: C:\Users\Casper\Desktop\rent\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\Downloaded Program Files\setup.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 15:01 --------- d-----w C:\Program Files\Steam
2008-04-15 14:59 45,056 ----a-w C:\Windows\System32\acovcnt.exe
2008-04-15 14:26 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-04-15 14:25 --------- d-----w C:\Users\Casper\AppData\Roaming\SUPERAntiSpyware.com
2008-04-15 14:24 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 14:20 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-15 14:20 --------- d-----w C:\Users\Casper\AppData\Roaming\Microsoft Games
2008-04-15 14:20 --------- d-----w C:\ProgramData\Microsoft Games
2008-04-15 12:26 --------- d-----w C:\Program Files\SikkerPCVaerktoj
2008-04-15 12:25 --------- d-----w C:\Program Files\Common Files\SikkerPCVaerktoj
2008-04-15 12:23 261,664 ----a-w C:\Users\Casper\AppData\Roaming\setup_dk[1].exe
2008-04-15 10:23 --------- d-----w C:\Program Files\Canon
2008-04-15 08:53 --------- d-----w C:\Program Files\VirusForsvar
2008-04-15 08:13 --------- d-----w C:\Program Files\Alwil Software
2008-04-15 06:37 --------- d-----w C:\Program Files\Common Files\VirusForsvar
2008-04-11 07:18 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-11 07:18 --------- d-----w C:\Program Files\Windows Mail
2008-04-07 20:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-07 20:33 --------- d-----w C:\ProgramData\Symantec
2008-04-07 20:33 --------- d-----w C:\Program Files\Symantec
2008-04-06 15:04 --------- d-----w C:\Program Files\TVAnts
2008-04-03 10:50 --------- d-----w C:\Program Files\EarMaster Pro 5
2008-04-03 09:53 --------- d-----w C:\Program Files\Common Files\Steam
2008-04-02 18:16 --------- d-----w C:\ProgramData\FLEXnet
2008-04-02 18:01 --------- d-----w C:\Program Files\Common Files\Control Panels
2008-04-02 18:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-02 17:57 --------- d-----w C:\Program Files\Bonjour
2008-04-02 17:43 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-04-02 17:26 --------- d-----w C:\Program Files\MagicDisc
2008-04-02 17:22 --------- d-----w C:\Program Files\MagicISO
2008-03-29 23:26 --------- d-----w C:\Users\Casper\AppData\Roaming\Microgaming
2008-03-29 18:43 --------- d-----w C:\Users\Casper\AppData\Roaming\dvdcss
2008-03-29 18:37 --------- d-----w C:\Users\Casper\AppData\Roaming\vlc
2008-03-29 18:36 --------- d-----w C:\Program Files\VideoLAN
2008-03-29 17:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe
2008-03-29 17:35 20,560 ----a-w C:\Windows\system32\drivers\aswFsBlk.sys
2008-03-29 17:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-03-29 17:31 75,856 ----a-w C:\Windows\system32\drivers\aswSP.sys
2008-03-29 17:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys
2008-03-29 17:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2008-03-24 20:09 --------- d-----w C:\Users\Casper\AppData\Roaming\EarMaster
2008-03-24 06:54 5,120 ----a-w C:\Users\Casper\keygen.exe
2008-03-19 19:28 --------- d-----w C:\ProgramData\EarMaster
2008-03-19 14:01 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-03-19 13:50 --------- d-----w C:\Program Files\Microsoft Games
2008-03-16 01:43 --------- d-----w C:\Users\Casper\AppData\Roaming\ImgBurn
2008-03-16 01:24 --------- d-----w C:\Program Files\ImgBurn
2008-03-16 00:21 --------- d-----w C:\Users\Casper\AppData\Roaming\Leadertech
2008-03-14 15:27 --------- d-----w C:\Program Files\DVD Decrypter
2008-03-12 20:19 --------- d-----w C:\Program Files\SopCast
2008-03-10 22:13 --------- d-----w C:\Program Files\Infogrames Interactive
2008-03-08 13:57 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-08 13:57 --------- d-----w C:\Program Files\directx
2008-03-05 21:01 --------- d-----w C:\Program Files\Windows Live
2008-03-03 18:30 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-03 18:29 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-03-03 18:29 --------- d-----w C:\Program Files\Windows Live Favorites
2008-03-03 18:26 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-03 18:17 --------- d-----w C:\ProgramData\WLInstaller
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-18 15:29 96,256 ----a-w C:\Windows\system32\drivers\mcdbus.sys
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-14 13:51 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 13:46 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 13:46 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 13:45 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 13:45 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 13:45 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 13:45 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 13:45 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 13:45 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 13:45 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 13:45 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 13:45 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 13:45 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-12 12:45 48 ----a-w C:\Users\Casper\readme.bat
2008-02-01 10:17 586,752 ----a-w C:\Windows\WLXPGSS.SCR
2008-01-30 15:10 274,432 ----a-w C:\Windows\System32\libcurl.dll
2008-01-29 00:56 12,632 ----a-w C:\Windows\System32\lsdelete.exe
2007-10-13 18:23 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2007-10-05 14:19 174 --sha-w C:\Program Files\desktop.ini
1993-01-03 23:01 47,616 ----a-w C:\Users\Casper\SETUP.EXE
2007-11-05 14:52 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-11-05 14:52 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-11-05 14:52 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 12:23 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-26 20:50 149040]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-03-28 11:30 1271032]
"SUPERAntiSpyware"="D:\super\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-10 23:46 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 23:27 815104]
"ASUSTPE"="C:\Windows\system32\ASUSTPE.exe" [2006-12-13 00:06 106496]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-09-11 00:26 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-09-11 00:26 33136]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"tsnpstd3"="C:\Windows\tsnpstd3.exe" [2006-06-19 14:21 114688]
"snpstd3"="C:\Windows\vsnpstd3.exe" [2005-09-05 16:55 339968]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"NI.UGESK_0001_N122M0303"="c:\users\casper\appdata\roaming\setup_dk[1].exe" [2008-04-15 14:23 261664]
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-03-16 02:27:21 225280]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\super\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\super\SASWINLO.dll 2007-04-19 12:41 294912 D:\super\SASWINLO.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-03-26 20:42 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-26 21:12 161328 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"AntivirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{8CB7948B-C898-475F-8B10-ACA021AA9D17}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{79D21528-DDE4-47FD-861C-95BAB7AED7E1}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{ABB928F9-56B4-49AE-88BD-FB94E5F5BAE8}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{ACC3C181-0903-45FE-BB63-E381386C4346}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{651E6909-C418-4171-B599-0697033B59F5}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{7CAD0981-89B0-4768-AE60-ED7086B6581E}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{06A69023-D49D-4272-9A07-1DBB8E4BF745}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{6584CCF1-EC99-463A-84A8-811795C9858B}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{44AC6835-E663-4C0D-AACD-7E8F66624762}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{7CE6D45C-1455-44B1-B67F-2CC0D8152AEB}C:\\program files\\bittornado\\btdownloadgui.exe"= UDP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"UDP Query User{12A42B48-74F8-487C-ACFE-6838D5FD95A3}C:\\program files\\bittornado\\btdownloadgui.exe"= TCP:C:\program files\bittornado\btdownloadgui.exe:btdownloadgui
"TCP Query User{00929506-BD87-482F-AE2B-639E2FBBBC37}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{101A4021-DFC7-4412-8F1A-CBB081B1B9B4}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{1F74998F-AD54-48C2-A91B-C2A24FD08E1D}C:\\users\\casper\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\casper\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{41D208B8-6F5E-4D74-9F2F-D73294BFCF59}C:\\users\\casper\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\casper\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{975161D9-CD3C-4600-BA56-F419C197FA5F}D:\\programmer\\sopcast\\sopcast.exe"= UDP:D:\programmer\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{F78F0B90-CC0E-4F2F-BB56-D3D5918D458D}D:\\programmer\\sopcast\\sopcast.exe"= TCP:D:\programmer\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{F9F37391-0BBD-48AC-A880-E8A0092E439D}D:\\programmer\\sopcast\\adv\\sopadver.exe"= UDP:D:\programmer\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{961AE817-9E5C-4F94-BD6B-B1D0AAF92DD9}D:\\programmer\\sopcast\\adv\\sopadver.exe"= TCP:D:\programmer\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{8F4ECCAB-48DC-40BE-A230-717D4E814EFF}D:\\programmer\\sopcast\\sopvod.exe"= UDP:D:\programmer\sopcast\sopvod.exe:sopvod
"UDP Query User{52184E51-3F18-40FA-994E-367D298377DE}D:\\programmer\\sopcast\\sopvod.exe"= TCP:D:\programmer\sopcast\sopvod.exe:sopvod
"TCP Query User{857B86FD-3A8B-43FA-BEF2-8482C3D15BFE}C:\\program files\\tvants\\tvants.exe"= UDP:C:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{0C282E61-A31A-4AB8-98A3-47C669CC3669}C:\\program files\\tvants\\tvants.exe"= TCP:C:\program files\tvants\tvants.exe:TVAnts
"{F77160CA-ED1A-4A52-8AC1-817A62B2A31C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{341A9A56-977B-4661-BDD3-FC653930BF44}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A05CA216-27F9-4A4A-BD79-C4695696B14F}"= UDP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{B4CCE82D-9B61-4236-86C2-50EEDA9B4407}"= TCP:C:\Program Files\Cyanide\GameCenter\GameCenter.exe:GameCenter
"{A381AA2A-F3FA-4BC8-95E4-EB73F1468CAF}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{02621B8D-3D05-44A2-87B9-1B1D2DA93BAA}"= UDP:D:\Spil\Zoo Tycoon II\zt.exe:Zoo Tycoon 2 Executable
"{6C7750BA-7233-40F3-A0C9-2E1CCE5E521B}"= TCP:D:\Spil\Zoo Tycoon II\zt.exe:Zoo Tycoon 2 Executable
"{68C9CF10-D239-4096-AAA7-F303241E5876}"= UDP:D:\Spil\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"{CED85565-F61F-43BA-9CB1-BEC6AB2F97EF}"= TCP:D:\Spil\Zoo Tycoon 2\zt.exe:Zoo Tycoon 2 Executable
"TCP Query User{2C154FCA-03A9-49C6-B687-81DBE94E94C0}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FE9E75A4-06C6-40A5-B904-7EDD2F7FDDC7}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{39338896-6477-4043-B674-13038587DA90}C:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{1792091B-D148-47C8-AB6F-161CF62A53D5}C:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:C:\program files\sopcast\adv\sopadver.exe:SopCast Adver
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R0 ps6akt6c;Cycling Manager 2007 Synchronization Driver (ps6akt6c);C:\Windows\system32\drivers\ps6akt6c.sys [2007-06-08 19:28]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-02-07 12:44]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-06-19 06:34]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-03-06 17:04]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-01-11 03:18]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-02-13 06:41]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-04-03 10:24]
S4 pr2akt6c;Cycling Manager 2007 Drivers Auto Removal (pr2akt6c);C:\Windows\system32\pr2akt6c.exe svc []
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C0D0400F-D8F0-DCD2-B56C-B60C9D8B83AB}]
C:\Windows\system32\autocxk.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 18:29:40 C:\Windows\Tasks\Søg efter opdateringer til Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-15 17:21:34
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 52
**************************************************************************
.
Completion time: 2008-04-15 17:22:55
ComboFix-quarantined-files.txt 2008-04-15 15:22:41
Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.
Systemet kan ikke finde meddelelsesteksten for meddelelsesnummer 0x2379 i meddelelsesfilen for Application.
.
2008-04-13 19:15:19 --- E O F ---
SUPERantispyware:
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 04/15/2008 at 04:56 PM
Application Version : 4.0.1154
Core Rules Database Version : 3438
Trace Rules Database Version: 1430
Scan type : Complete Scan
Total Scan Time : 00:24:05
Memory items scanned : 235
Memory threats detected : 0
Registry items scanned : 6737
Registry threats detected : 11
File items scanned : 21928
File threats detected : 40
Malware.LocusSoftware Inc/PCPrivacyTool
HKLM\Software\Purchased Products
HKLM\Software\Purchased Products\System Error Repair
HKLM\Software\Purchased Products\System Error Repair#domain
HKLM\Software\Purchased Products\System Error Repair#pname
HKLM\Software\Purchased Products\System Error Repair#cname
Rogue.TrustedAntiVirus
HKCR\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}
HKCR\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}\1.0
HKCR\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}\1.0\0
HKCR\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}\1.0\0\win32
HKCR\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}\1.0\FLAGS
HKCR\TypeLib\{D761645B-6B20-4698-AEE8-729981152A82}\1.0\HELPDIR
Malware.LocusSoftware Inc/Gen
C:\PROGRAM FILES\SIKKERPCVAERKTOJ\UCOOKW.EXE
Rogue.NoWayVirus-PTask
C:\PROGRAM FILES\VIRUSFORSVAR\PTASK.EXE
Trojan.Unclassified/AffiliateBundle
C:\USERS\CASPER\APPDATA\LOCAL\TEMP\GEBSMMJA.DLL
Rogue.WinPCDoctor-Installer
C:\USERS\CASPER\APPDATA\LOCAL\TEMP\PRODUCTPATH\SYSREP.EXE
Adware.Vundo-Variant/Small-A
C:\USERS\CASPER\APPDATA\LOCAL\TEMP\ODXCJRQE.DLL
C:\USERS\CASPER\APPDATA\LOCAL\TEMP\XKWNLSIP.DLL
Adware.Vundo-Variant
C:\USERS\CASPER\APPDATA\LOCAL\TEMP\QOMEEXNF.DLL
Trojan.Vundo-Variant/F
C:\USERS\CASPER\APPDATA\LOCAL\TEMP\WOWWVIMH.DLL
Adware.Tracking Cookie
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\casper@atdmt[2].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\casper@track.adform[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\casper@toplist[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@adultadworld[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@statcounter[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@pacificpoker[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@banner.fynskemedier[2].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@servedby.adxpower[2].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@edsa.122.2o7[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@adnetserver[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@eas4.emediate[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@tracking.notabenestats[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@linksynergy[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@ads.vlaze[2].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@stats.1stmarketingtraffic[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@casalemedia[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@partygaming.122.2o7[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@ad.yieldmanager[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@atdmt[2].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@trafficmp[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@zedo[2].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@track.adform[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@adtech[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@partypoker[2].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@adrevolver[2].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@media.adrevolver[3].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@media.adrevolver[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@advertising[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@doubleclick[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@e2.emediate[1].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@ad1.emediate[2].txt
C:\Users\Casper\AppData\Roaming\Microsoft\Windows\Cookies\Low\casper@mediaplex[1].txt